google-cloud-asset-v1 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/asset/v1/asset_service/client.rb +0 -194
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +0 -107
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +0 -13
- data/lib/google/cloud/asset/v1/assets_pb.rb +2 -47
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +0 -426
- data/proto_docs/google/cloud/asset/v1/assets.rb +0 -176
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7601e08b3f6d242baec633460a4e82037603a86284c15071dda3595e20984b4d
|
4
|
+
data.tar.gz: 5dddf6f643e226cc7a0c9d070bd755a9735fad69d33ad1237070b80d38276a24
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5ee7a713b523233cdc7b35f12ae891388713619ca96743a8e3b1d3c30bdefd09a3be70ec00c0ada079c0a93ab85d890d1d3c7e11b7b266b51ba9d7406765ad5e
|
7
|
+
data.tar.gz: b3d0f7fa841d88066fe72e4835cd33891a0fb9be93ce60a80a221647bf4850e72901ee5b429c36aa733983648083d024d3118044a00099ca6e1d31dc236395e6
|
@@ -119,16 +119,6 @@ module Google
|
|
119
119
|
retry_codes: [4, 14]
|
120
120
|
}
|
121
121
|
|
122
|
-
default_config.rpcs.analyze_iam_policy.timeout = 300.0
|
123
|
-
default_config.rpcs.analyze_iam_policy.retry_policy = {
|
124
|
-
initial_delay: 0.1,
|
125
|
-
max_delay: 60.0,
|
126
|
-
multiplier: 1.3,
|
127
|
-
retry_codes: [14]
|
128
|
-
}
|
129
|
-
|
130
|
-
default_config.rpcs.export_iam_policy_analysis.timeout = 60.0
|
131
|
-
|
132
122
|
default_config
|
133
123
|
end
|
134
124
|
yield @configure if block_given?
|
@@ -1038,176 +1028,6 @@ module Google
|
|
1038
1028
|
raise ::Google::Cloud::Error.from_error(e)
|
1039
1029
|
end
|
1040
1030
|
|
1041
|
-
##
|
1042
|
-
# Analyzes IAM policies to answer which identities have what accesses on
|
1043
|
-
# which resources.
|
1044
|
-
#
|
1045
|
-
# @overload analyze_iam_policy(request, options = nil)
|
1046
|
-
# Pass arguments to `analyze_iam_policy` via a request object, either of type
|
1047
|
-
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest} or an equivalent Hash.
|
1048
|
-
#
|
1049
|
-
# @param request [::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, ::Hash]
|
1050
|
-
# A request object representing the call parameters. Required. To specify no
|
1051
|
-
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
1052
|
-
# @param options [::Gapic::CallOptions, ::Hash]
|
1053
|
-
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1054
|
-
#
|
1055
|
-
# @overload analyze_iam_policy(analysis_query: nil, execution_timeout: nil)
|
1056
|
-
# Pass arguments to `analyze_iam_policy` via keyword arguments. Note that at
|
1057
|
-
# least one keyword argument is required. To specify no parameters, or to keep all
|
1058
|
-
# the default parameter values, pass an empty Hash as a request object (see above).
|
1059
|
-
#
|
1060
|
-
# @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
|
1061
|
-
# The request query.
|
1062
|
-
# @param execution_timeout [::Google::Protobuf::Duration, ::Hash]
|
1063
|
-
# Amount of time executable has to complete. See JSON representation of
|
1064
|
-
# [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
|
1065
|
-
#
|
1066
|
-
# If this field is set with a value less than the RPC deadline, and the
|
1067
|
-
# execution of your query hasn't finished in the specified
|
1068
|
-
# execution timeout, you will get a response with partial result.
|
1069
|
-
# Otherwise, your query's execution will continue until the RPC deadline.
|
1070
|
-
# If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
|
1071
|
-
#
|
1072
|
-
# Default is empty.
|
1073
|
-
#
|
1074
|
-
# (-- We had discussion of whether we should have this field in the --)
|
1075
|
-
# (-- request or use the RPC deadline instead. We finally choose this --)
|
1076
|
-
# (-- approach for the following reasons (detailed in --)
|
1077
|
-
# (-- go/analyze-iam-policy-deadlines): --)
|
1078
|
-
# (-- * HTTP clients have very limited support of the RPC deadline. --)
|
1079
|
-
# (-- There is an X-Server-Timeout header introduced in 2019/09, but --)
|
1080
|
-
# (-- only implemented in the C++ HTTP server library. --)
|
1081
|
-
# (-- * The purpose of the RPC deadline is for RPC clients to --)
|
1082
|
-
# (-- communicate its max waiting time to the server. This deadline --)
|
1083
|
-
# (-- could be further propagated to the downstream servers. It is --)
|
1084
|
-
# (-- mainly used for servers to cancel the request processing --)
|
1085
|
-
# (-- to avoid resource wasting. Overloading the RPC deadline for --)
|
1086
|
-
# (-- other purposes could make our backend system harder to reason --)
|
1087
|
-
# (-- about. --)
|
1088
|
-
#
|
1089
|
-
# @yield [response, operation] Access the result along with the RPC operation
|
1090
|
-
# @yieldparam response [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
|
1091
|
-
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
1092
|
-
#
|
1093
|
-
# @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
|
1094
|
-
#
|
1095
|
-
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
1096
|
-
#
|
1097
|
-
def analyze_iam_policy request, options = nil
|
1098
|
-
raise ::ArgumentError, "request must be provided" if request.nil?
|
1099
|
-
|
1100
|
-
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest
|
1101
|
-
|
1102
|
-
# Converts hash and nil to an options object
|
1103
|
-
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
1104
|
-
|
1105
|
-
# Customize the options with defaults
|
1106
|
-
metadata = @config.rpcs.analyze_iam_policy.metadata.to_h
|
1107
|
-
|
1108
|
-
# Set x-goog-api-client and x-goog-user-project headers
|
1109
|
-
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
1110
|
-
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
1111
|
-
gapic_version: ::Google::Cloud::Asset::V1::VERSION
|
1112
|
-
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
1113
|
-
|
1114
|
-
header_params = {
|
1115
|
-
"analysis_query.scope" => request.analysis_query.scope
|
1116
|
-
}
|
1117
|
-
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
1118
|
-
metadata[:"x-goog-request-params"] ||= request_params_header
|
1119
|
-
|
1120
|
-
options.apply_defaults timeout: @config.rpcs.analyze_iam_policy.timeout,
|
1121
|
-
metadata: metadata,
|
1122
|
-
retry_policy: @config.rpcs.analyze_iam_policy.retry_policy
|
1123
|
-
options.apply_defaults metadata: @config.metadata,
|
1124
|
-
retry_policy: @config.retry_policy
|
1125
|
-
|
1126
|
-
@asset_service_stub.call_rpc :analyze_iam_policy, request, options: options do |response, operation|
|
1127
|
-
yield response, operation if block_given?
|
1128
|
-
return response
|
1129
|
-
end
|
1130
|
-
rescue ::GRPC::BadStatus => e
|
1131
|
-
raise ::Google::Cloud::Error.from_error(e)
|
1132
|
-
end
|
1133
|
-
|
1134
|
-
##
|
1135
|
-
# Exports the answers of which identities have what accesses on which
|
1136
|
-
# resources to a Google Cloud Storage or a BigQuery destination. For Cloud
|
1137
|
-
# Storage destination, the output format is the JSON format that represents a
|
1138
|
-
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse google.cloud.asset.v1.AnalyzeIamPolicyResponse}.
|
1139
|
-
# This method implements the
|
1140
|
-
# {::Google::Longrunning::Operation google.longrunning.Operation}, which allows
|
1141
|
-
# you to track the export status. We recommend intervals of at least 2
|
1142
|
-
# seconds with exponential retry to poll the export operation result. The
|
1143
|
-
# metadata contains the request to help callers to map responses to requests.
|
1144
|
-
#
|
1145
|
-
# @overload export_iam_policy_analysis(request, options = nil)
|
1146
|
-
# Pass arguments to `export_iam_policy_analysis` via a request object, either of type
|
1147
|
-
# {::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest} or an equivalent Hash.
|
1148
|
-
#
|
1149
|
-
# @param request [::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest, ::Hash]
|
1150
|
-
# A request object representing the call parameters. Required. To specify no
|
1151
|
-
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
1152
|
-
# @param options [::Gapic::CallOptions, ::Hash]
|
1153
|
-
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
1154
|
-
#
|
1155
|
-
# @overload export_iam_policy_analysis(analysis_query: nil, output_config: nil)
|
1156
|
-
# Pass arguments to `export_iam_policy_analysis` via keyword arguments. Note that at
|
1157
|
-
# least one keyword argument is required. To specify no parameters, or to keep all
|
1158
|
-
# the default parameter values, pass an empty Hash as a request object (see above).
|
1159
|
-
#
|
1160
|
-
# @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
|
1161
|
-
# The request query.
|
1162
|
-
# @param output_config [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig, ::Hash]
|
1163
|
-
# Output configuration indicating where the results will be output to.
|
1164
|
-
#
|
1165
|
-
# @yield [response, operation] Access the result along with the RPC operation
|
1166
|
-
# @yieldparam response [::Gapic::Operation]
|
1167
|
-
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
1168
|
-
#
|
1169
|
-
# @return [::Gapic::Operation]
|
1170
|
-
#
|
1171
|
-
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
1172
|
-
#
|
1173
|
-
def export_iam_policy_analysis request, options = nil
|
1174
|
-
raise ::ArgumentError, "request must be provided" if request.nil?
|
1175
|
-
|
1176
|
-
request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest
|
1177
|
-
|
1178
|
-
# Converts hash and nil to an options object
|
1179
|
-
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
1180
|
-
|
1181
|
-
# Customize the options with defaults
|
1182
|
-
metadata = @config.rpcs.export_iam_policy_analysis.metadata.to_h
|
1183
|
-
|
1184
|
-
# Set x-goog-api-client and x-goog-user-project headers
|
1185
|
-
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
1186
|
-
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
1187
|
-
gapic_version: ::Google::Cloud::Asset::V1::VERSION
|
1188
|
-
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
1189
|
-
|
1190
|
-
header_params = {
|
1191
|
-
"analysis_query.scope" => request.analysis_query.scope
|
1192
|
-
}
|
1193
|
-
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
1194
|
-
metadata[:"x-goog-request-params"] ||= request_params_header
|
1195
|
-
|
1196
|
-
options.apply_defaults timeout: @config.rpcs.export_iam_policy_analysis.timeout,
|
1197
|
-
metadata: metadata,
|
1198
|
-
retry_policy: @config.rpcs.export_iam_policy_analysis.retry_policy
|
1199
|
-
options.apply_defaults metadata: @config.metadata,
|
1200
|
-
retry_policy: @config.retry_policy
|
1201
|
-
|
1202
|
-
@asset_service_stub.call_rpc :export_iam_policy_analysis, request, options: options do |response, operation|
|
1203
|
-
response = ::Gapic::Operation.new response, @operations_client, options: options
|
1204
|
-
yield response, operation if block_given?
|
1205
|
-
return response
|
1206
|
-
end
|
1207
|
-
rescue ::GRPC::BadStatus => e
|
1208
|
-
raise ::Google::Cloud::Error.from_error(e)
|
1209
|
-
end
|
1210
|
-
|
1211
1031
|
##
|
1212
1032
|
# Configuration class for the AssetService API.
|
1213
1033
|
#
|
@@ -1389,16 +1209,6 @@ module Google
|
|
1389
1209
|
# @return [::Gapic::Config::Method]
|
1390
1210
|
#
|
1391
1211
|
attr_reader :search_all_iam_policies
|
1392
|
-
##
|
1393
|
-
# RPC-specific configuration for `analyze_iam_policy`
|
1394
|
-
# @return [::Gapic::Config::Method]
|
1395
|
-
#
|
1396
|
-
attr_reader :analyze_iam_policy
|
1397
|
-
##
|
1398
|
-
# RPC-specific configuration for `export_iam_policy_analysis`
|
1399
|
-
# @return [::Gapic::Config::Method]
|
1400
|
-
#
|
1401
|
-
attr_reader :export_iam_policy_analysis
|
1402
1212
|
|
1403
1213
|
# @private
|
1404
1214
|
def initialize parent_rpcs = nil
|
@@ -1420,10 +1230,6 @@ module Google
|
|
1420
1230
|
@search_all_resources = ::Gapic::Config::Method.new search_all_resources_config
|
1421
1231
|
search_all_iam_policies_config = parent_rpcs&.search_all_iam_policies if parent_rpcs&.respond_to? :search_all_iam_policies
|
1422
1232
|
@search_all_iam_policies = ::Gapic::Config::Method.new search_all_iam_policies_config
|
1423
|
-
analyze_iam_policy_config = parent_rpcs&.analyze_iam_policy if parent_rpcs&.respond_to? :analyze_iam_policy
|
1424
|
-
@analyze_iam_policy = ::Gapic::Config::Method.new analyze_iam_policy_config
|
1425
|
-
export_iam_policy_analysis_config = parent_rpcs&.export_iam_policy_analysis if parent_rpcs&.respond_to? :export_iam_policy_analysis
|
1426
|
-
@export_iam_policy_analysis = ::Gapic::Config::Method.new export_iam_policy_analysis_config
|
1427
1233
|
|
1428
1234
|
yield self if block_given?
|
1429
1235
|
end
|
@@ -121,96 +121,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
121
121
|
repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
|
122
122
|
optional :next_page_token, :string, 2
|
123
123
|
end
|
124
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery" do
|
125
|
-
optional :scope, :string, 1
|
126
|
-
optional :resource_selector, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector"
|
127
|
-
optional :identity_selector, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector"
|
128
|
-
optional :access_selector, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector"
|
129
|
-
optional :options, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options"
|
130
|
-
end
|
131
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector" do
|
132
|
-
optional :full_resource_name, :string, 1
|
133
|
-
end
|
134
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector" do
|
135
|
-
optional :identity, :string, 1
|
136
|
-
end
|
137
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector" do
|
138
|
-
repeated :roles, :string, 1
|
139
|
-
repeated :permissions, :string, 2
|
140
|
-
end
|
141
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options" do
|
142
|
-
optional :expand_groups, :bool, 1
|
143
|
-
optional :expand_roles, :bool, 2
|
144
|
-
optional :expand_resources, :bool, 3
|
145
|
-
optional :output_resource_edges, :bool, 4
|
146
|
-
optional :output_group_edges, :bool, 5
|
147
|
-
optional :analyze_service_account_impersonation, :bool, 6
|
148
|
-
optional :max_fanouts_per_group, :int32, 7
|
149
|
-
optional :max_fanouts_per_resource, :int32, 8
|
150
|
-
end
|
151
|
-
add_message "google.cloud.asset.v1.AnalyzeIamPolicyRequest" do
|
152
|
-
optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
|
153
|
-
optional :execution_timeout, :message, 2, "google.protobuf.Duration"
|
154
|
-
end
|
155
|
-
add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse" do
|
156
|
-
optional :main_analysis, :message, 1, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis"
|
157
|
-
repeated :service_account_impersonation_analysis, :message, 2, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis"
|
158
|
-
optional :fully_explored, :bool, 3
|
159
|
-
end
|
160
|
-
add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis" do
|
161
|
-
optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
|
162
|
-
repeated :analysis_results, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult"
|
163
|
-
optional :fully_explored, :bool, 3
|
164
|
-
repeated :stats, :message, 4, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats"
|
165
|
-
repeated :non_critical_errors, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisState"
|
166
|
-
end
|
167
|
-
add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats" do
|
168
|
-
optional :node_type, :enum, 1, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats.NodeType"
|
169
|
-
optional :node_subtype, :string, 2
|
170
|
-
optional :discovered_node_count, :int32, 3
|
171
|
-
optional :matched_node_count, :int32, 4
|
172
|
-
optional :explored_node_count, :int32, 5
|
173
|
-
optional :capped_node_count, :int32, 6
|
174
|
-
optional :permision_denied_node_count, :int32, 7
|
175
|
-
optional :execution_timeout_node_count, :int32, 8
|
176
|
-
end
|
177
|
-
add_enum "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats.NodeType" do
|
178
|
-
value :NODE_TYPE_UNSPECIFIED, 0
|
179
|
-
value :BINDING, 1
|
180
|
-
value :IDENTITY, 2
|
181
|
-
value :RESOURCE, 3
|
182
|
-
value :ACCESS, 4
|
183
|
-
end
|
184
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig" do
|
185
|
-
oneof :destination do
|
186
|
-
optional :gcs_destination, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination"
|
187
|
-
optional :bigquery_destination, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination"
|
188
|
-
end
|
189
|
-
end
|
190
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination" do
|
191
|
-
optional :uri, :string, 1
|
192
|
-
end
|
193
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination" do
|
194
|
-
optional :dataset, :string, 1
|
195
|
-
optional :table_prefix, :string, 2
|
196
|
-
optional :partition_key, :enum, 3, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey"
|
197
|
-
optional :write_mode, :enum, 4, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.WriteMode"
|
198
|
-
end
|
199
|
-
add_enum "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey" do
|
200
|
-
value :PARTITION_KEY_UNSPECIFIED, 0
|
201
|
-
value :REQUEST_TIME, 1
|
202
|
-
end
|
203
|
-
add_enum "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.WriteMode" do
|
204
|
-
value :WRITE_MODE_UNSPECIFIED, 0
|
205
|
-
value :ABORT, 1
|
206
|
-
value :OVERWRITE, 2
|
207
|
-
end
|
208
|
-
add_message "google.cloud.asset.v1.ExportIamPolicyAnalysisRequest" do
|
209
|
-
optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
|
210
|
-
optional :output_config, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig"
|
211
|
-
end
|
212
|
-
add_message "google.cloud.asset.v1.ExportIamPolicyAnalysisResponse" do
|
213
|
-
end
|
214
124
|
add_enum "google.cloud.asset.v1.ContentType" do
|
215
125
|
value :CONTENT_TYPE_UNSPECIFIED, 0
|
216
126
|
value :RESOURCE, 1
|
@@ -247,23 +157,6 @@ module Google
|
|
247
157
|
SearchAllResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesResponse").msgclass
|
248
158
|
SearchAllIamPoliciesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesRequest").msgclass
|
249
159
|
SearchAllIamPoliciesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesResponse").msgclass
|
250
|
-
IamPolicyAnalysisQuery = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery").msgclass
|
251
|
-
IamPolicyAnalysisQuery::ResourceSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector").msgclass
|
252
|
-
IamPolicyAnalysisQuery::IdentitySelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector").msgclass
|
253
|
-
IamPolicyAnalysisQuery::AccessSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector").msgclass
|
254
|
-
IamPolicyAnalysisQuery::Options = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.Options").msgclass
|
255
|
-
AnalyzeIamPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyRequest").msgclass
|
256
|
-
AnalyzeIamPolicyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse").msgclass
|
257
|
-
AnalyzeIamPolicyResponse::IamPolicyAnalysis = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis").msgclass
|
258
|
-
AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats").msgclass
|
259
|
-
AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats::NodeType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats.NodeType").enummodule
|
260
|
-
IamPolicyAnalysisOutputConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig").msgclass
|
261
|
-
IamPolicyAnalysisOutputConfig::GcsDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination").msgclass
|
262
|
-
IamPolicyAnalysisOutputConfig::BigQueryDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination").msgclass
|
263
|
-
IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey").enummodule
|
264
|
-
IamPolicyAnalysisOutputConfig::BigQueryDestination::WriteMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.WriteMode").enummodule
|
265
|
-
ExportIamPolicyAnalysisRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportIamPolicyAnalysisRequest").msgclass
|
266
|
-
ExportIamPolicyAnalysisResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportIamPolicyAnalysisResponse").msgclass
|
267
160
|
ContentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ContentType").enummodule
|
268
161
|
end
|
269
162
|
end
|
@@ -73,19 +73,6 @@ module Google
|
|
73
73
|
# `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
|
74
74
|
# otherwise the request will be rejected.
|
75
75
|
rpc :SearchAllIamPolicies, Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest, Google::Cloud::Asset::V1::SearchAllIamPoliciesResponse
|
76
|
-
# Analyzes IAM policies to answer which identities have what accesses on
|
77
|
-
# which resources.
|
78
|
-
rpc :AnalyzeIamPolicy, Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse
|
79
|
-
# Exports the answers of which identities have what accesses on which
|
80
|
-
# resources to a Google Cloud Storage or a BigQuery destination. For Cloud
|
81
|
-
# Storage destination, the output format is the JSON format that represents a
|
82
|
-
# [google.cloud.asset.v1.AnalyzeIamPolicyResponse][google.cloud.asset.v1.AnalyzeIamPolicyResponse].
|
83
|
-
# This method implements the
|
84
|
-
# [google.longrunning.Operation][google.longrunning.Operation], which allows
|
85
|
-
# you to track the export status. We recommend intervals of at least 2
|
86
|
-
# seconds with exponential retry to poll the export operation result. The
|
87
|
-
# metadata contains the request to help callers to map responses to requests.
|
88
|
-
rpc :ExportIamPolicyAnalysis, Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest, Google::Longrunning::Operation
|
89
76
|
end
|
90
77
|
|
91
78
|
Stub = Service.rpc_stub_class
|
@@ -9,9 +9,11 @@ require 'google/iam/v1/policy_pb'
|
|
9
9
|
require 'google/identity/accesscontextmanager/v1/access_level_pb'
|
10
10
|
require 'google/identity/accesscontextmanager/v1/access_policy_pb'
|
11
11
|
require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
|
12
|
+
require 'google/protobuf/any_pb'
|
12
13
|
require 'google/protobuf/struct_pb'
|
13
14
|
require 'google/protobuf/timestamp_pb'
|
14
15
|
require 'google/rpc/code_pb'
|
16
|
+
require 'google/api/annotations_pb'
|
15
17
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
16
18
|
add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
|
17
19
|
add_message "google.cloud.asset.v1.TemporalAsset" do
|
@@ -78,45 +80,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
78
80
|
add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions" do
|
79
81
|
repeated :permissions, :string, 1
|
80
82
|
end
|
81
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisState" do
|
82
|
-
optional :code, :enum, 1, "google.rpc.Code"
|
83
|
-
optional :cause, :string, 2
|
84
|
-
end
|
85
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult" do
|
86
|
-
optional :attached_resource_full_name, :string, 1
|
87
|
-
optional :iam_binding, :message, 2, "google.iam.v1.Binding"
|
88
|
-
repeated :access_control_lists, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList"
|
89
|
-
optional :identity_list, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList"
|
90
|
-
optional :fully_explored, :bool, 5
|
91
|
-
end
|
92
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource" do
|
93
|
-
optional :full_resource_name, :string, 1
|
94
|
-
optional :analysis_state, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisState"
|
95
|
-
end
|
96
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Access" do
|
97
|
-
optional :analysis_state, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisState"
|
98
|
-
oneof :oneof_access do
|
99
|
-
optional :role, :string, 1
|
100
|
-
optional :permission, :string, 2
|
101
|
-
end
|
102
|
-
end
|
103
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity" do
|
104
|
-
optional :name, :string, 1
|
105
|
-
optional :analysis_state, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisState"
|
106
|
-
end
|
107
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge" do
|
108
|
-
optional :source_node, :string, 1
|
109
|
-
optional :target_node, :string, 2
|
110
|
-
end
|
111
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList" do
|
112
|
-
repeated :resources, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource"
|
113
|
-
repeated :accesses, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Access"
|
114
|
-
repeated :resource_edges, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
|
115
|
-
end
|
116
|
-
add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList" do
|
117
|
-
repeated :identities, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity"
|
118
|
-
repeated :group_edges, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
|
119
|
-
end
|
120
83
|
end
|
121
84
|
end
|
122
85
|
|
@@ -133,14 +96,6 @@ module Google
|
|
133
96
|
IamPolicySearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult").msgclass
|
134
97
|
IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
|
135
98
|
IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
|
136
|
-
IamPolicyAnalysisState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisState").msgclass
|
137
|
-
IamPolicyAnalysisResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult").msgclass
|
138
|
-
IamPolicyAnalysisResult::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Resource").msgclass
|
139
|
-
IamPolicyAnalysisResult::Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Access").msgclass
|
140
|
-
IamPolicyAnalysisResult::Identity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Identity").msgclass
|
141
|
-
IamPolicyAnalysisResult::Edge = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Edge").msgclass
|
142
|
-
IamPolicyAnalysisResult::AccessControlList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList").msgclass
|
143
|
-
IamPolicyAnalysisResult::IdentityList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList").msgclass
|
144
99
|
end
|
145
100
|
end
|
146
101
|
end
|
@@ -545,432 +545,6 @@ module Google
|
|
545
545
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
546
546
|
end
|
547
547
|
|
548
|
-
# IAM policy analysis query message.
|
549
|
-
# @!attribute [rw] scope
|
550
|
-
# @return [::String]
|
551
|
-
# The relative name of the root asset. Only resources and IAM policies within
|
552
|
-
# the scope will be analyzed.
|
553
|
-
#
|
554
|
-
# This can only be an organization number (such as "organizations/123"), a
|
555
|
-
# folder number (such as "folders/123"), a project ID (such as
|
556
|
-
# "projects/my-project-id"), or a project number (such as "projects/12345").
|
557
|
-
#
|
558
|
-
# To know how to get organization id, visit [here
|
559
|
-
# ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
|
560
|
-
#
|
561
|
-
# To know how to get folder or project id, visit [here
|
562
|
-
# ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
|
563
|
-
# @!attribute [rw] resource_selector
|
564
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::ResourceSelector]
|
565
|
-
# Specifies a resource for analysis.
|
566
|
-
# @!attribute [rw] identity_selector
|
567
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::IdentitySelector]
|
568
|
-
# Specifies an identity for analysis.
|
569
|
-
# @!attribute [rw] access_selector
|
570
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::AccessSelector]
|
571
|
-
# Specifies roles or permissions for analysis. This is optional.
|
572
|
-
# @!attribute [rw] options
|
573
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::Options]
|
574
|
-
# The query options.
|
575
|
-
class IamPolicyAnalysisQuery
|
576
|
-
include ::Google::Protobuf::MessageExts
|
577
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
578
|
-
|
579
|
-
# Specifies the resource to analyze for access policies, which may be set
|
580
|
-
# directly on the resource, or on ancestors such as organizations, folders or
|
581
|
-
# projects.
|
582
|
-
# @!attribute [rw] full_resource_name
|
583
|
-
# @return [::String]
|
584
|
-
# The [full resource name]
|
585
|
-
# (https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
586
|
-
# of a resource of [supported resource
|
587
|
-
# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
|
588
|
-
class ResourceSelector
|
589
|
-
include ::Google::Protobuf::MessageExts
|
590
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
591
|
-
end
|
592
|
-
|
593
|
-
# Specifies an identity for which to determine resource access, based on
|
594
|
-
# roles assigned either directly to them or to the groups they belong to,
|
595
|
-
# directly or indirectly.
|
596
|
-
# @!attribute [rw] identity
|
597
|
-
# @return [::String]
|
598
|
-
# The identity appear in the form of members in
|
599
|
-
# [IAM policy
|
600
|
-
# binding](https://cloud.google.com/iam/reference/rest/v1/Binding).
|
601
|
-
#
|
602
|
-
# The examples of supported forms are:
|
603
|
-
# "user:mike@example.com",
|
604
|
-
# "group:admins@example.com",
|
605
|
-
# "domain:google.com",
|
606
|
-
# "serviceAccount:my-project-id@appspot.gserviceaccount.com".
|
607
|
-
#
|
608
|
-
# Notice that wildcard characters (such as * and ?) are not supported.
|
609
|
-
# You must give a specific identity.
|
610
|
-
class IdentitySelector
|
611
|
-
include ::Google::Protobuf::MessageExts
|
612
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
613
|
-
end
|
614
|
-
|
615
|
-
# Specifies roles and/or permissions to analyze, to determine both the
|
616
|
-
# identities possessing them and the resources they control. If multiple
|
617
|
-
# values are specified, results will include roles or permissions matching
|
618
|
-
# any of them.
|
619
|
-
# @!attribute [rw] roles
|
620
|
-
# @return [::Array<::String>]
|
621
|
-
# The roles to appear in result.
|
622
|
-
# @!attribute [rw] permissions
|
623
|
-
# @return [::Array<::String>]
|
624
|
-
# The permissions to appear in result.
|
625
|
-
class AccessSelector
|
626
|
-
include ::Google::Protobuf::MessageExts
|
627
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
628
|
-
end
|
629
|
-
|
630
|
-
# Contains query options.
|
631
|
-
# @!attribute [rw] expand_groups
|
632
|
-
# @return [::Boolean]
|
633
|
-
# If true, the identities section of the result will expand any
|
634
|
-
# Google groups appearing in an IAM policy binding.
|
635
|
-
#
|
636
|
-
# If
|
637
|
-
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#identity_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.identity_selector}
|
638
|
-
# is specified, the identity in the result will be determined by the
|
639
|
-
# selector, and this flag is not allowed to set.
|
640
|
-
#
|
641
|
-
# Default is false.
|
642
|
-
# @!attribute [rw] expand_roles
|
643
|
-
# @return [::Boolean]
|
644
|
-
# If true, the access section of result will expand any roles
|
645
|
-
# appearing in IAM policy bindings to include their permissions.
|
646
|
-
#
|
647
|
-
# If
|
648
|
-
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#access_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.access_selector}
|
649
|
-
# is specified, the access section of the result will be determined by the
|
650
|
-
# selector, and this flag is not allowed to set.
|
651
|
-
#
|
652
|
-
# Default is false.
|
653
|
-
# @!attribute [rw] expand_resources
|
654
|
-
# @return [::Boolean]
|
655
|
-
# If true and
|
656
|
-
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector}
|
657
|
-
# is not specified, the resource section of the result will expand any
|
658
|
-
# resource attached to an IAM policy to include resources lower in the
|
659
|
-
# resource hierarchy.
|
660
|
-
#
|
661
|
-
# For example, if the request analyzes for which resources user A has
|
662
|
-
# permission P, and the results include an IAM policy with P on a GCP
|
663
|
-
# folder, the results will also include resources in that folder with
|
664
|
-
# permission P.
|
665
|
-
#
|
666
|
-
# If true and
|
667
|
-
# {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector}
|
668
|
-
# is specified, the resource section of the result will expand the
|
669
|
-
# specified resource to include resources lower in the resource hierarchy.
|
670
|
-
#
|
671
|
-
# For example, if the request analyzes for which users have permission P on
|
672
|
-
# a GCP folder with this option enabled, the results will include all users
|
673
|
-
# who have permission P on that folder or any lower resource(ex. project).
|
674
|
-
#
|
675
|
-
# Default is false.
|
676
|
-
# @!attribute [rw] output_resource_edges
|
677
|
-
# @return [::Boolean]
|
678
|
-
# If true, the result will output resource edges, starting
|
679
|
-
# from the policy attached resource, to any expanded resources.
|
680
|
-
# Default is false.
|
681
|
-
# @!attribute [rw] output_group_edges
|
682
|
-
# @return [::Boolean]
|
683
|
-
# If true, the result will output group identity edges, starting
|
684
|
-
# from the binding's group members, to any expanded identities.
|
685
|
-
# Default is false.
|
686
|
-
# @!attribute [rw] analyze_service_account_impersonation
|
687
|
-
# @return [::Boolean]
|
688
|
-
# If true, the response will include access analysis from identities to
|
689
|
-
# resources via service account impersonation. This is a very expensive
|
690
|
-
# operation, because many derived queries will be executed. We highly
|
691
|
-
# recommend you use
|
692
|
-
# {::Google::Cloud::Asset::V1::AssetService::Client#export_iam_policy_analysis google.cloud.asset.v1.AssetService.ExportIamPolicyAnalysis}
|
693
|
-
# rpc instead.
|
694
|
-
#
|
695
|
-
# For example, if the request analyzes for which resources user A has
|
696
|
-
# permission P, and there's an IAM policy states user A has
|
697
|
-
# iam.serviceAccounts.getAccessToken permission to a service account SA,
|
698
|
-
# and there's another IAM policy states service account SA has permission P
|
699
|
-
# to a GCP folder F, then user A potentially has access to the GCP folder
|
700
|
-
# F. And those advanced analysis results will be included in
|
701
|
-
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
|
702
|
-
#
|
703
|
-
# Another example, if the request analyzes for who has
|
704
|
-
# permission P to a GCP folder F, and there's an IAM policy states user A
|
705
|
-
# has iam.serviceAccounts.actAs permission to a service account SA, and
|
706
|
-
# there's another IAM policy states service account SA has permission P to
|
707
|
-
# the GCP folder F, then user A potentially has access to the GCP folder
|
708
|
-
# F. And those advanced analysis results will be included in
|
709
|
-
# {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
|
710
|
-
#
|
711
|
-
# Default is false.
|
712
|
-
# @!attribute [rw] max_fanouts_per_group
|
713
|
-
# @return [::Integer]
|
714
|
-
# The maximum number of fanouts per group when [expand_groups][expand_groups]
|
715
|
-
# is enabled. This internal field is to help load testing and determine a
|
716
|
-
# proper value, and won't be public in the future.
|
717
|
-
# @!attribute [rw] max_fanouts_per_resource
|
718
|
-
# @return [::Integer]
|
719
|
-
# The maximum number of fanouts per parent resource, such as
|
720
|
-
# GCP Project etc., when [expand_resources][] is enabled. This internal
|
721
|
-
# field is to help load testing and determine a proper value, and won't be
|
722
|
-
# public in the future.
|
723
|
-
class Options
|
724
|
-
include ::Google::Protobuf::MessageExts
|
725
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
726
|
-
end
|
727
|
-
end
|
728
|
-
|
729
|
-
# A request message for
|
730
|
-
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy google.cloud.asset.v1.AssetService.AnalyzeIamPolicy}.
|
731
|
-
# @!attribute [rw] analysis_query
|
732
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
|
733
|
-
# The request query.
|
734
|
-
# @!attribute [rw] execution_timeout
|
735
|
-
# @return [::Google::Protobuf::Duration]
|
736
|
-
# Amount of time executable has to complete. See JSON representation of
|
737
|
-
# [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
|
738
|
-
#
|
739
|
-
# If this field is set with a value less than the RPC deadline, and the
|
740
|
-
# execution of your query hasn't finished in the specified
|
741
|
-
# execution timeout, you will get a response with partial result.
|
742
|
-
# Otherwise, your query's execution will continue until the RPC deadline.
|
743
|
-
# If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
|
744
|
-
#
|
745
|
-
# Default is empty.
|
746
|
-
#
|
747
|
-
# (-- We had discussion of whether we should have this field in the --)
|
748
|
-
# (-- request or use the RPC deadline instead. We finally choose this --)
|
749
|
-
# (-- approach for the following reasons (detailed in --)
|
750
|
-
# (-- go/analyze-iam-policy-deadlines): --)
|
751
|
-
# (-- * HTTP clients have very limited support of the RPC deadline. --)
|
752
|
-
# (-- There is an X-Server-Timeout header introduced in 2019/09, but --)
|
753
|
-
# (-- only implemented in the C++ HTTP server library. --)
|
754
|
-
# (-- * The purpose of the RPC deadline is for RPC clients to --)
|
755
|
-
# (-- communicate its max waiting time to the server. This deadline --)
|
756
|
-
# (-- could be further propagated to the downstream servers. It is --)
|
757
|
-
# (-- mainly used for servers to cancel the request processing --)
|
758
|
-
# (-- to avoid resource wasting. Overloading the RPC deadline for --)
|
759
|
-
# (-- other purposes could make our backend system harder to reason --)
|
760
|
-
# (-- about. --)
|
761
|
-
class AnalyzeIamPolicyRequest
|
762
|
-
include ::Google::Protobuf::MessageExts
|
763
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
764
|
-
end
|
765
|
-
|
766
|
-
# A response message for
|
767
|
-
# {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy google.cloud.asset.v1.AssetService.AnalyzeIamPolicy}.
|
768
|
-
# @!attribute [rw] main_analysis
|
769
|
-
# @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis]
|
770
|
-
# The main analysis that matches the original request.
|
771
|
-
# @!attribute [rw] service_account_impersonation_analysis
|
772
|
-
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis>]
|
773
|
-
# The service account impersonation analysis if
|
774
|
-
# [google.cloud.asset.v1.AnalyzeIamPolicyRequest.analyze_service_account_impersonation][google.cloud.asset.v1.AnalyzeIamPolicyRequest.analyze_service_account_impersonation]
|
775
|
-
# is enabled.
|
776
|
-
# @!attribute [rw] fully_explored
|
777
|
-
# @return [::Boolean]
|
778
|
-
# Represents whether all entries in the [main_analysis][main_analysis] and
|
779
|
-
# [service_account_impersonation_analysis][] have been fully explored to
|
780
|
-
# answer the query in the request.
|
781
|
-
class AnalyzeIamPolicyResponse
|
782
|
-
include ::Google::Protobuf::MessageExts
|
783
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
784
|
-
|
785
|
-
# An analysis message to group the query and results.
|
786
|
-
# @!attribute [rw] analysis_query
|
787
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
|
788
|
-
# The analysis query.
|
789
|
-
# @!attribute [rw] analysis_results
|
790
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult>]
|
791
|
-
# A list of {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult google.cloud.asset.v1.IamPolicyAnalysisResult}
|
792
|
-
# that matches the analysis query, or empty if no result is found.
|
793
|
-
# @!attribute [rw] fully_explored
|
794
|
-
# @return [::Boolean]
|
795
|
-
# Represents whether all entries in the
|
796
|
-
# [analysis_results][analysis_results] have been fully explored to answer
|
797
|
-
# the query.
|
798
|
-
# @!attribute [rw] stats
|
799
|
-
# @return [::Array<::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats>]
|
800
|
-
# The stats of how the analysis has been explored.
|
801
|
-
# @!attribute [rw] non_critical_errors
|
802
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisState>]
|
803
|
-
# A list of non-critical errors happened during the query handling.
|
804
|
-
class IamPolicyAnalysis
|
805
|
-
include ::Google::Protobuf::MessageExts
|
806
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
807
|
-
|
808
|
-
# A stats message that contains a set of analysis metrics.
|
809
|
-
#
|
810
|
-
# Here are some equations to show relationships of the explicitly specified
|
811
|
-
# metrics with other implicit metrics:
|
812
|
-
# * node_count = discovered_node_count + undiscovered_node_count(implicit)
|
813
|
-
# * discovered_node_count = explored_node_count +
|
814
|
-
# unexplored_node_count(implicit)
|
815
|
-
# * explored_node_count = capped_node_count + uncapped_node_count(implicit)
|
816
|
-
# * unexplored_node_count(implicit) = permission_denied_node_count +
|
817
|
-
# execution_timeout_node_count + other_unexplored_node_count(implicit)
|
818
|
-
# * discovered_node_count = matched_node_count +
|
819
|
-
# unmatched_node_count(implicit)
|
820
|
-
# @!attribute [rw] node_type
|
821
|
-
# @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats::NodeType]
|
822
|
-
# Node type.
|
823
|
-
# @!attribute [rw] node_subtype
|
824
|
-
# @return [::String]
|
825
|
-
# The subtype of a node, such as:
|
826
|
-
# * For Identity: Group, User, ServiceAccount etc.
|
827
|
-
# * For Resource: resource type name, such as
|
828
|
-
# cloudresourcemanager.googleapis.com/Organization, etc.
|
829
|
-
# * For Access: Role or Permission
|
830
|
-
# @!attribute [rw] discovered_node_count
|
831
|
-
# @return [::Integer]
|
832
|
-
# The count of discovered nodes.
|
833
|
-
# @!attribute [rw] matched_node_count
|
834
|
-
# @return [::Integer]
|
835
|
-
# The count of nodes that match the query. These nodes form a sub-graph
|
836
|
-
# of discovered nodes.
|
837
|
-
# @!attribute [rw] explored_node_count
|
838
|
-
# @return [::Integer]
|
839
|
-
# The count of explored nodes.
|
840
|
-
# @!attribute [rw] capped_node_count
|
841
|
-
# @return [::Integer]
|
842
|
-
# The count of nodes that get explored, but are capped by max fanout
|
843
|
-
# setting.
|
844
|
-
# @!attribute [rw] permision_denied_node_count
|
845
|
-
# @return [::Integer]
|
846
|
-
# The count of unexplored nodes caused by permission denied error.
|
847
|
-
# @!attribute [rw] execution_timeout_node_count
|
848
|
-
# @return [::Integer]
|
849
|
-
# The count of unexplored nodes caused by execution timeout.
|
850
|
-
class Stats
|
851
|
-
include ::Google::Protobuf::MessageExts
|
852
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
853
|
-
|
854
|
-
# Type of the node.
|
855
|
-
module NodeType
|
856
|
-
# Unspecified node type.
|
857
|
-
NODE_TYPE_UNSPECIFIED = 0
|
858
|
-
|
859
|
-
# IAM Policy Binding node type.
|
860
|
-
BINDING = 1
|
861
|
-
|
862
|
-
# Identity node type.
|
863
|
-
IDENTITY = 2
|
864
|
-
|
865
|
-
# Resource node type.
|
866
|
-
RESOURCE = 3
|
867
|
-
|
868
|
-
# Access node type.
|
869
|
-
ACCESS = 4
|
870
|
-
end
|
871
|
-
end
|
872
|
-
end
|
873
|
-
end
|
874
|
-
|
875
|
-
# Output configuration for export IAM policy analysis destination.
|
876
|
-
# @!attribute [rw] gcs_destination
|
877
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::GcsDestination]
|
878
|
-
# Destination on Cloud Storage.
|
879
|
-
# @!attribute [rw] bigquery_destination
|
880
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination]
|
881
|
-
# Destination on BigQuery.
|
882
|
-
class IamPolicyAnalysisOutputConfig
|
883
|
-
include ::Google::Protobuf::MessageExts
|
884
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
885
|
-
|
886
|
-
# A Cloud Storage location.
|
887
|
-
# @!attribute [rw] uri
|
888
|
-
# @return [::String]
|
889
|
-
# The uri of the Cloud Storage object. It's the same uri that is used by
|
890
|
-
# gsutil. For example: "gs://bucket_name/object_name". See [Viewing and
|
891
|
-
# Editing Object
|
892
|
-
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
|
893
|
-
# for more information.
|
894
|
-
class GcsDestination
|
895
|
-
include ::Google::Protobuf::MessageExts
|
896
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
897
|
-
end
|
898
|
-
|
899
|
-
# A BigQuery destination.
|
900
|
-
# @!attribute [rw] dataset
|
901
|
-
# @return [::String]
|
902
|
-
# The BigQuery dataset in format "projects/projectId/datasets/datasetId",
|
903
|
-
# to which the analysis results should be exported. If this dataset does
|
904
|
-
# not exist, the export call will return an INVALID_ARGUMENT error.
|
905
|
-
# @!attribute [rw] table_prefix
|
906
|
-
# @return [::String]
|
907
|
-
# The prefix of the BigQuery tables to which the analysis results will be
|
908
|
-
# written. Tables will be created based on this table_prefix if not exist:
|
909
|
-
# * <table_prefix>_analysis table will contain export operation's metadata.
|
910
|
-
# * <table_prefix>_analysis_result will contain all the
|
911
|
-
# [IamPolicyAnalysisResult][].
|
912
|
-
# When [partition_key] is specified, both tables will be partitioned based
|
913
|
-
# on the [partition_key].
|
914
|
-
# @!attribute [rw] partition_key
|
915
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey]
|
916
|
-
# The partition key for BigQuery partitioned table.
|
917
|
-
# @!attribute [rw] write_mode
|
918
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination::WriteMode]
|
919
|
-
# The write mode when table exists. WriteMode is ignored when no existing
|
920
|
-
# tables, or no existing partitions are found.
|
921
|
-
class BigQueryDestination
|
922
|
-
include ::Google::Protobuf::MessageExts
|
923
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
924
|
-
|
925
|
-
# This enum determines the partition key column for the bigquery tables.
|
926
|
-
# Partitioning can improve query performance and reduce query cost by
|
927
|
-
# filtering partitions. Refer to
|
928
|
-
# https://cloud.google.com/bigquery/docs/partitioned-tables for details.
|
929
|
-
module PartitionKey
|
930
|
-
# Unspecified partition key. Tables won't be partitioned using this
|
931
|
-
# option.
|
932
|
-
PARTITION_KEY_UNSPECIFIED = 0
|
933
|
-
|
934
|
-
# The time when the request is received. If specified as partition key,
|
935
|
-
# the result table(s) is partitoned by the RequestTime column, an
|
936
|
-
# additional timestamp column representing when the request was received.
|
937
|
-
REQUEST_TIME = 1
|
938
|
-
end
|
939
|
-
|
940
|
-
# Write mode types if table exists.
|
941
|
-
module WriteMode
|
942
|
-
# Unspecified write mode. We expect one of the following valid modes must
|
943
|
-
# be specified when table or partition exists.
|
944
|
-
WRITE_MODE_UNSPECIFIED = 0
|
945
|
-
|
946
|
-
# Abort the export when table or partition exists.
|
947
|
-
ABORT = 1
|
948
|
-
|
949
|
-
# Overwrite the table when table exists. When partitioned, overwrite
|
950
|
-
# the existing partition.
|
951
|
-
OVERWRITE = 2
|
952
|
-
end
|
953
|
-
end
|
954
|
-
end
|
955
|
-
|
956
|
-
# A request message for [AssetService.ExportIamPolicyAnalysis][].
|
957
|
-
# @!attribute [rw] analysis_query
|
958
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
|
959
|
-
# The request query.
|
960
|
-
# @!attribute [rw] output_config
|
961
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig]
|
962
|
-
# Output configuration indicating where the results will be output to.
|
963
|
-
class ExportIamPolicyAnalysisRequest
|
964
|
-
include ::Google::Protobuf::MessageExts
|
965
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
966
|
-
end
|
967
|
-
|
968
|
-
# The export IAM policy analysis response.
|
969
|
-
class ExportIamPolicyAnalysisResponse
|
970
|
-
include ::Google::Protobuf::MessageExts
|
971
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
972
|
-
end
|
973
|
-
|
974
548
|
# Asset content type.
|
975
549
|
module ContentType
|
976
550
|
# Unspecified content type.
|
@@ -396,182 +396,6 @@ module Google
|
|
396
396
|
end
|
397
397
|
end
|
398
398
|
end
|
399
|
-
|
400
|
-
# Represents the detailed state of an entity under analysis, such as a
|
401
|
-
# resource, an identity or an access.
|
402
|
-
# @!attribute [rw] code
|
403
|
-
# @return [::Google::Rpc::Code]
|
404
|
-
# The Google standard error code that best describes the state.
|
405
|
-
# For example:
|
406
|
-
# - OK means the analysis on this entity has been successfully finished;
|
407
|
-
# - PERMISSION_DENIED means an access denied error is encountered;
|
408
|
-
# - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
|
409
|
-
# in time;
|
410
|
-
# @!attribute [rw] cause
|
411
|
-
# @return [::String]
|
412
|
-
# The human-readable description of the cause of failure.
|
413
|
-
class IamPolicyAnalysisState
|
414
|
-
include ::Google::Protobuf::MessageExts
|
415
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
416
|
-
end
|
417
|
-
|
418
|
-
# IAM Policy analysis result, consisting of one IAM policy binding and derived
|
419
|
-
# access control lists.
|
420
|
-
# @!attribute [rw] attached_resource_full_name
|
421
|
-
# @return [::String]
|
422
|
-
# The [full resource
|
423
|
-
# name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
424
|
-
# of the resource to which the [iam_binding][iam_binding] policy attaches.
|
425
|
-
# (-- api-linter: core::0122::name-suffix=disabled
|
426
|
-
# aip.dev/not-precedent: full_resource_name is a public notion in GCP.
|
427
|
-
# --)
|
428
|
-
# @!attribute [rw] iam_binding
|
429
|
-
# @return [::Google::Iam::V1::Binding]
|
430
|
-
# The Cloud IAM policy binding under analysis.
|
431
|
-
# @!attribute [rw] access_control_lists
|
432
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
|
433
|
-
# The access control lists derived from the [iam_binding][iam_binding] that
|
434
|
-
# match or potentially match resource and access selectors specified in the
|
435
|
-
# request.
|
436
|
-
# @!attribute [rw] identity_list
|
437
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
|
438
|
-
# The identity list derived from members of the [iam_binding][iam_binding]
|
439
|
-
# that match or potentially match identity selector specified in the request.
|
440
|
-
# @!attribute [rw] fully_explored
|
441
|
-
# @return [::Boolean]
|
442
|
-
# Represents whether all analyses on the [iam_binding][iam_binding] have
|
443
|
-
# successfully finished.
|
444
|
-
class IamPolicyAnalysisResult
|
445
|
-
include ::Google::Protobuf::MessageExts
|
446
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
447
|
-
|
448
|
-
# A Google Cloud resource under analysis.
|
449
|
-
# @!attribute [rw] full_resource_name
|
450
|
-
# @return [::String]
|
451
|
-
# The [full resource
|
452
|
-
# name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
|
453
|
-
# (-- api-linter: core::0122::name-suffix=disabled
|
454
|
-
# aip.dev/not-precedent: full_resource_name is a public notion in GCP.
|
455
|
-
# --)
|
456
|
-
# @!attribute [rw] analysis_state
|
457
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
458
|
-
# The analysis state of this resource.
|
459
|
-
class Resource
|
460
|
-
include ::Google::Protobuf::MessageExts
|
461
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
462
|
-
end
|
463
|
-
|
464
|
-
# An IAM role or permission under analysis.
|
465
|
-
# @!attribute [rw] role
|
466
|
-
# @return [::String]
|
467
|
-
# The role.
|
468
|
-
# @!attribute [rw] permission
|
469
|
-
# @return [::String]
|
470
|
-
# The permission.
|
471
|
-
# @!attribute [rw] analysis_state
|
472
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
473
|
-
# The analysis state of this access.
|
474
|
-
class Access
|
475
|
-
include ::Google::Protobuf::MessageExts
|
476
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
477
|
-
end
|
478
|
-
|
479
|
-
# An identity under analysis.
|
480
|
-
# (-- api-linter: core::0123::resource-annotation=disabled
|
481
|
-
# aip.dev/not-precedent: Identity name is not a resource. --)
|
482
|
-
# @!attribute [rw] name
|
483
|
-
# @return [::String]
|
484
|
-
# The identity name in any form of members appear in
|
485
|
-
# [IAM policy
|
486
|
-
# binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
|
487
|
-
# as:
|
488
|
-
# - user:foo@google.com
|
489
|
-
# - group:group1@google.com
|
490
|
-
# - serviceAccount:s1@prj1.iam.gserviceaccount.com
|
491
|
-
# - projectOwner:some_project_id
|
492
|
-
# - domain:google.com
|
493
|
-
# - allUsers
|
494
|
-
# - etc.
|
495
|
-
# @!attribute [rw] analysis_state
|
496
|
-
# @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
|
497
|
-
# The analysis state of this identity.
|
498
|
-
class Identity
|
499
|
-
include ::Google::Protobuf::MessageExts
|
500
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
501
|
-
end
|
502
|
-
|
503
|
-
# A directional edge.
|
504
|
-
# @!attribute [rw] source_node
|
505
|
-
# @return [::String]
|
506
|
-
# The source node of the edge. For example, it could be a full resource
|
507
|
-
# name for a resource node or an email of an identity.
|
508
|
-
# @!attribute [rw] target_node
|
509
|
-
# @return [::String]
|
510
|
-
# The target node of the edge. For example, it could be a full resource
|
511
|
-
# name for a resource node or an email of an identity.
|
512
|
-
class Edge
|
513
|
-
include ::Google::Protobuf::MessageExts
|
514
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
515
|
-
end
|
516
|
-
|
517
|
-
# An access control list, derived from the above IAM policy binding, which
|
518
|
-
# contains a set of resources and accesses. May include one
|
519
|
-
# item from each set to compose an access control entry.
|
520
|
-
#
|
521
|
-
# NOTICE that there could be multiple access control lists for one IAM policy
|
522
|
-
# binding. The access control lists are created based on resource and access
|
523
|
-
# combinations.
|
524
|
-
#
|
525
|
-
# For example, assume we have the following cases in one IAM policy binding:
|
526
|
-
# - Permission P1 and P2 apply to resource R1 and R2;
|
527
|
-
# - Permission P3 applies to resource R2 and R3;
|
528
|
-
#
|
529
|
-
# This will result in the following access control lists:
|
530
|
-
# - AccessControlList 1: [R1, R2], [P1, P2]
|
531
|
-
# - AccessControlList 2: [R2, R3], [P3]
|
532
|
-
# @!attribute [rw] resources
|
533
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
|
534
|
-
# The resources that match one of the following conditions:
|
535
|
-
# - The resource_selector, if it is specified in request;
|
536
|
-
# - Otherwise, resources reachable from the policy attached resource.
|
537
|
-
# @!attribute [rw] accesses
|
538
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
|
539
|
-
# The accesses that match one of the following conditions:
|
540
|
-
# - The access_selector, if it is specified in request;
|
541
|
-
# - Otherwise, access specifiers reachable from the policy binding's role.
|
542
|
-
# @!attribute [rw] resource_edges
|
543
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
|
544
|
-
# Resource edges of the graph starting from the policy attached
|
545
|
-
# resource to any descendant resources. The [Edge.source_node][] contains
|
546
|
-
# the full resource name of a parent resource and [Edge.target_node][]
|
547
|
-
# contains the full resource name of a child resource. This field is
|
548
|
-
# present only if the output_resource_edges option is enabled in request.
|
549
|
-
class AccessControlList
|
550
|
-
include ::Google::Protobuf::MessageExts
|
551
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
552
|
-
end
|
553
|
-
|
554
|
-
# The identities and group edges.
|
555
|
-
# @!attribute [rw] identities
|
556
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
|
557
|
-
# Only the identities that match one of the following conditions will be
|
558
|
-
# presented:
|
559
|
-
# - The identity_selector, if it is specified in request;
|
560
|
-
# - Otherwise, identities reachable from the policy binding's members.
|
561
|
-
# @!attribute [rw] group_edges
|
562
|
-
# @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
|
563
|
-
# Group identity edges of the graph starting from the binding's
|
564
|
-
# group members to any node of the [identities][]. The [Edge.source_node][]
|
565
|
-
# contains a group, such as `group:parent@google.com`. The
|
566
|
-
# [Edge.target_node][] contains a member of the group,
|
567
|
-
# such as `group:child@google.com` or `user:foo@google.com`.
|
568
|
-
# This field is present only if the output_group_edges option is enabled in
|
569
|
-
# request.
|
570
|
-
class IdentityList
|
571
|
-
include ::Google::Protobuf::MessageExts
|
572
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
573
|
-
end
|
574
|
-
end
|
575
399
|
end
|
576
400
|
end
|
577
401
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-asset-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|