google-cloud-asset-v1 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 47903709aadc0bfaa500654626a56c96aae048c5b901a5b0c60d79e6186ae997
4
- data.tar.gz: 720eb8288342eb67e1d314ac048500bea99c7f8c6a71d1edd941048ecfac1134
3
+ metadata.gz: 7601e08b3f6d242baec633460a4e82037603a86284c15071dda3595e20984b4d
4
+ data.tar.gz: 5dddf6f643e226cc7a0c9d070bd755a9735fad69d33ad1237070b80d38276a24
5
5
  SHA512:
6
- metadata.gz: 9eaef8da1ab7e67c1efa41f4f31c88587508eb2350e2d703833967a1cb66d10a2e44e30d6af121d290a5e6f97671b8cef4c1d020965674bcdef919edc31faa6a
7
- data.tar.gz: 5aa1b26f56d54da1627fefc83a3d6bc2bd74ae9b058ec943aa162183f1624ba0b922b0c79a60869640545a43b67cec442d8e1d77048209e3f60f60150ff1520f
6
+ metadata.gz: 5ee7a713b523233cdc7b35f12ae891388713619ca96743a8e3b1d3c30bdefd09a3be70ec00c0ada079c0a93ab85d890d1d3c7e11b7b266b51ba9d7406765ad5e
7
+ data.tar.gz: b3d0f7fa841d88066fe72e4835cd33891a0fb9be93ce60a80a221647bf4850e72901ee5b429c36aa733983648083d024d3118044a00099ca6e1d31dc236395e6
@@ -119,16 +119,6 @@ module Google
119
119
  retry_codes: [4, 14]
120
120
  }
121
121
 
122
- default_config.rpcs.analyze_iam_policy.timeout = 300.0
123
- default_config.rpcs.analyze_iam_policy.retry_policy = {
124
- initial_delay: 0.1,
125
- max_delay: 60.0,
126
- multiplier: 1.3,
127
- retry_codes: [14]
128
- }
129
-
130
- default_config.rpcs.export_iam_policy_analysis.timeout = 60.0
131
-
132
122
  default_config
133
123
  end
134
124
  yield @configure if block_given?
@@ -1038,176 +1028,6 @@ module Google
1038
1028
  raise ::Google::Cloud::Error.from_error(e)
1039
1029
  end
1040
1030
 
1041
- ##
1042
- # Analyzes IAM policies to answer which identities have what accesses on
1043
- # which resources.
1044
- #
1045
- # @overload analyze_iam_policy(request, options = nil)
1046
- # Pass arguments to `analyze_iam_policy` via a request object, either of type
1047
- # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest} or an equivalent Hash.
1048
- #
1049
- # @param request [::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, ::Hash]
1050
- # A request object representing the call parameters. Required. To specify no
1051
- # parameters, or to keep all the default parameter values, pass an empty Hash.
1052
- # @param options [::Gapic::CallOptions, ::Hash]
1053
- # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1054
- #
1055
- # @overload analyze_iam_policy(analysis_query: nil, execution_timeout: nil)
1056
- # Pass arguments to `analyze_iam_policy` via keyword arguments. Note that at
1057
- # least one keyword argument is required. To specify no parameters, or to keep all
1058
- # the default parameter values, pass an empty Hash as a request object (see above).
1059
- #
1060
- # @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
1061
- # The request query.
1062
- # @param execution_timeout [::Google::Protobuf::Duration, ::Hash]
1063
- # Amount of time executable has to complete. See JSON representation of
1064
- # [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
1065
- #
1066
- # If this field is set with a value less than the RPC deadline, and the
1067
- # execution of your query hasn't finished in the specified
1068
- # execution timeout, you will get a response with partial result.
1069
- # Otherwise, your query's execution will continue until the RPC deadline.
1070
- # If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
1071
- #
1072
- # Default is empty.
1073
- #
1074
- # (-- We had discussion of whether we should have this field in the --)
1075
- # (-- request or use the RPC deadline instead. We finally choose this --)
1076
- # (-- approach for the following reasons (detailed in --)
1077
- # (-- go/analyze-iam-policy-deadlines): --)
1078
- # (-- * HTTP clients have very limited support of the RPC deadline. --)
1079
- # (-- There is an X-Server-Timeout header introduced in 2019/09, but --)
1080
- # (-- only implemented in the C++ HTTP server library. --)
1081
- # (-- * The purpose of the RPC deadline is for RPC clients to --)
1082
- # (-- communicate its max waiting time to the server. This deadline --)
1083
- # (-- could be further propagated to the downstream servers. It is --)
1084
- # (-- mainly used for servers to cancel the request processing --)
1085
- # (-- to avoid resource wasting. Overloading the RPC deadline for --)
1086
- # (-- other purposes could make our backend system harder to reason --)
1087
- # (-- about. --)
1088
- #
1089
- # @yield [response, operation] Access the result along with the RPC operation
1090
- # @yieldparam response [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
1091
- # @yieldparam operation [::GRPC::ActiveCall::Operation]
1092
- #
1093
- # @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
1094
- #
1095
- # @raise [::Google::Cloud::Error] if the RPC is aborted.
1096
- #
1097
- def analyze_iam_policy request, options = nil
1098
- raise ::ArgumentError, "request must be provided" if request.nil?
1099
-
1100
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest
1101
-
1102
- # Converts hash and nil to an options object
1103
- options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1104
-
1105
- # Customize the options with defaults
1106
- metadata = @config.rpcs.analyze_iam_policy.metadata.to_h
1107
-
1108
- # Set x-goog-api-client and x-goog-user-project headers
1109
- metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1110
- lib_name: @config.lib_name, lib_version: @config.lib_version,
1111
- gapic_version: ::Google::Cloud::Asset::V1::VERSION
1112
- metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1113
-
1114
- header_params = {
1115
- "analysis_query.scope" => request.analysis_query.scope
1116
- }
1117
- request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1118
- metadata[:"x-goog-request-params"] ||= request_params_header
1119
-
1120
- options.apply_defaults timeout: @config.rpcs.analyze_iam_policy.timeout,
1121
- metadata: metadata,
1122
- retry_policy: @config.rpcs.analyze_iam_policy.retry_policy
1123
- options.apply_defaults metadata: @config.metadata,
1124
- retry_policy: @config.retry_policy
1125
-
1126
- @asset_service_stub.call_rpc :analyze_iam_policy, request, options: options do |response, operation|
1127
- yield response, operation if block_given?
1128
- return response
1129
- end
1130
- rescue ::GRPC::BadStatus => e
1131
- raise ::Google::Cloud::Error.from_error(e)
1132
- end
1133
-
1134
- ##
1135
- # Exports the answers of which identities have what accesses on which
1136
- # resources to a Google Cloud Storage or a BigQuery destination. For Cloud
1137
- # Storage destination, the output format is the JSON format that represents a
1138
- # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse google.cloud.asset.v1.AnalyzeIamPolicyResponse}.
1139
- # This method implements the
1140
- # {::Google::Longrunning::Operation google.longrunning.Operation}, which allows
1141
- # you to track the export status. We recommend intervals of at least 2
1142
- # seconds with exponential retry to poll the export operation result. The
1143
- # metadata contains the request to help callers to map responses to requests.
1144
- #
1145
- # @overload export_iam_policy_analysis(request, options = nil)
1146
- # Pass arguments to `export_iam_policy_analysis` via a request object, either of type
1147
- # {::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest} or an equivalent Hash.
1148
- #
1149
- # @param request [::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest, ::Hash]
1150
- # A request object representing the call parameters. Required. To specify no
1151
- # parameters, or to keep all the default parameter values, pass an empty Hash.
1152
- # @param options [::Gapic::CallOptions, ::Hash]
1153
- # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1154
- #
1155
- # @overload export_iam_policy_analysis(analysis_query: nil, output_config: nil)
1156
- # Pass arguments to `export_iam_policy_analysis` via keyword arguments. Note that at
1157
- # least one keyword argument is required. To specify no parameters, or to keep all
1158
- # the default parameter values, pass an empty Hash as a request object (see above).
1159
- #
1160
- # @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
1161
- # The request query.
1162
- # @param output_config [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig, ::Hash]
1163
- # Output configuration indicating where the results will be output to.
1164
- #
1165
- # @yield [response, operation] Access the result along with the RPC operation
1166
- # @yieldparam response [::Gapic::Operation]
1167
- # @yieldparam operation [::GRPC::ActiveCall::Operation]
1168
- #
1169
- # @return [::Gapic::Operation]
1170
- #
1171
- # @raise [::Google::Cloud::Error] if the RPC is aborted.
1172
- #
1173
- def export_iam_policy_analysis request, options = nil
1174
- raise ::ArgumentError, "request must be provided" if request.nil?
1175
-
1176
- request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest
1177
-
1178
- # Converts hash and nil to an options object
1179
- options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1180
-
1181
- # Customize the options with defaults
1182
- metadata = @config.rpcs.export_iam_policy_analysis.metadata.to_h
1183
-
1184
- # Set x-goog-api-client and x-goog-user-project headers
1185
- metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1186
- lib_name: @config.lib_name, lib_version: @config.lib_version,
1187
- gapic_version: ::Google::Cloud::Asset::V1::VERSION
1188
- metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1189
-
1190
- header_params = {
1191
- "analysis_query.scope" => request.analysis_query.scope
1192
- }
1193
- request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1194
- metadata[:"x-goog-request-params"] ||= request_params_header
1195
-
1196
- options.apply_defaults timeout: @config.rpcs.export_iam_policy_analysis.timeout,
1197
- metadata: metadata,
1198
- retry_policy: @config.rpcs.export_iam_policy_analysis.retry_policy
1199
- options.apply_defaults metadata: @config.metadata,
1200
- retry_policy: @config.retry_policy
1201
-
1202
- @asset_service_stub.call_rpc :export_iam_policy_analysis, request, options: options do |response, operation|
1203
- response = ::Gapic::Operation.new response, @operations_client, options: options
1204
- yield response, operation if block_given?
1205
- return response
1206
- end
1207
- rescue ::GRPC::BadStatus => e
1208
- raise ::Google::Cloud::Error.from_error(e)
1209
- end
1210
-
1211
1031
  ##
1212
1032
  # Configuration class for the AssetService API.
1213
1033
  #
@@ -1389,16 +1209,6 @@ module Google
1389
1209
  # @return [::Gapic::Config::Method]
1390
1210
  #
1391
1211
  attr_reader :search_all_iam_policies
1392
- ##
1393
- # RPC-specific configuration for `analyze_iam_policy`
1394
- # @return [::Gapic::Config::Method]
1395
- #
1396
- attr_reader :analyze_iam_policy
1397
- ##
1398
- # RPC-specific configuration for `export_iam_policy_analysis`
1399
- # @return [::Gapic::Config::Method]
1400
- #
1401
- attr_reader :export_iam_policy_analysis
1402
1212
 
1403
1213
  # @private
1404
1214
  def initialize parent_rpcs = nil
@@ -1420,10 +1230,6 @@ module Google
1420
1230
  @search_all_resources = ::Gapic::Config::Method.new search_all_resources_config
1421
1231
  search_all_iam_policies_config = parent_rpcs&.search_all_iam_policies if parent_rpcs&.respond_to? :search_all_iam_policies
1422
1232
  @search_all_iam_policies = ::Gapic::Config::Method.new search_all_iam_policies_config
1423
- analyze_iam_policy_config = parent_rpcs&.analyze_iam_policy if parent_rpcs&.respond_to? :analyze_iam_policy
1424
- @analyze_iam_policy = ::Gapic::Config::Method.new analyze_iam_policy_config
1425
- export_iam_policy_analysis_config = parent_rpcs&.export_iam_policy_analysis if parent_rpcs&.respond_to? :export_iam_policy_analysis
1426
- @export_iam_policy_analysis = ::Gapic::Config::Method.new export_iam_policy_analysis_config
1427
1233
 
1428
1234
  yield self if block_given?
1429
1235
  end
@@ -121,96 +121,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
121
121
  repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
122
122
  optional :next_page_token, :string, 2
123
123
  end
124
- add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery" do
125
- optional :scope, :string, 1
126
- optional :resource_selector, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector"
127
- optional :identity_selector, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector"
128
- optional :access_selector, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector"
129
- optional :options, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options"
130
- end
131
- add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector" do
132
- optional :full_resource_name, :string, 1
133
- end
134
- add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector" do
135
- optional :identity, :string, 1
136
- end
137
- add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector" do
138
- repeated :roles, :string, 1
139
- repeated :permissions, :string, 2
140
- end
141
- add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options" do
142
- optional :expand_groups, :bool, 1
143
- optional :expand_roles, :bool, 2
144
- optional :expand_resources, :bool, 3
145
- optional :output_resource_edges, :bool, 4
146
- optional :output_group_edges, :bool, 5
147
- optional :analyze_service_account_impersonation, :bool, 6
148
- optional :max_fanouts_per_group, :int32, 7
149
- optional :max_fanouts_per_resource, :int32, 8
150
- end
151
- add_message "google.cloud.asset.v1.AnalyzeIamPolicyRequest" do
152
- optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
153
- optional :execution_timeout, :message, 2, "google.protobuf.Duration"
154
- end
155
- add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse" do
156
- optional :main_analysis, :message, 1, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis"
157
- repeated :service_account_impersonation_analysis, :message, 2, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis"
158
- optional :fully_explored, :bool, 3
159
- end
160
- add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis" do
161
- optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
162
- repeated :analysis_results, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult"
163
- optional :fully_explored, :bool, 3
164
- repeated :stats, :message, 4, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats"
165
- repeated :non_critical_errors, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisState"
166
- end
167
- add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats" do
168
- optional :node_type, :enum, 1, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats.NodeType"
169
- optional :node_subtype, :string, 2
170
- optional :discovered_node_count, :int32, 3
171
- optional :matched_node_count, :int32, 4
172
- optional :explored_node_count, :int32, 5
173
- optional :capped_node_count, :int32, 6
174
- optional :permision_denied_node_count, :int32, 7
175
- optional :execution_timeout_node_count, :int32, 8
176
- end
177
- add_enum "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats.NodeType" do
178
- value :NODE_TYPE_UNSPECIFIED, 0
179
- value :BINDING, 1
180
- value :IDENTITY, 2
181
- value :RESOURCE, 3
182
- value :ACCESS, 4
183
- end
184
- add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig" do
185
- oneof :destination do
186
- optional :gcs_destination, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination"
187
- optional :bigquery_destination, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination"
188
- end
189
- end
190
- add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination" do
191
- optional :uri, :string, 1
192
- end
193
- add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination" do
194
- optional :dataset, :string, 1
195
- optional :table_prefix, :string, 2
196
- optional :partition_key, :enum, 3, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey"
197
- optional :write_mode, :enum, 4, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.WriteMode"
198
- end
199
- add_enum "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey" do
200
- value :PARTITION_KEY_UNSPECIFIED, 0
201
- value :REQUEST_TIME, 1
202
- end
203
- add_enum "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.WriteMode" do
204
- value :WRITE_MODE_UNSPECIFIED, 0
205
- value :ABORT, 1
206
- value :OVERWRITE, 2
207
- end
208
- add_message "google.cloud.asset.v1.ExportIamPolicyAnalysisRequest" do
209
- optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
210
- optional :output_config, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig"
211
- end
212
- add_message "google.cloud.asset.v1.ExportIamPolicyAnalysisResponse" do
213
- end
214
124
  add_enum "google.cloud.asset.v1.ContentType" do
215
125
  value :CONTENT_TYPE_UNSPECIFIED, 0
216
126
  value :RESOURCE, 1
@@ -247,23 +157,6 @@ module Google
247
157
  SearchAllResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesResponse").msgclass
248
158
  SearchAllIamPoliciesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesRequest").msgclass
249
159
  SearchAllIamPoliciesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesResponse").msgclass
250
- IamPolicyAnalysisQuery = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery").msgclass
251
- IamPolicyAnalysisQuery::ResourceSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector").msgclass
252
- IamPolicyAnalysisQuery::IdentitySelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector").msgclass
253
- IamPolicyAnalysisQuery::AccessSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector").msgclass
254
- IamPolicyAnalysisQuery::Options = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.Options").msgclass
255
- AnalyzeIamPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyRequest").msgclass
256
- AnalyzeIamPolicyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse").msgclass
257
- AnalyzeIamPolicyResponse::IamPolicyAnalysis = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis").msgclass
258
- AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats").msgclass
259
- AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats::NodeType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.Stats.NodeType").enummodule
260
- IamPolicyAnalysisOutputConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig").msgclass
261
- IamPolicyAnalysisOutputConfig::GcsDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination").msgclass
262
- IamPolicyAnalysisOutputConfig::BigQueryDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination").msgclass
263
- IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey").enummodule
264
- IamPolicyAnalysisOutputConfig::BigQueryDestination::WriteMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.WriteMode").enummodule
265
- ExportIamPolicyAnalysisRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportIamPolicyAnalysisRequest").msgclass
266
- ExportIamPolicyAnalysisResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportIamPolicyAnalysisResponse").msgclass
267
160
  ContentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ContentType").enummodule
268
161
  end
269
162
  end
@@ -73,19 +73,6 @@ module Google
73
73
  # `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
74
74
  # otherwise the request will be rejected.
75
75
  rpc :SearchAllIamPolicies, Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest, Google::Cloud::Asset::V1::SearchAllIamPoliciesResponse
76
- # Analyzes IAM policies to answer which identities have what accesses on
77
- # which resources.
78
- rpc :AnalyzeIamPolicy, Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse
79
- # Exports the answers of which identities have what accesses on which
80
- # resources to a Google Cloud Storage or a BigQuery destination. For Cloud
81
- # Storage destination, the output format is the JSON format that represents a
82
- # [google.cloud.asset.v1.AnalyzeIamPolicyResponse][google.cloud.asset.v1.AnalyzeIamPolicyResponse].
83
- # This method implements the
84
- # [google.longrunning.Operation][google.longrunning.Operation], which allows
85
- # you to track the export status. We recommend intervals of at least 2
86
- # seconds with exponential retry to poll the export operation result. The
87
- # metadata contains the request to help callers to map responses to requests.
88
- rpc :ExportIamPolicyAnalysis, Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest, Google::Longrunning::Operation
89
76
  end
90
77
 
91
78
  Stub = Service.rpc_stub_class
@@ -9,9 +9,11 @@ require 'google/iam/v1/policy_pb'
9
9
  require 'google/identity/accesscontextmanager/v1/access_level_pb'
10
10
  require 'google/identity/accesscontextmanager/v1/access_policy_pb'
11
11
  require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
12
+ require 'google/protobuf/any_pb'
12
13
  require 'google/protobuf/struct_pb'
13
14
  require 'google/protobuf/timestamp_pb'
14
15
  require 'google/rpc/code_pb'
16
+ require 'google/api/annotations_pb'
15
17
  Google::Protobuf::DescriptorPool.generated_pool.build do
16
18
  add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
17
19
  add_message "google.cloud.asset.v1.TemporalAsset" do
@@ -78,45 +80,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
78
80
  add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions" do
79
81
  repeated :permissions, :string, 1
80
82
  end
81
- add_message "google.cloud.asset.v1.IamPolicyAnalysisState" do
82
- optional :code, :enum, 1, "google.rpc.Code"
83
- optional :cause, :string, 2
84
- end
85
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult" do
86
- optional :attached_resource_full_name, :string, 1
87
- optional :iam_binding, :message, 2, "google.iam.v1.Binding"
88
- repeated :access_control_lists, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList"
89
- optional :identity_list, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList"
90
- optional :fully_explored, :bool, 5
91
- end
92
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource" do
93
- optional :full_resource_name, :string, 1
94
- optional :analysis_state, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisState"
95
- end
96
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Access" do
97
- optional :analysis_state, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisState"
98
- oneof :oneof_access do
99
- optional :role, :string, 1
100
- optional :permission, :string, 2
101
- end
102
- end
103
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity" do
104
- optional :name, :string, 1
105
- optional :analysis_state, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisState"
106
- end
107
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge" do
108
- optional :source_node, :string, 1
109
- optional :target_node, :string, 2
110
- end
111
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList" do
112
- repeated :resources, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource"
113
- repeated :accesses, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Access"
114
- repeated :resource_edges, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
115
- end
116
- add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList" do
117
- repeated :identities, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity"
118
- repeated :group_edges, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
119
- end
120
83
  end
121
84
  end
122
85
 
@@ -133,14 +96,6 @@ module Google
133
96
  IamPolicySearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult").msgclass
134
97
  IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
135
98
  IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
136
- IamPolicyAnalysisState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisState").msgclass
137
- IamPolicyAnalysisResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult").msgclass
138
- IamPolicyAnalysisResult::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Resource").msgclass
139
- IamPolicyAnalysisResult::Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Access").msgclass
140
- IamPolicyAnalysisResult::Identity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Identity").msgclass
141
- IamPolicyAnalysisResult::Edge = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Edge").msgclass
142
- IamPolicyAnalysisResult::AccessControlList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList").msgclass
143
- IamPolicyAnalysisResult::IdentityList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList").msgclass
144
99
  end
145
100
  end
146
101
  end
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Asset
23
23
  module V1
24
- VERSION = "0.6.0"
24
+ VERSION = "0.6.1"
25
25
  end
26
26
  end
27
27
  end
@@ -545,432 +545,6 @@ module Google
545
545
  extend ::Google::Protobuf::MessageExts::ClassMethods
546
546
  end
547
547
 
548
- # IAM policy analysis query message.
549
- # @!attribute [rw] scope
550
- # @return [::String]
551
- # The relative name of the root asset. Only resources and IAM policies within
552
- # the scope will be analyzed.
553
- #
554
- # This can only be an organization number (such as "organizations/123"), a
555
- # folder number (such as "folders/123"), a project ID (such as
556
- # "projects/my-project-id"), or a project number (such as "projects/12345").
557
- #
558
- # To know how to get organization id, visit [here
559
- # ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
560
- #
561
- # To know how to get folder or project id, visit [here
562
- # ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
563
- # @!attribute [rw] resource_selector
564
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::ResourceSelector]
565
- # Specifies a resource for analysis.
566
- # @!attribute [rw] identity_selector
567
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::IdentitySelector]
568
- # Specifies an identity for analysis.
569
- # @!attribute [rw] access_selector
570
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::AccessSelector]
571
- # Specifies roles or permissions for analysis. This is optional.
572
- # @!attribute [rw] options
573
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::Options]
574
- # The query options.
575
- class IamPolicyAnalysisQuery
576
- include ::Google::Protobuf::MessageExts
577
- extend ::Google::Protobuf::MessageExts::ClassMethods
578
-
579
- # Specifies the resource to analyze for access policies, which may be set
580
- # directly on the resource, or on ancestors such as organizations, folders or
581
- # projects.
582
- # @!attribute [rw] full_resource_name
583
- # @return [::String]
584
- # The [full resource name]
585
- # (https://cloud.google.com/asset-inventory/docs/resource-name-format)
586
- # of a resource of [supported resource
587
- # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
588
- class ResourceSelector
589
- include ::Google::Protobuf::MessageExts
590
- extend ::Google::Protobuf::MessageExts::ClassMethods
591
- end
592
-
593
- # Specifies an identity for which to determine resource access, based on
594
- # roles assigned either directly to them or to the groups they belong to,
595
- # directly or indirectly.
596
- # @!attribute [rw] identity
597
- # @return [::String]
598
- # The identity appear in the form of members in
599
- # [IAM policy
600
- # binding](https://cloud.google.com/iam/reference/rest/v1/Binding).
601
- #
602
- # The examples of supported forms are:
603
- # "user:mike@example.com",
604
- # "group:admins@example.com",
605
- # "domain:google.com",
606
- # "serviceAccount:my-project-id@appspot.gserviceaccount.com".
607
- #
608
- # Notice that wildcard characters (such as * and ?) are not supported.
609
- # You must give a specific identity.
610
- class IdentitySelector
611
- include ::Google::Protobuf::MessageExts
612
- extend ::Google::Protobuf::MessageExts::ClassMethods
613
- end
614
-
615
- # Specifies roles and/or permissions to analyze, to determine both the
616
- # identities possessing them and the resources they control. If multiple
617
- # values are specified, results will include roles or permissions matching
618
- # any of them.
619
- # @!attribute [rw] roles
620
- # @return [::Array<::String>]
621
- # The roles to appear in result.
622
- # @!attribute [rw] permissions
623
- # @return [::Array<::String>]
624
- # The permissions to appear in result.
625
- class AccessSelector
626
- include ::Google::Protobuf::MessageExts
627
- extend ::Google::Protobuf::MessageExts::ClassMethods
628
- end
629
-
630
- # Contains query options.
631
- # @!attribute [rw] expand_groups
632
- # @return [::Boolean]
633
- # If true, the identities section of the result will expand any
634
- # Google groups appearing in an IAM policy binding.
635
- #
636
- # If
637
- # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#identity_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.identity_selector}
638
- # is specified, the identity in the result will be determined by the
639
- # selector, and this flag is not allowed to set.
640
- #
641
- # Default is false.
642
- # @!attribute [rw] expand_roles
643
- # @return [::Boolean]
644
- # If true, the access section of result will expand any roles
645
- # appearing in IAM policy bindings to include their permissions.
646
- #
647
- # If
648
- # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#access_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.access_selector}
649
- # is specified, the access section of the result will be determined by the
650
- # selector, and this flag is not allowed to set.
651
- #
652
- # Default is false.
653
- # @!attribute [rw] expand_resources
654
- # @return [::Boolean]
655
- # If true and
656
- # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector}
657
- # is not specified, the resource section of the result will expand any
658
- # resource attached to an IAM policy to include resources lower in the
659
- # resource hierarchy.
660
- #
661
- # For example, if the request analyzes for which resources user A has
662
- # permission P, and the results include an IAM policy with P on a GCP
663
- # folder, the results will also include resources in that folder with
664
- # permission P.
665
- #
666
- # If true and
667
- # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector}
668
- # is specified, the resource section of the result will expand the
669
- # specified resource to include resources lower in the resource hierarchy.
670
- #
671
- # For example, if the request analyzes for which users have permission P on
672
- # a GCP folder with this option enabled, the results will include all users
673
- # who have permission P on that folder or any lower resource(ex. project).
674
- #
675
- # Default is false.
676
- # @!attribute [rw] output_resource_edges
677
- # @return [::Boolean]
678
- # If true, the result will output resource edges, starting
679
- # from the policy attached resource, to any expanded resources.
680
- # Default is false.
681
- # @!attribute [rw] output_group_edges
682
- # @return [::Boolean]
683
- # If true, the result will output group identity edges, starting
684
- # from the binding's group members, to any expanded identities.
685
- # Default is false.
686
- # @!attribute [rw] analyze_service_account_impersonation
687
- # @return [::Boolean]
688
- # If true, the response will include access analysis from identities to
689
- # resources via service account impersonation. This is a very expensive
690
- # operation, because many derived queries will be executed. We highly
691
- # recommend you use
692
- # {::Google::Cloud::Asset::V1::AssetService::Client#export_iam_policy_analysis google.cloud.asset.v1.AssetService.ExportIamPolicyAnalysis}
693
- # rpc instead.
694
- #
695
- # For example, if the request analyzes for which resources user A has
696
- # permission P, and there's an IAM policy states user A has
697
- # iam.serviceAccounts.getAccessToken permission to a service account SA,
698
- # and there's another IAM policy states service account SA has permission P
699
- # to a GCP folder F, then user A potentially has access to the GCP folder
700
- # F. And those advanced analysis results will be included in
701
- # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
702
- #
703
- # Another example, if the request analyzes for who has
704
- # permission P to a GCP folder F, and there's an IAM policy states user A
705
- # has iam.serviceAccounts.actAs permission to a service account SA, and
706
- # there's another IAM policy states service account SA has permission P to
707
- # the GCP folder F, then user A potentially has access to the GCP folder
708
- # F. And those advanced analysis results will be included in
709
- # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
710
- #
711
- # Default is false.
712
- # @!attribute [rw] max_fanouts_per_group
713
- # @return [::Integer]
714
- # The maximum number of fanouts per group when [expand_groups][expand_groups]
715
- # is enabled. This internal field is to help load testing and determine a
716
- # proper value, and won't be public in the future.
717
- # @!attribute [rw] max_fanouts_per_resource
718
- # @return [::Integer]
719
- # The maximum number of fanouts per parent resource, such as
720
- # GCP Project etc., when [expand_resources][] is enabled. This internal
721
- # field is to help load testing and determine a proper value, and won't be
722
- # public in the future.
723
- class Options
724
- include ::Google::Protobuf::MessageExts
725
- extend ::Google::Protobuf::MessageExts::ClassMethods
726
- end
727
- end
728
-
729
- # A request message for
730
- # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy google.cloud.asset.v1.AssetService.AnalyzeIamPolicy}.
731
- # @!attribute [rw] analysis_query
732
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
733
- # The request query.
734
- # @!attribute [rw] execution_timeout
735
- # @return [::Google::Protobuf::Duration]
736
- # Amount of time executable has to complete. See JSON representation of
737
- # [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
738
- #
739
- # If this field is set with a value less than the RPC deadline, and the
740
- # execution of your query hasn't finished in the specified
741
- # execution timeout, you will get a response with partial result.
742
- # Otherwise, your query's execution will continue until the RPC deadline.
743
- # If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
744
- #
745
- # Default is empty.
746
- #
747
- # (-- We had discussion of whether we should have this field in the --)
748
- # (-- request or use the RPC deadline instead. We finally choose this --)
749
- # (-- approach for the following reasons (detailed in --)
750
- # (-- go/analyze-iam-policy-deadlines): --)
751
- # (-- * HTTP clients have very limited support of the RPC deadline. --)
752
- # (-- There is an X-Server-Timeout header introduced in 2019/09, but --)
753
- # (-- only implemented in the C++ HTTP server library. --)
754
- # (-- * The purpose of the RPC deadline is for RPC clients to --)
755
- # (-- communicate its max waiting time to the server. This deadline --)
756
- # (-- could be further propagated to the downstream servers. It is --)
757
- # (-- mainly used for servers to cancel the request processing --)
758
- # (-- to avoid resource wasting. Overloading the RPC deadline for --)
759
- # (-- other purposes could make our backend system harder to reason --)
760
- # (-- about. --)
761
- class AnalyzeIamPolicyRequest
762
- include ::Google::Protobuf::MessageExts
763
- extend ::Google::Protobuf::MessageExts::ClassMethods
764
- end
765
-
766
- # A response message for
767
- # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy google.cloud.asset.v1.AssetService.AnalyzeIamPolicy}.
768
- # @!attribute [rw] main_analysis
769
- # @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis]
770
- # The main analysis that matches the original request.
771
- # @!attribute [rw] service_account_impersonation_analysis
772
- # @return [::Array<::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis>]
773
- # The service account impersonation analysis if
774
- # [google.cloud.asset.v1.AnalyzeIamPolicyRequest.analyze_service_account_impersonation][google.cloud.asset.v1.AnalyzeIamPolicyRequest.analyze_service_account_impersonation]
775
- # is enabled.
776
- # @!attribute [rw] fully_explored
777
- # @return [::Boolean]
778
- # Represents whether all entries in the [main_analysis][main_analysis] and
779
- # [service_account_impersonation_analysis][] have been fully explored to
780
- # answer the query in the request.
781
- class AnalyzeIamPolicyResponse
782
- include ::Google::Protobuf::MessageExts
783
- extend ::Google::Protobuf::MessageExts::ClassMethods
784
-
785
- # An analysis message to group the query and results.
786
- # @!attribute [rw] analysis_query
787
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
788
- # The analysis query.
789
- # @!attribute [rw] analysis_results
790
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult>]
791
- # A list of {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult google.cloud.asset.v1.IamPolicyAnalysisResult}
792
- # that matches the analysis query, or empty if no result is found.
793
- # @!attribute [rw] fully_explored
794
- # @return [::Boolean]
795
- # Represents whether all entries in the
796
- # [analysis_results][analysis_results] have been fully explored to answer
797
- # the query.
798
- # @!attribute [rw] stats
799
- # @return [::Array<::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats>]
800
- # The stats of how the analysis has been explored.
801
- # @!attribute [rw] non_critical_errors
802
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisState>]
803
- # A list of non-critical errors happened during the query handling.
804
- class IamPolicyAnalysis
805
- include ::Google::Protobuf::MessageExts
806
- extend ::Google::Protobuf::MessageExts::ClassMethods
807
-
808
- # A stats message that contains a set of analysis metrics.
809
- #
810
- # Here are some equations to show relationships of the explicitly specified
811
- # metrics with other implicit metrics:
812
- # * node_count = discovered_node_count + undiscovered_node_count(implicit)
813
- # * discovered_node_count = explored_node_count +
814
- # unexplored_node_count(implicit)
815
- # * explored_node_count = capped_node_count + uncapped_node_count(implicit)
816
- # * unexplored_node_count(implicit) = permission_denied_node_count +
817
- # execution_timeout_node_count + other_unexplored_node_count(implicit)
818
- # * discovered_node_count = matched_node_count +
819
- # unmatched_node_count(implicit)
820
- # @!attribute [rw] node_type
821
- # @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis::Stats::NodeType]
822
- # Node type.
823
- # @!attribute [rw] node_subtype
824
- # @return [::String]
825
- # The subtype of a node, such as:
826
- # * For Identity: Group, User, ServiceAccount etc.
827
- # * For Resource: resource type name, such as
828
- # cloudresourcemanager.googleapis.com/Organization, etc.
829
- # * For Access: Role or Permission
830
- # @!attribute [rw] discovered_node_count
831
- # @return [::Integer]
832
- # The count of discovered nodes.
833
- # @!attribute [rw] matched_node_count
834
- # @return [::Integer]
835
- # The count of nodes that match the query. These nodes form a sub-graph
836
- # of discovered nodes.
837
- # @!attribute [rw] explored_node_count
838
- # @return [::Integer]
839
- # The count of explored nodes.
840
- # @!attribute [rw] capped_node_count
841
- # @return [::Integer]
842
- # The count of nodes that get explored, but are capped by max fanout
843
- # setting.
844
- # @!attribute [rw] permision_denied_node_count
845
- # @return [::Integer]
846
- # The count of unexplored nodes caused by permission denied error.
847
- # @!attribute [rw] execution_timeout_node_count
848
- # @return [::Integer]
849
- # The count of unexplored nodes caused by execution timeout.
850
- class Stats
851
- include ::Google::Protobuf::MessageExts
852
- extend ::Google::Protobuf::MessageExts::ClassMethods
853
-
854
- # Type of the node.
855
- module NodeType
856
- # Unspecified node type.
857
- NODE_TYPE_UNSPECIFIED = 0
858
-
859
- # IAM Policy Binding node type.
860
- BINDING = 1
861
-
862
- # Identity node type.
863
- IDENTITY = 2
864
-
865
- # Resource node type.
866
- RESOURCE = 3
867
-
868
- # Access node type.
869
- ACCESS = 4
870
- end
871
- end
872
- end
873
- end
874
-
875
- # Output configuration for export IAM policy analysis destination.
876
- # @!attribute [rw] gcs_destination
877
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::GcsDestination]
878
- # Destination on Cloud Storage.
879
- # @!attribute [rw] bigquery_destination
880
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination]
881
- # Destination on BigQuery.
882
- class IamPolicyAnalysisOutputConfig
883
- include ::Google::Protobuf::MessageExts
884
- extend ::Google::Protobuf::MessageExts::ClassMethods
885
-
886
- # A Cloud Storage location.
887
- # @!attribute [rw] uri
888
- # @return [::String]
889
- # The uri of the Cloud Storage object. It's the same uri that is used by
890
- # gsutil. For example: "gs://bucket_name/object_name". See [Viewing and
891
- # Editing Object
892
- # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
893
- # for more information.
894
- class GcsDestination
895
- include ::Google::Protobuf::MessageExts
896
- extend ::Google::Protobuf::MessageExts::ClassMethods
897
- end
898
-
899
- # A BigQuery destination.
900
- # @!attribute [rw] dataset
901
- # @return [::String]
902
- # The BigQuery dataset in format "projects/projectId/datasets/datasetId",
903
- # to which the analysis results should be exported. If this dataset does
904
- # not exist, the export call will return an INVALID_ARGUMENT error.
905
- # @!attribute [rw] table_prefix
906
- # @return [::String]
907
- # The prefix of the BigQuery tables to which the analysis results will be
908
- # written. Tables will be created based on this table_prefix if not exist:
909
- # * <table_prefix>_analysis table will contain export operation's metadata.
910
- # * <table_prefix>_analysis_result will contain all the
911
- # [IamPolicyAnalysisResult][].
912
- # When [partition_key] is specified, both tables will be partitioned based
913
- # on the [partition_key].
914
- # @!attribute [rw] partition_key
915
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey]
916
- # The partition key for BigQuery partitioned table.
917
- # @!attribute [rw] write_mode
918
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination::WriteMode]
919
- # The write mode when table exists. WriteMode is ignored when no existing
920
- # tables, or no existing partitions are found.
921
- class BigQueryDestination
922
- include ::Google::Protobuf::MessageExts
923
- extend ::Google::Protobuf::MessageExts::ClassMethods
924
-
925
- # This enum determines the partition key column for the bigquery tables.
926
- # Partitioning can improve query performance and reduce query cost by
927
- # filtering partitions. Refer to
928
- # https://cloud.google.com/bigquery/docs/partitioned-tables for details.
929
- module PartitionKey
930
- # Unspecified partition key. Tables won't be partitioned using this
931
- # option.
932
- PARTITION_KEY_UNSPECIFIED = 0
933
-
934
- # The time when the request is received. If specified as partition key,
935
- # the result table(s) is partitoned by the RequestTime column, an
936
- # additional timestamp column representing when the request was received.
937
- REQUEST_TIME = 1
938
- end
939
-
940
- # Write mode types if table exists.
941
- module WriteMode
942
- # Unspecified write mode. We expect one of the following valid modes must
943
- # be specified when table or partition exists.
944
- WRITE_MODE_UNSPECIFIED = 0
945
-
946
- # Abort the export when table or partition exists.
947
- ABORT = 1
948
-
949
- # Overwrite the table when table exists. When partitioned, overwrite
950
- # the existing partition.
951
- OVERWRITE = 2
952
- end
953
- end
954
- end
955
-
956
- # A request message for [AssetService.ExportIamPolicyAnalysis][].
957
- # @!attribute [rw] analysis_query
958
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
959
- # The request query.
960
- # @!attribute [rw] output_config
961
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig]
962
- # Output configuration indicating where the results will be output to.
963
- class ExportIamPolicyAnalysisRequest
964
- include ::Google::Protobuf::MessageExts
965
- extend ::Google::Protobuf::MessageExts::ClassMethods
966
- end
967
-
968
- # The export IAM policy analysis response.
969
- class ExportIamPolicyAnalysisResponse
970
- include ::Google::Protobuf::MessageExts
971
- extend ::Google::Protobuf::MessageExts::ClassMethods
972
- end
973
-
974
548
  # Asset content type.
975
549
  module ContentType
976
550
  # Unspecified content type.
@@ -396,182 +396,6 @@ module Google
396
396
  end
397
397
  end
398
398
  end
399
-
400
- # Represents the detailed state of an entity under analysis, such as a
401
- # resource, an identity or an access.
402
- # @!attribute [rw] code
403
- # @return [::Google::Rpc::Code]
404
- # The Google standard error code that best describes the state.
405
- # For example:
406
- # - OK means the analysis on this entity has been successfully finished;
407
- # - PERMISSION_DENIED means an access denied error is encountered;
408
- # - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started
409
- # in time;
410
- # @!attribute [rw] cause
411
- # @return [::String]
412
- # The human-readable description of the cause of failure.
413
- class IamPolicyAnalysisState
414
- include ::Google::Protobuf::MessageExts
415
- extend ::Google::Protobuf::MessageExts::ClassMethods
416
- end
417
-
418
- # IAM Policy analysis result, consisting of one IAM policy binding and derived
419
- # access control lists.
420
- # @!attribute [rw] attached_resource_full_name
421
- # @return [::String]
422
- # The [full resource
423
- # name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
424
- # of the resource to which the [iam_binding][iam_binding] policy attaches.
425
- # (-- api-linter: core::0122::name-suffix=disabled
426
- # aip.dev/not-precedent: full_resource_name is a public notion in GCP.
427
- # --)
428
- # @!attribute [rw] iam_binding
429
- # @return [::Google::Iam::V1::Binding]
430
- # The Cloud IAM policy binding under analysis.
431
- # @!attribute [rw] access_control_lists
432
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::AccessControlList>]
433
- # The access control lists derived from the [iam_binding][iam_binding] that
434
- # match or potentially match resource and access selectors specified in the
435
- # request.
436
- # @!attribute [rw] identity_list
437
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::IdentityList]
438
- # The identity list derived from members of the [iam_binding][iam_binding]
439
- # that match or potentially match identity selector specified in the request.
440
- # @!attribute [rw] fully_explored
441
- # @return [::Boolean]
442
- # Represents whether all analyses on the [iam_binding][iam_binding] have
443
- # successfully finished.
444
- class IamPolicyAnalysisResult
445
- include ::Google::Protobuf::MessageExts
446
- extend ::Google::Protobuf::MessageExts::ClassMethods
447
-
448
- # A Google Cloud resource under analysis.
449
- # @!attribute [rw] full_resource_name
450
- # @return [::String]
451
- # The [full resource
452
- # name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
453
- # (-- api-linter: core::0122::name-suffix=disabled
454
- # aip.dev/not-precedent: full_resource_name is a public notion in GCP.
455
- # --)
456
- # @!attribute [rw] analysis_state
457
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
458
- # The analysis state of this resource.
459
- class Resource
460
- include ::Google::Protobuf::MessageExts
461
- extend ::Google::Protobuf::MessageExts::ClassMethods
462
- end
463
-
464
- # An IAM role or permission under analysis.
465
- # @!attribute [rw] role
466
- # @return [::String]
467
- # The role.
468
- # @!attribute [rw] permission
469
- # @return [::String]
470
- # The permission.
471
- # @!attribute [rw] analysis_state
472
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
473
- # The analysis state of this access.
474
- class Access
475
- include ::Google::Protobuf::MessageExts
476
- extend ::Google::Protobuf::MessageExts::ClassMethods
477
- end
478
-
479
- # An identity under analysis.
480
- # (-- api-linter: core::0123::resource-annotation=disabled
481
- # aip.dev/not-precedent: Identity name is not a resource. --)
482
- # @!attribute [rw] name
483
- # @return [::String]
484
- # The identity name in any form of members appear in
485
- # [IAM policy
486
- # binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such
487
- # as:
488
- # - user:foo@google.com
489
- # - group:group1@google.com
490
- # - serviceAccount:s1@prj1.iam.gserviceaccount.com
491
- # - projectOwner:some_project_id
492
- # - domain:google.com
493
- # - allUsers
494
- # - etc.
495
- # @!attribute [rw] analysis_state
496
- # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisState]
497
- # The analysis state of this identity.
498
- class Identity
499
- include ::Google::Protobuf::MessageExts
500
- extend ::Google::Protobuf::MessageExts::ClassMethods
501
- end
502
-
503
- # A directional edge.
504
- # @!attribute [rw] source_node
505
- # @return [::String]
506
- # The source node of the edge. For example, it could be a full resource
507
- # name for a resource node or an email of an identity.
508
- # @!attribute [rw] target_node
509
- # @return [::String]
510
- # The target node of the edge. For example, it could be a full resource
511
- # name for a resource node or an email of an identity.
512
- class Edge
513
- include ::Google::Protobuf::MessageExts
514
- extend ::Google::Protobuf::MessageExts::ClassMethods
515
- end
516
-
517
- # An access control list, derived from the above IAM policy binding, which
518
- # contains a set of resources and accesses. May include one
519
- # item from each set to compose an access control entry.
520
- #
521
- # NOTICE that there could be multiple access control lists for one IAM policy
522
- # binding. The access control lists are created based on resource and access
523
- # combinations.
524
- #
525
- # For example, assume we have the following cases in one IAM policy binding:
526
- # - Permission P1 and P2 apply to resource R1 and R2;
527
- # - Permission P3 applies to resource R2 and R3;
528
- #
529
- # This will result in the following access control lists:
530
- # - AccessControlList 1: [R1, R2], [P1, P2]
531
- # - AccessControlList 2: [R2, R3], [P3]
532
- # @!attribute [rw] resources
533
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Resource>]
534
- # The resources that match one of the following conditions:
535
- # - The resource_selector, if it is specified in request;
536
- # - Otherwise, resources reachable from the policy attached resource.
537
- # @!attribute [rw] accesses
538
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Access>]
539
- # The accesses that match one of the following conditions:
540
- # - The access_selector, if it is specified in request;
541
- # - Otherwise, access specifiers reachable from the policy binding's role.
542
- # @!attribute [rw] resource_edges
543
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
544
- # Resource edges of the graph starting from the policy attached
545
- # resource to any descendant resources. The [Edge.source_node][] contains
546
- # the full resource name of a parent resource and [Edge.target_node][]
547
- # contains the full resource name of a child resource. This field is
548
- # present only if the output_resource_edges option is enabled in request.
549
- class AccessControlList
550
- include ::Google::Protobuf::MessageExts
551
- extend ::Google::Protobuf::MessageExts::ClassMethods
552
- end
553
-
554
- # The identities and group edges.
555
- # @!attribute [rw] identities
556
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Identity>]
557
- # Only the identities that match one of the following conditions will be
558
- # presented:
559
- # - The identity_selector, if it is specified in request;
560
- # - Otherwise, identities reachable from the policy binding's members.
561
- # @!attribute [rw] group_edges
562
- # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge>]
563
- # Group identity edges of the graph starting from the binding's
564
- # group members to any node of the [identities][]. The [Edge.source_node][]
565
- # contains a group, such as `group:parent@google.com`. The
566
- # [Edge.target_node][] contains a member of the group,
567
- # such as `group:child@google.com` or `user:foo@google.com`.
568
- # This field is present only if the output_group_edges option is enabled in
569
- # request.
570
- class IdentityList
571
- include ::Google::Protobuf::MessageExts
572
- extend ::Google::Protobuf::MessageExts::ClassMethods
573
- end
574
- end
575
399
  end
576
400
  end
577
401
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-asset-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-03 00:00:00.000000000 Z
11
+ date: 2020-09-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common