google-cloud-asset 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,56 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # Source: google/cloud/asset/v1beta1/asset_service.proto for package 'google.cloud.asset.v1beta1'
3
+ # Original file comments:
4
+ # Copyright 2018 Google LLC.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ #
19
+
20
+
21
+ require 'grpc'
22
+ require 'google/cloud/asset/v1beta1/asset_service_pb'
23
+
24
+ module Google
25
+ module Cloud
26
+ module Asset
27
+ module V1beta1
28
+ module AssetService
29
+ # Asset service definition.
30
+ class Service
31
+
32
+ include GRPC::GenericService
33
+
34
+ self.marshal_class_method = :encode
35
+ self.unmarshal_class_method = :decode
36
+ self.service_name = 'google.cloud.asset.v1beta1.AssetService'
37
+
38
+ # Exports assets with time and resource types to a given Cloud Storage
39
+ # location. The output format is newline-delimited JSON.
40
+ # This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
41
+ # to keep track of the export.
42
+ rpc :ExportAssets, ExportAssetsRequest, Google::Longrunning::Operation
43
+ # Batch gets the update history of assets that overlap a time window.
44
+ # For RESOURCE content, this API outputs history with asset in both
45
+ # non-delete or deleted status.
46
+ # For IAM_POLICY content, this API outputs history when the asset and its
47
+ # attached IAM POLICY both exist. This can create gaps in the output history.
48
+ rpc :BatchGetAssetsHistory, BatchGetAssetsHistoryRequest, BatchGetAssetsHistoryResponse
49
+ end
50
+
51
+ Stub = Service.rpc_stub_class
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
@@ -0,0 +1,49 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: google/cloud/asset/v1beta1/assets.proto
3
+
4
+
5
+ require 'google/protobuf'
6
+
7
+ require 'google/api/annotations_pb'
8
+ require 'google/iam/v1/policy_pb'
9
+ require 'google/protobuf/any_pb'
10
+ require 'google/protobuf/struct_pb'
11
+ require 'google/protobuf/timestamp_pb'
12
+ Google::Protobuf::DescriptorPool.generated_pool.build do
13
+ add_message "google.cloud.asset.v1beta1.TemporalAsset" do
14
+ optional :window, :message, 1, "google.cloud.asset.v1beta1.TimeWindow"
15
+ optional :deleted, :bool, 2
16
+ optional :asset, :message, 3, "google.cloud.asset.v1beta1.Asset"
17
+ end
18
+ add_message "google.cloud.asset.v1beta1.TimeWindow" do
19
+ optional :start_time, :message, 1, "google.protobuf.Timestamp"
20
+ optional :end_time, :message, 2, "google.protobuf.Timestamp"
21
+ end
22
+ add_message "google.cloud.asset.v1beta1.Asset" do
23
+ optional :name, :string, 1
24
+ optional :asset_type, :string, 2
25
+ optional :resource, :message, 3, "google.cloud.asset.v1beta1.Resource"
26
+ optional :iam_policy, :message, 4, "google.iam.v1.Policy"
27
+ end
28
+ add_message "google.cloud.asset.v1beta1.Resource" do
29
+ optional :version, :string, 1
30
+ optional :discovery_document_uri, :string, 2
31
+ optional :discovery_name, :string, 3
32
+ optional :resource_url, :string, 4
33
+ optional :parent, :string, 5
34
+ optional :data, :message, 6, "google.protobuf.Struct"
35
+ end
36
+ end
37
+
38
+ module Google
39
+ module Cloud
40
+ module Asset
41
+ module V1beta1
42
+ TemporalAsset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.TemporalAsset").msgclass
43
+ TimeWindow = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.TimeWindow").msgclass
44
+ Asset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.Asset").msgclass
45
+ Resource = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.Resource").msgclass
46
+ end
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,41 @@
1
+ # Copyright 2018 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # https://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ require "googleauth"
17
+
18
+ module Google
19
+ module Cloud
20
+ module Asset
21
+ module V1beta1
22
+ class Credentials < Google::Auth::Credentials
23
+ SCOPE = [
24
+ "https://www.googleapis.com/auth/cloud-platform"
25
+ ].freeze
26
+ PATH_ENV_VARS = %w(ASSET_CREDENTIALS
27
+ ASSET_KEYFILE
28
+ GOOGLE_CLOUD_CREDENTIALS
29
+ GOOGLE_CLOUD_KEYFILE
30
+ GCLOUD_KEYFILE)
31
+ JSON_ENV_VARS = %w(ASSET_CREDENTIALS_JSON
32
+ ASSET_KEYFILE_JSON
33
+ GOOGLE_CLOUD_CREDENTIALS_JSON
34
+ GOOGLE_CLOUD_KEYFILE_JSON
35
+ GCLOUD_KEYFILE_JSON)
36
+ DEFAULT_PATHS = ["~/.config/gcloud/application_default_credentials.json"]
37
+ end
38
+ end
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,118 @@
1
+ # Copyright 2018 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # https://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ module Google
17
+ module Cloud
18
+ module Asset
19
+ module V1beta1
20
+ # Export asset request.
21
+ # @!attribute [rw] parent
22
+ # @return [String]
23
+ # Required. The relative name of the root asset. This can only be an organization
24
+ # number (such as "organizations/123"), a project ID (such as
25
+ # "projects/my-project-id"), or a project number (such as "projects/12345").
26
+ # @!attribute [rw] read_time
27
+ # @return [Google::Protobuf::Timestamp]
28
+ # Timestamp to take an asset snapshot. This can only be set to a timestamp in
29
+ # the past or of the current time. If not specified, the current time will be
30
+ # used. Due to delays in resource data collection and indexing, there is a
31
+ # volatile window during which running the same query may get different
32
+ # results.
33
+ # @!attribute [rw] asset_types
34
+ # @return [Array<String>]
35
+ # A list of asset types of which to take a snapshot for. For example:
36
+ # "google.compute.disk". If specified, only matching assets will be returned.
37
+ # @!attribute [rw] content_type
38
+ # @return [Google::Cloud::Asset::V1beta1::ContentType]
39
+ # Asset content type. If not specified, no content but the asset name will be
40
+ # returned.
41
+ # @!attribute [rw] output_config
42
+ # @return [Google::Cloud::Asset::V1beta1::OutputConfig]
43
+ # Required. Output configuration indicating where the results will be output
44
+ # to. All results will be in newline delimited JSON format.
45
+ class ExportAssetsRequest; end
46
+
47
+ # The export asset response. This message is returned by the
48
+ # {Google::Longrunning::Operations::GetOperation} method in the returned
49
+ # {Google::Longrunning::Operation#response} field.
50
+ # @!attribute [rw] read_time
51
+ # @return [Google::Protobuf::Timestamp]
52
+ # Time the snapshot was taken.
53
+ # @!attribute [rw] output_config
54
+ # @return [Google::Cloud::Asset::V1beta1::OutputConfig]
55
+ # Output configuration indicating where the results were output to.
56
+ # All results are in JSON format.
57
+ class ExportAssetsResponse; end
58
+
59
+ # Batch get assets history request.
60
+ # @!attribute [rw] parent
61
+ # @return [String]
62
+ # Required. The relative name of the root asset. It can only be an
63
+ # organization number (such as "organizations/123"), a project ID (such as
64
+ # "projects/my-project-id")", or a project number (such as "projects/12345").
65
+ # @!attribute [rw] asset_names
66
+ # @return [Array<String>]
67
+ # A list of the full names of the assets. For example:
68
+ # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
69
+ # See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
70
+ # for more info.
71
+ #
72
+ # The request becomes a no-op if the asset name list is empty, and the max
73
+ # size of the asset name list is 100 in one request.
74
+ # @!attribute [rw] content_type
75
+ # @return [Google::Cloud::Asset::V1beta1::ContentType]
76
+ # Required. The content type.
77
+ # @!attribute [rw] read_time_window
78
+ # @return [Google::Cloud::Asset::V1beta1::TimeWindow]
79
+ # Required. The time window for the asset history. The start time is
80
+ # required. The returned results contain all temporal assets whose time
81
+ # window overlap with read_time_window.
82
+ class BatchGetAssetsHistoryRequest; end
83
+
84
+ # Batch get assets history response.
85
+ # @!attribute [rw] assets
86
+ # @return [Array<Google::Cloud::Asset::V1beta1::TemporalAsset>]
87
+ # A list of assets with valid time windows.
88
+ class BatchGetAssetsHistoryResponse; end
89
+
90
+ # Output configuration for export assets destination.
91
+ # @!attribute [rw] gcs_destination
92
+ # @return [Google::Cloud::Asset::V1beta1::GcsDestination]
93
+ # Destination on Cloud Storage.
94
+ class OutputConfig; end
95
+
96
+ # A Cloud Storage location.
97
+ # @!attribute [rw] uri
98
+ # @return [String]
99
+ # The path of the Cloud Storage objects. It's the same path that is used by
100
+ # gsutil. For example: "gs://bucket_name/object_path". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
101
+ # for more information.
102
+ class GcsDestination; end
103
+
104
+ # Asset content type.
105
+ module ContentType
106
+ # Unspecified content type.
107
+ CONTENT_TYPE_UNSPECIFIED = 0
108
+
109
+ # Resource metadata.
110
+ RESOURCE = 1
111
+
112
+ # The actual IAM policy set on a resource.
113
+ IAM_POLICY = 2
114
+ end
115
+ end
116
+ end
117
+ end
118
+ end
@@ -0,0 +1,104 @@
1
+ # Copyright 2018 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # https://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ module Google
17
+ module Cloud
18
+ module Asset
19
+ module V1beta1
20
+ # Temporal asset. In addition to the asset, the temporal asset includes the
21
+ # status of the asset and valid from and to time of it.
22
+ # @!attribute [rw] window
23
+ # @return [Google::Cloud::Asset::V1beta1::TimeWindow]
24
+ # The time window when the asset data and state was observed.
25
+ # @!attribute [rw] deleted
26
+ # @return [true, false]
27
+ # If the asset is deleted or not.
28
+ # @!attribute [rw] asset
29
+ # @return [Google::Cloud::Asset::V1beta1::Asset]
30
+ # Asset.
31
+ class TemporalAsset; end
32
+
33
+ # A time window of [start_time, end_time).
34
+ # @!attribute [rw] start_time
35
+ # @return [Google::Protobuf::Timestamp]
36
+ # Start time of the time window (inclusive).
37
+ # @!attribute [rw] end_time
38
+ # @return [Google::Protobuf::Timestamp]
39
+ # End time of the time window (exclusive).
40
+ # Current timestamp if not specified.
41
+ class TimeWindow; end
42
+
43
+ # Cloud asset. This includes all Google Cloud Platform resources,
44
+ # Cloud IAM policies, and other non-GCP assets.
45
+ # @!attribute [rw] name
46
+ # @return [String]
47
+ # The full name of the asset. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
48
+ # See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
49
+ # for more information.
50
+ # @!attribute [rw] asset_type
51
+ # @return [String]
52
+ # Type of the asset. Example: "google.compute.disk".
53
+ # @!attribute [rw] resource
54
+ # @return [Google::Cloud::Asset::V1beta1::Resource]
55
+ # Representation of the resource.
56
+ # @!attribute [rw] iam_policy
57
+ # @return [Google::Iam::V1::Policy]
58
+ # Representation of the actual Cloud IAM policy set on a cloud resource. For each
59
+ # resource, there must be at most one Cloud IAM policy set on it.
60
+ class Asset; end
61
+
62
+ # Representation of a cloud resource.
63
+ # @!attribute [rw] version
64
+ # @return [String]
65
+ # The API version. Example: "v1".
66
+ # @!attribute [rw] discovery_document_uri
67
+ # @return [String]
68
+ # The URL of the discovery document containing the resource's JSON schema.
69
+ # For example:
70
+ # `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
71
+ # It will be left unspecified for resources without a discovery-based API,
72
+ # such as Cloud Bigtable.
73
+ # @!attribute [rw] discovery_name
74
+ # @return [String]
75
+ # The JSON schema name listed in the discovery document.
76
+ # Example: "Project". It will be left unspecified for resources (such as
77
+ # Cloud Bigtable) without a discovery-based API.
78
+ # @!attribute [rw] resource_url
79
+ # @return [String]
80
+ # The REST URL for accessing the resource. An HTTP GET operation using this
81
+ # URL returns the resource itself.
82
+ # Example:
83
+ # `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
84
+ # It will be left unspecified for resources without a REST API.
85
+ # @!attribute [rw] parent
86
+ # @return [String]
87
+ # The full name of the immediate parent of this resource. See
88
+ # [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
89
+ # for more information.
90
+ #
91
+ # For GCP assets, it is the parent resource defined in the [Cloud IAM policy
92
+ # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
93
+ # For example: `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
94
+ #
95
+ # For third-party assets, it is up to the users to define.
96
+ # @!attribute [rw] data
97
+ # @return [Google::Protobuf::Struct]
98
+ # The content of the resource, in which some sensitive fields are scrubbed
99
+ # away and may not be present.
100
+ class Resource; end
101
+ end
102
+ end
103
+ end
104
+ end
@@ -0,0 +1,128 @@
1
+ # Copyright 2018 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # https://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+
16
+ module Google
17
+ module Iam
18
+ module V1
19
+ # Defines an Identity and Access Management (IAM) policy. It is used to
20
+ # specify access control policies for Cloud Platform resources.
21
+ #
22
+ #
23
+ # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
24
+ # `members` to a `role`, where the members can be user accounts, Google groups,
25
+ # Google domains, and service accounts. A `role` is a named list of permissions
26
+ # defined by IAM.
27
+ #
28
+ # **Example**
29
+ #
30
+ # {
31
+ # "bindings": [
32
+ # {
33
+ # "role": "roles/owner",
34
+ # "members": [
35
+ # "user:mike@example.com",
36
+ # "group:admins@example.com",
37
+ # "domain:google.com",
38
+ # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
39
+ # ]
40
+ # },
41
+ # {
42
+ # "role": "roles/viewer",
43
+ # "members": ["user:sean@example.com"]
44
+ # }
45
+ # ]
46
+ # }
47
+ #
48
+ # For a description of IAM and its features, see the
49
+ # [IAM developer's guide](https://cloud.google.com/iam).
50
+ # @!attribute [rw] version
51
+ # @return [Integer]
52
+ # Version of the `Policy`. The default version is 0.
53
+ # @!attribute [rw] bindings
54
+ # @return [Array<Google::Iam::V1::Binding>]
55
+ # Associates a list of `members` to a `role`.
56
+ # Multiple `bindings` must not be specified for the same `role`.
57
+ # `bindings` with no members will result in an error.
58
+ # @!attribute [rw] etag
59
+ # @return [String]
60
+ # `etag` is used for optimistic concurrency control as a way to help
61
+ # prevent simultaneous updates of a policy from overwriting each other.
62
+ # It is strongly suggested that systems make use of the `etag` in the
63
+ # read-modify-write cycle to perform policy updates in order to avoid race
64
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
65
+ # systems are expected to put that etag in the request to `setIamPolicy` to
66
+ # ensure that their change will be applied to the same version of the policy.
67
+ #
68
+ # If no `etag` is provided in the call to `setIamPolicy`, then the existing
69
+ # policy is overwritten blindly.
70
+ class Policy; end
71
+
72
+ # Associates `members` with a `role`.
73
+ # @!attribute [rw] role
74
+ # @return [String]
75
+ # Role that is assigned to `members`.
76
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
77
+ # Required
78
+ # @!attribute [rw] members
79
+ # @return [Array<String>]
80
+ # Specifies the identities requesting access for a Cloud Platform resource.
81
+ # `members` can have the following values:
82
+ #
83
+ # * `allUsers`: A special identifier that represents anyone who is
84
+ # on the internet; with or without a Google account.
85
+ #
86
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
87
+ # who is authenticated with a Google account or a service account.
88
+ #
89
+ # * `user:{emailid}`: An email address that represents a specific Google
90
+ # account. For example, `alice@gmail.com` or `joe@example.com`.
91
+ #
92
+ #
93
+ # * `serviceAccount:{emailid}`: An email address that represents a service
94
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
95
+ #
96
+ # * `group:{emailid}`: An email address that represents a Google group.
97
+ # For example, `admins@example.com`.
98
+ #
99
+ # * `domain:{domain}`: A Google Apps domain name that represents all the
100
+ # users of that domain. For example, `google.com` or `example.com`.
101
+ class Binding; end
102
+
103
+ # The difference delta between two policies.
104
+ # @!attribute [rw] binding_deltas
105
+ # @return [Array<Google::Iam::V1::BindingDelta>]
106
+ # The delta for Bindings between two policies.
107
+ class PolicyDelta; end
108
+
109
+ # One delta entry for Binding. Each individual change (only one member in each
110
+ # entry) to a binding will be a separate entry.
111
+ # @!attribute [rw] action
112
+ # @return [Google::Iam::V1::BindingDelta::Action]
113
+ # The action that was performed on a Binding.
114
+ # Required
115
+ # @!attribute [rw] role
116
+ # @return [String]
117
+ # Role that is assigned to `members`.
118
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
119
+ # Required
120
+ # @!attribute [rw] member
121
+ # @return [String]
122
+ # A single identity requesting access for a Cloud Platform resource.
123
+ # Follows the same format of Binding.members.
124
+ # Required
125
+ class BindingDelta; end
126
+ end
127
+ end
128
+ end