google-cloud-asset 0.1.1

data/lib/google/cloud/asset/v1beta1/asset_service_services_pb.rb

@@ -0,0 +1,56 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/cloud/asset/v1beta1/asset_service.proto for package 'google.cloud.asset.v1beta1'
+# Original file comments:
+# Copyright 2018 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+
+require 'grpc'
+require 'google/cloud/asset/v1beta1/asset_service_pb'
+
+module Google
+  module Cloud
+    module Asset
+      module V1beta1
+        module AssetService
+          # Asset service definition.
+          class Service
+
+            include GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.asset.v1beta1.AssetService'
+
+            # Exports assets with time and resource types to a given Cloud Storage
+            # location. The output format is newline-delimited JSON.
+            # This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
+            # to keep track of the export.
+            rpc :ExportAssets, ExportAssetsRequest, Google::Longrunning::Operation
+            # Batch gets the update history of assets that overlap a time window.
+            # For RESOURCE content, this API outputs history with asset in both
+            # non-delete or deleted status.
+            # For IAM_POLICY content, this API outputs history when the asset and its
+            # attached IAM POLICY both exist. This can create gaps in the output history.
+            rpc :BatchGetAssetsHistory, BatchGetAssetsHistoryRequest, BatchGetAssetsHistoryResponse
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/asset/v1beta1/assets_pb.rb

@@ -0,0 +1,49 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/asset/v1beta1/assets.proto
+
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'google/iam/v1/policy_pb'
+require 'google/protobuf/any_pb'
+require 'google/protobuf/struct_pb'
+require 'google/protobuf/timestamp_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "google.cloud.asset.v1beta1.TemporalAsset" do
+    optional :window, :message, 1, "google.cloud.asset.v1beta1.TimeWindow"
+    optional :deleted, :bool, 2
+    optional :asset, :message, 3, "google.cloud.asset.v1beta1.Asset"
+  end
+  add_message "google.cloud.asset.v1beta1.TimeWindow" do
+    optional :start_time, :message, 1, "google.protobuf.Timestamp"
+    optional :end_time, :message, 2, "google.protobuf.Timestamp"
+  end
+  add_message "google.cloud.asset.v1beta1.Asset" do
+    optional :name, :string, 1
+    optional :asset_type, :string, 2
+    optional :resource, :message, 3, "google.cloud.asset.v1beta1.Resource"
+    optional :iam_policy, :message, 4, "google.iam.v1.Policy"
+  end
+  add_message "google.cloud.asset.v1beta1.Resource" do
+    optional :version, :string, 1
+    optional :discovery_document_uri, :string, 2
+    optional :discovery_name, :string, 3
+    optional :resource_url, :string, 4
+    optional :parent, :string, 5
+    optional :data, :message, 6, "google.protobuf.Struct"
+  end
+end
+
+module Google
+  module Cloud
+    module Asset
+      module V1beta1
+        TemporalAsset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.TemporalAsset").msgclass
+        TimeWindow = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.TimeWindow").msgclass
+        Asset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.Asset").msgclass
+        Resource = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.Resource").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/asset/v1beta1/credentials.rb

@@ -0,0 +1,41 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+require "googleauth"
+
+module Google
+  module Cloud
+    module Asset
+      module V1beta1
+        class Credentials < Google::Auth::Credentials
+          SCOPE = [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ].freeze
+          PATH_ENV_VARS = %w(ASSET_CREDENTIALS
+                             ASSET_KEYFILE
+                             GOOGLE_CLOUD_CREDENTIALS
+                             GOOGLE_CLOUD_KEYFILE
+                             GCLOUD_KEYFILE)
+          JSON_ENV_VARS = %w(ASSET_CREDENTIALS_JSON
+                             ASSET_KEYFILE_JSON
+                             GOOGLE_CLOUD_CREDENTIALS_JSON
+                             GOOGLE_CLOUD_KEYFILE_JSON
+                             GCLOUD_KEYFILE_JSON)
+          DEFAULT_PATHS = ["~/.config/gcloud/application_default_credentials.json"]
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/asset/v1beta1/doc/google/cloud/asset/v1beta1/asset_service.rb

@@ -0,0 +1,118 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Cloud
+    module Asset
+      module V1beta1
+        # Export asset request.
+        # @!attribute [rw] parent
+        #   @return [String]
+        #     Required. The relative name of the root asset. This can only be an organization
+        #     number (such as "organizations/123"), a project ID (such as
+        #     "projects/my-project-id"), or a project number (such as "projects/12345").
+        # @!attribute [rw] read_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     Timestamp to take an asset snapshot. This can only be set to a timestamp in
+        #     the past or of the current time. If not specified, the current time will be
+        #     used. Due to delays in resource data collection and indexing, there is a
+        #     volatile window during which running the same query may get different
+        #     results.
+        # @!attribute [rw] asset_types
+        #   @return [Array<String>]
+        #     A list of asset types of which to take a snapshot for. For example:
+        #     "google.compute.disk". If specified, only matching assets will be returned.
+        # @!attribute [rw] content_type
+        #   @return [Google::Cloud::Asset::V1beta1::ContentType]
+        #     Asset content type. If not specified, no content but the asset name will be
+        #     returned.
+        # @!attribute [rw] output_config
+        #   @return [Google::Cloud::Asset::V1beta1::OutputConfig]
+        #     Required. Output configuration indicating where the results will be output
+        #     to. All results will be in newline delimited JSON format.
+        class ExportAssetsRequest; end
+
+        # The export asset response. This message is returned by the
+        # {Google::Longrunning::Operations::GetOperation} method in the returned
+        # {Google::Longrunning::Operation#response} field.
+        # @!attribute [rw] read_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     Time the snapshot was taken.
+        # @!attribute [rw] output_config
+        #   @return [Google::Cloud::Asset::V1beta1::OutputConfig]
+        #     Output configuration indicating where the results were output to.
+        #     All results are in JSON format.
+        class ExportAssetsResponse; end
+
+        # Batch get assets history request.
+        # @!attribute [rw] parent
+        #   @return [String]
+        #     Required. The relative name of the root asset. It can only be an
+        #     organization number (such as "organizations/123"), a project ID (such as
+        #     "projects/my-project-id")", or a project number (such as "projects/12345").
+        # @!attribute [rw] asset_names
+        #   @return [Array<String>]
+        #     A list of the full names of the assets. For example:
+        #     `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
+        #     See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
+        #     for more info.
+        #
+        #     The request becomes a no-op if the asset name list is empty, and the max
+        #     size of the asset name list is 100 in one request.
+        # @!attribute [rw] content_type
+        #   @return [Google::Cloud::Asset::V1beta1::ContentType]
+        #     Required. The content type.
+        # @!attribute [rw] read_time_window
+        #   @return [Google::Cloud::Asset::V1beta1::TimeWindow]
+        #     Required. The time window for the asset history. The start time is
+        #     required. The returned results contain all temporal assets whose time
+        #     window overlap with read_time_window.
+        class BatchGetAssetsHistoryRequest; end
+
+        # Batch get assets history response.
+        # @!attribute [rw] assets
+        #   @return [Array<Google::Cloud::Asset::V1beta1::TemporalAsset>]
+        #     A list of assets with valid time windows.
+        class BatchGetAssetsHistoryResponse; end
+
+        # Output configuration for export assets destination.
+        # @!attribute [rw] gcs_destination
+        #   @return [Google::Cloud::Asset::V1beta1::GcsDestination]
+        #     Destination on Cloud Storage.
+        class OutputConfig; end
+
+        # A Cloud Storage location.
+        # @!attribute [rw] uri
+        #   @return [String]
+        #     The path of the Cloud Storage objects. It's the same path that is used by
+        #      gsutil. For example: "gs://bucket_name/object_path". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
+        #     for more information.
+        class GcsDestination; end
+
+        # Asset content type.
+        module ContentType
+          # Unspecified content type.
+          CONTENT_TYPE_UNSPECIFIED = 0
+
+          # Resource metadata.
+          RESOURCE = 1
+
+          # The actual IAM policy set on a resource.
+          IAM_POLICY = 2
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/asset/v1beta1/doc/google/cloud/asset/v1beta1/assets.rb

@@ -0,0 +1,104 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Cloud
+    module Asset
+      module V1beta1
+        # Temporal asset. In addition to the asset, the temporal asset includes the
+        # status of the asset and valid from and to time of it.
+        # @!attribute [rw] window
+        #   @return [Google::Cloud::Asset::V1beta1::TimeWindow]
+        #     The time window when the asset data and state was observed.
+        # @!attribute [rw] deleted
+        #   @return [true, false]
+        #     If the asset is deleted or not.
+        # @!attribute [rw] asset
+        #   @return [Google::Cloud::Asset::V1beta1::Asset]
+        #     Asset.
+        class TemporalAsset; end
+
+        # A time window of [start_time, end_time).
+        # @!attribute [rw] start_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     Start time of the time window (inclusive).
+        # @!attribute [rw] end_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     End time of the time window (exclusive).
+        #     Current timestamp if not specified.
+        class TimeWindow; end
+
+        # Cloud asset. This includes all Google Cloud Platform resources,
+        # Cloud IAM policies, and other non-GCP assets.
+        # @!attribute [rw] name
+        #   @return [String]
+        #     The full name of the asset. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
+        #     See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
+        #     for more information.
+        # @!attribute [rw] asset_type
+        #   @return [String]
+        #     Type of the asset. Example: "google.compute.disk".
+        # @!attribute [rw] resource
+        #   @return [Google::Cloud::Asset::V1beta1::Resource]
+        #     Representation of the resource.
+        # @!attribute [rw] iam_policy
+        #   @return [Google::Iam::V1::Policy]
+        #     Representation of the actual Cloud IAM policy set on a cloud resource. For each
+        #     resource, there must be at most one Cloud IAM policy set on it.
+        class Asset; end
+
+        # Representation of a cloud resource.
+        # @!attribute [rw] version
+        #   @return [String]
+        #     The API version. Example: "v1".
+        # @!attribute [rw] discovery_document_uri
+        #   @return [String]
+        #     The URL of the discovery document containing the resource's JSON schema.
+        #     For example:
+        #     `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
+        #     It will be left unspecified for resources without a discovery-based API,
+        #     such as Cloud Bigtable.
+        # @!attribute [rw] discovery_name
+        #   @return [String]
+        #     The JSON schema name listed in the discovery document.
+        #     Example: "Project". It will be left unspecified for resources (such as
+        #     Cloud Bigtable) without a discovery-based API.
+        # @!attribute [rw] resource_url
+        #   @return [String]
+        #     The REST URL for accessing the resource. An HTTP GET operation using this
+        #     URL returns the resource itself.
+        #     Example:
+        #     `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
+        #     It will be left unspecified for resources without a REST API.
+        # @!attribute [rw] parent
+        #   @return [String]
+        #     The full name of the immediate parent of this resource. See
+        #     [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
+        #     for more information.
+        #
+        #     For GCP assets, it is the parent resource defined in the [Cloud IAM policy
+        #     hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
+        #     For example: `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
+        #
+        #     For third-party assets, it is up to the users to define.
+        # @!attribute [rw] data
+        #   @return [Google::Protobuf::Struct]
+        #     The content of the resource, in which some sensitive fields are scrubbed
+        #     away and may not be present.
+        class Resource; end
+      end
+    end
+  end
+end

data/lib/google/cloud/asset/v1beta1/doc/google/iam/v1/policy.rb

@@ -0,0 +1,128 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Iam
+    module V1
+      # Defines an Identity and Access Management (IAM) policy. It is used to
+      # specify access control policies for Cloud Platform resources.
+      #
+      #
+      # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
+      # `members` to a `role`, where the members can be user accounts, Google groups,
+      # Google domains, and service accounts. A `role` is a named list of permissions
+      # defined by IAM.
+      #
+      # **Example**
+      #
+      #     {
+      #       "bindings": [
+      #         {
+      #           "role": "roles/owner",
+      #           "members": [
+      #             "user:mike@example.com",
+      #             "group:admins@example.com",
+      #             "domain:google.com",
+      #             "serviceAccount:my-other-app@appspot.gserviceaccount.com",
+      #           ]
+      #         },
+      #         {
+      #           "role": "roles/viewer",
+      #           "members": ["user:sean@example.com"]
+      #         }
+      #       ]
+      #     }
+      #
+      # For a description of IAM and its features, see the
+      # [IAM developer's guide](https://cloud.google.com/iam).
+      # @!attribute [rw] version
+      #   @return [Integer]
+      #     Version of the `Policy`. The default version is 0.
+      # @!attribute [rw] bindings
+      #   @return [Array<Google::Iam::V1::Binding>]
+      #     Associates a list of `members` to a `role`.
+      #     Multiple `bindings` must not be specified for the same `role`.
+      #     `bindings` with no members will result in an error.
+      # @!attribute [rw] etag
+      #   @return [String]
+      #     `etag` is used for optimistic concurrency control as a way to help
+      #     prevent simultaneous updates of a policy from overwriting each other.
+      #     It is strongly suggested that systems make use of the `etag` in the
+      #     read-modify-write cycle to perform policy updates in order to avoid race
+      #     conditions: An `etag` is returned in the response to `getIamPolicy`, and
+      #     systems are expected to put that etag in the request to `setIamPolicy` to
+      #     ensure that their change will be applied to the same version of the policy.
+      #
+      #     If no `etag` is provided in the call to `setIamPolicy`, then the existing
+      #     policy is overwritten blindly.
+      class Policy; end
+
+      # Associates `members` with a `role`.
+      # @!attribute [rw] role
+      #   @return [String]
+      #     Role that is assigned to `members`.
+      #     For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      #     Required
+      # @!attribute [rw] members
+      #   @return [Array<String>]
+      #     Specifies the identities requesting access for a Cloud Platform resource.
+      #     `members` can have the following values:
+      #
+      #     * `allUsers`: A special identifier that represents anyone who is
+      #       on the internet; with or without a Google account.
+      #
+      #     * `allAuthenticatedUsers`: A special identifier that represents anyone
+      #       who is authenticated with a Google account or a service account.
+      #
+      #     * `user:{emailid}`: An email address that represents a specific Google
+      #       account. For example, `alice@gmail.com` or `joe@example.com`.
+      #
+      #
+      #     * `serviceAccount:{emailid}`: An email address that represents a service
+      #       account. For example, `my-other-app@appspot.gserviceaccount.com`.
+      #
+      #     * `group:{emailid}`: An email address that represents a Google group.
+      #       For example, `admins@example.com`.
+      #
+      #     * `domain:{domain}`: A Google Apps domain name that represents all the
+      #       users of that domain. For example, `google.com` or `example.com`.
+      class Binding; end
+
+      # The difference delta between two policies.
+      # @!attribute [rw] binding_deltas
+      #   @return [Array<Google::Iam::V1::BindingDelta>]
+      #     The delta for Bindings between two policies.
+      class PolicyDelta; end
+
+      # One delta entry for Binding. Each individual change (only one member in each
+      # entry) to a binding will be a separate entry.
+      # @!attribute [rw] action
+      #   @return [Google::Iam::V1::BindingDelta::Action]
+      #     The action that was performed on a Binding.
+      #     Required
+      # @!attribute [rw] role
+      #   @return [String]
+      #     Role that is assigned to `members`.
+      #     For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      #     Required
+      # @!attribute [rw] member
+      #   @return [String]
+      #     A single identity requesting access for a Cloud Platform resource.
+      #     Follows the same format of Binding.members.
+      #     Required
+      class BindingDelta; end
+    end
+  end
+end