Chiebot-Mirror
/
googleapis
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: Brand and typo fixes

Browse Source 
feat: Policy Analyzer for Organization Policy is publicly available

PiperOrigin-RevId: 501667569
pull/766/head
Google APIs 2 years ago committed by Copybara-Service
parent 7438480b2a
commit 49f575833a
13 changed files with 1215 additions and 486 deletions
Split View
  1. 1173
      google/cloud/asset/v1/asset_service.proto
  2. 90
      google/cloud/asset/v1/assets.proto
  3. 12
      google/cloud/asset/v1/cloudasset_v1.yaml
  4. 109
      google/cloud/asset/v1p1beta1/asset_service.proto
  5. 36
      google/cloud/asset/v1p1beta1/assets.proto
  6. 13
      google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml
  7. 8
      google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json
  8. 75
      google/cloud/asset/v1p5beta1/asset_service.proto
  9. 108
      google/cloud/asset/v1p5beta1/assets.proto
  10. 19
      google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml
  11. 21
      google/cloud/asset/v1p7beta1/asset_service.proto
  12. 19
      google/cloud/asset/v1p7beta1/assets.proto
  13. 18
      google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml

1173
google/cloud/asset/v1/asset_service.proto
View File

File diff suppressed because it is too large Load Diff

90
google/cloud/asset/v1/assets.proto
Unescape View File

@ -88,7 +88,7 @@ message TimeWindow {
// [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// a resource outside the Google Cloud resource hierarchy (such as Google
// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy),
// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy),
// or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship).
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
@ -121,9 +121,9 @@ message Asset {
// A representation of the resource.
Resource resource = 3;
// A representation of the Cloud IAM policy set on a Google Cloud resource.
// There can be a maximum of one Cloud IAM policy set on any given resource.
// In addition, Cloud IAM policies inherit their granted access scope from any
// A representation of the IAM policy set on a Google Cloud resource.
// There can be a maximum of one IAM policy set on any given resource.
// In addition, IAM policies inherit their granted access scope from any
// policies set on parent resources in the resource hierarchy. Therefore, the
// effectively policy is the union of both the policy set on this resource
// and each policy set on all of the resource's ancestry resource levels in
@ -151,7 +151,8 @@ message Asset {
// Please also refer to the [service perimeter user
// guide](https://cloud.google.com/vpc-service-controls/docs/overview).
google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 9;
google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter =
9;
}
// A representation of runtime OS Inventory information. See [this
@ -213,7 +214,7 @@ message Resource {
// for more information.
//
// For Google Cloud assets, this value is the parent resource defined in the
// [Cloud IAM policy
// [IAM policy
// hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
// Example:
// `//cloudresourcemanager.googleapis.com/projects/my_project_123`
@ -270,7 +271,7 @@ message RelationshipAttributes {
// ancestors. An asset can be any resource in the Google Cloud [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// a resource outside the Google Cloud resource hierarchy (such as Google
// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy).
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
// for more information.
@ -282,8 +283,8 @@ message RelatedAsset {
// names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// for more information.
string asset = 1 [(google.api.resource_reference) = {
type: "cloudasset.googleapis.com/Asset"
}];
type: "cloudasset.googleapis.com/Asset"
}];
// The type of the asset. Example: `compute.googleapis.com/Disk`
//
@ -389,7 +390,8 @@ message ResourceSearchResult {
// * Use a free text query. Example: `us-west*`
string location = 6;
// Labels associated with this resource. See [Labelling and grouping GCP
// Labels associated with this resource. See [Labelling and grouping Google
// Cloud
// resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
// for more information. This field is available only when the resource's
// Protobuf contains it.
@ -404,7 +406,8 @@ message ResourceSearchResult {
map<string, string> labels = 7;
// Network tags associated with this resource. Like labels, network tags are a
// type of annotations used to group GCP resources. See [Labelling GCP
// type of annotations used to group Google Cloud resources. See [Labelling
// Google Cloud
// resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
// for more information. This field is available only when the resource's
// Protobuf contains it.
@ -422,8 +425,8 @@ message ResourceSearchResult {
// name.
//
// This field only presents for the purpose of backward compatibility. Please
// use the `kms_keys` field to retrieve KMS key information. This field is
// available only when the resource's Protobuf contains it and will only be
// use the `kms_keys` field to retrieve Cloud KMS key information. This field
// is available only when the resource's Protobuf contains it and will only be
// populated for [these resource
// types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field)
// for backward compatible purposes.
@ -485,7 +488,7 @@ message ResourceSearchResult {
// SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition
// in [API
// Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances).
// If the resource is a project provided by Cloud Resource Manager, its state
// If the resource is a project provided by Resource Manager, its state
// will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and
// DELETE_IN_PROGRESS. See `lifecycleState` definition in [API
// Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects).
@ -500,15 +503,15 @@ message ResourceSearchResult {
// vary from one resource type to another. Examples: `projectId` for Project,
// `dnsName` for DNS ManagedZone. This field contains a subset of the resource
// metadata fields that are returned by the List or Get APIs provided by the
// corresponding GCP service (e.g., Compute Engine). see [API references and
// supported searchable
// corresponding Google Cloud service (e.g., Compute Engine). see [API
// references and supported searchable
// attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
// to see which fields are included.
//
// You can search values of these fields through free text search. However,
// you should not consume the field programically as the field names and
// values may change as the GCP service updates to a new incompatible API
// version.
// values may change as the Google Cloud service updates to a new incompatible
// API version.
//
// To search against the `additional_attributes`:
//
@ -700,11 +703,11 @@ message IamPolicySearchResult {
// * specify the `asset_types` field in your search request.
string asset_type = 5;
// The project that the associated GCP resource belongs to, in the form of
// projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
// instance, Cloud Storage bucket), the project field will indicate the
// project that contains the resource. If an IAM policy is set on a folder or
// orgnization, this field will be empty.
// The project that the associated Google Cloud resource belongs to, in the
// form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource
// (like VM instance, Cloud Storage bucket), the project field will indicate
// the project that contains the resource. If an IAM policy is set on a folder
// or orgnization, this field will be empty.
//
// To search against the `project`:
//
@ -876,8 +879,10 @@ message IamPolicyAnalysisResult {
repeated Access accesses = 2;
// Resource edges of the graph starting from the policy attached
// resource to any descendant resources. The [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] contains
// the full resource name of a parent resource and [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node]
// resource to any descendant resources. The
// [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node]
// contains the full resource name of a parent resource and
// [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node]
// contains the full resource name of a child resource. This field is
// present only if the output_resource_edges option is enabled in request.
repeated Edge resource_edges = 3;
@ -896,32 +901,41 @@ message IamPolicyAnalysisResult {
repeated Identity identities = 1;
// Group identity edges of the graph starting from the binding's
// group members to any node of the [identities][google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList.identities]. The [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node]
// group members to any node of the
// [identities][google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList.identities].
// The
// [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node]
// contains a group, such as `group:parent@google.com`. The
// [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] contains a member of the group,
// such as `group:child@google.com` or `user:foo@google.com`.
// This field is present only if the output_group_edges option is enabled in
// request.
// [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node]
// contains a member of the group, such as `group:child@google.com` or
// `user:foo@google.com`. This field is present only if the
// output_group_edges option is enabled in request.
repeated Edge group_edges = 2;
}
// The [full resource
// name](https://cloud.google.com/asset-inventory/docs/resource-name-format)
// of the resource to which the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] policy attaches.
// of the resource to which the
// [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding]
// policy attaches.
string attached_resource_full_name = 1;
// The Cloud IAM policy binding under analysis.
// The IAM policy binding under analysis.
google.iam.v1.Binding iam_binding = 2;
// The access control lists derived from the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] that match or
// potentially match resource and access selectors specified in the request.
// The access control lists derived from the
// [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding]
// that match or potentially match resource and access selectors specified in
// the request.
repeated AccessControlList access_control_lists = 3;
// The identity list derived from members of the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] that match or
// potentially match identity selector specified in the request.
// The identity list derived from members of the
// [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding]
// that match or potentially match identity selector specified in the request.
IdentityList identity_list = 4;
// Represents whether all analyses on the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] have successfully
// finished.
// Represents whether all analyses on the
// [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding]
// have successfully finished.
bool fully_explored = 5;
}

12
google/cloud/asset/v1/cloudasset_v1.yaml
Unescape View File

@ -12,14 +12,16 @@ types:
- name: google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse
documentation:
summary: The cloud asset API manages the history and inventory of cloud resources.
summary: |-
The Cloud Asset API manages the history and inventory of Google Cloud
resources.
overview: |-
# Cloud Asset API
The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset
metadata, and allows GCP users to download a dump of all asset metadata
for the resource types listed below within an organization or a project at
a given timestamp.
The Cloud Asset API keeps a history of Google Cloud asset metadata, and
allows Google Cloud users to download a dump of all asset metadata for the
resource types listed below within an organization or a project at a given
timestamp.
Read more documents here:
https://cloud.google.com/asset-inventory/docs

109
google/cloud/asset/v1p1beta1/asset_service.proto
Unescape View File

@ -1,4 +1,4 @@
// Copyright 2020 Google LLC
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -31,28 +31,31 @@ option php_namespace = "Google\\Cloud\\Asset\\V1p1beta1";
// Asset service definition.
service AssetService {
option (google.api.default_host) = "cloudasset.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// Searches all the resources under a given accessible CRM scope
// (project/folder/organization). This RPC gives callers
// especially admins the ability to search all the resources under a scope,
// even if they don't have .get permission of all the resources. Callers
// should have cloud.assets.SearchAllResources permission on the requested
// scope, otherwise it will be rejected.
rpc SearchAllResources(SearchAllResourcesRequest) returns (SearchAllResourcesResponse) {
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform";
// Searches all the resources within a given accessible Resource Manager scope
// (project/folder/organization). This RPC gives callers especially
// administrators the ability to search all the resources within a scope, even
// if they don't have `.get` permission of all the resources. Callers should
// have `cloud.assets.SearchAllResources` permission on the requested scope,
// otherwise the request will be rejected.
rpc SearchAllResources(SearchAllResourcesRequest)
returns (SearchAllResourcesResponse) {
option (google.api.http) = {
get: "/v1p1beta1/{scope=*/*}/resources:searchAll"
};
option (google.api.method_signature) = "scope,query,asset_types";
}
// Searches all the IAM policies under a given accessible CRM scope
// (project/folder/organization). This RPC gives callers
// especially admins the ability to search all the IAM policies under a scope,
// even if they don't have .getIamPolicy permission of all the IAM policies.
// Callers should have cloud.assets.SearchAllIamPolicies permission on the
// requested scope, otherwise it will be rejected.
rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest) returns (SearchAllIamPoliciesResponse) {
// Searches all the IAM policies within a given accessible Resource Manager
// scope (project/folder/organization). This RPC gives callers especially
// administrators the ability to search all the IAM policies within a scope,
// even if they don't have `.getIamPolicy` permission of all the IAM policies.
// Callers should have `cloud.assets.SearchAllIamPolicies` permission on the
// requested scope, otherwise the request will be rejected.
rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest)
returns (SearchAllIamPoliciesResponse) {
option (google.api.http) = {
get: "/v1p1beta1/{scope=*/*}/iamPolicies:searchAll"
};
@ -62,37 +65,39 @@ service AssetService {
// Search all resources request.
message SearchAllResourcesRequest {
// Required. The relative name of an asset. The search is limited to the resources
// within the `scope`. The allowed value must be:
// Required. The relative name of an asset. The search is limited to the
// resources within the `scope`. The allowed value must be:
//
// * Organization number (such as "organizations/123")
// * Folder number(such as "folders/1234")
// * Folder number (such as "folders/1234")
// * Project number (such as "projects/12345")
// * Project id (such as "projects/abc")
// * Project ID (such as "projects/abc")
string scope = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. The query statement.
string query = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. A list of asset types that this request searches for. If empty, it will
// search all the supported asset types.
// Optional. A list of asset types that this request searches for. If empty,
// it will search all the supported asset types.
repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. The page size for search result pagination. Page size is capped at 500 even
// if a larger value is given. If set to zero, server will pick an appropriate
// default. Returned results may be fewer than requested. When this happens,
// there could be more results as long as `next_page_token` is returned.
// Optional. The page size for search result pagination. Page size is capped
// at 500 even if a larger value is given. If set to zero, server will pick an
// appropriate default. Returned results may be fewer than requested. When
// this happens, there could be more results as long as `next_page_token` is
// returned.
int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL];
// Optional. If present, then retrieve the next batch of results from the preceding call
// to this method. `page_token` must be the value of `next_page_token` from
// the previous response. The values of all other method parameters, must be
// identical to those in the previous call.
// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `page_token` must be the value of
// `next_page_token` from the previous response. The values of all other
// method parameters, must be identical to those in the previous call.
string page_token = 5 [(google.api.field_behavior) = OPTIONAL];
// Optional. A comma separated list of fields specifying the sorting order of the
// results. The default order is ascending. Add " desc" after the field name
// to indicate descending order. Redundant space characters are ignored. For
// example, " foo , bar desc ".
// Optional. A comma separated list of fields specifying the sorting order of
// the results. The default order is ascending. Add ` DESC` after the field
// name to indicate descending order. Redundant space characters are ignored.
// For example, ` location DESC , name `.
string order_by = 10 [(google.api.field_behavior) = OPTIONAL];
}
@ -109,37 +114,39 @@ message SearchAllResourcesResponse {
// Search all IAM policies request.
message SearchAllIamPoliciesRequest {
// Required. The relative name of an asset. The search is limited to the resources
// within the `scope`. The allowed value must be:
// Required. The relative name of an asset. The search is limited to the
// resources within the `scope`. The allowed value must be:
//
// * Organization number (such as "organizations/123")
// * Folder number(such as "folders/1234")
// * Folder number (such as "folders/1234")
// * Project number (such as "projects/12345")
// * Project id (such as "projects/abc")
// * Project ID (such as "projects/abc")
string scope = 1 [(google.api.field_behavior) = REQUIRED];
// Optional. The query statement.
// Examples:
// Optional. The query statement. Examples:
//
// * "policy:myuser@mydomain.com"
// * "policy:(myuser@mydomain.com viewer)"
string query = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. The page size for search result pagination. Page size is capped at 500 even
// if a larger value is given. If set to zero, server will pick an appropriate
// default. Returned results may be fewer than requested. When this happens,
// there could be more results as long as `next_page_token` is returned.
// Optional. The page size for search result pagination. Page size is capped
// at 500 even if a larger value is given. If set to zero, server will pick an
// appropriate default. Returned results may be fewer than requested. When
// this happens, there could be more results as long as `next_page_token` is
// returned.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
// Optional. If present, retrieve the next batch of results from the preceding call to
// this method. `page_token` must be the value of `next_page_token` from the
// previous response. The values of all other method parameters must be
// identical to those in the previous call.
// Optional. If present, retrieve the next batch of results from the preceding
// call to this method. `page_token` must be the value of `next_page_token`
// from the previous response. The values of all other method parameters must
// be identical to those in the previous call.
string page_token = 4 [(google.api.field_behavior) = OPTIONAL];
}
// Search all IAM policies response.
message SearchAllIamPoliciesResponse {
// A list of IamPolicy that match the search query. Related information such
// as the associated resource is returned along with the policy.
// A list of IAM policies that match the search query. Related information
// such as the associated resource is returned along with the policy.
repeated IamPolicySearchResult results = 1;
// Set if there are more results than those appearing in this response; to get

36
google/cloud/asset/v1p1beta1/assets.proto
Unescape View File

@ -1,4 +1,4 @@
// Copyright 2020 Google LLC
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -59,55 +59,59 @@ message StandardResourceMetadata {
// "us-west1-b".
string location = 11;
// Labels associated with this resource. See [Labelling and grouping GCP
// Labels associated with this resource. See [Labelling and grouping Google
// Cloud
// resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
// for more information.
map<string, string> labels = 12;
// Network tags associated with this resource. Like labels, network tags are a
// type of annotations used to group GCP resources. See [Labelling GCP
// type of annotations used to group Google Cloud resources. See [Labelling
// Google Cloud
// resources](lhttps://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
// for more information.
repeated string network_tags = 13;
}
// The result for a IAM Policy search.
// The result for an IAM policy search.
message IamPolicySearchResult {
// Explanation about the IAM policy search result.
message Explanation {
// The map from roles to their included permission matching the permission
// query (e.g. containing `policy.role.permissions:`). A sample role string:
// query (e.g. containing `policy.role.permissions:`). Example role string:
// "roles/compute.instanceAdmin". The roles can also be found in the
// returned `policy` bindings. Note that the map is populated only if
// requesting with a permission query.
map<string, Permissions> matched_permissions = 1;
}
// The [full resource
// The
// [full resource
// name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// of the resource associated with this IAM policy.
string resource = 1;
// The project that the associated GCP resource belongs to, in the form of
// `projects/{project_number}`. If an IAM policy is set on a resource (like VM
// instance, Cloud Storage bucket), the project field will indicate the
// project that contains the resource. If an IAM policy is set on a folder or
// orgnization, the project field will be empty.
// The project that the associated Google Cloud resource belongs to, in the
// form of `projects/{project_number}`. If an IAM policy is set on a resource
// -- such as a Compute Engine instance or a Cloud Storage bucket -- the
// project field will indicate the project that contains the resource. If an
// IAM policy is set on a folder or orgnization, the project field will be
// empty.
string project = 3;
// The IAM policy directly set on the given resource. Note that the original
// The IAM policy attached to the specified resource. Note that the original
// IAM policy can contain multiple bindings. This only contains the bindings
// that match the given query. For queries that don't contain a constrain on
// that match the given query. For queries that don't contain a constraint on
// policies (e.g. an empty query), this contains all the bindings.
google.iam.v1.Policy policy = 4;
// Explanation about the IAM policy search result. It contains additional
// information to explain why the search result matches the query.
// information that explains why the search result matches the query.
Explanation explanation = 5;
}
// IAM permissions
// IAM permissions.
message Permissions {
// A list of permissions. A sample permission string: "compute.disk.get".
// A list of permissions. Example permission string: "compute.disk.get".
repeated string permissions = 1;
}

13
google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml
Unescape View File

@ -5,16 +5,19 @@ title: Cloud Asset API
apis:
- name: google.cloud.asset.v1p1beta1.AssetService
- name: google.longrunning.Operations
documentation:
summary: The cloud asset API manages the history and inventory of cloud resources.
summary: |-
The Cloud Asset API manages the history and inventory of Google Cloud
resources.
overview: |-
# Cloud Asset API
The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset
metadata, and allows GCP users to download a dump of all asset metadata
for the resource types listed below within an organization or a project at
a given timestamp.
The Cloud Asset API keeps a history of Google Cloud asset metadata, and
allows Google Cloud users to download a dump of all asset metadata for the
resource types listed below within an organization or a project at a given
timestamp.
Read more documents here:
https://cloud.google.com/asset-inventory/docs

8
google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json
Unescape View File

@ -2,6 +2,10 @@
"methodConfig": [
{
"name": [
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "ExportAssets"
},
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "CreateFeed"
@ -15,6 +19,10 @@
},
{
"name": [
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "BatchGetAssetsHistory"
},
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "GetFeed"

75
google/cloud/asset/v1p5beta1/asset_service.proto
Unescape View File

@ -1,4 +1,4 @@
// Copyright 2020 Google LLC
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -19,6 +19,7 @@ package google.cloud.asset.v1p5beta1;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/asset/v1p5beta1/assets.proto";
import "google/protobuf/timestamp.proto";
@ -41,6 +42,7 @@ service AssetService {
option (google.api.http) = {
get: "/v1p5beta1/{parent=*/*}/assets"
};
option (google.api.method_signature) = "parent";
}
}
@ -48,21 +50,39 @@ service AssetService {
message ListAssetsRequest {
// Required. Name of the organization or project the assets belong to. Format:
// "organizations/[organization-number]" (such as "organizations/123"),
// "projects/[project-number]" (such as "projects/my-project-id"), or
// "projects/[project-id]" (such as "projects/12345").
string parent = 1 [(google.api.field_behavior) = REQUIRED];
// "projects/[project-id]" (such as "projects/my-project-id"), or
// "projects/[project-number]" (such as "projects/12345").
string parent = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
child_type: "cloudasset.googleapis.com/Asset"
}
];
// Timestamp to take an asset snapshot. This can only be set to a timestamp
// between 2018-10-02 UTC (inclusive) and the current time. If not specified,
// the current time will be used. Due to delays in resource data collection
// and indexing, there is a volatile window during which running the same
// query may get different results.
// between the current time and the current time minus 35 days (inclusive).
// If not specified, the current time will be used. Due to delays in resource
// data collection and indexing, there is a volatile window during which
// running the same query may get different results.
google.protobuf.Timestamp read_time = 2;
// A list of asset types of which to take a snapshot for. For example:
// "compute.googleapis.com/Disk". If specified, only matching assets will be
// returned. See [Introduction to Cloud Asset
// Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview)
// A list of asset types to take a snapshot for. For example:
// "compute.googleapis.com/Disk".
//
// Regular expression is also supported. For example:
//
// * "compute.googleapis.com.*" snapshots resources whose asset type starts
// with "compute.googleapis.com".
// * ".*Instance" snapshots resources whose asset type ends with "Instance".
// * ".*Instance.*" snapshots resources whose asset type contains "Instance".
//
// See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
// regular expression syntax. If the regular expression does not match any
// supported asset type, an INVALID_ARGUMENT error will be returned.
//
// If specified, only matching assets will be returned, otherwise, it will
// snapshot all asset types. See [Introduction to Cloud Asset
// Inventory](https://cloud.google.com/asset-inventory/docs/overview)
// for all supported asset types.
repeated string asset_types = 3;
@ -80,6 +100,20 @@ message ListAssetsRequest {
string page_token = 6;
}
// ListAssets response.
message ListAssetsResponse {
// Time the snapshot was taken.
google.protobuf.Timestamp read_time = 1;
// Assets.
repeated Asset assets = 2;
// Token to retrieve the next page of results. It expires 72 hours after the
// page token for the first page is generated. Set to empty if there are no
// remaining results.
string next_page_token = 3;
}
// Asset content type.
enum ContentType {
// Unspecified content type.
@ -91,22 +125,9 @@ enum ContentType {
// The actual IAM policy set on a resource.
IAM_POLICY = 2;
// The Cloud Organization Policy set on an asset.
// The organization policy set on an asset.
ORG_POLICY = 4;
// The Cloud Access context mananger Policy set on an asset.
// The Access Context Manager policy set on an asset.
ACCESS_POLICY = 5;
}
// ListAssets response.
message ListAssetsResponse {
// Time the snapshot was taken.
google.protobuf.Timestamp read_time = 1;
// Assets.
repeated Asset assets = 2;
// Token to retrieve the next page of results. Set to empty if there are no
// remaining results.
string next_page_token = 3;
}

108
google/cloud/asset/v1p5beta1/assets.proto
Unescape View File

@ -1,4 +1,4 @@
// Copyright 2020 Google LLC
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -32,77 +32,108 @@ option java_outer_classname = "AssetProto";
option java_package = "com.google.cloud.asset.v1p5beta1";
option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1";
// Cloud asset. This includes all Google Cloud Platform resources,
// Cloud IAM policies, and other non-GCP assets.
// An asset in Google Cloud. An asset can be any resource in the Google Cloud
// [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// a resource outside the Google Cloud resource hierarchy (such as Google
// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy).
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
// for more information.
message Asset {
option (google.api.resource) = {
type: "cloudasset.googleapis.com/Asset"
pattern: "*"
};
// The full name of the asset. For example:
// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
// The full name of the asset. Example:
// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
//
// See [Resource
// Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// for more information.
string name = 1;
// Type of the asset. Example: "compute.googleapis.com/Disk".
// The type of the asset. Example: `compute.googleapis.com/Disk`
//
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
// for more information.
string asset_type = 2;
// Representation of the resource.
// A representation of the resource.
Resource resource = 3;
// Representation of the actual Cloud IAM policy set on a cloud resource. For
// each resource, there must be at most one Cloud IAM policy set on it.
// A representation of the IAM policy set on a Google Cloud resource.
// There can be a maximum of one IAM policy set on any given resource.
// In addition, IAM policies inherit their granted access scope from any
// policies set on parent resources in the resource hierarchy. Therefore, the
// effectively policy is the union of both the policy set on this resource
// and each policy set on all of the resource's ancestry resource levels in
// the hierarchy. See
// [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance)
// for more information.
google.iam.v1.Policy iam_policy = 4;
// Representation of the Cloud Organization Policy set on an asset. For each
// asset, there could be multiple Organization policies with different
// constraints.
// A representation of an [organization
// policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).
// There can be more than one organization policy with different constraints
// set on a given resource.
repeated google.cloud.orgpolicy.v1.Policy org_policy = 6;
// Representation of the Cloud Organization access policy.
// A representation of an [access
// policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
oneof access_context_policy {
// Please also refer to the [access policy user
// guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7;
// Please also refer to the [access level user
// guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
google.identity.accesscontextmanager.v1.AccessLevel access_level = 8;
// Please also refer to the [service perimeter user
// guide](https://cloud.google.com/vpc-service-controls/docs/overview).
google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter =
9;
}
// Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy,
// represented as a list of relative resource names. Ancestry path starts with
// the closest CRM ancestor and ends at root. If the asset is a CRM
// project/folder/organization, this starts from the asset itself.
// The ancestry path of an asset in Google Cloud [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// represented as a list of relative resource names. An ancestry path starts
// with the closest ancestor in the hierarchy and ends at root. If the asset
// is a project, folder, or organization, the ancestry path starts from the
// asset itself.
//
// Example: ["projects/123456789", "folders/5432", "organizations/1234"]
// Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
repeated string ancestors = 10;
}
// Representation of a cloud resource.
// A representation of a Google Cloud resource.
message Resource {
// The API version. Example: "v1".
string version = 1;
// The URL of the discovery document containing the resource's JSON schema.
// For example:
// `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
// It will be left unspecified for resources without a discovery-based API,
// such as Cloud Bigtable.
// Example:
// `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
//
// This value is unspecified for resources that do not have an API based on a
// discovery document, such as Cloud Bigtable.
string discovery_document_uri = 2;
// The JSON schema name listed in the discovery document.
// Example: "Project". It will be left unspecified for resources (such as
// Cloud Bigtable) without a discovery-based API.
// The JSON schema name listed in the discovery document. Example:
// `Project`
//
// This value is unspecified for resources that do not have an API based on a
// discovery document, such as Cloud Bigtable.
string discovery_name = 3;
// The REST URL for accessing the resource. An HTTP GET operation using this
// URL returns the resource itself.
// Example:
// `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
// It will be left unspecified for resources without a REST API.
// The REST URL for accessing the resource. An HTTP `GET` request using this
// URL returns the resource itself. Example:
// `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
//
// This value is unspecified for resources without a REST API.
string resource_url = 4;
// The full name of the immediate parent of this resource. See
@ -110,15 +141,16 @@ message Resource {
// Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// for more information.
//
// For GCP assets, it is the parent resource defined in the [Cloud IAM policy
// For Google Cloud assets, this value is the parent resource defined in the
// [IAM policy
// hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
// For example:
// `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
// Example:
// `//cloudresourcemanager.googleapis.com/projects/my_project_123`
//
// For third-party assets, it is up to the users to define.
// For third-party assets, this field may be set differently.
string parent = 5;
// The content of the resource, in which some sensitive fields are scrubbed
// away and may not be present.
// The content of the resource, in which some sensitive fields are removed
// and may not be present.
google.protobuf.Struct data = 6;
}

19
google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml
Unescape View File

@ -5,16 +5,19 @@ title: Cloud Asset API
apis:
- name: google.cloud.asset.v1p5beta1.AssetService
- name: google.longrunning.Operations
documentation:
summary: The cloud asset API manages the history and inventory of cloud resources.
summary: |-
The Cloud Asset API manages the history and inventory of Google Cloud
resources.
overview: |-
# Cloud Asset API
The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset
metadata, and allows GCP users to download a dump of all asset metadata
for the resource types listed below within an organization or a project at
a given timestamp.
The Cloud Asset API keeps a history of Google Cloud asset metadata, and
allows Google Cloud users to download a dump of all asset metadata for the
resource types listed below within an organization or a project at a given
timestamp.
Read more documents here:
https://cloud.google.com/asset-inventory/docs
@ -23,6 +26,8 @@ backend:
rules:
- selector: google.cloud.asset.v1p5beta1.AssetService.ListAssets
deadline: 600.0
- selector: google.longrunning.Operations.GetOperation
deadline: 60.0
authentication:
rules:
@ -30,3 +35,7 @@ authentication:
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform
- selector: google.longrunning.Operations.GetOperation
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform

21
google/cloud/asset/v1p7beta1/asset_service.proto
Unescape View File

@ -1,4 +1,4 @@
// Copyright 2021 Google LLC
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@ import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/asset/v1p7beta1/assets.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/timestamp.proto";
@ -134,10 +133,10 @@ message ExportAssetsResponse {
OutputConfig output_config = 2;
// Output result indicating where the assets were exported to. For example, a
// set of actual Google Cloud Storage object uris where the assets are
// exported to. The uris can be different from what [output_config] has
// set of actual Cloud Storage object URIs where the assets are
// exported to. The URIs can be different from what [output_config] has
// specified, as the service will split the output object into multiple ones
// once it exceeds a single Google Cloud Storage object limit.
// once it exceeds a single Cloud Storage object limit.
OutputResult output_result = 3;
}
@ -165,7 +164,7 @@ message OutputResult {
// A Cloud Storage output result.
message GcsOutputResult {
// List of uris of the Cloud Storage objects. Example:
// List of URIs of the Cloud Storage objects. Example:
// "gs://bucket_name/object_name".
repeated string uris = 1;
}
@ -174,15 +173,15 @@ message GcsOutputResult {
message GcsDestination {
// Required.
oneof object_uri {
// The uri of the Cloud Storage object. It's the same uri that is used by
// The URI of the Cloud Storage object. It's the same URI that is used by
// gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
// Editing Object
// Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
// for more information.
string uri = 1;
// The uri prefix of all generated Cloud Storage objects. Example:
// "gs://bucket_name/object_name_prefix". Each object uri is in format:
// The URI prefix of all generated Cloud Storage objects. Example:
// "gs://bucket_name/object_name_prefix". Each object URI is in format:
// "gs://bucket_name/object_name_prefix/{ASSET_TYPE}/{SHARD_NUMBER} and only
// contains assets for that type. <shard number> starts from 0. Example:
// "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is
@ -302,10 +301,10 @@ enum ContentType {
// The actual IAM policy set on a resource.
IAM_POLICY = 2;
// The Cloud Organization Policy set on an asset.
// The organization policy set on an asset.
ORG_POLICY = 4;
// The Cloud Access context manager Policy set on an asset.
// The Access Context Manager policy set on an asset.
ACCESS_POLICY = 5;
// The related resources.

19
google/cloud/asset/v1p7beta1/assets.proto
Unescape View File

@ -1,4 +1,4 @@
// Copyright 2021 Google LLC
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -18,7 +18,6 @@ package google.cloud.asset.v1p7beta1;
import "google/api/resource.proto";
import "google/cloud/orgpolicy/v1/orgpolicy.proto";
import "google/cloud/osconfig/v1/inventory.proto";
import "google/iam/v1/policy.proto";
import "google/identity/accesscontextmanager/v1/access_level.proto";
import "google/identity/accesscontextmanager/v1/access_policy.proto";
@ -40,7 +39,7 @@ option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1";
// [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// a resource outside the Google Cloud resource hierarchy (such as Google
// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy).
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
// for more information.
@ -72,15 +71,15 @@ message Asset {
// A representation of the resource.
Resource resource = 3;
// A representation of the Cloud IAM policy set on a Google Cloud resource.
// There can be a maximum of one Cloud IAM policy set on any given resource.
// In addition, Cloud IAM policies inherit their granted access scope from any
// A representation of the IAM policy set on a Google Cloud resource.
// There can be a maximum of one IAM policy set on any given resource.
// In addition, IAM policies inherit their granted access scope from any
// policies set on parent resources in the resource hierarchy. Therefore, the
// effectively policy is the union of both the policy set on this resource
// and each policy set on all of the resource's ancestry resource levels in
// the hierarchy. See
// [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for
// more information.
// [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance)
// for more information.
google.iam.v1.Policy iam_policy = 4;
// A representation of an [organization
@ -154,7 +153,7 @@ message Resource {
// for more information.
//
// For Google Cloud assets, this value is the parent resource defined in the
// [Cloud IAM policy
// [IAM policy
// hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
// Example:
// `//cloudresourcemanager.googleapis.com/projects/my_project_123`
@ -201,7 +200,7 @@ message RelationshipAttributes {
// ancestors. An asset can be any resource in the Google Cloud [resource
// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
// a resource outside the Google Cloud resource hierarchy (such as Google
// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy).
// See [Supported asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
// for more information.

18
google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml
Unescape View File

@ -5,19 +5,22 @@ title: Cloud Asset API
apis:
- name: google.cloud.asset.v1p7beta1.AssetService
- name: google.longrunning.Operations
types:
- name: google.cloud.asset.v1p7beta1.Asset
documentation:
summary: The cloud asset API manages the history and inventory of cloud resources.
summary: |-
The Cloud Asset API manages the history and inventory of Google Cloud
resources.
overview: |-
# Cloud Asset API
The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset
metadata, and allows GCP users to download a dump of all asset metadata
for the resource types listed below within an organization or a project at
a given timestamp.
The Cloud Asset API keeps a history of Google Cloud asset metadata, and
allows Google Cloud users to download a dump of all asset metadata for the
resource types listed below within an organization or a project at a given
timestamp.
Read more documents here:
https://cloud.google.com/asset-inventory/docs
@ -29,6 +32,11 @@ backend:
- selector: google.longrunning.Operations.GetOperation
deadline: 60.0
http:
rules:
- selector: google.longrunning.Operations.GetOperation
get: '/v1p7beta1/{name=*/*/operations/*/**}'
authentication:
rules:
- selector: google.cloud.asset.v1p7beta1.AssetService.ExportAssets

Write Preview
Loading…
Cancel
Save