# frozen_string_literal: true # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Auto-generated by gapic-generator-ruby. DO NOT EDIT! module Google module Cloud module Asset module V1 # Export asset request. # @!attribute [rw] parent # @return [::String] # Required. The relative name of the root asset. This can only be an # organization number (such as "organizations/123"), a project ID (such as # "projects/my-project-id"), or a project number (such as "projects/12345"), # or a folder number (such as "folders/123"). # @!attribute [rw] read_time # @return [::Google::Protobuf::Timestamp] # Timestamp to take an asset snapshot. This can only be set to a timestamp # between the current time and the current time minus 35 days (inclusive). # If not specified, the current time will be used. Due to delays in resource # data collection and indexing, there is a volatile window during which # running the same query may get different results. # @!attribute [rw] asset_types # @return [::Array<::String>] # A list of asset types to take a snapshot for. For example: # "compute.googleapis.com/Disk". # # Regular expressions are also supported. For example: # # * "compute.googleapis.com.*" snapshots resources whose asset type starts # with "compute.googleapis.com". # * ".*Instance" snapshots resources whose asset type ends with "Instance". # * ".*Instance.*" snapshots resources whose asset type contains "Instance". # # See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported # regular expression syntax. If the regular expression does not match any # supported asset type, an INVALID_ARGUMENT error will be returned. # # If specified, only matching assets will be returned, otherwise, it will # snapshot all asset types. See [Introduction to Cloud Asset # Inventory](https://cloud.google.com/asset-inventory/docs/overview) # for all supported asset types. # @!attribute [rw] content_type # @return [::Google::Cloud::Asset::V1::ContentType] # Asset content type. If not specified, no content but the asset name will be # returned. # @!attribute [rw] output_config # @return [::Google::Cloud::Asset::V1::OutputConfig] # Required. Output configuration indicating where the results will be output to. class ExportAssetsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # The export asset response. This message is returned by the # google.longrunning.Operations.GetOperation method in the returned # {::Google::Longrunning::Operation#response google.longrunning.Operation.response} field. # @!attribute [rw] read_time # @return [::Google::Protobuf::Timestamp] # Time the snapshot was taken. # @!attribute [rw] output_config # @return [::Google::Cloud::Asset::V1::OutputConfig] # Output configuration indicating where the results were output to. # @!attribute [rw] output_result # @return [::Google::Cloud::Asset::V1::OutputResult] # Output result indicating where the assets were exported to. For example, a # set of actual Google Cloud Storage object uris where the assets are # exported to. The uris can be different from what [output_config] has # specified, as the service will split the output object into multiple ones # once it exceeds a single Google Cloud Storage object limit. class ExportAssetsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Batch get assets history request. # @!attribute [rw] parent # @return [::String] # Required. The relative name of the root asset. It can only be an # organization number (such as "organizations/123"), a project ID (such as # "projects/my-project-id")", or a project number (such as "projects/12345"). # @!attribute [rw] asset_names # @return [::Array<::String>] # A list of the full names of the assets. # See: https://cloud.google.com/asset-inventory/docs/resource-name-format # Example: # # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. # # The request becomes a no-op if the asset name list is empty, and the max # size of the asset name list is 100 in one request. # @!attribute [rw] content_type # @return [::Google::Cloud::Asset::V1::ContentType] # Optional. The content type. # @!attribute [rw] read_time_window # @return [::Google::Cloud::Asset::V1::TimeWindow] # Optional. The time window for the asset history. Both start_time and # end_time are optional and if set, it must be after the current time minus # 35 days. If end_time is not set, it is default to current timestamp. # If start_time is not set, the snapshot of the assets at end_time will be # returned. The returned results contain all temporal assets whose time # window overlap with read_time_window. class BatchGetAssetsHistoryRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Batch get assets history response. # @!attribute [rw] assets # @return [::Array<::Google::Cloud::Asset::V1::TemporalAsset>] # A list of assets with valid time windows. class BatchGetAssetsHistoryResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Create asset feed request. # @!attribute [rw] parent # @return [::String] # Required. The name of the project/folder/organization where this feed # should be created in. It can only be an organization number (such as # "organizations/123"), a folder number (such as "folders/123"), a project ID # (such as "projects/my-project-id")", or a project number (such as # "projects/12345"). # @!attribute [rw] feed_id # @return [::String] # Required. This is the client-assigned asset feed identifier and it needs to # be unique under a specific parent project/folder/organization. # @!attribute [rw] feed # @return [::Google::Cloud::Asset::V1::Feed] # Required. The feed details. The field `name` must be empty and it will be generated # in the format of: # projects/project_number/feeds/feed_id # folders/folder_number/feeds/feed_id # organizations/organization_number/feeds/feed_id class CreateFeedRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Get asset feed request. # @!attribute [rw] name # @return [::String] # Required. The name of the Feed and it must be in the format of: # projects/project_number/feeds/feed_id # folders/folder_number/feeds/feed_id # organizations/organization_number/feeds/feed_id class GetFeedRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # List asset feeds request. # @!attribute [rw] parent # @return [::String] # Required. The parent project/folder/organization whose feeds are to be # listed. It can only be using project/folder/organization number (such as # "folders/12345")", or a project ID (such as "projects/my-project-id"). class ListFeedsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] feeds # @return [::Array<::Google::Cloud::Asset::V1::Feed>] # A list of feeds. class ListFeedsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Update asset feed request. # @!attribute [rw] feed # @return [::Google::Cloud::Asset::V1::Feed] # Required. The new values of feed details. It must match an existing feed and the # field `name` must be in the format of: # projects/project_number/feeds/feed_id or # folders/folder_number/feeds/feed_id or # organizations/organization_number/feeds/feed_id. # @!attribute [rw] update_mask # @return [::Google::Protobuf::FieldMask] # Required. Only updates the `feed` fields indicated by this mask. # The field mask must not be empty, and it must not contain fields that # are immutable or only set by the server. class UpdateFeedRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] name # @return [::String] # Required. The name of the feed and it must be in the format of: # projects/project_number/feeds/feed_id # folders/folder_number/feeds/feed_id # organizations/organization_number/feeds/feed_id class DeleteFeedRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Output configuration for export assets destination. # @!attribute [rw] gcs_destination # @return [::Google::Cloud::Asset::V1::GcsDestination] # Destination on Cloud Storage. # @!attribute [rw] bigquery_destination # @return [::Google::Cloud::Asset::V1::BigQueryDestination] # Destination on BigQuery. The output table stores the fields in asset # proto as columns in BigQuery. class OutputConfig include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Output result of export assets. # @!attribute [rw] gcs_result # @return [::Google::Cloud::Asset::V1::GcsOutputResult] # Export result on Cloud Storage. class OutputResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A Cloud Storage output result. # @!attribute [rw] uris # @return [::Array<::String>] # List of uris of the Cloud Storage objects. Example: # "gs://bucket_name/object_name". class GcsOutputResult include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A Cloud Storage location. # @!attribute [rw] uri # @return [::String] # The uri of the Cloud Storage object. It's the same uri that is used by # gsutil. Example: "gs://bucket_name/object_name". See [Viewing and # Editing Object # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) # for more information. # @!attribute [rw] uri_prefix # @return [::String] # The uri prefix of all generated Cloud Storage objects. Example: # "gs://bucket_name/object_name_prefix". Each object uri is in format: # "gs://bucket_name/object_name_prefix// and only # contains assets for that type. starts from 0. Example: # "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is # the first shard of output objects containing all # compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be # returned if file with the same name "gs://bucket_name/object_name_prefix" # already exists. class GcsDestination include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # A BigQuery destination for exporting assets to. # @!attribute [rw] dataset # @return [::String] # Required. The BigQuery dataset in format # "projects/projectId/datasets/datasetId", to which the snapshot result # should be exported. If this dataset does not exist, the export call returns # an INVALID_ARGUMENT error. # @!attribute [rw] table # @return [::String] # Required. The BigQuery table to which the snapshot result should be # written. If this table does not exist, a new table with the given name # will be created. # @!attribute [rw] force # @return [::Boolean] # If the destination table already exists and this flag is `TRUE`, the # table will be overwritten by the contents of assets snapshot. If the flag # is `FALSE` or unset and the destination table already exists, the export # call returns an INVALID_ARGUMEMT error. # @!attribute [rw] partition_spec # @return [::Google::Cloud::Asset::V1::PartitionSpec] # [partition_spec] determines whether to export to partitioned table(s) and # how to partition the data. # # If [partition_spec] is unset or [partition_spec.partion_key] is unset or # `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to # non-partitioned table(s). [force] will decide whether to overwrite existing # table(s). # # If [partition_spec] is specified. First, the snapshot results will be # written to partitioned table(s) with two additional timestamp columns, # readTime and requestTime, one of which will be the partition key. Secondly, # in the case when any destination table already exists, it will first try to # update existing table's schema as necessary by appending additional # columns. Then, if [force] is `TRUE`, the corresponding partition will be # overwritten by the snapshot results (data in different partitions will # remain intact); if [force] is unset or `FALSE`, it will append the data. An # error will be returned if the schema update or data appension fails. # @!attribute [rw] separate_tables_per_asset_type # @return [::Boolean] # If this flag is `TRUE`, the snapshot results will be written to one or # multiple tables, each of which contains results of one asset type. The # [force] and [partition_spec] fields will apply to each of them. # # Field [table] will be concatenated with "_" and the asset type names (see # https://cloud.google.com/asset-inventory/docs/supported-asset-types for # supported asset types) to construct per-asset-type table names, in which # all non-alphanumeric characters like "." and "/" will be substituted by # "_". Example: if field [table] is "mytable" and snapshot results # contain "storage.googleapis.com/Bucket" assets, the corresponding table # name will be "mytable_storage_googleapis_com_Bucket". If any of these # tables does not exist, a new table with the concatenated name will be # created. # # When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of # each table will include RECORD-type columns mapped to the nested fields in # the Asset.resource.data field of that asset type (up to the 15 nested level # BigQuery supports # (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The # fields in >15 nested levels will be stored in JSON format string as a child # column of its parent RECORD column. # # If error occurs when exporting to any table, the whole export call will # return an error but the export results that already succeed will persist. # Example: if exporting to table_type_A succeeds when exporting to # table_type_B fails during one export call, the results in table_type_A will # persist and there will not be partial results persisting in a table. class BigQueryDestination include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Specifications of BigQuery partitioned table as export destination. # @!attribute [rw] partition_key # @return [::Google::Cloud::Asset::V1::PartitionSpec::PartitionKey] # The partition key for BigQuery partitioned table. class PartitionSpec include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # This enum is used to determine the partition key column when exporting # assets to BigQuery partitioned table(s). Note that, if the partition key is # a timestamp column, the actual partition is based on its date value # (expressed in UTC. see details in # https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables). module PartitionKey # Unspecified partition key. If used, it means using non-partitioned table. PARTITION_KEY_UNSPECIFIED = 0 # The time when the snapshot is taken. If specified as partition key, the # result table(s) is partitoned by the additional timestamp column, # readTime. If [read_time] in ExportAssetsRequest is specified, the # readTime column's value will be the same as it. Otherwise, its value will # be the current time that is used to take the snapshot. READ_TIME = 1 # The time when the request is received and started to be processed. If # specified as partition key, the result table(s) is partitoned by the # requestTime column, an additional timestamp column representing when the # request was received. REQUEST_TIME = 2 end end # A Pub/Sub destination. # @!attribute [rw] topic # @return [::String] # The name of the Pub/Sub topic to publish to. # Example: `projects/PROJECT_ID/topics/TOPIC_ID`. class PubsubDestination include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Output configuration for asset feed destination. # @!attribute [rw] pubsub_destination # @return [::Google::Cloud::Asset::V1::PubsubDestination] # Destination on Pub/Sub. class FeedOutputConfig include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # An asset feed used to export asset updates to a destinations. # An asset feed filter controls what updates are exported. # The asset feed must be created within a project, organization, or # folder. Supported destinations are: # Pub/Sub topics. # @!attribute [rw] name # @return [::String] # Required. The format will be # projects/\\{project_number}/feeds/\\{client-assigned_feed_identifier} or # folders/\\{folder_number}/feeds/\\{client-assigned_feed_identifier} or # organizations/\\{organization_number}/feeds/\\{client-assigned_feed_identifier} # # The client-assigned feed identifier must be unique within the parent # project/folder/organization. # @!attribute [rw] asset_names # @return [::Array<::String>] # A list of the full names of the assets to receive updates. You must specify # either or both of asset_names and asset_types. Only asset updates matching # specified asset_names or asset_types are exported to the feed. # Example: # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. # See [Resource # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) # for more info. # @!attribute [rw] asset_types # @return [::Array<::String>] # A list of types of the assets to receive updates. You must specify either # or both of asset_names and asset_types. Only asset updates matching # specified asset_names or asset_types are exported to the feed. # Example: `"compute.googleapis.com/Disk"` # # See [this # topic](https://cloud.google.com/asset-inventory/docs/supported-asset-types) # for a list of all supported asset types. # @!attribute [rw] content_type # @return [::Google::Cloud::Asset::V1::ContentType] # Asset content type. If not specified, no content but the asset name and # type will be returned. # @!attribute [rw] feed_output_config # @return [::Google::Cloud::Asset::V1::FeedOutputConfig] # Required. Feed output configuration defining where the asset updates are # published to. # @!attribute [rw] condition # @return [::Google::Type::Expr] # A condition which determines whether an asset update should be published. # If specified, an asset will be returned only when the expression evaluates # to true. # When set, `expression` field in the `Expr` must be a valid [CEL expression] # (https://github.com/google/cel-spec) on a TemporalAsset with name # `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted # == true") will only publish Asset deletions. Other fields of `Expr` are # optional. # # See our [user # guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes#feed_with_condition) # for detailed instructions. class Feed include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Search all resources request. # @!attribute [rw] scope # @return [::String] # Required. A scope can be a project, a folder, or an organization. The search is # limited to the resources within the `scope`. The caller must be granted the # [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions) # permission on the desired scope. # # The allowed values are: # # * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar") # * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678") # * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567") # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456") # @!attribute [rw] query # @return [::String] # Optional. The query statement. See [how to construct a # query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) # for more information. If not specified or empty, it will search all the # resources within the specified `scope`. Note that the query string is # compared against each Cloud IAM policy binding, including its members, # roles, and Cloud IAM conditions. The returned Cloud IAM policies will only # contain the bindings that match your query. To learn more about the IAM # policy structure, see [IAM policy # doc](https://cloud.google.com/iam/docs/policies#structure). # # Examples: # # * `name:Important` to find Cloud resources whose name contains # "Important" as a word. # * `displayName:Impor*` to find Cloud resources whose display name # contains "Impor" as a prefix. # * `description:*por*` to find Cloud resources whose description # contains "por" as a substring. # * `location:us-west*` to find Cloud resources whose location is # prefixed with "us-west". # * `labels:prod` to find Cloud resources whose labels contain "prod" as # a key or value. # * `labels.env:prod` to find Cloud resources that have a label "env" # and its value is "prod". # * `labels.env:*` to find Cloud resources that have a label "env". # * `Important` to find Cloud resources that contain "Important" as a word # in any of the searchable fields. # * `Impor*` to find Cloud resources that contain "Impor" as a prefix # in any of the searchable fields. # * `*por*` to find Cloud resources that contain "por" as a substring in # any of the searchable fields. # * `Important location:(us-west1 OR global)` to find Cloud # resources that contain "Important" as a word in any of the searchable # fields and are also located in the "us-west1" region or the "global" # location. # @!attribute [rw] asset_types # @return [::Array<::String>] # Optional. A list of asset types that this request searches for. If empty, it will # search all the [searchable asset # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). # @!attribute [rw] page_size # @return [::Integer] # Optional. The page size for search result pagination. Page size is capped at 500 even # if a larger value is given. If set to zero, server will pick an appropriate # default. Returned results may be fewer than requested. When this happens, # there could be more results as long as `next_page_token` is returned. # @!attribute [rw] page_token # @return [::String] # Optional. If present, then retrieve the next batch of results from the preceding call # to this method. `page_token` must be the value of `next_page_token` from # the previous response. The values of all other method parameters, must be # identical to those in the previous call. # @!attribute [rw] order_by # @return [::String] # Optional. A comma separated list of fields specifying the sorting order of the # results. The default order is ascending. Add " DESC" after the field name # to indicate descending order. Redundant space characters are ignored. # Example: "location DESC, name". Only string fields in the response are # sortable, including `name`, `displayName`, `description`, `location`. All # the other fields such as repeated fields (e.g., `networkTags`), map # fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) # are not supported. class SearchAllResourcesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Search all resources response. # @!attribute [rw] results # @return [::Array<::Google::Cloud::Asset::V1::ResourceSearchResult>] # A list of Resources that match the search query. It contains the resource # standard metadata information. # @!attribute [rw] next_page_token # @return [::String] # If there are more results than those appearing in this response, then # `next_page_token` is included. To get the next set of results, call this # method again using the value of `next_page_token` as `page_token`. class SearchAllResourcesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Search all IAM policies request. # @!attribute [rw] scope # @return [::String] # Required. A scope can be a project, a folder, or an organization. The search is # limited to the IAM policies within the `scope`. The caller must be granted # the # [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions) # permission on the desired scope. # # The allowed values are: # # * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar") # * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678") # * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567") # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456") # @!attribute [rw] query # @return [::String] # Optional. The query statement. See [how to construct a # query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) # for more information. If not specified or empty, it will search all the # IAM policies within the specified `scope`. # # Examples: # # * `policy:amy@gmail.com` to find IAM policy bindings that specify user # "amy@gmail.com". # * `policy:roles/compute.admin` to find IAM policy bindings that specify # the Compute Admin role. # * `policy.role.permissions:storage.buckets.update` to find IAM policy # bindings that specify a role containing "storage.buckets.update" # permission. Note that if callers don't have `iam.roles.get` access to a # role's included permissions, policy bindings that specify this role will # be dropped from the search results. # * `resource:organizations/123456` to find IAM policy bindings # that are set on "organizations/123456". # * `Important` to find IAM policy bindings that contain "Important" as a # word in any of the searchable fields (except for the included # permissions). # * `*por*` to find IAM policy bindings that contain "por" as a substring # in any of the searchable fields (except for the included permissions). # * `resource:(instance1 OR instance2) policy:amy` to find # IAM policy bindings that are set on resources "instance1" or # "instance2" and also specify user "amy". # @!attribute [rw] page_size # @return [::Integer] # Optional. The page size for search result pagination. Page size is capped at 500 even # if a larger value is given. If set to zero, server will pick an appropriate # default. Returned results may be fewer than requested. When this happens, # there could be more results as long as `next_page_token` is returned. # @!attribute [rw] page_token # @return [::String] # Optional. If present, retrieve the next batch of results from the preceding call to # this method. `page_token` must be the value of `next_page_token` from the # previous response. The values of all other method parameters must be # identical to those in the previous call. class SearchAllIamPoliciesRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Search all IAM policies response. # @!attribute [rw] results # @return [::Array<::Google::Cloud::Asset::V1::IamPolicySearchResult>] # A list of IamPolicy that match the search query. Related information such # as the associated resource is returned along with the policy. # @!attribute [rw] next_page_token # @return [::String] # Set if there are more results than those appearing in this response; to get # the next set of results, call this method again, using this value as the # `page_token`. class SearchAllIamPoliciesResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Asset content type. module ContentType # Unspecified content type. CONTENT_TYPE_UNSPECIFIED = 0 # Resource metadata. RESOURCE = 1 # The actual IAM policy set on a resource. IAM_POLICY = 2 # The Cloud Organization Policy set on an asset. ORG_POLICY = 4 # The Cloud Access context manager Policy set on an asset. ACCESS_POLICY = 5 end end end end end