diff options
| author | n1c00o <git.n1c00o@gmail.com> | 2022-10-12 18:05:45 +0200 |
|---|---|---|
| committer | n1c00o <git.n1c00o@gmail.com> | 2022-10-12 18:05:45 +0200 |
| commit | 9bcf3fedd50bd6c8dfef1673482d9b61fab49cd0 (patch) | |
| tree | 45f3b754ece09b90bde859bc6e7eae4d3c31a848 /third_party/googleapis/google/cloud/asset | |
| parent | 2e1a2ee3d6c12d8367cbbe005fe7dcf8d253d9ac (diff) | |
Revendor correctly googleapis
Diffstat (limited to 'third_party/googleapis/google/cloud/asset')
30 files changed, 6724 insertions, 0 deletions
diff --git a/third_party/googleapis/google/cloud/asset/BUILD.bazel b/third_party/googleapis/google/cloud/asset/BUILD.bazel new file mode 100644 index 0000000..242ca6e --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/BUILD.bazel @@ -0,0 +1,41 @@ +# This build file includes a target for the Ruby wrapper library for +# google-cloud-asset. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +# Export yaml configs. +exports_files(glob(["*.yaml"])) + +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", +) + +# Generates a Ruby wrapper client for cloudasset. +# Ruby wrapper clients are versionless, but are generated from source protos +# for a particular service version, v1 in this case. +ruby_cloud_gapic_library( + name = "cloudasset_ruby_wrapper", + srcs = ["//google/cloud/asset/v1:asset_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-asset", + "ruby-cloud-env-prefix=ASSET", + "ruby-cloud-wrapper-of=v1:0.0", + "ruby-cloud-product-url=https://cloud.google.com/asset-inventory/", + "ruby-cloud-api-id=cloudasset.googleapis.com", + "ruby-cloud-api-shortname=cloudasset", + "ruby-cloud-migration-version=1.0", + ], + ruby_cloud_description = "A metadata inventory service that allows you to view, monitor, and analyze all your GCP and Anthos assets across projects and services.", + ruby_cloud_title = "Cloud Asset", +) + +# Open Source package. +ruby_gapic_assembly_pkg( + name = "google-cloud-asset-ruby", + deps = [ + ":cloudasset_ruby_wrapper", + ], +) diff --git a/third_party/googleapis/google/cloud/asset/v1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1/BUILD.bazel new file mode 100644 index 0000000..74a1a28 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1/BUILD.bazel @@ -0,0 +1,406 @@ +# This file was automatically generated by BuildFileGenerator + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "asset_proto", + srcs = [ + "asset_service.proto", + "assets.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_proto", + "//google/cloud/osconfig/v1:osconfig_proto", + "//google/iam/v1:policy_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_proto", + "//google/longrunning:operations_proto", + "//google/rpc:code_proto", + "//google/rpc:status_proto", + "//google/type:expr_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:duration_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:struct_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "asset_proto_with_info", + deps = [ + ":asset_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "asset_java_proto", + deps = [":asset_proto"], +) + +java_grpc_library( + name = "asset_java_grpc", + srcs = [":asset_proto"], + deps = [":asset_java_proto"], +) + +java_gapic_library( + name = "asset_java_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + test_deps = [ + ":asset_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":asset_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "asset_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.asset.v1.AssetServiceClientHttpJsonTest", + "com.google.cloud.asset.v1.AssetServiceClientTest", + ], + runtime_deps = [":asset_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-asset-v1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":asset_java_gapic", + ":asset_java_grpc", + ":asset_java_proto", + ":asset_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "asset_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1", + protos = [":asset_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_go_proto", + "//google/cloud/osconfig/v1:osconfig_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_go_proto", + "//google/longrunning:longrunning_go_proto", + "//google/rpc:code_go_proto", + "//google/rpc:status_go_proto", + "//google/type:expr_go_proto", + ], +) + +go_gapic_library( + name = "asset_go_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + importpath = "cloud.google.com/go/asset/apiv1;asset", + service_yaml = "cloudasset_v1.yaml", + transport = "grpc+rest", + deps = [ + ":asset_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/longrunning:longrunning_go_proto", + "@com_google_cloud_go//longrunning:go_default_library", + "@com_google_cloud_go//longrunning/autogen:go_default_library", + "@io_bazel_rules_go//proto/wkt:any_go_proto", + "@io_bazel_rules_go//proto/wkt:duration_go_proto", + "@io_bazel_rules_go//proto/wkt:struct_go_proto", + ], +) + +go_test( + name = "asset_go_gapic_test", + srcs = [":asset_go_gapic_srcjar_test"], + embed = [":asset_go_gapic"], + importpath = "cloud.google.com/go/asset/apiv1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-asset-v1-go", + deps = [ + ":asset_go_gapic", + ":asset_go_gapic_srcjar-test.srcjar", + ":asset_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "asset_py_gapic", + srcs = [":asset_proto"], + grpc_service_config = "cloudasset_grpc_service_config.json", + transport = "grpc", + deps = [ + "//google/cloud/orgpolicy/v1:orgpolicy_py_original_proto", + "//google/cloud/osconfig/v1:osconfig_py_proto", + "//google/iam/v1:policy_py_proto", + "//google/identity/accesscontextmanager/v1:access_level_py_proto", + "//google/identity/accesscontextmanager/v1:access_policy_py_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_py_gapic", + "//google/identity/accesscontextmanager/v1:service_perimeter_py_proto", + ], +) + +py_gapic_assembly_pkg( + name = "asset-v1-py", + deps = [ + ":asset_py_gapic", + ], +) + +py_test( + name = "asset_py_gapic_test", + srcs = [ + "asset_py_gapic_pytest.py", + "asset_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":asset_py_gapic"], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "asset_php_proto", + deps = [":asset_proto"], +) + +php_grpc_library( + name = "asset_php_grpc", + srcs = [":asset_proto"], + deps = [":asset_php_proto"], +) + +php_gapic_library( + name = "asset_php_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + service_yaml = "cloudasset_v1.yaml", + deps = [ + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-asset-v1-php", + deps = [ + ":asset_php_gapic", + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "asset_nodejs_gapic", + package_name = "@google-cloud/asset", + src = ":asset_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "cloudasset_grpc_service_config.json", + package = "google.cloud.asset.v1", + service_yaml = "cloudasset_v1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "asset-v1-nodejs", + deps = [ + ":asset_nodejs_gapic", + ":asset_proto", + "//google/cloud/osconfig/v1:osconfig_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "asset_ruby_proto", + deps = [ + ":asset_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_proto", + ], +) + +ruby_grpc_library( + name = "asset_ruby_grpc", + srcs = [":asset_proto"], + deps = [":asset_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "asset_ruby_gapic", + srcs = [":asset_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-asset-v1", + "ruby-cloud-env-prefix=ASSET", + "ruby-cloud-product-url=https://cloud.google.com/asset-inventory/", + "ruby-cloud-api-id=cloudasset.googleapis.com", + "ruby-cloud-api-shortname=cloudasset", + "ruby-cloud-extra-dependencies=google-identity-access_context_manager-v1=> 0.0|< 2.a;google-cloud-os_config-v1=> 0.0|< 2.a", + ], + grpc_service_config = "cloudasset_grpc_service_config.json", + ruby_cloud_description = "A metadata inventory service that allows you to view, monitor, and analyze all your GCP and Anthos assets across projects and services.", + ruby_cloud_title = "Cloud Asset V1", + deps = [ + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-asset-v1-ruby", + deps = [ + ":asset_ruby_gapic", + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "asset_csharp_proto", + deps = [":asset_proto"], +) + +csharp_grpc_library( + name = "asset_csharp_grpc", + srcs = [":asset_proto"], + deps = [":asset_csharp_proto"], +) + +csharp_gapic_library( + name = "asset_csharp_gapic", + srcs = [":asset_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "cloudasset_grpc_service_config.json", + service_yaml = "cloudasset_v1.yaml", + deps = [ + ":asset_csharp_grpc", + ":asset_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-asset-v1-csharp", + deps = [ + ":asset_csharp_gapic", + ":asset_csharp_grpc", + ":asset_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "asset_cc_proto", + deps = [":asset_proto"], +) + +cc_grpc_library( + name = "asset_cc_grpc", + srcs = [":asset_proto"], + grpc_only = True, + deps = [":asset_cc_proto"], +) diff --git a/third_party/googleapis/google/cloud/asset/v1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1/asset_service.proto new file mode 100644 index 0000000..9e13d06 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1/asset_service.proto @@ -0,0 +1,2014 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/asset/v1/assets.proto"; +import "google/iam/v1/policy.proto"; +import "google/longrunning/operations.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; +import "google/rpc/status.proto"; +import "google/type/expr.proto"; + +option csharp_namespace = "Google.Cloud.Asset.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetServiceProto"; +option java_package = "com.google.cloud.asset.v1"; +option php_namespace = "Google\\Cloud\\Asset\\V1"; + +// Asset service definition. +service AssetService { + option (google.api.default_host) = "cloudasset.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Exports assets with time and resource types to a given Cloud Storage + // location/BigQuery table. For Cloud Storage location destinations, the + // output format is newline-delimited JSON. Each line represents a + // [google.cloud.asset.v1.Asset][google.cloud.asset.v1.Asset] in the JSON format; for BigQuery table + // destinations, the output table stores the fields in asset Protobuf as + // columns. This API implements the [google.longrunning.Operation][google.longrunning.Operation] API, + // which allows you to keep track of the export. We recommend intervals of at + // least 2 seconds with exponential retry to poll the export operation result. + // For regular-size resource parent, the export operation usually finishes + // within 5 minutes. + rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{parent=*/*}:exportAssets" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "google.cloud.asset.v1.ExportAssetsResponse" + metadata_type: "google.cloud.asset.v1.ExportAssetsRequest" + }; + } + + // Lists assets with time and resource types and returns paged results in + // response. + rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { + option (google.api.http) = { + get: "/v1/{parent=*/*}/assets" + }; + option (google.api.method_signature) = "parent"; + } + + // Batch gets the update history of assets that overlap a time window. + // For IAM_POLICY content, this API outputs history when the asset and its + // attached IAM POLICY both exist. This can create gaps in the output history. + // Otherwise, this API outputs history with asset in both non-delete or + // deleted status. + // If a specified asset does not exist, this API returns an INVALID_ARGUMENT + // error. + rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) { + option (google.api.http) = { + get: "/v1/{parent=*/*}:batchGetAssetsHistory" + }; + } + + // Creates a feed in a parent project/folder/organization to listen to its + // asset updates. + rpc CreateFeed(CreateFeedRequest) returns (Feed) { + option (google.api.http) = { + post: "/v1/{parent=*/*}/feeds" + body: "*" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets details about an asset feed. + rpc GetFeed(GetFeedRequest) returns (Feed) { + option (google.api.http) = { + get: "/v1/{name=*/*/feeds/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Lists all asset feeds in a parent project/folder/organization. + rpc ListFeeds(ListFeedsRequest) returns (ListFeedsResponse) { + option (google.api.http) = { + get: "/v1/{parent=*/*}/feeds" + }; + option (google.api.method_signature) = "parent"; + } + + // Updates an asset feed configuration. + rpc UpdateFeed(UpdateFeedRequest) returns (Feed) { + option (google.api.http) = { + patch: "/v1/{feed.name=*/*/feeds/*}" + body: "*" + }; + option (google.api.method_signature) = "feed"; + } + + // Deletes an asset feed. + rpc DeleteFeed(DeleteFeedRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1/{name=*/*/feeds/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Searches all Cloud resources within the specified scope, such as a project, + // folder, or organization. The caller must be granted the + // `cloudasset.assets.searchAllResources` permission on the desired scope, + // otherwise the request will be rejected. + rpc SearchAllResources(SearchAllResourcesRequest) returns (SearchAllResourcesResponse) { + option (google.api.http) = { + get: "/v1/{scope=*/*}:searchAllResources" + }; + option (google.api.method_signature) = "scope,query,asset_types"; + } + + // Searches all IAM policies within the specified scope, such as a project, + // folder, or organization. The caller must be granted the + // `cloudasset.assets.searchAllIamPolicies` permission on the desired scope, + // otherwise the request will be rejected. + rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest) returns (SearchAllIamPoliciesResponse) { + option (google.api.http) = { + get: "/v1/{scope=*/*}:searchAllIamPolicies" + }; + option (google.api.method_signature) = "scope,query"; + } + + // Analyzes IAM policies to answer which identities have what accesses on + // which resources. + rpc AnalyzeIamPolicy(AnalyzeIamPolicyRequest) returns (AnalyzeIamPolicyResponse) { + option (google.api.http) = { + get: "/v1/{analysis_query.scope=*/*}:analyzeIamPolicy" + }; + } + + // Analyzes IAM policies asynchronously to answer which identities have what + // accesses on which resources, and writes the analysis results to a Google + // Cloud Storage or a BigQuery destination. For Cloud Storage destination, the + // output format is the JSON format that represents a + // [AnalyzeIamPolicyResponse][google.cloud.asset.v1.AnalyzeIamPolicyResponse]. This method implements the + // [google.longrunning.Operation][google.longrunning.Operation], which allows you to track the operation + // status. We recommend intervals of at least 2 seconds with exponential + // backoff retry to poll the operation result. The metadata contains the + // metadata for the long-running operation. + rpc AnalyzeIamPolicyLongrunning(AnalyzeIamPolicyLongrunningRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{analysis_query.scope=*/*}:analyzeIamPolicyLongrunning" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse" + metadata_type: "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningMetadata" + }; + } + + // Analyze moving a resource to a specified destination without kicking off + // the actual move. The analysis is best effort depending on the user's + // permissions of viewing different hierarchical policies and configurations. + // The policies and configuration are subject to change before the actual + // resource migration takes place. + rpc AnalyzeMove(AnalyzeMoveRequest) returns (AnalyzeMoveResponse) { + option (google.api.http) = { + get: "/v1/{resource=*/*}:analyzeMove" + }; + } + + // Issue a job that queries assets using a SQL statement compatible with + // [BigQuery Standard + // SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). + // + // If the query execution finishes within timeout and there's no pagination, + // the full query results will be returned in the `QueryAssetsResponse`. + // + // Otherwise, full query results can be obtained by issuing extra requests + // with the `job_reference` from the a previous `QueryAssets` call. + // + // Note, the query result has approximately 10 GB limitation enforced by + // BigQuery + // https://cloud.google.com/bigquery/docs/best-practices-performance-output, + // queries return larger results will result in errors. + rpc QueryAssets(QueryAssetsRequest) returns (QueryAssetsResponse) { + option (google.api.http) = { + post: "/v1/{parent=*/*}:queryAssets" + body: "*" + }; + } + + // Creates a saved query in a parent project/folder/organization. + rpc CreateSavedQuery(CreateSavedQueryRequest) returns (SavedQuery) { + option (google.api.http) = { + post: "/v1/{parent=*/*}/savedQueries" + body: "saved_query" + }; + option (google.api.method_signature) = "parent,saved_query,saved_query_id"; + } + + // Gets details about a saved query. + rpc GetSavedQuery(GetSavedQueryRequest) returns (SavedQuery) { + option (google.api.http) = { + get: "/v1/{name=*/*/savedQueries/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Lists all saved queries in a parent project/folder/organization. + rpc ListSavedQueries(ListSavedQueriesRequest) returns (ListSavedQueriesResponse) { + option (google.api.http) = { + get: "/v1/{parent=*/*}/savedQueries" + }; + option (google.api.method_signature) = "parent"; + } + + // Updates a saved query. + rpc UpdateSavedQuery(UpdateSavedQueryRequest) returns (SavedQuery) { + option (google.api.http) = { + patch: "/v1/{saved_query.name=*/*/savedQueries/*}" + body: "saved_query" + }; + option (google.api.method_signature) = "saved_query,update_mask"; + } + + // Deletes a saved query. + rpc DeleteSavedQuery(DeleteSavedQueryRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1/{name=*/*/savedQueries/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Gets effective IAM policies for a batch of resources. + rpc BatchGetEffectiveIamPolicies(BatchGetEffectiveIamPoliciesRequest) returns (BatchGetEffectiveIamPoliciesResponse) { + option (google.api.http) = { + get: "/v1/{scope=*/*}/effectiveIamPolicies:batchGet" + }; + } +} + +// Represents the metadata of the longrunning operation for the +// AnalyzeIamPolicyLongrunning rpc. +message AnalyzeIamPolicyLongrunningMetadata { + // Output only. The time the operation was created. + google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// Export asset request. +message ExportAssetsRequest { + // Required. The relative name of the root asset. This can only be an + // organization number (such as "organizations/123"), a project ID (such as + // "projects/my-project-id"), or a project number (such as "projects/12345"), + // or a folder number (such as "folders/123"). + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/Asset" + } + ]; + + // Timestamp to take an asset snapshot. This can only be set to a timestamp + // between the current time and the current time minus 35 days (inclusive). + // If not specified, the current time will be used. Due to delays in resource + // data collection and indexing, there is a volatile window during which + // running the same query may get different results. + google.protobuf.Timestamp read_time = 2; + + // A list of asset types to take a snapshot for. For example: + // "compute.googleapis.com/Disk". + // + // Regular expressions are also supported. For example: + // + // * "compute.googleapis.com.*" snapshots resources whose asset type starts + // with "compute.googleapis.com". + // * ".*Instance" snapshots resources whose asset type ends with "Instance". + // * ".*Instance.*" snapshots resources whose asset type contains "Instance". + // + // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported + // regular expression syntax. If the regular expression does not match any + // supported asset type, an INVALID_ARGUMENT error will be returned. + // + // If specified, only matching assets will be returned, otherwise, it will + // snapshot all asset types. See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) + // for all supported asset types. + repeated string asset_types = 3; + + // Asset content type. If not specified, no content but the asset name will be + // returned. + ContentType content_type = 4; + + // Required. Output configuration indicating where the results will be output to. + OutputConfig output_config = 5 [(google.api.field_behavior) = REQUIRED]; + + // A list of relationship types to export, for example: + // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if + // content_type=RELATIONSHIP. + // * If specified: + // it snapshots specified relationships. It returns an error if + // any of the [relationship_types] doesn't belong to the supported + // relationship types of the [asset_types] or if any of the [asset_types] + // doesn't belong to the source types of the [relationship_types]. + // * Otherwise: + // it snapshots the supported relationships for all [asset_types] or returns + // an error if any of the [asset_types] has no relationship support. + // An unspecified asset types field means all supported asset_types. + // See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all + // supported asset types and relationship types. + repeated string relationship_types = 6; +} + +// The export asset response. This message is returned by the +// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned +// [google.longrunning.Operation.response][google.longrunning.Operation.response] field. +message ExportAssetsResponse { + // Time the snapshot was taken. + google.protobuf.Timestamp read_time = 1; + + // Output configuration indicating where the results were output to. + OutputConfig output_config = 2; + + // Output result indicating where the assets were exported to. For example, a + // set of actual Google Cloud Storage object uris where the assets are + // exported to. The uris can be different from what [output_config] has + // specified, as the service will split the output object into multiple ones + // once it exceeds a single Google Cloud Storage object limit. + OutputResult output_result = 3; +} + +// ListAssets request. +message ListAssetsRequest { + // Required. Name of the organization, folder, or project the assets belong to. Format: + // "organizations/[organization-number]" (such as "organizations/123"), + // "projects/[project-id]" (such as "projects/my-project-id"), + // "projects/[project-number]" (such as "projects/12345"), or + // "folders/[folder-number]" (such as "folders/12345"). + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/Asset" + } + ]; + + // Timestamp to take an asset snapshot. This can only be set to a timestamp + // between the current time and the current time minus 35 days (inclusive). + // If not specified, the current time will be used. Due to delays in resource + // data collection and indexing, there is a volatile window during which + // running the same query may get different results. + google.protobuf.Timestamp read_time = 2; + + // A list of asset types to take a snapshot for. For example: + // "compute.googleapis.com/Disk". + // + // Regular expression is also supported. For example: + // + // * "compute.googleapis.com.*" snapshots resources whose asset type starts + // with "compute.googleapis.com". + // * ".*Instance" snapshots resources whose asset type ends with "Instance". + // * ".*Instance.*" snapshots resources whose asset type contains "Instance". + // + // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported + // regular expression syntax. If the regular expression does not match any + // supported asset type, an INVALID_ARGUMENT error will be returned. + // + // If specified, only matching assets will be returned, otherwise, it will + // snapshot all asset types. See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) + // for all supported asset types. + repeated string asset_types = 3; + + // Asset content type. If not specified, no content but the asset name will + // be returned. + ContentType content_type = 4; + + // The maximum number of assets to be returned in a single response. Default + // is 100, minimum is 1, and maximum is 1000. + int32 page_size = 5; + + // The `next_page_token` returned from the previous `ListAssetsResponse`, or + // unspecified for the first `ListAssetsRequest`. It is a continuation of a + // prior `ListAssets` call, and the API should return the next page of assets. + string page_token = 6; + + // A list of relationship types to output, for example: + // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if + // content_type=RELATIONSHIP. + // * If specified: + // it snapshots specified relationships. It returns an error if + // any of the [relationship_types] doesn't belong to the supported + // relationship types of the [asset_types] or if any of the [asset_types] + // doesn't belong to the source types of the [relationship_types]. + // * Otherwise: + // it snapshots the supported relationships for all [asset_types] or returns + // an error if any of the [asset_types] has no relationship support. + // An unspecified asset types field means all supported asset_types. + // See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) + // for all supported asset types and relationship types. + repeated string relationship_types = 7; +} + +// ListAssets response. +message ListAssetsResponse { + // Time the snapshot was taken. + google.protobuf.Timestamp read_time = 1; + + // Assets. + repeated Asset assets = 2; + + // Token to retrieve the next page of results. It expires 72 hours after the + // page token for the first page is generated. Set to empty if there are no + // remaining results. + string next_page_token = 3; +} + +// Batch get assets history request. +message BatchGetAssetsHistoryRequest { + // Required. The relative name of the root asset. It can only be an + // organization number (such as "organizations/123"), a project ID (such as + // "projects/my-project-id")", or a project number (such as "projects/12345"). + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/Asset" + } + ]; + + // A list of the full names of the assets. + // See: https://cloud.google.com/asset-inventory/docs/resource-name-format + // Example: + // + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // + // The request becomes a no-op if the asset name list is empty, and the max + // size of the asset name list is 100 in one request. + repeated string asset_names = 2; + + // Optional. The content type. + ContentType content_type = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The time window for the asset history. Both start_time and + // end_time are optional and if set, it must be after the current time minus + // 35 days. If end_time is not set, it is default to current timestamp. + // If start_time is not set, the snapshot of the assets at end_time will be + // returned. The returned results contain all temporal assets whose time + // window overlap with read_time_window. + TimeWindow read_time_window = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A list of relationship types to output, for example: + // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if + // content_type=RELATIONSHIP. + // * If specified: + // it outputs specified relationships' history on the [asset_names]. It + // returns an error if any of the [relationship_types] doesn't belong to the + // supported relationship types of the [asset_names] or if any of the + // [asset_names]'s types doesn't belong to the source types of the + // [relationship_types]. + // * Otherwise: + // it outputs the supported relationships' history on the [asset_names] or + // returns an error if any of the [asset_names]'s types has no relationship + // support. + // See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all + // supported asset types and relationship types. + repeated string relationship_types = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Batch get assets history response. +message BatchGetAssetsHistoryResponse { + // A list of assets with valid time windows. + repeated TemporalAsset assets = 1; +} + +// Create asset feed request. +message CreateFeedRequest { + // Required. The name of the project/folder/organization where this feed + // should be created in. It can only be an organization number (such as + // "organizations/123"), a folder number (such as "folders/123"), a project ID + // (such as "projects/my-project-id")", or a project number (such as + // "projects/12345"). + string parent = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. This is the client-assigned asset feed identifier and it needs to + // be unique under a specific parent project/folder/organization. + string feed_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The feed details. The field `name` must be empty and it will be generated + // in the format of: + // projects/project_number/feeds/feed_id + // folders/folder_number/feeds/feed_id + // organizations/organization_number/feeds/feed_id + Feed feed = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Get asset feed request. +message GetFeedRequest { + // Required. The name of the Feed and it must be in the format of: + // projects/project_number/feeds/feed_id + // folders/folder_number/feeds/feed_id + // organizations/organization_number/feeds/feed_id + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Feed" + } + ]; +} + +// List asset feeds request. +message ListFeedsRequest { + // Required. The parent project/folder/organization whose feeds are to be + // listed. It can only be using project/folder/organization number (such as + // "folders/12345")", or a project ID (such as "projects/my-project-id"). + string parent = 1 [(google.api.field_behavior) = REQUIRED]; +} + +message ListFeedsResponse { + // A list of feeds. + repeated Feed feeds = 1; +} + +// Update asset feed request. +message UpdateFeedRequest { + // Required. The new values of feed details. It must match an existing feed and the + // field `name` must be in the format of: + // projects/project_number/feeds/feed_id or + // folders/folder_number/feeds/feed_id or + // organizations/organization_number/feeds/feed_id. + Feed feed = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Only updates the `feed` fields indicated by this mask. + // The field mask must not be empty, and it must not contain fields that + // are immutable or only set by the server. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; +} + +message DeleteFeedRequest { + // Required. The name of the feed and it must be in the format of: + // projects/project_number/feeds/feed_id + // folders/folder_number/feeds/feed_id + // organizations/organization_number/feeds/feed_id + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Feed" + } + ]; +} + +// Output configuration for export assets destination. +message OutputConfig { + // Asset export destination. + oneof destination { + // Destination on Cloud Storage. + GcsDestination gcs_destination = 1; + + // Destination on BigQuery. The output table stores the fields in asset + // Protobuf as columns in BigQuery. + BigQueryDestination bigquery_destination = 2; + } +} + +// Output result of export assets. +message OutputResult { + // Asset export result. + oneof result { + // Export result on Cloud Storage. + GcsOutputResult gcs_result = 1; + } +} + +// A Cloud Storage output result. +message GcsOutputResult { + // List of uris of the Cloud Storage objects. Example: + // "gs://bucket_name/object_name". + repeated string uris = 1; +} + +// A Cloud Storage location. +message GcsDestination { + // Required. + oneof object_uri { + // The uri of the Cloud Storage object. It's the same uri that is used by + // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and + // Editing Object + // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) + // for more information. + // + // If the specified Cloud Storage object already exists and there is no + // [hold](https://cloud.google.com/storage/docs/object-holds), it will be + // overwritten with the exported result. + string uri = 1; + + // The uri prefix of all generated Cloud Storage objects. Example: + // "gs://bucket_name/object_name_prefix". Each object uri is in format: + // "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only + // contains assets for that type. <shard number> starts from 0. Example: + // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is + // the first shard of output objects containing all + // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be + // returned if file with the same name "gs://bucket_name/object_name_prefix" + // already exists. + string uri_prefix = 2; + } +} + +// A BigQuery destination for exporting assets to. +message BigQueryDestination { + // Required. The BigQuery dataset in format + // "projects/projectId/datasets/datasetId", to which the snapshot result + // should be exported. If this dataset does not exist, the export call returns + // an INVALID_ARGUMENT error. Setting the `contentType` for `exportAssets` + // determines the + // [schema](/asset-inventory/docs/exporting-to-bigquery#bigquery-schema) + // of the BigQuery table. Setting `separateTablesPerAssetType` to `TRUE` also + // influences the schema. + string dataset = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The BigQuery table to which the snapshot result should be + // written. If this table does not exist, a new table with the given name + // will be created. + string table = 2 [(google.api.field_behavior) = REQUIRED]; + + // If the destination table already exists and this flag is `TRUE`, the + // table will be overwritten by the contents of assets snapshot. If the flag + // is `FALSE` or unset and the destination table already exists, the export + // call returns an INVALID_ARGUMEMT error. + bool force = 3; + + // [partition_spec] determines whether to export to partitioned table(s) and + // how to partition the data. + // + // If [partition_spec] is unset or [partition_spec.partition_key] is unset or + // `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to + // non-partitioned table(s). [force] will decide whether to overwrite existing + // table(s). + // + // If [partition_spec] is specified. First, the snapshot results will be + // written to partitioned table(s) with two additional timestamp columns, + // readTime and requestTime, one of which will be the partition key. Secondly, + // in the case when any destination table already exists, it will first try to + // update existing table's schema as necessary by appending additional + // columns. Then, if [force] is `TRUE`, the corresponding partition will be + // overwritten by the snapshot results (data in different partitions will + // remain intact); if [force] is unset or `FALSE`, it will append the data. An + // error will be returned if the schema update or data appension fails. + PartitionSpec partition_spec = 4; + + // If this flag is `TRUE`, the snapshot results will be written to one or + // multiple tables, each of which contains results of one asset type. The + // [force] and [partition_spec] fields will apply to each of them. + // + // Field [table] will be concatenated with "_" and the asset type names (see + // https://cloud.google.com/asset-inventory/docs/supported-asset-types for + // supported asset types) to construct per-asset-type table names, in which + // all non-alphanumeric characters like "." and "/" will be substituted by + // "_". Example: if field [table] is "mytable" and snapshot results + // contain "storage.googleapis.com/Bucket" assets, the corresponding table + // name will be "mytable_storage_googleapis_com_Bucket". If any of these + // tables does not exist, a new table with the concatenated name will be + // created. + // + // When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of + // each table will include RECORD-type columns mapped to the nested fields in + // the Asset.resource.data field of that asset type (up to the 15 nested level + // BigQuery supports + // (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The + // fields in >15 nested levels will be stored in JSON format string as a child + // column of its parent RECORD column. + // + // If error occurs when exporting to any table, the whole export call will + // return an error but the export results that already succeed will persist. + // Example: if exporting to table_type_A succeeds when exporting to + // table_type_B fails during one export call, the results in table_type_A will + // persist and there will not be partial results persisting in a table. + bool separate_tables_per_asset_type = 5; +} + +// Specifications of BigQuery partitioned table as export destination. +message PartitionSpec { + // This enum is used to determine the partition key column when exporting + // assets to BigQuery partitioned table(s). Note that, if the partition key is + // a timestamp column, the actual partition is based on its date value + // (expressed in UTC. see details in + // https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables). + enum PartitionKey { + // Unspecified partition key. If used, it means using non-partitioned table. + PARTITION_KEY_UNSPECIFIED = 0; + + // The time when the snapshot is taken. If specified as partition key, the + // result table(s) is partitoned by the additional timestamp column, + // readTime. If [read_time] in ExportAssetsRequest is specified, the + // readTime column's value will be the same as it. Otherwise, its value will + // be the current time that is used to take the snapshot. + READ_TIME = 1; + + // The time when the request is received and started to be processed. If + // specified as partition key, the result table(s) is partitoned by the + // requestTime column, an additional timestamp column representing when the + // request was received. + REQUEST_TIME = 2; + } + + // The partition key for BigQuery partitioned table. + PartitionKey partition_key = 1; +} + +// A Pub/Sub destination. +message PubsubDestination { + // The name of the Pub/Sub topic to publish to. + // Example: `projects/PROJECT_ID/topics/TOPIC_ID`. + string topic = 1; +} + +// Output configuration for asset feed destination. +message FeedOutputConfig { + // Asset feed destination. + oneof destination { + // Destination on Pub/Sub. + PubsubDestination pubsub_destination = 1; + } +} + +// An asset feed used to export asset updates to a destinations. +// An asset feed filter controls what updates are exported. +// The asset feed must be created within a project, organization, or +// folder. Supported destinations are: +// Pub/Sub topics. +message Feed { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/Feed" + pattern: "projects/{project}/feeds/{feed}" + pattern: "folders/{folder}/feeds/{feed}" + pattern: "organizations/{organization}/feeds/{feed}" + history: ORIGINALLY_SINGLE_PATTERN + }; + + // Required. The format will be + // projects/{project_number}/feeds/{client-assigned_feed_identifier} or + // folders/{folder_number}/feeds/{client-assigned_feed_identifier} or + // organizations/{organization_number}/feeds/{client-assigned_feed_identifier} + // + // The client-assigned feed identifier must be unique within the parent + // project/folder/organization. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // A list of the full names of the assets to receive updates. You must specify + // either or both of asset_names and asset_types. Only asset updates matching + // specified asset_names or asset_types are exported to the feed. + // Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // For a list of the full names for supported asset types, see [Resource + // name format](/asset-inventory/docs/resource-name-format). + repeated string asset_names = 2; + + // A list of types of the assets to receive updates. You must specify either + // or both of asset_names and asset_types. Only asset updates matching + // specified asset_names or asset_types are exported to the feed. + // Example: `"compute.googleapis.com/Disk"` + // + // For a list of all supported asset types, see + // [Supported asset types](/asset-inventory/docs/supported-asset-types). + repeated string asset_types = 3; + + // Asset content type. If not specified, no content but the asset name and + // type will be returned. + ContentType content_type = 4; + + // Required. Feed output configuration defining where the asset updates are + // published to. + FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED]; + + // A condition which determines whether an asset update should be published. + // If specified, an asset will be returned only when the expression evaluates + // to true. + // When set, `expression` field in the `Expr` must be a valid [CEL expression] + // (https://github.com/google/cel-spec) on a TemporalAsset with name + // `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted + // == true") will only publish Asset deletions. Other fields of `Expr` are + // optional. + // + // See our [user + // guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes-with-condition) + // for detailed instructions. + google.type.Expr condition = 6; + + // A list of relationship types to output, for example: + // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if + // content_type=RELATIONSHIP. + // * If specified: + // it outputs specified relationship updates on the [asset_names] or the + // [asset_types]. It returns an error if any of the [relationship_types] + // doesn't belong to the supported relationship types of the [asset_names] or + // [asset_types], or any of the [asset_names] or the [asset_types] doesn't + // belong to the source types of the [relationship_types]. + // * Otherwise: + // it outputs the supported relationships of the types of [asset_names] and + // [asset_types] or returns an error if any of the [asset_names] or the + // [asset_types] has no replationship support. + // See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) + // for all supported asset types and relationship types. + repeated string relationship_types = 7; +} + +// Search all resources request. +message SearchAllResourcesRequest { + // Required. A scope can be a project, a folder, or an organization. The search is + // limited to the resources within the `scope`. The caller must be granted the + // [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions) + // permission on the desired scope. + // + // The allowed values are: + // + // * projects/{PROJECT_ID} (e.g., "projects/foo-bar") + // * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") + // * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") + // * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456") + string scope = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The query statement. See [how to construct a + // query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) + // for more information. If not specified or empty, it will search all the + // resources within the specified `scope`. + // + // Examples: + // + // * `name:Important` to find Cloud resources whose name contains + // "Important" as a word. + // * `name=Important` to find the Cloud resource whose name is exactly + // "Important". + // * `displayName:Impor*` to find Cloud resources whose display name + // contains "Impor" as a prefix of any word in the field. + // * `location:us-west*` to find Cloud resources whose location contains both + // "us" and "west" as prefixes. + // * `labels:prod` to find Cloud resources whose labels contain "prod" as + // a key or value. + // * `labels.env:prod` to find Cloud resources that have a label "env" + // and its value is "prod". + // * `labels.env:*` to find Cloud resources that have a label "env". + // * `kmsKey:key` to find Cloud resources encrypted with a customer-managed + // encryption key whose name contains "key" as a word. This field is + // deprecated. Please use the `kmsKeys` field to retrieve KMS key + // information. + // * `kmsKeys:key` to find Cloud resources encrypted with customer-managed + // encryption keys whose name contains the word "key". + // * `relationships:instance-group-1` to find Cloud resources that have + // relationships with "instance-group-1" in the related resource name. + // * `relationships:INSTANCE_TO_INSTANCEGROUP` to find compute instances that + // have relationships of type "INSTANCE_TO_INSTANCEGROUP". + // * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find + // compute instances that have relationships with "instance-group-1" in the + // compute instance group resource name, for relationship type + // "INSTANCE_TO_INSTANCEGROUP". + // * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a + // word. + // * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain + // "ACTIVE" as a word. + // * `createTime<1609459200` to find Cloud resources that were created before + // "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of + // "2021-01-01 00:00:00 UTC" in seconds. + // * `updateTime>1609459200` to find Cloud resources that were updated after + // "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of + // "2021-01-01 00:00:00 UTC" in seconds. + // * `Important` to find Cloud resources that contain "Important" as a word + // in any of the searchable fields. + // * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any + // word in any of the searchable fields. + // * `Important location:(us-west1 OR global)` to find Cloud + // resources that contain "Important" as a word in any of the searchable + // fields and are also located in the "us-west1" region or the "global" + // location. + string query = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A list of asset types that this request searches for. If empty, it will + // search all the [searchable asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). + // + // Regular expressions are also supported. For example: + // + // * "compute.googleapis.com.*" snapshots resources whose asset type starts + // with "compute.googleapis.com". + // * ".*Instance" snapshots resources whose asset type ends with "Instance". + // * ".*Instance.*" snapshots resources whose asset type contains "Instance". + // + // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported + // regular expression syntax. If the regular expression does not match any + // supported asset type, an INVALID_ARGUMENT error will be returned. + repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The page size for search result pagination. Page size is capped at 500 even + // if a larger value is given. If set to zero, server will pick an appropriate + // default. Returned results may be fewer than requested. When this happens, + // there could be more results as long as `next_page_token` is returned. + int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If present, then retrieve the next batch of results from the preceding call + // to this method. `page_token` must be the value of `next_page_token` from + // the previous response. The values of all other method parameters, must be + // identical to those in the previous call. + string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A comma-separated list of fields specifying the sorting order of the + // results. The default order is ascending. Add " DESC" after the field name + // to indicate descending order. Redundant space characters are ignored. + // Example: "location DESC, name". + // Only singular primitive fields in the response are sortable: + // + // * name + // * assetType + // * project + // * displayName + // * description + // * location + // * createTime + // * updateTime + // * state + // * parentFullResourceName + // * parentAssetType + // + // All the other fields such as repeated fields (e.g., `networkTags`, + // `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g., + // `additionalAttributes`) are not supported. + string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A comma-separated list of fields specifying which fields to be returned in + // ResourceSearchResult. Only '*' or combination of top level fields can be + // specified. Field names of both snake_case and camelCase are supported. + // Examples: `"*"`, `"name,location"`, `"name,versionedResources"`. + // + // The read_mask paths must be valid field paths listed but not limited to + // (both snake_case and camelCase are supported): + // + // * name + // * assetType + // * project + // * displayName + // * description + // * location + // * tagKeys + // * tagValues + // * tagValueIds + // * labels + // * networkTags + // * kmsKey (This field is deprecated. Please use the `kmsKeys` field to + // retrieve KMS key information.) + // * kmsKeys + // * createTime + // * updateTime + // * state + // * additionalAttributes + // * versionedResources + // + // If read_mask is not specified, all fields except versionedResources will + // be returned. + // If only '*' is specified, all fields including versionedResources will be + // returned. + // Any invalid field path will trigger INVALID_ARGUMENT error. + google.protobuf.FieldMask read_mask = 8 [(google.api.field_behavior) = OPTIONAL]; +} + +// Search all resources response. +message SearchAllResourcesResponse { + // A list of Resources that match the search query. It contains the resource + // standard metadata information. + repeated ResourceSearchResult results = 1; + + // If there are more results than those appearing in this response, then + // `next_page_token` is included. To get the next set of results, call this + // method again using the value of `next_page_token` as `page_token`. + string next_page_token = 2; +} + +// Search all IAM policies request. +message SearchAllIamPoliciesRequest { + // Required. A scope can be a project, a folder, or an organization. The search is + // limited to the IAM policies within the `scope`. The caller must be granted + // the + // [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions) + // permission on the desired scope. + // + // The allowed values are: + // + // * projects/{PROJECT_ID} (e.g., "projects/foo-bar") + // * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") + // * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") + // * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456") + string scope = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The query statement. See [how to construct a + // query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) + // for more information. If not specified or empty, it will search all the + // IAM policies within the specified `scope`. Note that the query string is + // compared against each Cloud IAM policy binding, including its principals, + // roles, and Cloud IAM conditions. The returned Cloud IAM policies will only + // contain the bindings that match your query. To learn more about the IAM + // policy structure, see the [IAM policy + // documentation](https://cloud.google.com/iam/help/allow-policies/structure). + // + // Examples: + // + // * `policy:amy@gmail.com` to find IAM policy bindings that specify user + // "amy@gmail.com". + // * `policy:roles/compute.admin` to find IAM policy bindings that specify + // the Compute Admin role. + // * `policy:comp*` to find IAM policy bindings that contain "comp" as a + // prefix of any word in the binding. + // * `policy.role.permissions:storage.buckets.update` to find IAM policy + // bindings that specify a role containing "storage.buckets.update" + // permission. Note that if callers don't have `iam.roles.get` access to a + // role's included permissions, policy bindings that specify this role will + // be dropped from the search results. + // * `policy.role.permissions:upd*` to find IAM policy bindings that specify a + // role containing "upd" as a prefix of any word in the role permission. + // Note that if callers don't have `iam.roles.get` access to a role's + // included permissions, policy bindings that specify this role will be + // dropped from the search results. + // * `resource:organizations/123456` to find IAM policy bindings + // that are set on "organizations/123456". + // * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to + // find IAM policy bindings that are set on the project named "myproject". + // * `Important` to find IAM policy bindings that contain "Important" as a + // word in any of the searchable fields (except for the included + // permissions). + // * `resource:(instance1 OR instance2) policy:amy` to find + // IAM policy bindings that are set on resources "instance1" or + // "instance2" and also specify user "amy". + // * `roles:roles/compute.admin` to find IAM policy bindings that specify the + // Compute Admin role. + // * `memberTypes:user` to find IAM policy bindings that contain the + // principal type "user". + string query = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The page size for search result pagination. Page size is capped at 500 even + // if a larger value is given. If set to zero, server will pick an appropriate + // default. Returned results may be fewer than requested. When this happens, + // there could be more results as long as `next_page_token` is returned. + int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If present, retrieve the next batch of results from the preceding call to + // this method. `page_token` must be the value of `next_page_token` from the + // previous response. The values of all other method parameters must be + // identical to those in the previous call. + string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A list of asset types that the IAM policies are attached to. If empty, it + // will search the IAM policies that are attached to all the [searchable asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). + // + // Regular expressions are also supported. For example: + // + // * "compute.googleapis.com.*" snapshots IAM policies attached to asset type + // starts with "compute.googleapis.com". + // * ".*Instance" snapshots IAM policies attached to asset type ends with + // "Instance". + // * ".*Instance.*" snapshots IAM policies attached to asset type contains + // "Instance". + // + // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported + // regular expression syntax. If the regular expression does not match any + // supported asset type, an INVALID_ARGUMENT error will be returned. + repeated string asset_types = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A comma-separated list of fields specifying the sorting order of the + // results. The default order is ascending. Add " DESC" after the field name + // to indicate descending order. Redundant space characters are ignored. + // Example: "assetType DESC, resource". + // Only singular primitive fields in the response are sortable: + // * resource + // * assetType + // * project + // All the other fields such as repeated fields (e.g., `folders`) and + // non-primitive fields (e.g., `policy`) are not supported. + string order_by = 7 [(google.api.field_behavior) = OPTIONAL]; +} + +// Search all IAM policies response. +message SearchAllIamPoliciesResponse { + // A list of IamPolicy that match the search query. Related information such + // as the associated resource is returned along with the policy. + repeated IamPolicySearchResult results = 1; + + // Set if there are more results than those appearing in this response; to get + // the next set of results, call this method again, using this value as the + // `page_token`. + string next_page_token = 2; +} + +// IAM policy analysis query message. +message IamPolicyAnalysisQuery { + // Specifies the resource to analyze for access policies, which may be set + // directly on the resource, or on ancestors such as organizations, folders or + // projects. + message ResourceSelector { + // Required. The [full resource name] + // (https://cloud.google.com/asset-inventory/docs/resource-name-format) + // of a resource of [supported resource + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types). + string full_resource_name = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // Specifies an identity for which to determine resource access, based on + // roles assigned either directly to them or to the groups they belong to, + // directly or indirectly. + message IdentitySelector { + // Required. The identity appear in the form of principals in + // [IAM policy + // binding](https://cloud.google.com/iam/reference/rest/v1/Binding). + // + // The examples of supported forms are: + // "user:mike@example.com", + // "group:admins@example.com", + // "domain:google.com", + // "serviceAccount:my-project-id@appspot.gserviceaccount.com". + // + // Notice that wildcard characters (such as * and ?) are not supported. + // You must give a specific identity. + string identity = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // Specifies roles and/or permissions to analyze, to determine both the + // identities possessing them and the resources they control. If multiple + // values are specified, results will include roles or permissions matching + // any of them. The total number of roles and permissions should be equal or + // less than 10. + message AccessSelector { + // Optional. The roles to appear in result. + repeated string roles = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The permissions to appear in result. + repeated string permissions = 2 [(google.api.field_behavior) = OPTIONAL]; + } + + // Contains query options. + message Options { + // Optional. If true, the identities section of the result will expand any + // Google groups appearing in an IAM policy binding. + // + // If [IamPolicyAnalysisQuery.identity_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.identity_selector] is specified, the + // identity in the result will be determined by the selector, and this flag + // is not allowed to set. + // + // If true, the default max expansion per group is 1000 for + // AssetService.AnalyzeIamPolicy][]. + // + // Default is false. + bool expand_groups = 1 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If true, the access section of result will expand any roles + // appearing in IAM policy bindings to include their permissions. + // + // If [IamPolicyAnalysisQuery.access_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.access_selector] is specified, the access + // section of the result will be determined by the selector, and this flag + // is not allowed to set. + // + // Default is false. + bool expand_roles = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If true and [IamPolicyAnalysisQuery.resource_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector] is not + // specified, the resource section of the result will expand any resource + // attached to an IAM policy to include resources lower in the resource + // hierarchy. + // + // For example, if the request analyzes for which resources user A has + // permission P, and the results include an IAM policy with P on a GCP + // folder, the results will also include resources in that folder with + // permission P. + // + // If true and [IamPolicyAnalysisQuery.resource_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector] is specified, + // the resource section of the result will expand the specified resource to + // include resources lower in the resource hierarchy. Only project or + // lower resources are supported. Folder and organization resource cannot be + // used together with this option. + // + // For example, if the request analyzes for which users have permission P on + // a GCP project with this option enabled, the results will include all + // users who have permission P on that project or any lower resource. + // + // If true, the default max expansion per resource is 1000 for + // AssetService.AnalyzeIamPolicy][] and 100000 for + // AssetService.AnalyzeIamPolicyLongrunning][]. + // + // Default is false. + bool expand_resources = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If true, the result will output the relevant parent/child relationships + // between resources. + // Default is false. + bool output_resource_edges = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If true, the result will output the relevant membership relationships + // between groups and other groups, and between groups and principals. + // Default is false. + bool output_group_edges = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If true, the response will include access analysis from identities to + // resources via service account impersonation. This is a very expensive + // operation, because many derived queries will be executed. We highly + // recommend you use [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning] rpc + // instead. + // + // For example, if the request analyzes for which resources user A has + // permission P, and there's an IAM policy states user A has + // iam.serviceAccounts.getAccessToken permission to a service account SA, + // and there's another IAM policy states service account SA has permission P + // to a GCP folder F, then user A potentially has access to the GCP folder + // F. And those advanced analysis results will be included in + // [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. + // + // Another example, if the request analyzes for who has + // permission P to a GCP folder F, and there's an IAM policy states user A + // has iam.serviceAccounts.actAs permission to a service account SA, and + // there's another IAM policy states service account SA has permission P to + // the GCP folder F, then user A potentially has access to the GCP folder + // F. And those advanced analysis results will be included in + // [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. + // + // Only the following permissions are considered in this analysis: + // + // * `iam.serviceAccounts.actAs` + // * `iam.serviceAccounts.signBlob` + // * `iam.serviceAccounts.signJwt` + // * `iam.serviceAccounts.getAccessToken` + // * `iam.serviceAccounts.getOpenIdToken` + // * `iam.serviceAccounts.implicitDelegation` + // + // Default is false. + bool analyze_service_account_impersonation = 6 [(google.api.field_behavior) = OPTIONAL]; + } + + // The IAM conditions context. + message ConditionContext { + // The IAM conditions time context. + oneof TimeContext { + // The hypothetical access timestamp to evaluate IAM conditions. Note that + // this value must not be earlier than the current time; otherwise, an + // INVALID_ARGUMENT error will be returned. + google.protobuf.Timestamp access_time = 1; + } + } + + // Required. The relative name of the root asset. Only resources and IAM policies within + // the scope will be analyzed. + // + // This can only be an organization number (such as "organizations/123"), a + // folder number (such as "folders/123"), a project ID (such as + // "projects/my-project-id"), or a project number (such as "projects/12345"). + // + // To know how to get organization id, visit [here + // ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). + // + // To know how to get folder or project id, visit [here + // ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). + string scope = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Specifies a resource for analysis. + ResourceSelector resource_selector = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specifies an identity for analysis. + IdentitySelector identity_selector = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specifies roles or permissions for analysis. This is optional. + AccessSelector access_selector = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The query options. + Options options = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The hypothetical context for IAM conditions evaluation. + ConditionContext condition_context = 6 [(google.api.field_behavior) = OPTIONAL]; +} + +// A request message for [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1.AssetService.AnalyzeIamPolicy]. +message AnalyzeIamPolicyRequest { + // Required. The request query. + IamPolicyAnalysisQuery analysis_query = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The name of a saved query, which must be in the format of: + // + // * projects/project_number/savedQueries/saved_query_id + // * folders/folder_number/savedQueries/saved_query_id + // * organizations/organization_number/savedQueries/saved_query_id + // + // If both `analysis_query` and `saved_analysis_query` are provided, they + // will be merged together with the `saved_analysis_query` as base and + // the `analysis_query` as overrides. For more details of the merge behavior, + // please refer to the + // [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) + // page. + // + // Note that you cannot override primitive fields with default value, such as + // 0 or empty string, etc., because we use proto3, which doesn't support field + // presence yet. + string saved_analysis_query = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Amount of time executable has to complete. See JSON representation of + // [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json). + // + // If this field is set with a value less than the RPC deadline, and the + // execution of your query hasn't finished in the specified + // execution timeout, you will get a response with partial result. + // Otherwise, your query's execution will continue until the RPC deadline. + // If it's not finished until then, you will get a DEADLINE_EXCEEDED error. + // + // Default is empty. + google.protobuf.Duration execution_timeout = 2 [(google.api.field_behavior) = OPTIONAL]; +} + +// A response message for [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1.AssetService.AnalyzeIamPolicy]. +message AnalyzeIamPolicyResponse { + // An analysis message to group the query and results. + message IamPolicyAnalysis { + // The analysis query. + IamPolicyAnalysisQuery analysis_query = 1; + + // A list of [IamPolicyAnalysisResult][google.cloud.asset.v1.IamPolicyAnalysisResult] that matches the analysis query, or + // empty if no result is found. + repeated IamPolicyAnalysisResult analysis_results = 2; + + // Represents whether all entries in the [analysis_results][google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.analysis_results] have been + // fully explored to answer the query. + bool fully_explored = 3; + + // A list of non-critical errors happened during the query handling. + repeated IamPolicyAnalysisState non_critical_errors = 5; + } + + // The main analysis that matches the original request. + IamPolicyAnalysis main_analysis = 1; + + // The service account impersonation analysis if + // [AnalyzeIamPolicyRequest.analyze_service_account_impersonation][] is + // enabled. + repeated IamPolicyAnalysis service_account_impersonation_analysis = 2; + + // Represents whether all entries in the [main_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.main_analysis] and + // [service_account_impersonation_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis] have been fully explored to + // answer the query in the request. + bool fully_explored = 3; +} + +// Output configuration for export IAM policy analysis destination. +message IamPolicyAnalysisOutputConfig { + // A Cloud Storage location. + message GcsDestination { + // Required. The uri of the Cloud Storage object. It's the same uri that is used by + // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and + // Editing Object + // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) + // for more information. + // + // If the specified Cloud Storage object already exists and there is no + // [hold](https://cloud.google.com/storage/docs/object-holds), it will be + // overwritten with the analysis result. + string uri = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // A BigQuery destination. + message BigQueryDestination { + // This enum determines the partition key column for the bigquery tables. + // Partitioning can improve query performance and reduce query cost by + // filtering partitions. Refer to + // https://cloud.google.com/bigquery/docs/partitioned-tables for details. + enum PartitionKey { + // Unspecified partition key. Tables won't be partitioned using this + // option. + PARTITION_KEY_UNSPECIFIED = 0; + + // The time when the request is received. If specified as partition key, + // the result table(s) is partitoned by the RequestTime column, an + // additional timestamp column representing when the request was received. + REQUEST_TIME = 1; + } + + // Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId", + // to which the analysis results should be exported. If this dataset does + // not exist, the export call will return an INVALID_ARGUMENT error. + string dataset = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The prefix of the BigQuery tables to which the analysis results will be + // written. Tables will be created based on this table_prefix if not exist: + // * <table_prefix>_analysis table will contain export operation's metadata. + // * <table_prefix>_analysis_result will contain all the + // [IamPolicyAnalysisResult][google.cloud.asset.v1.IamPolicyAnalysisResult]. + // When [partition_key] is specified, both tables will be partitioned based + // on the [partition_key]. + string table_prefix = 2 [(google.api.field_behavior) = REQUIRED]; + + // The partition key for BigQuery partitioned table. + PartitionKey partition_key = 3; + + // Optional. Specifies the action that occurs if the destination table or partition + // already exists. The following values are supported: + // + // * WRITE_TRUNCATE: If the table or partition already exists, BigQuery + // overwrites the entire table or all the partitions data. + // * WRITE_APPEND: If the table or partition already exists, BigQuery + // appends the data to the table or the latest partition. + // * WRITE_EMPTY: If the table already exists and contains data, an error is + // returned. + // + // The default value is WRITE_APPEND. Each action is atomic and only occurs + // if BigQuery is able to complete the job successfully. Details are at + // https://cloud.google.com/bigquery/docs/loading-data-local#appending_to_or_overwriting_a_table_using_a_local_file. + string write_disposition = 4 [(google.api.field_behavior) = OPTIONAL]; + } + + // IAM policy analysis export destination. + oneof destination { + // Destination on Cloud Storage. + GcsDestination gcs_destination = 1; + + // Destination on BigQuery. + BigQueryDestination bigquery_destination = 2; + } +} + +// A request message for [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning]. +message AnalyzeIamPolicyLongrunningRequest { + // Required. The request query. + IamPolicyAnalysisQuery analysis_query = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The name of a saved query, which must be in the format of: + // + // * projects/project_number/savedQueries/saved_query_id + // * folders/folder_number/savedQueries/saved_query_id + // * organizations/organization_number/savedQueries/saved_query_id + // + // If both `analysis_query` and `saved_analysis_query` are provided, they + // will be merged together with the `saved_analysis_query` as base and + // the `analysis_query` as overrides. For more details of the merge behavior, + // please refer to the + // [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) + // doc. + // + // Note that you cannot override primitive fields with default value, such as + // 0 or empty string, etc., because we use proto3, which doesn't support field + // presence yet. + string saved_analysis_query = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Required. Output configuration indicating where the results will be output to. + IamPolicyAnalysisOutputConfig output_config = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// A response message for [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning]. +message AnalyzeIamPolicyLongrunningResponse { + +} + +// A saved query which can be shared with others or used later. +message SavedQuery { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/SavedQuery" + pattern: "projects/{project}/savedQueries/{saved_query}" + pattern: "folders/{folder}/savedQueries/{saved_query}" + pattern: "organizations/{organization}/savedQueries/{saved_query}" + }; + + // The query content. + message QueryContent { + oneof query_content { + // An IAM Policy Analysis query, which could be used in + // the [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1.AssetService.AnalyzeIamPolicy] rpc or + // the [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning] rpc. + IamPolicyAnalysisQuery iam_policy_analysis_query = 1; + } + } + + // The resource name of the saved query. The format must be: + // + // * projects/project_number/savedQueries/saved_query_id + // * folders/folder_number/savedQueries/saved_query_id + // * organizations/organization_number/savedQueries/saved_query_id + string name = 1; + + // The description of this saved query. This value should be fewer than 255 + // characters. + string description = 2; + + // Output only. The create time of this saved query. + google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The account's email address who has created this saved query. + string creator = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The last update time of this saved query. + google.protobuf.Timestamp last_update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The account's email address who has updated this saved query most recently. + string last_updater = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Labels applied on the resource. + // This value should not contain more than 10 entries. The key and value of + // each entry must be non-empty and fewer than 64 characters. + map<string, string> labels = 7; + + // The query content. + QueryContent content = 8; +} + +// Request to create a saved query. +message CreateSavedQueryRequest { + // Required. The name of the project/folder/organization where this saved_query + // should be created in. It can only be an organization number (such as + // "organizations/123"), a folder number (such as "folders/123"), a project ID + // (such as "projects/my-project-id")", or a project number (such as + // "projects/12345"). + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/SavedQuery" + } + ]; + + // Required. The saved_query details. The `name` field must be empty as it will be + // generated based on the parent and saved_query_id. + SavedQuery saved_query = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The ID to use for the saved query, which must be unique in the specified + // parent. It will become the final component of the saved query's resource + // name. + // + // This value should be 4-63 characters, and valid characters + // are /[a-z][0-9]-/. + // + // Notice that this field is required in the saved query creation, and the + // `name` field of the `saved_query` will be ignored. + string saved_query_id = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request to get a saved query. +message GetSavedQueryRequest { + // Required. The name of the saved query and it must be in the format of: + // + // * projects/project_number/savedQueries/saved_query_id + // * folders/folder_number/savedQueries/saved_query_id + // * organizations/organization_number/savedQueries/saved_query_id + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/SavedQuery" + } + ]; +} + +// Request to list saved queries. +message ListSavedQueriesRequest { + // Required. The parent project/folder/organization whose savedQueries are to be + // listed. It can only be using project/folder/organization number (such as + // "folders/12345")", or a project ID (such as "projects/my-project-id"). + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/SavedQuery" + } + ]; + + // Optional. The expression to filter resources. + // The expression is a list of zero or more restrictions combined via logical + // operators `AND` and `OR`. When `AND` and `OR` are both used in the + // expression, parentheses must be appropriately used to group the + // combinations. The expression may also contain regular expressions. + // + // See https://google.aip.dev/160 for more information on the grammar. + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The maximum number of saved queries to return per page. The service may + // return fewer than this value. If unspecified, at most 50 will be returned. + // The maximum value is 1000; values above 1000 will be coerced to 1000. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A page token, received from a previous `ListSavedQueries` call. + // Provide this to retrieve the subsequent page. + // + // When paginating, all other parameters provided to `ListSavedQueries` must + // match the call that provided the page token. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response of listing saved queries. +message ListSavedQueriesResponse { + // A list of savedQueries. + repeated SavedQuery saved_queries = 1; + + // A token, which can be sent as `page_token` to retrieve the next page. + // If this field is omitted, there are no subsequent pages. + string next_page_token = 2; +} + +// Request to update a saved query. +message UpdateSavedQueryRequest { + // Required. The saved query to update. + // + // The saved query's `name` field is used to identify the one to update, + // which has format as below: + // + // * projects/project_number/savedQueries/saved_query_id + // * folders/folder_number/savedQueries/saved_query_id + // * organizations/organization_number/savedQueries/saved_query_id + SavedQuery saved_query = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The list of fields to update. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request to delete a saved query. +message DeleteSavedQueryRequest { + // Required. The name of the saved query to delete. It must be in the format of: + // + // * projects/project_number/savedQueries/saved_query_id + // * folders/folder_number/savedQueries/saved_query_id + // * organizations/organization_number/savedQueries/saved_query_id + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/SavedQuery" + } + ]; +} + +// The request message for performing resource move analysis. +message AnalyzeMoveRequest { + // View enum for supporting partial analysis responses. + enum AnalysisView { + // The default/unset value. + // The API will default to the FULL view. + ANALYSIS_VIEW_UNSPECIFIED = 0; + + // Full analysis including all level of impacts of the specified resource + // move. + FULL = 1; + + // Basic analysis only including blockers which will prevent the specified + // resource move at runtime. + BASIC = 2; + } + + // Required. Name of the resource to perform the analysis against. + // Only GCP Project are supported as of today. Hence, this can only be Project + // ID (such as "projects/my-project-id") or a Project Number (such as + // "projects/12345"). + string resource = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Name of the GCP Folder or Organization to reparent the target + // resource. The analysis will be performed against hypothetically moving the + // resource to this specified desitination parent. This can only be a Folder + // number (such as "folders/123") or an Organization number (such as + // "organizations/123"). + string destination_parent = 2 [(google.api.field_behavior) = REQUIRED]; + + // Analysis view indicating what information should be included in the + // analysis response. If unspecified, the default view is FULL. + AnalysisView view = 3; +} + +// The response message for resource move analysis. +message AnalyzeMoveResponse { + // The list of analyses returned from performing the intended resource move + // analysis. The analysis is grouped by different Cloud services. + repeated MoveAnalysis move_analysis = 1; +} + +// A message to group the analysis information. +message MoveAnalysis { + // The user friendly display name of the analysis. E.g. IAM, Organization + // Policy etc. + string display_name = 1; + + oneof result { + // Analysis result of moving the target resource. + MoveAnalysisResult analysis = 2; + + // Description of error encountered when performing the analysis. + google.rpc.Status error = 3; + } +} + +// An analysis result including blockers and warnings. +message MoveAnalysisResult { + // Blocking information that would prevent the target resource from moving + // to the specified destination at runtime. + repeated MoveImpact blockers = 1; + + // Warning information indicating that moving the target resource to the + // specified destination might be unsafe. This can include important policy + // information and configuration changes, but will not block moves at runtime. + repeated MoveImpact warnings = 2; +} + +// A message to group impacts of moving the target resource. +message MoveImpact { + // User friendly impact detail in a free form message. + string detail = 1; +} + +// Output configuration query assets. +message QueryAssetsOutputConfig { + // BigQuery destination. + message BigQueryDestination { + // Required. The BigQuery dataset where the query results will be saved. It has the + // format of "projects/{projectId}/datasets/{datasetId}". + string dataset = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The BigQuery table where the query results will be saved. If this table + // does not exist, a new table with the given name will be created. + string table = 2 [(google.api.field_behavior) = REQUIRED]; + + // Specifies the action that occurs if the destination table or partition + // already exists. The following values are supported: + // + // * WRITE_TRUNCATE: If the table or partition already exists, BigQuery + // overwrites the entire table or all the partitions data. + // * WRITE_APPEND: If the table or partition already exists, BigQuery + // appends the data to the table or the latest partition. + // * WRITE_EMPTY: If the table already exists and contains data, a + // 'duplicate' error is returned in the job result. + // + // The default value is WRITE_EMPTY. + string write_disposition = 3; + } + + // BigQuery destination where the query results will be saved. + BigQueryDestination bigquery_destination = 1; +} + +// QueryAssets request. +message QueryAssetsRequest { + // Required. The relative name of the root asset. This can only be an + // organization number (such as "organizations/123"), a project ID (such as + // "projects/my-project-id"), or a project number (such as "projects/12345"), + // or a folder number (such as "folders/123"). + // + // Only assets belonging to the `parent` will be returned. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/Asset" + } + ]; + + oneof query { + // Optional. A SQL statement that's compatible with [BigQuery Standard + // SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). + string statement = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Reference to the query job, which is from the `QueryAssetsResponse` of + // previous `QueryAssets` call. + string job_reference = 3 [(google.api.field_behavior) = OPTIONAL]; + } + + // Optional. The maximum number of rows to return in the results. Responses are limited + // to 10 MB and 1000 rows. + // + // By default, the maximum row count is 1000. When the byte or row count limit + // is reached, the rest of the query results will be paginated. + // + // The field will be ignored when [output_config] is specified. + int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A page token received from previous `QueryAssets`. + // + // The field will be ignored when [output_config] is specified. + string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specifies the maximum amount of time that the client is willing to wait + // for the query to complete. By default, this limit is 5 min for the first + // query, and 1 minute for the following queries. If the query is complete, + // the `done` field in the `QueryAssetsResponse` is true, otherwise false. + // + // Like BigQuery [jobs.query + // API](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs/query#queryrequest) + // The call is not guaranteed to wait for the specified timeout; it typically + // returns after around 200 seconds (200,000 milliseconds), even if the query + // is not complete. + // + // The field will be ignored when [output_config] is specified. + google.protobuf.Duration timeout = 6 [(google.api.field_behavior) = OPTIONAL]; + + // Specifies what time period or point in time to query asset metadata at. + // * unset - query asset metadata as it is right now + // * [read_time_window] - query asset metadata as it was at any point in time + // between [start_time] and [end_time]. + // * [read_time] - query asset metadata as it was at that point in time. + // If data for the timestamp/date range selected does not exist, + // it will simply return a valid response with no rows. + oneof time { + // Optional. [start_time] is required. [start_time] must be less than [end_time] + // Defaults [end_time] to now if [start_time] is set and [end_time] isn't. + // Maximum permitted time range is 7 days. + TimeWindow read_time_window = 7 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Queries cloud assets as they appeared at the specified point in time. + google.protobuf.Timestamp read_time = 8 [(google.api.field_behavior) = OPTIONAL]; + } + + // Optional. Destination where the query results will be saved. + // + // When this field is specified, the query results won't be saved in the + // [QueryAssetsResponse.query_result]. Instead + // [QueryAssetsResponse.output_config] will be set. + // + // Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used + // to check the status of the query job when passed to a following + // [QueryAssets] API call. + QueryAssetsOutputConfig output_config = 9 [(google.api.field_behavior) = OPTIONAL]; +} + +// QueryAssets response. +message QueryAssetsResponse { + // Reference to a query job. + string job_reference = 1; + + // The query response, which can be either an `error` or a valid `response`. + // + // If `done` == `false` and the query result is being saved in a output, the + // output_config field will be set. + // If `done` == `true`, exactly one of + // `error`, `query_result` or `output_config` will be set. + bool done = 2; + + oneof response { + // Error status. + google.rpc.Status error = 3; + + // Result of the query. + QueryResult query_result = 4; + + // Output configuration which indicates instead of being returned in API + // response on the fly, the query result will be saved in a specific output. + QueryAssetsOutputConfig output_config = 5; + } +} + +// Execution results of the query. +// +// The result is formatted as rows represented by BigQuery compatible [schema]. +// When pagination is necessary, it will contains the page token to retrieve +// the results of following pages. +message QueryResult { + // Each row hold a query result in the format of `Struct`. + repeated google.protobuf.Struct rows = 1; + + // Describes the format of the [rows]. + TableSchema schema = 2; + + // Token to retrieve the next page of the results. + string next_page_token = 3; + + // Total rows of the whole query results. + int64 total_rows = 4; +} + +// BigQuery Compatible table schema. +message TableSchema { + // Describes the fields in a table. + repeated TableFieldSchema fields = 1; +} + +// A field in TableSchema. +message TableFieldSchema { + // The field name. The name must contain only letters (a-z, A-Z), + // numbers (0-9), or underscores (_), and must start with a letter or + // underscore. The maximum length is 128 characters. + string field = 1; + + // The field data type. Possible values include + // * STRING + // * BYTES + // * INTEGER + // * FLOAT + // * BOOLEAN + // * TIMESTAMP + // * DATE + // * TIME + // * DATETIME + // * GEOGRAPHY, + // * NUMERIC, + // * BIGNUMERIC, + // * RECORD + // (where RECORD indicates that the field contains a nested schema). + string type = 2; + + // The field mode. Possible values include NULLABLE, REQUIRED and + // REPEATED. The default value is NULLABLE. + string mode = 3; + + // Describes the nested schema fields if the type property is set + // to RECORD. + repeated TableFieldSchema fields = 4; +} + +// A request message for [AssetService.BatchGetEffectiveIamPolicies][google.cloud.asset.v1.AssetService.BatchGetEffectiveIamPolicies]. +message BatchGetEffectiveIamPoliciesRequest { + // Required. Only IAM policies on or below the scope will be returned. + // + // This can only be an organization number (such as "organizations/123"), a + // folder number (such as "folders/123"), a project ID (such as + // "projects/my-project-id"), or a project number (such as "projects/12345"). + // + // To know how to get organization id, visit [here + // ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). + // + // To know how to get folder or project id, visit [here + // ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). + string scope = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "*" + } + ]; + + // Required. The names refer to the [full_resource_names] + // (https://cloud.google.com/asset-inventory/docs/resource-name-format) + // of [searchable asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). + // A maximum of 20 resources' effective policies can be retrieved in a batch. + repeated string names = 3 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "*" + } + ]; +} + +// A response message for [AssetService.BatchGetEffectiveIamPolicies][google.cloud.asset.v1.AssetService.BatchGetEffectiveIamPolicies]. +message BatchGetEffectiveIamPoliciesResponse { + // The effective IAM policies on one resource. + message EffectiveIamPolicy { + // The IAM policy and its attached resource. + message PolicyInfo { + // The full resource name the [policy][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.policy] is directly attached to. + string attached_resource = 1; + + // The IAM policy that's directly attached to the [attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource]. + google.iam.v1.Policy policy = 2; + } + + // The [full_resource_name] + // (https://cloud.google.com/asset-inventory/docs/resource-name-format) + // for which the [policies][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.policies] are computed. This is one of the + // [BatchGetEffectiveIamPoliciesRequest.names][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesRequest.names] the caller provides in the + // request. + string full_resource_name = 1; + + // The effective policies for the [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name]. + // + // These policies include the policy set on the [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name] and + // those set on its parents and ancestors up to the + // [BatchGetEffectiveIamPoliciesRequest.scope][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesRequest.scope]. Note that these policies + // are not filtered according to the resource type of the + // [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name]. + // + // These policies are hierarchically ordered by + // [PolicyInfo.attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource] starting from [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name] + // itself to its parents and ancestors, such that policies[i]'s + // [PolicyInfo.attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource] is the child of policies[i+1]'s + // [PolicyInfo.attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource], if policies[i+1] exists. + repeated PolicyInfo policies = 2; + } + + // The effective policies for a batch of resources. Note that the results + // order is the same as the order of + // [BatchGetEffectiveIamPoliciesRequest.names][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesRequest.names]. When a resource does not + // have any effective IAM policies, its corresponding policy_result will + // contain empty [EffectiveIamPolicy.policies][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.policies]. + repeated EffectiveIamPolicy policy_results = 2; +} + +// Asset content type. +enum ContentType { + // Unspecified content type. + CONTENT_TYPE_UNSPECIFIED = 0; + + // Resource metadata. + RESOURCE = 1; + + // The actual IAM policy set on a resource. + IAM_POLICY = 2; + + // The Cloud Organization Policy set on an asset. + ORG_POLICY = 4; + + // The Cloud Access context manager Policy set on an asset. + ACCESS_POLICY = 5; + + // The runtime OS Inventory information. + OS_INVENTORY = 6; + + // The related resources. + RELATIONSHIP = 7; +} diff --git a/third_party/googleapis/google/cloud/asset/v1/assets.proto b/third_party/googleapis/google/cloud/asset/v1/assets.proto new file mode 100644 index 0000000..8f22b50 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1/assets.proto @@ -0,0 +1,927 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/orgpolicy/v1/orgpolicy.proto"; +import "google/cloud/osconfig/v1/inventory.proto"; +import "google/iam/v1/policy.proto"; +import "google/identity/accesscontextmanager/v1/access_level.proto"; +import "google/identity/accesscontextmanager/v1/access_policy.proto"; +import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; +import "google/rpc/code.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Asset.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetProto"; +option java_package = "com.google.cloud.asset.v1"; +option php_namespace = "Google\\Cloud\\Asset\\V1"; + +// An asset in Google Cloud and its temporal metadata, including the time window +// when it was observed and its status during that window. +message TemporalAsset { + // State of prior asset. + enum PriorAssetState { + // prior_asset is not applicable for the current asset. + PRIOR_ASSET_STATE_UNSPECIFIED = 0; + + // prior_asset is populated correctly. + PRESENT = 1; + + // Failed to set prior_asset. + INVALID = 2; + + // Current asset is the first known state. + DOES_NOT_EXIST = 3; + + // prior_asset is a deletion. + DELETED = 4; + } + + // The time window when the asset data and state was observed. + TimeWindow window = 1; + + // Whether the asset has been deleted or not. + bool deleted = 2; + + // An asset in Google Cloud. + Asset asset = 3; + + // State of prior_asset. + PriorAssetState prior_asset_state = 4; + + // Prior copy of the asset. Populated if prior_asset_state is PRESENT. + // Currently this is only set for responses in Real-Time Feed. + Asset prior_asset = 5; +} + +// A time window specified by its `start_time` and `end_time`. +message TimeWindow { + // Start time of the time window (exclusive). + google.protobuf.Timestamp start_time = 1; + + // End time of the time window (inclusive). If not specified, the current + // timestamp is used instead. + google.protobuf.Timestamp end_time = 2; +} + +// An asset in Google Cloud. An asset can be any resource in the Google Cloud +// [resource +// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), +// a resource outside the Google Cloud resource hierarchy (such as Google +// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy), +// or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship). +// See [Supported asset +// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) +// for more information. +message Asset { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/Asset" + pattern: "*" + }; + + // The last update timestamp of an asset. update_time is updated when + // create/update/delete operation is performed. + google.protobuf.Timestamp update_time = 11; + + // The full name of the asset. Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` + // + // See [Resource + // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string name = 1; + + // The type of the asset. Example: `compute.googleapis.com/Disk` + // + // See [Supported asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) + // for more information. + string asset_type = 2; + + // A representation of the resource. + Resource resource = 3; + + // A representation of the Cloud IAM policy set on a Google Cloud resource. + // There can be a maximum of one Cloud IAM policy set on any given resource. + // In addition, Cloud IAM policies inherit their granted access scope from any + // policies set on parent resources in the resource hierarchy. Therefore, the + // effectively policy is the union of both the policy set on this resource + // and each policy set on all of the resource's ancestry resource levels in + // the hierarchy. See + // [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) + // for more information. + google.iam.v1.Policy iam_policy = 4; + + // A representation of an [organization + // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). + // There can be more than one organization policy with different constraints + // set on a given resource. + repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; + + // A representation of an [access + // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). + oneof access_context_policy { + // Please also refer to the [access policy user + // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). + google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; + + // Please also refer to the [access level user + // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). + google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; + + // Please also refer to the [service perimeter user + // guide](https://cloud.google.com/vpc-service-controls/docs/overview). + google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 9; + } + + // A representation of runtime OS Inventory information. See [this + // topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) + // for more information. + google.cloud.osconfig.v1.Inventory os_inventory = 12; + + // DEPRECATED. This field only presents for the purpose of + // backward-compatibility. The server will never generate responses with this + // field. + // The related assets of the asset of one relationship type. One asset + // only represents one type of relationship. + RelatedAssets related_assets = 13 [deprecated = true]; + + // One related asset of the current asset. + RelatedAsset related_asset = 15; + + // The ancestry path of an asset in Google Cloud [resource + // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), + // represented as a list of relative resource names. An ancestry path starts + // with the closest ancestor in the hierarchy and ends at root. If the asset + // is a project, folder, or organization, the ancestry path starts from the + // asset itself. + // + // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` + repeated string ancestors = 10; +} + +// A representation of a Google Cloud resource. +message Resource { + // The API version. Example: `v1` + string version = 1; + + // The URL of the discovery document containing the resource's JSON schema. + // Example: + // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` + // + // This value is unspecified for resources that do not have an API based on a + // discovery document, such as Cloud Bigtable. + string discovery_document_uri = 2; + + // The JSON schema name listed in the discovery document. Example: + // `Project` + // + // This value is unspecified for resources that do not have an API based on a + // discovery document, such as Cloud Bigtable. + string discovery_name = 3; + + // The REST URL for accessing the resource. An HTTP `GET` request using this + // URL returns the resource itself. Example: + // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` + // + // This value is unspecified for resources without a REST API. + string resource_url = 4; + + // The full name of the immediate parent of this resource. See + // [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + // + // For Google Cloud assets, this value is the parent resource defined in the + // [Cloud IAM policy + // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). + // Example: + // `//cloudresourcemanager.googleapis.com/projects/my_project_123` + // + // For third-party assets, this field may be set differently. + string parent = 5; + + // The content of the resource, in which some sensitive fields are removed + // and may not be present. + google.protobuf.Struct data = 6; + + // The location of the resource in Google Cloud, such as its zone and region. + // For more information, see https://cloud.google.com/about/locations/. + string location = 8; +} + +// DEPRECATED. This message only presents for the purpose of +// backward-compatibility. The server will never populate this message in +// responses. +// The detailed related assets with the `relationship_type`. +message RelatedAssets { + option deprecated = true; + + // The detailed relationship attributes. + RelationshipAttributes relationship_attributes = 1; + + // The peer resources of the relationship. + repeated RelatedAsset assets = 2; +} + +// DEPRECATED. This message only presents for the purpose of +// backward-compatibility. The server will never populate this message in +// responses. +// The relationship attributes which include `type`, `source_resource_type`, +// `target_resource_type` and `action`. +message RelationshipAttributes { + option deprecated = true; + + // The unique identifier of the relationship type. Example: + // `INSTANCE_TO_INSTANCEGROUP` + string type = 4; + + // The source asset type. Example: `compute.googleapis.com/Instance` + string source_resource_type = 1; + + // The target asset type. Example: `compute.googleapis.com/Disk` + string target_resource_type = 2; + + // The detail of the relationship, e.g. `contains`, `attaches` + string action = 3; +} + +// An asset identifier in Google Cloud which contains its name, type and +// ancestors. An asset can be any resource in the Google Cloud [resource +// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), +// a resource outside the Google Cloud resource hierarchy (such as Google +// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). +// See [Supported asset +// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) +// for more information. +message RelatedAsset { + // The full name of the asset. Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` + // + // See [Resource + // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string asset = 1 [(google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Asset" + }]; + + // The type of the asset. Example: `compute.googleapis.com/Disk` + // + // See [Supported asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) + // for more information. + string asset_type = 2; + + // The ancestors of an asset in Google Cloud [resource + // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), + // represented as a list of relative resource names. An ancestry path starts + // with the closest ancestor in the hierarchy and ends at root. + // + // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` + repeated string ancestors = 3; + + // The unique identifier of the relationship type. Example: + // `INSTANCE_TO_INSTANCEGROUP` + string relationship_type = 4; +} + +// A result of Resource Search, containing information of a cloud resource. +// Next ID: 31 +message ResourceSearchResult { + // The full resource name of this resource. Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // See [Cloud Asset Inventory Resource Name + // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) + // for more information. + // + // To search against the `name`: + // + // * Use a field query. Example: `name:instance1` + // * Use a free text query. Example: `instance1` + string name = 1; + + // The type of this resource. Example: `compute.googleapis.com/Disk`. + // + // To search against the `asset_type`: + // + // * Specify the `asset_type` field in your search request. + string asset_type = 2; + + // The project that this resource belongs to, in the form of + // projects/{PROJECT_NUMBER}. This field is available when the resource + // belongs to a project. + // + // To search against `project`: + // + // * Use a field query. Example: `project:12345` + // * Use a free text query. Example: `12345` + // * Specify the `scope` field as this project in your search request. + string project = 3; + + // The folder(s) that this resource belongs to, in the form of + // folders/{FOLDER_NUMBER}. This field is available when the resource + // belongs to one or more folders. + // + // To search against `folders`: + // + // * Use a field query. Example: `folders:(123 OR 456)` + // * Use a free text query. Example: `123` + // * Specify the `scope` field as this folder in your search request. + repeated string folders = 17; + + // The organization that this resource belongs to, in the form of + // organizations/{ORGANIZATION_NUMBER}. This field is available when the + // resource belongs to an organization. + // + // To search against `organization`: + // + // * Use a field query. Example: `organization:123` + // * Use a free text query. Example: `123` + // * Specify the `scope` field as this organization in your search request. + string organization = 18; + + // The display name of this resource. This field is available only when the + // resource's Protobuf contains it. + // + // To search against the `display_name`: + // + // * Use a field query. Example: `displayName:"My Instance"` + // * Use a free text query. Example: `"My Instance"` + string display_name = 4; + + // One or more paragraphs of text description of this resource. Maximum length + // could be up to 1M bytes. This field is available only when the resource's + // Protobuf contains it. + // + // To search against the `description`: + // + // * Use a field query. Example: `description:"important instance"` + // * Use a free text query. Example: `"important instance"` + string description = 5; + + // Location can be `global`, regional like `us-east1`, or zonal like + // `us-west1-b`. This field is available only when the resource's Protobuf + // contains it. + // + // To search against the `location`: + // + // * Use a field query. Example: `location:us-west*` + // * Use a free text query. Example: `us-west*` + string location = 6; + + // Labels associated with this resource. See [Labelling and grouping GCP + // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) + // for more information. This field is available only when the resource's + // Protobuf contains it. + // + // To search against the `labels`: + // + // * Use a field query: + // - query on any label's key or value. Example: `labels:prod` + // - query by a given label. Example: `labels.env:prod` + // - query by a given label's existence. Example: `labels.env:*` + // * Use a free text query. Example: `prod` + map<string, string> labels = 7; + + // Network tags associated with this resource. Like labels, network tags are a + // type of annotations used to group GCP resources. See [Labelling GCP + // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) + // for more information. This field is available only when the resource's + // Protobuf contains it. + // + // To search against the `network_tags`: + // + // * Use a field query. Example: `networkTags:internal` + // * Use a free text query. Example: `internal` + repeated string network_tags = 8; + + // The Cloud KMS + // [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) + // name or + // [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) + // name. + // + // This field only presents for the purpose of backward compatibility. Please + // use the `kms_keys` field to retrieve KMS key information. This field is + // available only when the resource's Protobuf contains it and will only be + // populated for [these resource + // types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) + // for backward compatible purposes. + // + // To search against the `kms_key`: + // + // * Use a field query. Example: `kmsKey:key` + // * Use a free text query. Example: `key` + string kms_key = 10 [deprecated = true]; + + // The Cloud KMS + // [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) + // names or + // [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) + // names. This field is available only when the resource's Protobuf contains + // it. + // + // To search against the `kms_keys`: + // + // * Use a field query. Example: `kmsKeys:key` + // * Use a free text query. Example: `key` + repeated string kms_keys = 28; + + // The create timestamp of this resource, at which the resource was created. + // The granularity is in seconds. Timestamp.nanos will always be 0. This field + // is available only when the resource's Protobuf contains it. + // + // To search against `create_time`: + // + // * Use a field query. + // - value in seconds since unix epoch. Example: `createTime > 1609459200` + // - value in date string. Example: `createTime > 2021-01-01` + // - value in date-time string (must be quoted). Example: `createTime > + // "2021-01-01T00:00:00"` + google.protobuf.Timestamp create_time = 11; + + // The last update timestamp of this resource, at which the resource was last + // modified or deleted. The granularity is in seconds. Timestamp.nanos will + // always be 0. This field is available only when the resource's Protobuf + // contains it. + // + // To search against `update_time`: + // + // * Use a field query. + // - value in seconds since unix epoch. Example: `updateTime < 1609459200` + // - value in date string. Example: `updateTime < 2021-01-01` + // - value in date-time string (must be quoted). Example: `updateTime < + // "2021-01-01T00:00:00"` + google.protobuf.Timestamp update_time = 12; + + // The state of this resource. Different resources types have different state + // definitions that are mapped from various fields of different resource + // types. This field is available only when the resource's Protobuf contains + // it. + // + // Example: + // If the resource is an instance provided by Compute Engine, + // its state will include PROVISIONING, STAGING, RUNNING, STOPPING, + // SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition + // in [API + // Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances). + // If the resource is a project provided by Cloud Resource Manager, its state + // will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and + // DELETE_IN_PROGRESS. See `lifecycleState` definition in [API + // Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects). + // + // To search against the `state`: + // + // * Use a field query. Example: `state:RUNNING` + // * Use a free text query. Example: `RUNNING` + string state = 13; + + // The additional searchable attributes of this resource. The attributes may + // vary from one resource type to another. Examples: `projectId` for Project, + // `dnsName` for DNS ManagedZone. This field contains a subset of the resource + // metadata fields that are returned by the List or Get APIs provided by the + // corresponding GCP service (e.g., Compute Engine). see [API references and + // supported searchable + // attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types) + // to see which fields are included. + // + // You can search values of these fields through free text search. However, + // you should not consume the field programically as the field names and + // values may change as the GCP service updates to a new incompatible API + // version. + // + // To search against the `additional_attributes`: + // + // * Use a free text query to match the attributes values. Example: to search + // `additional_attributes = { dnsName: "foobar" }`, you can issue a query + // `foobar`. + google.protobuf.Struct additional_attributes = 9; + + // The full resource name of this resource's parent, if it has one. + // To search against the `parent_full_resource_name`: + // + // * Use a field query. Example: + // `parentFullResourceName:"project-name"` + // * Use a free text query. Example: + // `project-name` + string parent_full_resource_name = 19; + + // Versioned resource representations of this resource. This is repeated + // because there could be multiple versions of resource representations during + // version migration. + // + // This `versioned_resources` field is not searchable. Some attributes of the + // resource representations are exposed in `additional_attributes` field, so + // as to allow users to search on them. + repeated VersionedResource versioned_resources = 16; + + // Attached resources of this resource. For example, an OSConfig + // Inventory is an attached resource of a Compute Instance. This field is + // repeated because a resource could have multiple attached resources. + // + // This `attached_resources` field is not searchable. Some attributes + // of the attached resources are exposed in `additional_attributes` field, so + // as to allow users to search on them. + repeated AttachedResource attached_resources = 20; + + // A map of related resources of this resource, keyed by the + // relationship type. A relationship type is in the format of + // {SourceType}_{ACTION}_{DestType}. Example: `DISK_TO_INSTANCE`, + // `DISK_TO_NETWORK`, `INSTANCE_TO_INSTANCEGROUP`. + // See [supported relationship + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_relationship_types). + map<string, RelatedResources> relationships = 21; + + // TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. + // To search against the `tagKeys`: + // + // * Use a field query. Example: + // - `tagKeys:"123456789/env*"` + // - `tagKeys="123456789/env"` + // - `tagKeys:"env"` + // + // * Use a free text query. Example: + // - `env` + repeated string tag_keys = 23; + + // TagValue namespaced names, in the format of + // {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. + // To search against the `tagValues`: + // + // * Use a field query. Example: + // - `tagValues:"env"` + // - `tagValues:"env/prod"` + // - `tagValues:"123456789/env/prod*"` + // - `tagValues="123456789/env/prod"` + // + // * Use a free text query. Example: + // - `prod` + repeated string tag_values = 25; + + // TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. + // To search against the `tagValueIds`: + // + // * Use a field query. Example: + // - `tagValueIds:"456"` + // - `tagValueIds="tagValues/456"` + // + // * Use a free text query. Example: + // - `456` + repeated string tag_value_ids = 26; + + // The type of this resource's immediate parent, if there is one. + // + // To search against the `parent_asset_type`: + // + // * Use a field query. Example: + // `parentAssetType:"cloudresourcemanager.googleapis.com/Project"` + // * Use a free text query. Example: + // `cloudresourcemanager.googleapis.com/Project` + string parent_asset_type = 103; +} + +// Resource representation as defined by the corresponding service providing the +// resource for a given API version. +message VersionedResource { + // API version of the resource. + // + // Example: + // If the resource is an instance provided by Compute Engine v1 API as defined + // in `https://cloud.google.com/compute/docs/reference/rest/v1/instances`, + // version will be "v1". + string version = 1; + + // JSON representation of the resource as defined by the corresponding + // service providing this resource. + // + // Example: + // If the resource is an instance provided by Compute Engine, this field will + // contain the JSON representation of the instance as defined by Compute + // Engine: + // `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. + // + // You can find the resource definition for each supported resource type in + // this table: + // `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types` + google.protobuf.Struct resource = 2; +} + +// Attached resource representation, which is defined by the corresponding +// service provider. It represents an attached resource's payload. +message AttachedResource { + // The type of this attached resource. + // + // Example: `osconfig.googleapis.com/Inventory` + // + // You can find the supported attached asset types of each resource in this + // table: + // `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types` + string asset_type = 1; + + // Versioned resource representations of this attached resource. This is + // repeated because there could be multiple versions of the attached resource + // representations during version migration. + repeated VersionedResource versioned_resources = 3; +} + +// The related resources of the primary resource. +message RelatedResources { + // The detailed related resources of the primary resource. + repeated RelatedResource related_resources = 1; +} + +// The detailed related resource. +message RelatedResource { + // The type of the asset. Example: `compute.googleapis.com/Instance` + string asset_type = 1; + + // The full resource name of the related resource. Example: + // `//compute.googleapis.com/projects/my_proj_123/zones/instance/instance123` + string full_resource_name = 2; +} + +// A result of IAM Policy search, containing information of an IAM policy. +message IamPolicySearchResult { + // Explanation about the IAM policy search result. + message Explanation { + // IAM permissions + message Permissions { + // A list of permissions. A sample permission string: `compute.disk.get`. + repeated string permissions = 1; + } + + // The map from roles to their included permissions that match the + // permission query (i.e., a query containing `policy.role.permissions:`). + // Example: if query `policy.role.permissions:compute.disk.get` + // matches a policy binding that contains owner role, the + // matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The + // roles can also be found in the returned `policy` bindings. Note that the + // map is populated only for requests with permission queries. + map<string, Permissions> matched_permissions = 1; + } + + // The full resource name of the resource associated with this IAM policy. + // Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // See [Cloud Asset Inventory Resource Name + // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) + // for more information. + // + // To search against the `resource`: + // + // * use a field query. Example: `resource:organizations/123` + string resource = 1; + + // The type of the resource associated with this IAM policy. Example: + // `compute.googleapis.com/Disk`. + // + // To search against the `asset_type`: + // + // * specify the `asset_types` field in your search request. + string asset_type = 5; + + // The project that the associated GCP resource belongs to, in the form of + // projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM + // instance, Cloud Storage bucket), the project field will indicate the + // project that contains the resource. If an IAM policy is set on a folder or + // orgnization, this field will be empty. + // + // To search against the `project`: + // + // * specify the `scope` field as this project in your search request. + string project = 2; + + // The folder(s) that the IAM policy belongs to, in the form of + // folders/{FOLDER_NUMBER}. This field is available when the IAM policy + // belongs to one or more folders. + // + // To search against `folders`: + // + // * use a field query. Example: `folders:(123 OR 456)` + // * use a free text query. Example: `123` + // * specify the `scope` field as this folder in your search request. + repeated string folders = 6; + + // The organization that the IAM policy belongs to, in the form + // of organizations/{ORGANIZATION_NUMBER}. This field is available when the + // IAM policy belongs to an organization. + // + // To search against `organization`: + // + // * use a field query. Example: `organization:123` + // * use a free text query. Example: `123` + // * specify the `scope` field as this organization in your search request. + string organization = 7; + + // The IAM policy directly set on the given resource. Note that the original + // IAM policy can contain multiple bindings. This only contains the bindings + // that match the given query. For queries that don't contain a constrain on + // policies (e.g., an empty query), this contains all the bindings. + // + // To search against the `policy` bindings: + // + // * use a field query: + // - query by the policy contained members. Example: + // `policy:amy@gmail.com` + // - query by the policy contained roles. Example: + // `policy:roles/compute.admin` + // - query by the policy contained roles' included permissions. Example: + // `policy.role.permissions:compute.instances.create` + google.iam.v1.Policy policy = 3; + + // Explanation about the IAM policy search result. It contains additional + // information to explain why the search result matches the query. + Explanation explanation = 4; +} + +// Represents the detailed state of an entity under analysis, such as a +// resource, an identity or an access. +message IamPolicyAnalysisState { + // The Google standard error code that best describes the state. + // For example: + // - OK means the analysis on this entity has been successfully finished; + // - PERMISSION_DENIED means an access denied error is encountered; + // - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started + // in time; + google.rpc.Code code = 1; + + // The human-readable description of the cause of failure. + string cause = 2; +} + +// The Condition evaluation. +message ConditionEvaluation { + // Value of this expression. + enum EvaluationValue { + // Reserved for future use. + EVALUATION_VALUE_UNSPECIFIED = 0; + + // The evaluation result is `true`. + TRUE = 1; + + // The evaluation result is `false`. + FALSE = 2; + + // The evaluation result is `conditional` when the condition expression + // contains variables that are either missing input values or have not been + // supported by Analyzer yet. + CONDITIONAL = 3; + } + + // The evaluation result. + EvaluationValue evaluation_value = 1; +} + +// IAM Policy analysis result, consisting of one IAM policy binding and derived +// access control lists. +message IamPolicyAnalysisResult { + // A Google Cloud resource under analysis. + message Resource { + // The [full resource + // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) + string full_resource_name = 1; + + // The analysis state of this resource. + IamPolicyAnalysisState analysis_state = 2; + } + + // An IAM role or permission under analysis. + message Access { + oneof oneof_access { + // The role. + string role = 1; + + // The permission. + string permission = 2; + } + + // The analysis state of this access. + IamPolicyAnalysisState analysis_state = 3; + } + + // An identity under analysis. + message Identity { + // The identity name in any form of members appear in + // [IAM policy + // binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such + // as: + // - user:foo@google.com + // - group:group1@google.com + // - serviceAccount:s1@prj1.iam.gserviceaccount.com + // - projectOwner:some_project_id + // - domain:google.com + // - allUsers + // - etc. + string name = 1; + + // The analysis state of this identity. + IamPolicyAnalysisState analysis_state = 2; + } + + // A directional edge. + message Edge { + // The source node of the edge. For example, it could be a full resource + // name for a resource node or an email of an identity. + string source_node = 1; + + // The target node of the edge. For example, it could be a full resource + // name for a resource node or an email of an identity. + string target_node = 2; + } + + // An access control list, derived from the above IAM policy binding, which + // contains a set of resources and accesses. May include one + // item from each set to compose an access control entry. + // + // NOTICE that there could be multiple access control lists for one IAM policy + // binding. The access control lists are created based on resource and access + // combinations. + // + // For example, assume we have the following cases in one IAM policy binding: + // - Permission P1 and P2 apply to resource R1 and R2; + // - Permission P3 applies to resource R2 and R3; + // + // This will result in the following access control lists: + // - AccessControlList 1: [R1, R2], [P1, P2] + // - AccessControlList 2: [R2, R3], [P3] + message AccessControlList { + // The resources that match one of the following conditions: + // - The resource_selector, if it is specified in request; + // - Otherwise, resources reachable from the policy attached resource. + repeated Resource resources = 1; + + // The accesses that match one of the following conditions: + // - The access_selector, if it is specified in request; + // - Otherwise, access specifiers reachable from the policy binding's role. + repeated Access accesses = 2; + + // Resource edges of the graph starting from the policy attached + // resource to any descendant resources. The [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] contains + // the full resource name of a parent resource and [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] + // contains the full resource name of a child resource. This field is + // present only if the output_resource_edges option is enabled in request. + repeated Edge resource_edges = 3; + + // Condition evaluation for this AccessControlList, if there is a condition + // defined in the above IAM policy binding. + ConditionEvaluation condition_evaluation = 4; + } + + // The identities and group edges. + message IdentityList { + // Only the identities that match one of the following conditions will be + // presented: + // - The identity_selector, if it is specified in request; + // - Otherwise, identities reachable from the policy binding's members. + repeated Identity identities = 1; + + // Group identity edges of the graph starting from the binding's + // group members to any node of the [identities][google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList.identities]. The [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] + // contains a group, such as `group:parent@google.com`. The + // [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] contains a member of the group, + // such as `group:child@google.com` or `user:foo@google.com`. + // This field is present only if the output_group_edges option is enabled in + // request. + repeated Edge group_edges = 2; + } + + // The [full resource + // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) + // of the resource to which the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] policy attaches. + string attached_resource_full_name = 1; + + // The Cloud IAM policy binding under analysis. + google.iam.v1.Binding iam_binding = 2; + + // The access control lists derived from the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] that match or + // potentially match resource and access selectors specified in the request. + repeated AccessControlList access_control_lists = 3; + + // The identity list derived from members of the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] that match or + // potentially match identity selector specified in the request. + IdentityList identity_list = 4; + + // Represents whether all analyses on the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] have successfully + // finished. + bool fully_explored = 5; +} diff --git a/third_party/googleapis/google/cloud/asset/v1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1/cloudasset_grpc_service_config.json new file mode 100755 index 0000000..cb3cd72 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1/cloudasset_grpc_service_config.json @@ -0,0 +1,168 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "ExportAssets" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "CreateFeed" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "UpdateFeed" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "CreateSavedQuery" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "UpdateSavedQuery" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "AnalyzeIamPolicyLongrunning" + } + ], + "timeout": "60s" + }, + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "BatchGetAssetsHistory" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "GetFeed" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "ListAssets" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "ListFeeds" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "DeleteFeed" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "GetSavedQuery" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "ListSavedQueries" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "DeleteSavedQuery" + } + ], + "timeout": "60s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + } + }, + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "SearchAllResources" + }, + { + "service": "google.cloud.asset.v1.AssetService", + "method": "SearchAllIamPolicies" + } + ], + "timeout": "30s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + }, + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "AnalyzeIamPolicy" + } + ], + "timeout": "300s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + }, + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "QueryAssets" + } + ], + "timeout": "200s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + }, + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "QueryAssetTypes" + } + ], + "timeout": "10s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + }, + { + "name": [ + { + "service": "google.cloud.asset.v1.AssetService", + "method": "BatchGetEffectiveIamPolicies" + } + ], + "timeout": "300s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + } + ] +} diff --git a/third_party/googleapis/google/cloud/asset/v1/cloudasset_v1.yaml b/third_party/googleapis/google/cloud/asset/v1/cloudasset_v1.yaml new file mode 100644 index 0000000..338af62 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1/cloudasset_v1.yaml @@ -0,0 +1,48 @@ +type: google.api.Service +config_version: 3 +name: cloudasset.googleapis.com +title: Cloud Asset API + +apis: +- name: google.cloud.asset.v1.AssetService +- name: google.longrunning.Operations + +types: +- name: google.cloud.asset.v1.AnalyzeIamPolicyLongrunningMetadata +- name: google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse + +documentation: + summary: The cloud asset API manages the history and inventory of cloud resources. + overview: |- + # Cloud Asset API + + The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset + metadata, and allows GCP users to download a dump of all asset metadata + for the resource types listed below within an organization or a project at + a given timestamp. + + Read more documents here: + https://cloud.google.com/asset-inventory/docs + +backend: + rules: + - selector: 'google.cloud.asset.v1.AssetService.*' + deadline: 600.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 60.0 + +http: + rules: + - selector: google.longrunning.Operations.GetOperation + get: '/v1/{name=*/*/operations/*/**}' + +authentication: + rules: + - selector: 'google.cloud.asset.v1.AssetService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.GetOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p1beta1/BUILD.bazel new file mode 100644 index 0000000..7cc8aac --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p1beta1/BUILD.bazel @@ -0,0 +1,342 @@ +# This file was automatically generated by BuildFileGenerator + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "asset_proto", + srcs = [ + "asset_service.proto", + "assets.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/iam/v1:policy_proto", + ], +) + +proto_library_with_info( + name = "asset_proto_with_info", + deps = [ + ":asset_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "asset_java_proto", + deps = [":asset_proto"], +) + +java_grpc_library( + name = "asset_java_grpc", + srcs = [":asset_proto"], + deps = [":asset_java_proto"], +) + +java_gapic_library( + name = "asset_java_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + test_deps = [ + ":asset_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":asset_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "asset_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.asset.v1p1beta1.AssetServiceClientHttpJsonTest", + "com.google.cloud.asset.v1p1beta1.AssetServiceClientTest", + ], + runtime_deps = [":asset_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-asset-v1p1beta1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":asset_java_gapic", + ":asset_java_grpc", + ":asset_java_proto", + ":asset_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "asset_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p1beta1", + protos = [":asset_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_gapic_library( + name = "asset_go_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + importpath = "cloud.google.com/go/asset/apiv1p1beta1;asset", + service_yaml = "cloudasset_v1p1beta1.yaml", + transport = "grpc+rest", + deps = [ + ":asset_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_test( + name = "asset_go_gapic_test", + srcs = [":asset_go_gapic_srcjar_test"], + embed = [":asset_go_gapic"], + importpath = "cloud.google.com/go/asset/apiv1p1beta1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-asset-v1p1beta1-go", + deps = [ + ":asset_go_gapic", + ":asset_go_gapic_srcjar-test.srcjar", + ":asset_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "asset_py_gapic", + srcs = [":asset_proto"], + grpc_service_config = "cloudasset_grpc_service_config.json", + transport = "grpc", + deps = [ + "//google/iam/v1:iam_policy_py_proto", + ], +) + +py_test( + name = "asset_py_gapic_test", + srcs = [ + "asset_py_gapic_pytest.py", + "asset_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":asset_py_gapic"], +) + +py_gapic_assembly_pkg( + name = "asset-v1p1beta1-py", + deps = [ + ":asset_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "asset_php_proto", + deps = [":asset_proto"], +) + +php_grpc_library( + name = "asset_php_grpc", + srcs = [":asset_proto"], + deps = [":asset_php_proto"], +) + +php_gapic_library( + name = "asset_php_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + deps = [ + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-asset-v1p1beta1-php", + deps = [ + ":asset_php_gapic", + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "asset_nodejs_gapic", + package_name = "@google-cloud/asset", + src = ":asset_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "cloudasset_grpc_service_config.json", + package = "google.cloud.asset.v1p1beta1", + service_yaml = "cloudasset_v1p1beta1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "asset-v1p1beta1-nodejs", + deps = [ + ":asset_nodejs_gapic", + ":asset_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "asset_ruby_proto", + deps = [":asset_proto"], +) + +ruby_grpc_library( + name = "asset_ruby_grpc", + srcs = [":asset_proto"], + deps = [":asset_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "asset_ruby_gapic", + srcs = [":asset_proto_with_info"], + extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p1beta1"], + deps = [ + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-asset-v1p1beta1-ruby", + deps = [ + ":asset_ruby_gapic", + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "asset_csharp_proto", + deps = [":asset_proto"], +) + +csharp_grpc_library( + name = "asset_csharp_grpc", + srcs = [":asset_proto"], + deps = [":asset_csharp_proto"], +) + +csharp_gapic_library( + name = "asset_csharp_gapic", + srcs = [":asset_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "cloudasset_grpc_service_config.json", + service_yaml = "cloudasset_v1p1beta1.yaml", + deps = [ + ":asset_csharp_grpc", + ":asset_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-asset-v1p1beta1-csharp", + deps = [ + ":asset_csharp_gapic", + ":asset_csharp_grpc", + ":asset_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p1beta1/asset_service.proto new file mode 100644 index 0000000..d5a0d8c --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p1beta1/asset_service.proto @@ -0,0 +1,149 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1p1beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/cloud/asset/v1p1beta1/assets.proto"; + +option csharp_namespace = "Google.Cloud.Asset.V1P1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p1beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetServiceProto"; +option java_package = "com.google.cloud.asset.v1p1beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p1beta1"; + +// Asset service definition. +service AssetService { + option (google.api.default_host) = "cloudasset.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Searches all the resources under a given accessible CRM scope + // (project/folder/organization). This RPC gives callers + // especially admins the ability to search all the resources under a scope, + // even if they don't have .get permission of all the resources. Callers + // should have cloud.assets.SearchAllResources permission on the requested + // scope, otherwise it will be rejected. + rpc SearchAllResources(SearchAllResourcesRequest) returns (SearchAllResourcesResponse) { + option (google.api.http) = { + get: "/v1p1beta1/{scope=*/*}/resources:searchAll" + }; + option (google.api.method_signature) = "scope,query,asset_types"; + } + + // Searches all the IAM policies under a given accessible CRM scope + // (project/folder/organization). This RPC gives callers + // especially admins the ability to search all the IAM policies under a scope, + // even if they don't have .getIamPolicy permission of all the IAM policies. + // Callers should have cloud.assets.SearchAllIamPolicies permission on the + // requested scope, otherwise it will be rejected. + rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest) returns (SearchAllIamPoliciesResponse) { + option (google.api.http) = { + get: "/v1p1beta1/{scope=*/*}/iamPolicies:searchAll" + }; + option (google.api.method_signature) = "scope,query"; + } +} + +// Search all resources request. +message SearchAllResourcesRequest { + // Required. The relative name of an asset. The search is limited to the resources + // within the `scope`. The allowed value must be: + // * Organization number (such as "organizations/123") + // * Folder number(such as "folders/1234") + // * Project number (such as "projects/12345") + // * Project id (such as "projects/abc") + string scope = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The query statement. + string query = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A list of asset types that this request searches for. If empty, it will + // search all the supported asset types. + repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The page size for search result pagination. Page size is capped at 500 even + // if a larger value is given. If set to zero, server will pick an appropriate + // default. Returned results may be fewer than requested. When this happens, + // there could be more results as long as `next_page_token` is returned. + int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If present, then retrieve the next batch of results from the preceding call + // to this method. `page_token` must be the value of `next_page_token` from + // the previous response. The values of all other method parameters, must be + // identical to those in the previous call. + string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. A comma separated list of fields specifying the sorting order of the + // results. The default order is ascending. Add " desc" after the field name + // to indicate descending order. Redundant space characters are ignored. For + // example, " foo , bar desc ". + string order_by = 10 [(google.api.field_behavior) = OPTIONAL]; +} + +// Search all resources response. +message SearchAllResourcesResponse { + // A list of resource that match the search query. + repeated StandardResourceMetadata results = 1; + + // If there are more results than those appearing in this response, then + // `next_page_token` is included. To get the next set of results, call this + // method again using the value of `next_page_token` as `page_token`. + string next_page_token = 2; +} + +// Search all IAM policies request. +message SearchAllIamPoliciesRequest { + // Required. The relative name of an asset. The search is limited to the resources + // within the `scope`. The allowed value must be: + // * Organization number (such as "organizations/123") + // * Folder number(such as "folders/1234") + // * Project number (such as "projects/12345") + // * Project id (such as "projects/abc") + string scope = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The query statement. + // Examples: + // * "policy:myuser@mydomain.com" + // * "policy:(myuser@mydomain.com viewer)" + string query = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. The page size for search result pagination. Page size is capped at 500 even + // if a larger value is given. If set to zero, server will pick an appropriate + // default. Returned results may be fewer than requested. When this happens, + // there could be more results as long as `next_page_token` is returned. + int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. If present, retrieve the next batch of results from the preceding call to + // this method. `page_token` must be the value of `next_page_token` from the + // previous response. The values of all other method parameters must be + // identical to those in the previous call. + string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; +} + +// Search all IAM policies response. +message SearchAllIamPoliciesResponse { + // A list of IamPolicy that match the search query. Related information such + // as the associated resource is returned along with the policy. + repeated IamPolicySearchResult results = 1; + + // Set if there are more results than those appearing in this response; to get + // the next set of results, call this method again, using this value as the + // `page_token`. + string next_page_token = 2; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p1beta1/assets.proto new file mode 100644 index 0000000..c0ac140 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p1beta1/assets.proto @@ -0,0 +1,113 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1p1beta1; + +import "google/iam/v1/policy.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Asset.V1P1Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p1beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetProto"; +option java_package = "com.google.cloud.asset.v1p1beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p1beta1"; + +// The standard metadata of a cloud resource. +message StandardResourceMetadata { + // The full resource name. For example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // See [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string name = 1; + + // The type of this resource. + // For example: "compute.googleapis.com/Disk". + string asset_type = 2; + + // The project that this resource belongs to, in the form of + // `projects/{project_number}`. + string project = 3; + + // The display name of this resource. + string display_name = 4; + + // One or more paragraphs of text description of this resource. Maximum length + // could be up to 1M bytes. + string description = 5; + + // Additional searchable attributes of this resource. + // Informational only. The exact set of attributes is subject to change. + // For example: project id, DNS name etc. + repeated string additional_attributes = 10; + + // Location can be "global", regional like "us-east1", or zonal like + // "us-west1-b". + string location = 11; + + // Labels associated with this resource. See [Labelling and grouping GCP + // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) + // for more information. + map<string, string> labels = 12; + + // Network tags associated with this resource. Like labels, network tags are a + // type of annotations used to group GCP resources. See [Labelling GCP + // resources](lhttps://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) + // for more information. + repeated string network_tags = 13; +} + +// The result for a IAM Policy search. +message IamPolicySearchResult { + // Explanation about the IAM policy search result. + message Explanation { + // The map from roles to their included permission matching the permission + // query (e.g. containing `policy.role.permissions:`). A sample role string: + // "roles/compute.instanceAdmin". The roles can also be found in the + // returned `policy` bindings. Note that the map is populated only if + // requesting with a permission query. + map<string, Permissions> matched_permissions = 1; + } + + // The [full resource + // name](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // of the resource associated with this IAM policy. + string resource = 1; + + // The project that the associated GCP resource belongs to, in the form of + // `projects/{project_number}`. If an IAM policy is set on a resource (like VM + // instance, Cloud Storage bucket), the project field will indicate the + // project that contains the resource. If an IAM policy is set on a folder or + // orgnization, the project field will be empty. + string project = 3; + + // The IAM policy directly set on the given resource. Note that the original + // IAM policy can contain multiple bindings. This only contains the bindings + // that match the given query. For queries that don't contain a constrain on + // policies (e.g. an empty query), this contains all the bindings. + google.iam.v1.Policy policy = 4; + + // Explanation about the IAM policy search result. It contains additional + // information to explain why the search result matches the query. + Explanation explanation = 5; +} + +// IAM permissions +message Permissions { + // A list of permissions. A sample permission string: "compute.disk.get". + repeated string permissions = 1; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_gapic.yaml new file mode 100644 index 0000000..0bcb880 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_gapic.yaml @@ -0,0 +1,2 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_grpc_service_config.json new file mode 100755 index 0000000..2c59164 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_grpc_service_config.json @@ -0,0 +1,27 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.asset.v1p1beta1.AssetService", + "method": "SearchAllResources" + }, + { + "service": "google.cloud.asset.v1p1beta1.AssetService", + "method": "SearchAllIamPolicies" + } + ], + "timeout": "15s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + } + } + ] +} diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml new file mode 100644 index 0000000..74aad50 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml @@ -0,0 +1,44 @@ +type: google.api.Service +config_version: 3 +name: cloudasset.googleapis.com +title: Cloud Asset API + +apis: +- name: google.cloud.asset.v1p1beta1.AssetService + +documentation: + summary: The cloud asset API manages the history and inventory of cloud resources. + overview: |- + # Cloud Asset API + + The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset + metadata, and allows GCP users to download a dump of all asset metadata + for the resource types listed below within an organization or a project at + a given timestamp. + + Read more documents here: + https://cloud.google.com/asset-inventory/docs + +backend: + rules: + - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllIamPolicies + deadline: 600.0 + - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllResources + deadline: 600.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 60.0 + +authentication: + rules: + - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllIamPolicies + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllResources + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.GetOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p2beta1/BUILD.bazel new file mode 100644 index 0000000..bc42348 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p2beta1/BUILD.bazel @@ -0,0 +1,355 @@ +# This file was automatically generated by BuildFileGenerator + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "asset_proto", + srcs = [ + "asset_service.proto", + "assets.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/iam/v1:policy_proto", + "//google/longrunning:operations_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:struct_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "asset_proto_with_info", + deps = [ + ":asset_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "asset_java_proto", + deps = [":asset_proto"], +) + +java_grpc_library( + name = "asset_java_grpc", + srcs = [":asset_proto"], + deps = [":asset_java_proto"], +) + +java_gapic_library( + name = "asset_java_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + test_deps = [ + ":asset_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":asset_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "asset_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.asset.v1p2beta1.AssetServiceClientHttpJsonTest", + "com.google.cloud.asset.v1p2beta1.AssetServiceClientTest", + ], + runtime_deps = [":asset_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-asset-v1p2beta1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":asset_java_gapic", + ":asset_java_grpc", + ":asset_java_proto", + ":asset_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "asset_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1", + protos = [":asset_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/longrunning:longrunning_go_proto", + ], +) + +go_gapic_library( + name = "asset_go_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + importpath = "cloud.google.com/go/asset/apiv1p2beta1;asset", + service_yaml = "cloudasset_v1p2beta1.yaml", + transport = "grpc+rest", + deps = [ + ":asset_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/longrunning:longrunning_go_proto", + "@com_google_cloud_go//longrunning:go_default_library", + "@com_google_cloud_go//longrunning/autogen:go_default_library", + "@io_bazel_rules_go//proto/wkt:any_go_proto", + "@io_bazel_rules_go//proto/wkt:struct_go_proto", + ], +) + +go_test( + name = "asset_go_gapic_test", + srcs = [":asset_go_gapic_srcjar_test"], + embed = [":asset_go_gapic"], + importpath = "cloud.google.com/go/asset/apiv1p2beta1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-asset-v1p2beta1-go", + deps = [ + ":asset_go_gapic", + ":asset_go_gapic_srcjar-test.srcjar", + ":asset_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "asset_py_gapic", + srcs = [":asset_proto"], + grpc_service_config = "cloudasset_grpc_service_config.json", + transport = "grpc", + deps = [ + "//google/iam/v1:iam_policy_py_proto", + ], +) + +py_test( + name = "asset_py_gapic_test", + srcs = [ + "asset_py_gapic_pytest.py", + "asset_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":asset_py_gapic"], +) + +py_gapic_assembly_pkg( + name = "asset-v1p2beta1-py", + deps = [ + ":asset_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "asset_php_proto", + deps = [":asset_proto"], +) + +php_grpc_library( + name = "asset_php_grpc", + srcs = [":asset_proto"], + deps = [":asset_php_proto"], +) + +php_gapic_library( + name = "asset_php_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + deps = [ + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-asset-v1p2beta1-php", + deps = [ + ":asset_php_gapic", + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "asset_nodejs_gapic", + package_name = "@google-cloud/asset", + src = ":asset_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "cloudasset_grpc_service_config.json", + package = "google.cloud.asset.v1p2beta1", + service_yaml = "cloudasset_v1p2beta1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "asset-v1p2beta1-nodejs", + deps = [ + ":asset_nodejs_gapic", + ":asset_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "asset_ruby_proto", + deps = [":asset_proto"], +) + +ruby_grpc_library( + name = "asset_ruby_grpc", + srcs = [":asset_proto"], + deps = [":asset_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "asset_ruby_gapic", + srcs = [":asset_proto_with_info"], + extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p2beta1"], + deps = [ + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-asset-v1p2beta1-ruby", + deps = [ + ":asset_ruby_gapic", + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "asset_csharp_proto", + deps = [":asset_proto"], +) + +csharp_grpc_library( + name = "asset_csharp_grpc", + srcs = [":asset_proto"], + deps = [":asset_csharp_proto"], +) + +# Invalid C# namespaces, cannot build. +# csharp_gapic_library( +# name = "asset_csharp_gapic", +# srcs = [":asset_proto_with_info"], +# grpc_service_config = "cloudasset_grpc_service_config.json", +# common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", +# deps = [ +# ":asset_csharp_grpc", +# ":asset_csharp_proto", +# ], +# ) + +# # Open Source Packages +# csharp_gapic_assembly_pkg( +# name = "google-cloud-asset-v1p2beta1-csharp", +# deps = [ +# ":asset_csharp_gapic", +# ":asset_csharp_grpc", +# ":asset_csharp_proto", +# ], +# ) + +############################################################################## +# C++ +############################################################################## +# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p2beta1/asset_service.proto new file mode 100644 index 0000000..92f285f --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p2beta1/asset_service.proto @@ -0,0 +1,259 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.asset.v1p2beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/asset/v1p2beta1/assets.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; + +option csharp_namespace = "Google.Cloud.Asset.V1p2Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetServiceProto"; +option java_package = "com.google.cloud.asset.v1p2beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p2beta1"; + +// Asset service definition. +service AssetService { + option (google.api.default_host) = "cloudasset.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Creates a feed in a parent project/folder/organization to listen to its + // asset updates. + rpc CreateFeed(CreateFeedRequest) returns (Feed) { + option (google.api.http) = { + post: "/v1p2beta1/{parent=*/*}/feeds" + body: "*" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets details about an asset feed. + rpc GetFeed(GetFeedRequest) returns (Feed) { + option (google.api.http) = { + get: "/v1p2beta1/{name=*/*/feeds/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Lists all asset feeds in a parent project/folder/organization. + rpc ListFeeds(ListFeedsRequest) returns (ListFeedsResponse) { + option (google.api.http) = { + get: "/v1p2beta1/{parent=*/*}/feeds" + }; + option (google.api.method_signature) = "parent"; + } + + // Updates an asset feed configuration. + rpc UpdateFeed(UpdateFeedRequest) returns (Feed) { + option (google.api.http) = { + patch: "/v1p2beta1/{feed.name=*/*/feeds/*}" + body: "*" + }; + option (google.api.method_signature) = "feed"; + } + + // Deletes an asset feed. + rpc DeleteFeed(DeleteFeedRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1p2beta1/{name=*/*/feeds/*}" + }; + option (google.api.method_signature) = "name"; + } +} + +// Create asset feed request. +message CreateFeedRequest { + // Required. The name of the project/folder/organization where this feed + // should be created in. It can only be an organization number (such as + // "organizations/123"), a folder number (such as "folders/123"), a project ID + // (such as "projects/my-project-id")", or a project number (such as + // "projects/12345"). + string parent = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. This is the client-assigned asset feed identifier and it needs to + // be unique under a specific parent project/folder/organization. + string feed_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The feed details. The field `name` must be empty and it will be generated + // in the format of: + // projects/project_number/feeds/feed_id + // folders/folder_number/feeds/feed_id + // organizations/organization_number/feeds/feed_id + Feed feed = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Get asset feed request. +message GetFeedRequest { + // Required. The name of the Feed and it must be in the format of: + // projects/project_number/feeds/feed_id + // folders/folder_number/feeds/feed_id + // organizations/organization_number/feeds/feed_id + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Feed" + } + ]; +} + +// List asset feeds request. +message ListFeedsRequest { + // Required. The parent project/folder/organization whose feeds are to be + // listed. It can only be using project/folder/organization number (such as + // "folders/12345")", or a project ID (such as "projects/my-project-id"). + string parent = 1 [(google.api.field_behavior) = REQUIRED]; +} + +message ListFeedsResponse { + // A list of feeds. + repeated Feed feeds = 1; +} + +// Update asset feed request. +message UpdateFeedRequest { + // Required. The new values of feed details. It must match an existing feed and the + // field `name` must be in the format of: + // projects/project_number/feeds/feed_id or + // folders/folder_number/feeds/feed_id or + // organizations/organization_number/feeds/feed_id. + Feed feed = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Only updates the `feed` fields indicated by this mask. + // The field mask must not be empty, and it must not contain fields that + // are immutable or only set by the server. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; +} + +message DeleteFeedRequest { + // Required. The name of the feed and it must be in the format of: + // projects/project_number/feeds/feed_id + // folders/folder_number/feeds/feed_id + // organizations/organization_number/feeds/feed_id + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Feed" + } + ]; +} + +// Output configuration for export assets destination. +message OutputConfig { + // Asset export destination. + oneof destination { + // Destination on Cloud Storage. + GcsDestination gcs_destination = 1; + } +} + +// A Cloud Storage location. +message GcsDestination { + // Required. + oneof object_uri { + // The uri of the Cloud Storage object. It's the same uri that is used by + // gsutil. For example: "gs://bucket_name/object_name". See [Viewing and + // Editing Object + // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) + // for more information. + string uri = 1; + } +} + +// A Cloud Pubsub destination. +message PubsubDestination { + // The name of the Cloud Pub/Sub topic to publish to. + // For example: `projects/PROJECT_ID/topics/TOPIC_ID`. + string topic = 1; +} + +// Output configuration for asset feed destination. +message FeedOutputConfig { + // Asset feed destination. + oneof destination { + // Destination on Cloud Pubsub. + PubsubDestination pubsub_destination = 1; + } +} + +// An asset feed used to export asset updates to a destinations. +// An asset feed filter controls what updates are exported. +// The asset feed must be created within a project, organization, or +// folder. Supported destinations are: +// Cloud Pub/Sub topics. +message Feed { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/Feed" + pattern: "projects/{project}/feeds/{feed}" + pattern: "folders/{folder}/feeds/{feed}" + pattern: "organizations/{organization}/feeds/{feed}" + history: ORIGINALLY_SINGLE_PATTERN + }; + + // Required. The format will be + // projects/{project_number}/feeds/{client-assigned_feed_identifier} or + // folders/{folder_number}/feeds/{client-assigned_feed_identifier} or + // organizations/{organization_number}/feeds/{client-assigned_feed_identifier} + // + // The client-assigned feed identifier must be unique within the parent + // project/folder/organization. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // A list of the full names of the assets to receive updates. You must specify + // either or both of asset_names and asset_types. Only asset updates matching + // specified asset_names and asset_types are exported to the feed. For + // example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // See [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more info. + repeated string asset_names = 2; + + // A list of types of the assets to receive updates. You must specify either + // or both of asset_names and asset_types. Only asset updates matching + // specified asset_names and asset_types are exported to the feed. + // For example: + // "compute.googleapis.com/Disk" See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) + // for all supported asset types. + repeated string asset_types = 3; + + // Asset content type. If not specified, no content but the asset name and + // type will be returned. + ContentType content_type = 4; + + // Required. Feed output configuration defining where the asset updates are + // published to. + FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED]; +} + +// Asset content type. +enum ContentType { + // Unspecified content type. + CONTENT_TYPE_UNSPECIFIED = 0; + + // Resource metadata. + RESOURCE = 1; + + // The actual IAM policy set on a resource. + IAM_POLICY = 2; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p2beta1/assets.proto new file mode 100644 index 0000000..bc2a9c5 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p2beta1/assets.proto @@ -0,0 +1,124 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.asset.v1p2beta1; + +import "google/iam/v1/policy.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Asset.v1p2beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetProto"; +option java_package = "com.google.cloud.asset.v1p2beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p2beta1"; + +// Temporal asset. In addition to the asset, the temporal asset includes the +// status of the asset and valid from and to time of it. +message TemporalAsset { + // The time window when the asset data and state was observed. + TimeWindow window = 1; + + // If the asset is deleted or not. + bool deleted = 2; + + // Asset. + Asset asset = 3; +} + +// A time window of (start_time, end_time]. +message TimeWindow { + // Start time of the time window (exclusive). + google.protobuf.Timestamp start_time = 1; + + // End time of the time window (inclusive). + // Current timestamp if not specified. + google.protobuf.Timestamp end_time = 2; +} + +// Cloud asset. This includes all Google Cloud Platform resources, +// Cloud IAM policies, and other non-GCP assets. +message Asset { + // The full name of the asset. For example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // See [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string name = 1; + + // Type of the asset. Example: "compute.googleapis.com/Disk". + string asset_type = 2; + + // Representation of the resource. + Resource resource = 3; + + // Representation of the actual Cloud IAM policy set on a cloud resource. For + // each resource, there must be at most one Cloud IAM policy set on it. + google.iam.v1.Policy iam_policy = 4; + + // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, + // represented as a list of relative resource names. Ancestry path starts with + // the closest CRM ancestor and ends at root. If the asset is a CRM + // project/folder/organization, this starts from the asset itself. + // + // Example: ["projects/123456789", "folders/5432", "organizations/1234"] + repeated string ancestors = 6; +} + +// Representation of a cloud resource. +message Resource { + // The API version. Example: "v1". + string version = 1; + + // The URL of the discovery document containing the resource's JSON schema. + // For example: + // `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. + // It will be left unspecified for resources without a discovery-based API, + // such as Cloud Bigtable. + string discovery_document_uri = 2; + + // The JSON schema name listed in the discovery document. + // Example: "Project". It will be left unspecified for resources (such as + // Cloud Bigtable) without a discovery-based API. + string discovery_name = 3; + + // The REST URL for accessing the resource. An HTTP GET operation using this + // URL returns the resource itself. + // Example: + // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. + // It will be left unspecified for resources without a REST API. + string resource_url = 4; + + // The full name of the immediate parent of this resource. See + // [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + // + // For GCP assets, it is the parent resource defined in the [Cloud IAM policy + // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). + // For example: + // `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. + // + // For third-party assets, it is up to the users to define. + string parent = 5; + + // The content of the resource, in which some sensitive fields are scrubbed + // away and may not be present. + google.protobuf.Struct data = 6; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml new file mode 100644 index 0000000..0bcb880 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml @@ -0,0 +1,2 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json new file mode 100755 index 0000000..7e71470 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json @@ -0,0 +1,43 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.asset.v1p2beta1.AssetService", + "method": "CreateFeed" + }, + { + "service": "google.cloud.asset.v1p2beta1.AssetService", + "method": "UpdateFeed" + } + ], + "timeout": "60s" + }, + { + "name": [ + { + "service": "google.cloud.asset.v1p2beta1.AssetService", + "method": "GetFeed" + }, + { + "service": "google.cloud.asset.v1p2beta1.AssetService", + "method": "ListFeeds" + }, + { + "service": "google.cloud.asset.v1p2beta1.AssetService", + "method": "DeleteFeed" + } + ], + "timeout": "60s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + } + } + ] +} diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml new file mode 100644 index 0000000..19bc881 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml @@ -0,0 +1,38 @@ +type: google.api.Service +config_version: 3 +name: cloudasset.googleapis.com +title: Cloud Asset API + +apis: +- name: google.cloud.asset.v1p2beta1.AssetService + +documentation: + summary: The cloud asset API manages the history and inventory of cloud resources. + overview: |- + # Cloud Asset API + + The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset + metadata, and allows GCP users to download a dump of all asset metadata + for the resource types listed below within an organization or a project at + a given timestamp. + + Read more documents here: + https://cloud.google.com/asset-inventory/docs + +backend: + rules: + - selector: 'google.cloud.asset.v1p2beta1.AssetService.*' + deadline: 600.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 60.0 + +authentication: + rules: + - selector: 'google.cloud.asset.v1p2beta1.AssetService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.GetOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p5beta1/BUILD.bazel new file mode 100644 index 0000000..64bbc1b --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p5beta1/BUILD.bazel @@ -0,0 +1,353 @@ +# This file was automatically generated by BuildFileGenerator + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "asset_proto", + srcs = [ + "asset_service.proto", + "assets.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_proto", + "//google/iam/v1:policy_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:struct_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "asset_proto_with_info", + deps = [ + ":asset_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "asset_java_proto", + deps = [":asset_proto"], +) + +java_grpc_library( + name = "asset_java_grpc", + srcs = [":asset_proto"], + deps = [":asset_java_proto"], +) + +java_gapic_library( + name = "asset_java_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + test_deps = [ + ":asset_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":asset_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "asset_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.asset.v1p5beta1.AssetServiceClientHttpJsonTest", + "com.google.cloud.asset.v1p5beta1.AssetServiceClientTest", + ], + runtime_deps = [":asset_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-asset-v1p5beta1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":asset_java_gapic", + ":asset_java_grpc", + ":asset_java_proto", + ":asset_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "asset_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1", + protos = [":asset_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_go_proto", + ], +) + +go_gapic_library( + name = "asset_go_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + importpath = "cloud.google.com/go/asset/apiv1p5beta1;asset", + service_yaml = "cloudasset_v1p5beta1.yaml", + transport = "grpc+rest", + deps = [ + ":asset_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_test( + name = "asset_go_gapic_test", + srcs = [":asset_go_gapic_srcjar_test"], + embed = [":asset_go_gapic"], + importpath = "cloud.google.com/go/asset/apiv1p5beta1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-asset-v1p5beta1-go", + deps = [ + ":asset_go_gapic", + ":asset_go_gapic_srcjar-test.srcjar", + ":asset_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "asset_py_gapic", + srcs = [":asset_proto"], + grpc_service_config = "cloudasset_grpc_service_config.json", + transport = "grpc", + deps = [ + "//google/cloud/orgpolicy/v1:orgpolicy_py_original_proto", + "//google/iam/v1:iam_policy_py_proto", + "//google/identity/accesscontextmanager/v1:access_level_py_proto", + "//google/identity/accesscontextmanager/v1:access_policy_py_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_py_gapic", + "//google/identity/accesscontextmanager/v1:service_perimeter_py_proto", + ], +) + +py_test( + name = "asset_py_gapic_test", + srcs = [ + "asset_py_gapic_pytest.py", + "asset_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":asset_py_gapic"], +) + +py_gapic_assembly_pkg( + name = "asset-v1p5beta1-py", + deps = [ + ":asset_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "asset_php_proto", + deps = [":asset_proto"], +) + +php_grpc_library( + name = "asset_php_grpc", + srcs = [":asset_proto"], + deps = [":asset_php_proto"], +) + +php_gapic_library( + name = "asset_php_gapic", + srcs = [":asset_proto_with_info"], + deps = [ + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-asset-v1p5beta1-php", + deps = [ + ":asset_php_gapic", + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "asset_nodejs_gapic", + src = ":asset_proto_with_info", + extra_protoc_parameters = ["metadata"], + gapic_yaml = "cloudasset_gapic.yaml", + package = "google.cloud.asset.v1p5beta1", + service_yaml = "cloudasset_v1p5beta1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "asset-v1p5beta1-nodejs", + deps = [ + ":asset_nodejs_gapic", + ":asset_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "asset_ruby_proto", + deps = [":asset_proto"], +) + +ruby_grpc_library( + name = "asset_ruby_grpc", + srcs = [":asset_proto"], + deps = [":asset_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "asset_ruby_gapic", + srcs = [":asset_proto_with_info"], + extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p5beta1"], + deps = [ + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-asset-v1p5beta1-ruby", + deps = [ + ":asset_ruby_gapic", + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "asset_csharp_proto", + deps = [":asset_proto"], +) + +csharp_grpc_library( + name = "asset_csharp_grpc", + srcs = [":asset_proto"], + deps = [":asset_csharp_proto"], +) + +# Invalid C# namespaces, cannot build. +# csharp_gapic_library( +# name = "asset_csharp_gapic", +# srcs = [":asset_proto_with_info"], +# grpc_service_config = "cloudasset_grpc_service_config.json", +# common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", +# deps = [ +# ":asset_csharp_grpc", +# ":asset_csharp_proto", +# ], +# ) + +# # Open Source Packages +# csharp_gapic_assembly_pkg( +# name = "google-cloud-asset-v1p5beta1-csharp", +# deps = [ +# ":asset_csharp_gapic", +# ":asset_csharp_grpc", +# ":asset_csharp_proto", +# ], +# ) + +############################################################################## +# C++ +############################################################################## +# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p5beta1/asset_service.proto new file mode 100644 index 0000000..52233ad --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p5beta1/asset_service.proto @@ -0,0 +1,112 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1p5beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/cloud/asset/v1p5beta1/assets.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.Asset.V1P5Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetServiceProto"; +option java_package = "com.google.cloud.asset.v1p5beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1"; + +// Asset service definition. +service AssetService { + option (google.api.default_host) = "cloudasset.googleapis.com"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/cloud-platform"; + + // Lists assets with time and resource types and returns paged results in + // response. + rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { + option (google.api.http) = { + get: "/v1p5beta1/{parent=*/*}/assets" + }; + } +} + +// ListAssets request. +message ListAssetsRequest { + // Required. Name of the organization or project the assets belong to. Format: + // "organizations/[organization-number]" (such as "organizations/123"), + // "projects/[project-number]" (such as "projects/my-project-id"), or + // "projects/[project-id]" (such as "projects/12345"). + string parent = 1 [(google.api.field_behavior) = REQUIRED]; + + // Timestamp to take an asset snapshot. This can only be set to a timestamp + // between 2018-10-02 UTC (inclusive) and the current time. If not specified, + // the current time will be used. Due to delays in resource data collection + // and indexing, there is a volatile window during which running the same + // query may get different results. + google.protobuf.Timestamp read_time = 2; + + // A list of asset types of which to take a snapshot for. For example: + // "compute.googleapis.com/Disk". If specified, only matching assets will be + // returned. See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) + // for all supported asset types. + repeated string asset_types = 3; + + // Asset content type. If not specified, no content but the asset name will + // be returned. + ContentType content_type = 4; + + // The maximum number of assets to be returned in a single response. Default + // is 100, minimum is 1, and maximum is 1000. + int32 page_size = 5; + + // The `next_page_token` returned from the previous `ListAssetsResponse`, or + // unspecified for the first `ListAssetsRequest`. It is a continuation of a + // prior `ListAssets` call, and the API should return the next page of assets. + string page_token = 6; +} + +// Asset content type. +enum ContentType { + // Unspecified content type. + CONTENT_TYPE_UNSPECIFIED = 0; + + // Resource metadata. + RESOURCE = 1; + + // The actual IAM policy set on a resource. + IAM_POLICY = 2; + + // The Cloud Organization Policy set on an asset. + ORG_POLICY = 4; + + // The Cloud Access context mananger Policy set on an asset. + ACCESS_POLICY = 5; +} + +// ListAssets response. +message ListAssetsResponse { + // Time the snapshot was taken. + google.protobuf.Timestamp read_time = 1; + + // Assets. + repeated Asset assets = 2; + + // Token to retrieve the next page of results. Set to empty if there are no + // remaining results. + string next_page_token = 3; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p5beta1/assets.proto new file mode 100644 index 0000000..7ad133a --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p5beta1/assets.proto @@ -0,0 +1,124 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1p5beta1; + +import "google/api/resource.proto"; +import "google/cloud/orgpolicy/v1/orgpolicy.proto"; +import "google/iam/v1/policy.proto"; +import "google/identity/accesscontextmanager/v1/access_level.proto"; +import "google/identity/accesscontextmanager/v1/access_policy.proto"; +import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; +import "google/protobuf/struct.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Asset.V1p5Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetProto"; +option java_package = "com.google.cloud.asset.v1p5beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1"; + +// Cloud asset. This includes all Google Cloud Platform resources, +// Cloud IAM policies, and other non-GCP assets. +message Asset { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/Asset" + pattern: "*" + }; + + // The full name of the asset. For example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. + // See [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string name = 1; + + // Type of the asset. Example: "compute.googleapis.com/Disk". + string asset_type = 2; + + // Representation of the resource. + Resource resource = 3; + + // Representation of the actual Cloud IAM policy set on a cloud resource. For + // each resource, there must be at most one Cloud IAM policy set on it. + google.iam.v1.Policy iam_policy = 4; + + // Representation of the Cloud Organization Policy set on an asset. For each + // asset, there could be multiple Organization policies with different + // constraints. + repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; + + // Representation of the Cloud Organization access policy. + oneof access_context_policy { + google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; + + google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; + + google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = + 9; + } + + // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, + // represented as a list of relative resource names. Ancestry path starts with + // the closest CRM ancestor and ends at root. If the asset is a CRM + // project/folder/organization, this starts from the asset itself. + // + // Example: ["projects/123456789", "folders/5432", "organizations/1234"] + repeated string ancestors = 10; +} + +// Representation of a cloud resource. +message Resource { + // The API version. Example: "v1". + string version = 1; + + // The URL of the discovery document containing the resource's JSON schema. + // For example: + // `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. + // It will be left unspecified for resources without a discovery-based API, + // such as Cloud Bigtable. + string discovery_document_uri = 2; + + // The JSON schema name listed in the discovery document. + // Example: "Project". It will be left unspecified for resources (such as + // Cloud Bigtable) without a discovery-based API. + string discovery_name = 3; + + // The REST URL for accessing the resource. An HTTP GET operation using this + // URL returns the resource itself. + // Example: + // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. + // It will be left unspecified for resources without a REST API. + string resource_url = 4; + + // The full name of the immediate parent of this resource. See + // [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + // + // For GCP assets, it is the parent resource defined in the [Cloud IAM policy + // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). + // For example: + // `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. + // + // For third-party assets, it is up to the users to define. + string parent = 5; + + // The content of the resource, in which some sensitive fields are scrubbed + // away and may not be present. + google.protobuf.Struct data = 6; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_gapic.yaml new file mode 100644 index 0000000..0bcb880 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_gapic.yaml @@ -0,0 +1,2 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_grpc_service_config.json new file mode 100644 index 0000000..3620a5b --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_grpc_service_config.json @@ -0,0 +1,22 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.asset.v1p5beta1.AssetService", + "method": "ListAssets" + } + ], + "timeout": "60s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + } + } + ] +} diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml new file mode 100644 index 0000000..07dbada --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml @@ -0,0 +1,32 @@ +type: google.api.Service +config_version: 3 +name: cloudasset.googleapis.com +title: Cloud Asset API + +apis: +- name: google.cloud.asset.v1p5beta1.AssetService + +documentation: + summary: The cloud asset API manages the history and inventory of cloud resources. + overview: |- + # Cloud Asset API + + The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset + metadata, and allows GCP users to download a dump of all asset metadata + for the resource types listed below within an organization or a project at + a given timestamp. + + Read more documents here: + https://cloud.google.com/asset-inventory/docs + +backend: + rules: + - selector: google.cloud.asset.v1p5beta1.AssetService.ListAssets + deadline: 600.0 + +authentication: + rules: + - selector: google.cloud.asset.v1p5beta1.AssetService.ListAssets + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p7beta1/BUILD.bazel new file mode 100644 index 0000000..926cd0d --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p7beta1/BUILD.bazel @@ -0,0 +1,366 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "asset_proto", + srcs = [ + "asset_service.proto", + "assets.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_proto", + "//google/cloud/osconfig/v1:osconfig_proto", + "//google/iam/v1:policy_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_proto", + "//google/longrunning:operations_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:struct_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "asset_proto_with_info", + deps = [ + ":asset_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "asset_java_proto", + deps = [":asset_proto"], +) + +java_grpc_library( + name = "asset_java_grpc", + srcs = [":asset_proto"], + deps = [":asset_java_proto"], +) + +java_gapic_library( + name = "asset_java_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + test_deps = [ + ":asset_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + deps = [ + ":asset_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "asset_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.asset.v1p7beta1.AssetServiceClientTest", + ], + runtime_deps = [":asset_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-asset-v1p7beta1-java", + transport = "grpc+rest", + deps = [ + ":asset_java_gapic", + ":asset_java_grpc", + ":asset_java_proto", + ":asset_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "asset_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1", + protos = [":asset_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/cloud/orgpolicy/v1:orgpolicy_go_proto", + "//google/cloud/osconfig/v1:osconfig_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/identity/accesscontextmanager/v1:accesscontextmanager_go_proto", + "//google/longrunning:longrunning_go_proto", + ], +) + +go_gapic_library( + name = "asset_go_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + importpath = "cloud.google.com/go/asset/apiv1p7beta1;asset", + metadata = True, + service_yaml = "cloudasset_v1p7beta1.yaml", + deps = [ + ":asset_go_proto", + "//google/iam/v1:iam_go_proto", + "//google/longrunning:longrunning_go_proto", + "@com_google_cloud_go//longrunning:go_default_library", + "@com_google_cloud_go//longrunning/autogen:go_default_library", + "@io_bazel_rules_go//proto/wkt:any_go_proto", + "@io_bazel_rules_go//proto/wkt:struct_go_proto", + ], +) + +go_test( + name = "asset_go_gapic_test", + srcs = [":asset_go_gapic_srcjar_test"], + embed = [":asset_go_gapic"], + importpath = "cloud.google.com/go/asset/apiv1p7beta1", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-asset-v1p7beta1-go", + deps = [ + ":asset_go_gapic", + ":asset_go_gapic_srcjar-metadata.srcjar", + ":asset_go_gapic_srcjar-test.srcjar", + ":asset_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", +) + +py_gapic_library( + name = "asset_py_gapic", + srcs = [":asset_proto"], + grpc_service_config = "cloudasset_grpc_service_config.json", + transport = "grpc", +) + +# Uncomment once https://github.com/googleapis/gapic-generator-python/issues/1376 is fixed +#py_test( +# name = "asset_py_gapic_test", +# srcs = [ +# "asset_py_gapic_pytest.py", +# "asset_py_gapic_test.py", +# ], +# legacy_create_init = False, +# deps = [":asset_py_gapic"], +#) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "asset-v1p7beta1-py", + deps = [ + ":asset_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "asset_php_proto", + deps = [":asset_proto"], +) + +php_grpc_library( + name = "asset_php_grpc", + srcs = [":asset_proto"], + deps = [":asset_php_proto"], +) + +php_gapic_library( + name = "asset_php_gapic", + srcs = [":asset_proto_with_info"], + grpc_service_config = "cloudasset_grpc_service_config.json", + deps = [ + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-asset-v1p7beta1-php", + deps = [ + ":asset_php_gapic", + ":asset_php_grpc", + ":asset_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "asset_nodejs_gapic", + package_name = "@google-cloud/asset", + src = ":asset_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "cloudasset_grpc_service_config.json", + package = "google.cloud.asset.v1p7beta1", + service_yaml = "cloudasset_v1p7beta1.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "asset-v1p7beta1-nodejs", + deps = [ + ":asset_nodejs_gapic", + ":asset_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "asset_ruby_proto", + deps = [":asset_proto"], +) + +ruby_grpc_library( + name = "asset_ruby_grpc", + srcs = [":asset_proto"], + deps = [":asset_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "asset_ruby_gapic", + srcs = [":asset_proto_with_info"], + extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p7beta1"], + deps = [ + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-asset-v1p7beta1-ruby", + deps = [ + ":asset_ruby_gapic", + ":asset_ruby_grpc", + ":asset_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "asset_csharp_proto", + deps = [":asset_proto"], +) + +csharp_grpc_library( + name = "asset_csharp_grpc", + srcs = [":asset_proto"], + deps = [":asset_csharp_proto"], +) + +# Invalid C# namespaces, cannot build. +# csharp_gapic_library( +# name = "asset_csharp_gapic", +# srcs = [":asset_proto_with_info"], +# common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", +# grpc_service_config = "cloudasset_grpc_service_config.json", +# deps = [ +# ":asset_csharp_grpc", +# ":asset_csharp_proto", +# ], +# ) + +# # Open Source Packages +# csharp_gapic_assembly_pkg( +# name = "google-cloud-asset-v1p7beta1-csharp", +# deps = [ +# ":asset_csharp_gapic", +# ":asset_csharp_grpc", +# ":asset_csharp_proto", +# ], +# ) + +############################################################################## +# C++ +############################################################################## +# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p7beta1/asset_service.proto new file mode 100644 index 0000000..18fcff6 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p7beta1/asset_service.proto @@ -0,0 +1,313 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1p7beta1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/asset/v1p7beta1/assets.proto"; +import "google/longrunning/operations.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.Asset.V1P7Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetServiceProto"; +option java_package = "com.google.cloud.asset.v1p7beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1"; + +// Asset service definition. +service AssetService { + option (google.api.default_host) = "cloudasset.googleapis.com"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/cloud-platform"; + + // Exports assets with time and resource types to a given Cloud Storage + // location/BigQuery table. For Cloud Storage location destinations, the + // output format is newline-delimited JSON. Each line represents a + // [google.cloud.asset.v1p7beta1.Asset][google.cloud.asset.v1p7beta1.Asset] in + // the JSON format; for BigQuery table destinations, the output table stores + // the fields in asset proto as columns. This API implements the + // [google.longrunning.Operation][google.longrunning.Operation] API , which + // allows you to keep track of the export. We recommend intervals of at least + // 2 seconds with exponential retry to poll the export operation result. For + // regular-size resource parent, the export operation usually finishes within + // 5 minutes. + rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1p7beta1/{parent=*/*}:exportAssets" + body: "*" + }; + option (google.longrunning.operation_info) = { + response_type: "google.cloud.asset.v1p7beta1.ExportAssetsResponse" + metadata_type: "google.cloud.asset.v1p7beta1.ExportAssetsRequest" + }; + } +} + +// Export asset request. +message ExportAssetsRequest { + // Required. The relative name of the root asset. This can only be an + // organization number (such as "organizations/123"), a project ID (such as + // "projects/my-project-id"), or a project number (such as "projects/12345"), + // or a folder number (such as "folders/123"). + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + child_type: "cloudasset.googleapis.com/Asset" + } + ]; + + // Timestamp to take an asset snapshot. This can only be set to a timestamp + // between the current time and the current time minus 35 days (inclusive). + // If not specified, the current time will be used. Due to delays in resource + // data collection and indexing, there is a volatile window during which + // running the same query may get different results. + google.protobuf.Timestamp read_time = 2; + + // A list of asset types to take a snapshot for. For example: + // "compute.googleapis.com/Disk". + // + // Regular expressions are also supported. For example: + // + // * "compute.googleapis.com.*" snapshots resources whose asset type starts + // with "compute.googleapis.com". + // * ".*Instance" snapshots resources whose asset type ends with "Instance". + // * ".*Instance.*" snapshots resources whose asset type contains "Instance". + // + // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported + // regular expression syntax. If the regular expression does not match any + // supported asset type, an INVALID_ARGUMENT error will be returned. + // + // If specified, only matching assets will be returned, otherwise, it will + // snapshot all asset types. See [Introduction to Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) + // for all supported asset types. + repeated string asset_types = 3; + + // Asset content type. If not specified, no content but the asset name will be + // returned. + ContentType content_type = 4; + + // Required. Output configuration indicating where the results will be output + // to. + OutputConfig output_config = 5 [(google.api.field_behavior) = REQUIRED]; + + // A list of relationship types to export, for example: + // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if + // content_type=RELATIONSHIP. If specified, it will snapshot [asset_types]' + // specified relationships, or give errors if any relationship_types' + // supported types are not in [asset_types]. If not specified, it will + // snapshot all [asset_types]' supported relationships. An unspecified + // [asset_types] field means all supported asset_types. See [Introduction to + // Cloud Asset + // Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all + // supported asset types and relationship types. + repeated string relationship_types = 6; +} + +// The export asset response. This message is returned by the +// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] +// method in the returned +// [google.longrunning.Operation.response][google.longrunning.Operation.response] +// field. +message ExportAssetsResponse { + // Time the snapshot was taken. + google.protobuf.Timestamp read_time = 1; + + // Output configuration indicating where the results were output to. + OutputConfig output_config = 2; + + // Output result indicating where the assets were exported to. For example, a + // set of actual Google Cloud Storage object uris where the assets are + // exported to. The uris can be different from what [output_config] has + // specified, as the service will split the output object into multiple ones + // once it exceeds a single Google Cloud Storage object limit. + OutputResult output_result = 3; +} + +// Output configuration for export assets destination. +message OutputConfig { + // Asset export destination. + oneof destination { + // Destination on Cloud Storage. + GcsDestination gcs_destination = 1; + + // Destination on BigQuery. The output table stores the fields in asset + // proto as columns in BigQuery. + BigQueryDestination bigquery_destination = 2; + } +} + +// Output result of export assets. +message OutputResult { + // Asset export result. + oneof result { + // Export result on Cloud Storage. + GcsOutputResult gcs_result = 1; + } +} + +// A Cloud Storage output result. +message GcsOutputResult { + // List of uris of the Cloud Storage objects. Example: + // "gs://bucket_name/object_name". + repeated string uris = 1; +} + +// A Cloud Storage location. +message GcsDestination { + // Required. + oneof object_uri { + // The uri of the Cloud Storage object. It's the same uri that is used by + // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and + // Editing Object + // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) + // for more information. + string uri = 1; + + // The uri prefix of all generated Cloud Storage objects. Example: + // "gs://bucket_name/object_name_prefix". Each object uri is in format: + // "gs://bucket_name/object_name_prefix/{ASSET_TYPE}/{SHARD_NUMBER} and only + // contains assets for that type. <shard number> starts from 0. Example: + // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is + // the first shard of output objects containing all + // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be + // returned if file with the same name "gs://bucket_name/object_name_prefix" + // already exists. + string uri_prefix = 2; + } +} + +// A BigQuery destination for exporting assets to. +message BigQueryDestination { + // Required. The BigQuery dataset in format + // "projects/projectId/datasets/datasetId", to which the snapshot result + // should be exported. If this dataset does not exist, the export call returns + // an INVALID_ARGUMENT error. + string dataset = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The BigQuery table to which the snapshot result should be + // written. If this table does not exist, a new table with the given name + // will be created. + string table = 2 [(google.api.field_behavior) = REQUIRED]; + + // If the destination table already exists and this flag is `TRUE`, the + // table will be overwritten by the contents of assets snapshot. If the flag + // is `FALSE` or unset and the destination table already exists, the export + // call returns an INVALID_ARGUMEMT error. + bool force = 3; + + // [partition_spec] determines whether to export to partitioned table(s) and + // how to partition the data. + // + // If [partition_spec] is unset or [partition_spec.partition_key] is unset or + // `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to + // non-partitioned table(s). [force] will decide whether to overwrite existing + // table(s). + // + // If [partition_spec] is specified. First, the snapshot results will be + // written to partitioned table(s) with two additional timestamp columns, + // readTime and requestTime, one of which will be the partition key. Secondly, + // in the case when any destination table already exists, it will first try to + // update existing table's schema as necessary by appending additional + // columns. Then, if [force] is `TRUE`, the corresponding partition will be + // overwritten by the snapshot results (data in different partitions will + // remain intact); if [force] is unset or `FALSE`, it will append the data. An + // error will be returned if the schema update or data appension fails. + PartitionSpec partition_spec = 4; + + // If this flag is `TRUE`, the snapshot results will be written to one or + // multiple tables, each of which contains results of one asset type. The + // [force] and [partition_spec] fields will apply to each of them. + // + // Field [table] will be concatenated with "_" and the asset type names (see + // https://cloud.google.com/asset-inventory/docs/supported-asset-types for + // supported asset types) to construct per-asset-type table names, in which + // all non-alphanumeric characters like "." and "/" will be substituted by + // "_". Example: if field [table] is "mytable" and snapshot results + // contain "storage.googleapis.com/Bucket" assets, the corresponding table + // name will be "mytable_storage_googleapis_com_Bucket". If any of these + // tables does not exist, a new table with the concatenated name will be + // created. + // + // When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of + // each table will include RECORD-type columns mapped to the nested fields in + // the Asset.resource.data field of that asset type (up to the 15 nested level + // BigQuery supports + // (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The + // fields in >15 nested levels will be stored in JSON format string as a child + // column of its parent RECORD column. + // + // If error occurs when exporting to any table, the whole export call will + // return an error but the export results that already succeed will persist. + // Example: if exporting to table_type_A succeeds when exporting to + // table_type_B fails during one export call, the results in table_type_A will + // persist and there will not be partial results persisting in a table. + bool separate_tables_per_asset_type = 5; +} + +// Specifications of BigQuery partitioned table as export destination. +message PartitionSpec { + // This enum is used to determine the partition key column when exporting + // assets to BigQuery partitioned table(s). Note that, if the partition key is + // a timestamp column, the actual partition is based on its date value + // (expressed in UTC. see details in + // https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables). + enum PartitionKey { + // Unspecified partition key. If used, it means using non-partitioned table. + PARTITION_KEY_UNSPECIFIED = 0; + + // The time when the snapshot is taken. If specified as partition key, the + // result table(s) is partitoned by the additional timestamp column, + // readTime. If [read_time] in ExportAssetsRequest is specified, the + // readTime column's value will be the same as it. Otherwise, its value will + // be the current time that is used to take the snapshot. + READ_TIME = 1; + + // The time when the request is received and started to be processed. If + // specified as partition key, the result table(s) is partitoned by the + // requestTime column, an additional timestamp column representing when the + // request was received. + REQUEST_TIME = 2; + } + + // The partition key for BigQuery partitioned table. + PartitionKey partition_key = 1; +} + +// Asset content type. +enum ContentType { + // Unspecified content type. + CONTENT_TYPE_UNSPECIFIED = 0; + + // Resource metadata. + RESOURCE = 1; + + // The actual IAM policy set on a resource. + IAM_POLICY = 2; + + // The Cloud Organization Policy set on an asset. + ORG_POLICY = 4; + + // The Cloud Access context manager Policy set on an asset. + ACCESS_POLICY = 5; + + // The related resources. + RELATIONSHIP = 7; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p7beta1/assets.proto new file mode 100644 index 0000000..26ac6b2 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p7beta1/assets.proto @@ -0,0 +1,233 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.asset.v1p7beta1; + +import "google/api/resource.proto"; +import "google/cloud/orgpolicy/v1/orgpolicy.proto"; +import "google/cloud/osconfig/v1/inventory.proto"; +import "google/iam/v1/policy.proto"; +import "google/identity/accesscontextmanager/v1/access_level.proto"; +import "google/identity/accesscontextmanager/v1/access_policy.proto"; +import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Asset.V1P7Beta1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1;asset"; +option java_multiple_files = true; +option java_outer_classname = "AssetProto"; +option java_package = "com.google.cloud.asset.v1p7beta1"; +option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1"; + +// The Cloud Asset API. + +// An asset in Google Cloud. An asset can be any resource in the Google Cloud +// [resource +// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), +// a resource outside the Google Cloud resource hierarchy (such as Google +// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). +// See [Supported asset +// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) +// for more information. +message Asset { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/Asset" + pattern: "*" + }; + + // The last update timestamp of an asset. update_time is updated when + // create/update/delete operation is performed. + google.protobuf.Timestamp update_time = 11; + + // The full name of the asset. Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` + // + // See [Resource + // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string name = 1; + + // The type of the asset. Example: `compute.googleapis.com/Disk` + // + // See [Supported asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) + // for more information. + string asset_type = 2; + + // A representation of the resource. + Resource resource = 3; + + // A representation of the Cloud IAM policy set on a Google Cloud resource. + // There can be a maximum of one Cloud IAM policy set on any given resource. + // In addition, Cloud IAM policies inherit their granted access scope from any + // policies set on parent resources in the resource hierarchy. Therefore, the + // effectively policy is the union of both the policy set on this resource + // and each policy set on all of the resource's ancestry resource levels in + // the hierarchy. See + // [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for + // more information. + google.iam.v1.Policy iam_policy = 4; + + // A representation of an [organization + // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). + // There can be more than one organization policy with different constraints + // set on a given resource. + repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; + + // A representation of an [access + // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). + oneof access_context_policy { + // Please also refer to the [access policy user + // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). + google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; + + // Please also refer to the [access level user + // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). + google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; + + // Please also refer to the [service perimeter user + // guide](https://cloud.google.com/vpc-service-controls/docs/overview). + google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = + 9; + } + + // The related assets of the asset of one relationship type. + // One asset only represents one type of relationship. + RelatedAssets related_assets = 13; + + // The ancestry path of an asset in Google Cloud [resource + // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), + // represented as a list of relative resource names. An ancestry path starts + // with the closest ancestor in the hierarchy and ends at root. If the asset + // is a project, folder, or organization, the ancestry path starts from the + // asset itself. + // + // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` + repeated string ancestors = 10; +} + +// A representation of a Google Cloud resource. +message Resource { + // The API version. Example: `v1` + string version = 1; + + // The URL of the discovery document containing the resource's JSON schema. + // Example: + // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` + // + // This value is unspecified for resources that do not have an API based on a + // discovery document, such as Cloud Bigtable. + string discovery_document_uri = 2; + + // The JSON schema name listed in the discovery document. Example: + // `Project` + // + // This value is unspecified for resources that do not have an API based on a + // discovery document, such as Cloud Bigtable. + string discovery_name = 3; + + // The REST URL for accessing the resource. An HTTP `GET` request using this + // URL returns the resource itself. Example: + // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` + // + // This value is unspecified for resources without a REST API. + string resource_url = 4; + + // The full name of the immediate parent of this resource. See + // [Resource + // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + // + // For Google Cloud assets, this value is the parent resource defined in the + // [Cloud IAM policy + // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). + // Example: + // `//cloudresourcemanager.googleapis.com/projects/my_project_123` + // + // For third-party assets, this field may be set differently. + string parent = 5; + + // The content of the resource, in which some sensitive fields are removed + // and may not be present. + google.protobuf.Struct data = 6; + + // The location of the resource in Google Cloud, such as its zone and region. + // For more information, see https://cloud.google.com/about/locations/. + string location = 8; +} + +// The detailed related assets with the `relationship_type`. +message RelatedAssets { + // The detailed relation attributes. + RelationshipAttributes relationship_attributes = 1; + + // The peer resources of the relationship. + repeated RelatedAsset assets = 2; +} + +// The relationship attributes which include `type`, `source_resource_type`, +// `target_resource_type` and `action`. +message RelationshipAttributes { + // The unique identifier of the relationship type. Example: + // `INSTANCE_TO_INSTANCEGROUP` + string type = 4; + + // The source asset type. Example: `compute.googleapis.com/Instance` + string source_resource_type = 1; + + // The target asset type. Example: `compute.googleapis.com/Disk` + string target_resource_type = 2; + + // The detail of the relationship, e.g. `contains`, `attaches` + string action = 3; +} + +// An asset identify in Google Cloud which contains its name, type and +// ancestors. An asset can be any resource in the Google Cloud [resource +// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), +// a resource outside the Google Cloud resource hierarchy (such as Google +// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). +// See [Supported asset +// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) +// for more information. +message RelatedAsset { + // The full name of the asset. Example: + // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` + // + // See [Resource + // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) + // for more information. + string asset = 1 [(google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Asset" + }]; + + // The type of the asset. Example: `compute.googleapis.com/Disk` + // + // See [Supported asset + // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) + // for more information. + string asset_type = 2; + + // The ancestors of an asset in Google Cloud [resource + // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), + // represented as a list of relative resource names. An ancestry path starts + // with the closest ancestor in the hierarchy and ends at root. + // + // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` + repeated string ancestors = 3; +} diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_gapic.yaml new file mode 100644 index 0000000..0bcb880 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_gapic.yaml @@ -0,0 +1,2 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_grpc_service_config.json new file mode 100644 index 0000000..cece780 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_grpc_service_config.json @@ -0,0 +1,22 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.asset.v1p7beta1.AssetService", + "method": "ExportAssets" + } + ], + "timeout": "60s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + } + } + ] +} diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml new file mode 100644 index 0000000..73e89e3 --- /dev/null +++ b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml @@ -0,0 +1,41 @@ +type: google.api.Service +config_version: 3 +name: cloudasset.googleapis.com +title: Cloud Asset API + +apis: +- name: google.cloud.asset.v1p7beta1.AssetService + +types: +- name: google.cloud.asset.v1p7beta1.Asset + +documentation: + summary: The cloud asset API manages the history and inventory of cloud resources. + overview: |- + # Cloud Asset API + + The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset + metadata, and allows GCP users to download a dump of all asset metadata + for the resource types listed below within an organization or a project at + a given timestamp. + + Read more documents here: + https://cloud.google.com/asset-inventory/docs + +backend: + rules: + - selector: google.cloud.asset.v1p7beta1.AssetService.ExportAssets + deadline: 600.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 60.0 + +authentication: + rules: + - selector: google.cloud.asset.v1p7beta1.AssetService.ExportAssets + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.GetOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform |