diff options
Diffstat (limited to 'third_party/googleapis/google/cloud/asset')
30 files changed, 0 insertions, 6724 deletions
diff --git a/third_party/googleapis/google/cloud/asset/BUILD.bazel b/third_party/googleapis/google/cloud/asset/BUILD.bazel deleted file mode 100644 index 242ca6e..0000000 --- a/third_party/googleapis/google/cloud/asset/BUILD.bazel +++ /dev/null @@ -1,41 +0,0 @@ -# This build file includes a target for the Ruby wrapper library for -# google-cloud-asset. - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -# Export yaml configs. -exports_files(glob(["*.yaml"])) - -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", -) - -# Generates a Ruby wrapper client for cloudasset. -# Ruby wrapper clients are versionless, but are generated from source protos -# for a particular service version, v1 in this case. -ruby_cloud_gapic_library( - name = "cloudasset_ruby_wrapper", - srcs = ["//google/cloud/asset/v1:asset_proto_with_info"], - extra_protoc_parameters = [ - "ruby-cloud-gem-name=google-cloud-asset", - "ruby-cloud-env-prefix=ASSET", - "ruby-cloud-wrapper-of=v1:0.0", - "ruby-cloud-product-url=https://cloud.google.com/asset-inventory/", - "ruby-cloud-api-id=cloudasset.googleapis.com", - "ruby-cloud-api-shortname=cloudasset", - "ruby-cloud-migration-version=1.0", - ], - ruby_cloud_description = "A metadata inventory service that allows you to view, monitor, and analyze all your GCP and Anthos assets across projects and services.", - ruby_cloud_title = "Cloud Asset", -) - -# Open Source package. -ruby_gapic_assembly_pkg( - name = "google-cloud-asset-ruby", - deps = [ - ":cloudasset_ruby_wrapper", - ], -) diff --git a/third_party/googleapis/google/cloud/asset/v1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1/BUILD.bazel deleted file mode 100644 index 74a1a28..0000000 --- a/third_party/googleapis/google/cloud/asset/v1/BUILD.bazel +++ /dev/null @@ -1,406 +0,0 @@ -# This file was automatically generated by BuildFileGenerator - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - -proto_library( - name = "asset_proto", - srcs = [ - "asset_service.proto", - "assets.proto", - ], - deps = [ - "//google/api:annotations_proto", - "//google/api:client_proto", - "//google/api:field_behavior_proto", - "//google/api:resource_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_proto", - "//google/cloud/osconfig/v1:osconfig_proto", - "//google/iam/v1:policy_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_proto", - "//google/longrunning:operations_proto", - "//google/rpc:code_proto", - "//google/rpc:status_proto", - "//google/type:expr_proto", - "@com_google_protobuf//:any_proto", - "@com_google_protobuf//:duration_proto", - "@com_google_protobuf//:empty_proto", - "@com_google_protobuf//:field_mask_proto", - "@com_google_protobuf//:struct_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) - -proto_library_with_info( - name = "asset_proto_with_info", - deps = [ - ":asset_proto", - "//google/cloud:common_resources_proto", - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_gapic_assembly_gradle_pkg", - "java_gapic_library", - "java_gapic_test", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "asset_java_proto", - deps = [":asset_proto"], -) - -java_grpc_library( - name = "asset_java_grpc", - srcs = [":asset_proto"], - deps = [":asset_java_proto"], -) - -java_gapic_library( - name = "asset_java_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - test_deps = [ - ":asset_java_grpc", - "//google/iam/v1:iam_java_grpc", - ], - transport = "grpc+rest", - deps = [ - ":asset_java_proto", - "//google/iam/v1:iam_java_proto", - ], -) - -java_gapic_test( - name = "asset_java_gapic_test_suite", - test_classes = [ - "com.google.cloud.asset.v1.AssetServiceClientHttpJsonTest", - "com.google.cloud.asset.v1.AssetServiceClientTest", - ], - runtime_deps = [":asset_java_gapic_test"], -) - -# Open Source Packages -java_gapic_assembly_gradle_pkg( - name = "google-cloud-asset-v1-java", - include_samples = True, - transport = "grpc+rest", - deps = [ - ":asset_java_gapic", - ":asset_java_grpc", - ":asset_java_proto", - ":asset_proto", - ], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_gapic_assembly_pkg", - "go_gapic_library", - "go_proto_library", - "go_test", -) - -go_proto_library( - name = "asset_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1", - protos = [":asset_proto"], - deps = [ - "//google/api:annotations_go_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_go_proto", - "//google/cloud/osconfig/v1:osconfig_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_go_proto", - "//google/longrunning:longrunning_go_proto", - "//google/rpc:code_go_proto", - "//google/rpc:status_go_proto", - "//google/type:expr_go_proto", - ], -) - -go_gapic_library( - name = "asset_go_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - importpath = "cloud.google.com/go/asset/apiv1;asset", - service_yaml = "cloudasset_v1.yaml", - transport = "grpc+rest", - deps = [ - ":asset_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/longrunning:longrunning_go_proto", - "@com_google_cloud_go//longrunning:go_default_library", - "@com_google_cloud_go//longrunning/autogen:go_default_library", - "@io_bazel_rules_go//proto/wkt:any_go_proto", - "@io_bazel_rules_go//proto/wkt:duration_go_proto", - "@io_bazel_rules_go//proto/wkt:struct_go_proto", - ], -) - -go_test( - name = "asset_go_gapic_test", - srcs = [":asset_go_gapic_srcjar_test"], - embed = [":asset_go_gapic"], - importpath = "cloud.google.com/go/asset/apiv1", -) - -# Open Source Packages -go_gapic_assembly_pkg( - name = "gapi-cloud-asset-v1-go", - deps = [ - ":asset_go_gapic", - ":asset_go_gapic_srcjar-test.srcjar", - ":asset_go_proto", - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "py_gapic_assembly_pkg", - "py_gapic_library", - "py_test", -) - -py_gapic_library( - name = "asset_py_gapic", - srcs = [":asset_proto"], - grpc_service_config = "cloudasset_grpc_service_config.json", - transport = "grpc", - deps = [ - "//google/cloud/orgpolicy/v1:orgpolicy_py_original_proto", - "//google/cloud/osconfig/v1:osconfig_py_proto", - "//google/iam/v1:policy_py_proto", - "//google/identity/accesscontextmanager/v1:access_level_py_proto", - "//google/identity/accesscontextmanager/v1:access_policy_py_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_py_gapic", - "//google/identity/accesscontextmanager/v1:service_perimeter_py_proto", - ], -) - -py_gapic_assembly_pkg( - name = "asset-v1-py", - deps = [ - ":asset_py_gapic", - ], -) - -py_test( - name = "asset_py_gapic_test", - srcs = [ - "asset_py_gapic_pytest.py", - "asset_py_gapic_test.py", - ], - legacy_create_init = False, - deps = [":asset_py_gapic"], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_gapic_assembly_pkg", - "php_gapic_library", - "php_grpc_library", - "php_proto_library", -) - -php_proto_library( - name = "asset_php_proto", - deps = [":asset_proto"], -) - -php_grpc_library( - name = "asset_php_grpc", - srcs = [":asset_proto"], - deps = [":asset_php_proto"], -) - -php_gapic_library( - name = "asset_php_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - service_yaml = "cloudasset_v1.yaml", - deps = [ - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -# Open Source Packages -php_gapic_assembly_pkg( - name = "google-cloud-asset-v1-php", - deps = [ - ":asset_php_gapic", - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -############################################################################## -# Node.js -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "nodejs_gapic_assembly_pkg", - "nodejs_gapic_library", -) - -nodejs_gapic_library( - name = "asset_nodejs_gapic", - package_name = "@google-cloud/asset", - src = ":asset_proto_with_info", - extra_protoc_parameters = ["metadata"], - grpc_service_config = "cloudasset_grpc_service_config.json", - package = "google.cloud.asset.v1", - service_yaml = "cloudasset_v1.yaml", - deps = [], -) - -nodejs_gapic_assembly_pkg( - name = "asset-v1-nodejs", - deps = [ - ":asset_nodejs_gapic", - ":asset_proto", - "//google/cloud/osconfig/v1:osconfig_proto", - ], -) - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "asset_ruby_proto", - deps = [ - ":asset_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_proto", - ], -) - -ruby_grpc_library( - name = "asset_ruby_grpc", - srcs = [":asset_proto"], - deps = [":asset_ruby_proto"], -) - -ruby_cloud_gapic_library( - name = "asset_ruby_gapic", - srcs = [":asset_proto_with_info"], - extra_protoc_parameters = [ - "ruby-cloud-gem-name=google-cloud-asset-v1", - "ruby-cloud-env-prefix=ASSET", - "ruby-cloud-product-url=https://cloud.google.com/asset-inventory/", - "ruby-cloud-api-id=cloudasset.googleapis.com", - "ruby-cloud-api-shortname=cloudasset", - "ruby-cloud-extra-dependencies=google-identity-access_context_manager-v1=> 0.0|< 2.a;google-cloud-os_config-v1=> 0.0|< 2.a", - ], - grpc_service_config = "cloudasset_grpc_service_config.json", - ruby_cloud_description = "A metadata inventory service that allows you to view, monitor, and analyze all your GCP and Anthos assets across projects and services.", - ruby_cloud_title = "Cloud Asset V1", - deps = [ - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -# Open Source Packages -ruby_gapic_assembly_pkg( - name = "google-cloud-asset-v1-ruby", - deps = [ - ":asset_ruby_gapic", - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_gapic_assembly_pkg", - "csharp_gapic_library", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "asset_csharp_proto", - deps = [":asset_proto"], -) - -csharp_grpc_library( - name = "asset_csharp_grpc", - srcs = [":asset_proto"], - deps = [":asset_csharp_proto"], -) - -csharp_gapic_library( - name = "asset_csharp_gapic", - srcs = [":asset_proto_with_info"], - common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", - grpc_service_config = "cloudasset_grpc_service_config.json", - service_yaml = "cloudasset_v1.yaml", - deps = [ - ":asset_csharp_grpc", - ":asset_csharp_proto", - ], -) - -# Open Source Packages -csharp_gapic_assembly_pkg( - name = "google-cloud-asset-v1-csharp", - deps = [ - ":asset_csharp_gapic", - ":asset_csharp_grpc", - ":asset_csharp_proto", - ], -) - -############################################################################## -# C++ -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "cc_grpc_library", - "cc_proto_library", -) - -cc_proto_library( - name = "asset_cc_proto", - deps = [":asset_proto"], -) - -cc_grpc_library( - name = "asset_cc_grpc", - srcs = [":asset_proto"], - grpc_only = True, - deps = [":asset_cc_proto"], -) diff --git a/third_party/googleapis/google/cloud/asset/v1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1/asset_service.proto deleted file mode 100644 index 9e13d06..0000000 --- a/third_party/googleapis/google/cloud/asset/v1/asset_service.proto +++ /dev/null @@ -1,2014 +0,0 @@ -// Copyright 2022 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/asset/v1/assets.proto"; -import "google/iam/v1/policy.proto"; -import "google/longrunning/operations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; -import "google/rpc/status.proto"; -import "google/type/expr.proto"; - -option csharp_namespace = "Google.Cloud.Asset.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetServiceProto"; -option java_package = "com.google.cloud.asset.v1"; -option php_namespace = "Google\\Cloud\\Asset\\V1"; - -// Asset service definition. -service AssetService { - option (google.api.default_host) = "cloudasset.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Exports assets with time and resource types to a given Cloud Storage - // location/BigQuery table. For Cloud Storage location destinations, the - // output format is newline-delimited JSON. Each line represents a - // [google.cloud.asset.v1.Asset][google.cloud.asset.v1.Asset] in the JSON format; for BigQuery table - // destinations, the output table stores the fields in asset Protobuf as - // columns. This API implements the [google.longrunning.Operation][google.longrunning.Operation] API, - // which allows you to keep track of the export. We recommend intervals of at - // least 2 seconds with exponential retry to poll the export operation result. - // For regular-size resource parent, the export operation usually finishes - // within 5 minutes. - rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1/{parent=*/*}:exportAssets" - body: "*" - }; - option (google.longrunning.operation_info) = { - response_type: "google.cloud.asset.v1.ExportAssetsResponse" - metadata_type: "google.cloud.asset.v1.ExportAssetsRequest" - }; - } - - // Lists assets with time and resource types and returns paged results in - // response. - rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { - option (google.api.http) = { - get: "/v1/{parent=*/*}/assets" - }; - option (google.api.method_signature) = "parent"; - } - - // Batch gets the update history of assets that overlap a time window. - // For IAM_POLICY content, this API outputs history when the asset and its - // attached IAM POLICY both exist. This can create gaps in the output history. - // Otherwise, this API outputs history with asset in both non-delete or - // deleted status. - // If a specified asset does not exist, this API returns an INVALID_ARGUMENT - // error. - rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) { - option (google.api.http) = { - get: "/v1/{parent=*/*}:batchGetAssetsHistory" - }; - } - - // Creates a feed in a parent project/folder/organization to listen to its - // asset updates. - rpc CreateFeed(CreateFeedRequest) returns (Feed) { - option (google.api.http) = { - post: "/v1/{parent=*/*}/feeds" - body: "*" - }; - option (google.api.method_signature) = "parent"; - } - - // Gets details about an asset feed. - rpc GetFeed(GetFeedRequest) returns (Feed) { - option (google.api.http) = { - get: "/v1/{name=*/*/feeds/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Lists all asset feeds in a parent project/folder/organization. - rpc ListFeeds(ListFeedsRequest) returns (ListFeedsResponse) { - option (google.api.http) = { - get: "/v1/{parent=*/*}/feeds" - }; - option (google.api.method_signature) = "parent"; - } - - // Updates an asset feed configuration. - rpc UpdateFeed(UpdateFeedRequest) returns (Feed) { - option (google.api.http) = { - patch: "/v1/{feed.name=*/*/feeds/*}" - body: "*" - }; - option (google.api.method_signature) = "feed"; - } - - // Deletes an asset feed. - rpc DeleteFeed(DeleteFeedRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v1/{name=*/*/feeds/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Searches all Cloud resources within the specified scope, such as a project, - // folder, or organization. The caller must be granted the - // `cloudasset.assets.searchAllResources` permission on the desired scope, - // otherwise the request will be rejected. - rpc SearchAllResources(SearchAllResourcesRequest) returns (SearchAllResourcesResponse) { - option (google.api.http) = { - get: "/v1/{scope=*/*}:searchAllResources" - }; - option (google.api.method_signature) = "scope,query,asset_types"; - } - - // Searches all IAM policies within the specified scope, such as a project, - // folder, or organization. The caller must be granted the - // `cloudasset.assets.searchAllIamPolicies` permission on the desired scope, - // otherwise the request will be rejected. - rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest) returns (SearchAllIamPoliciesResponse) { - option (google.api.http) = { - get: "/v1/{scope=*/*}:searchAllIamPolicies" - }; - option (google.api.method_signature) = "scope,query"; - } - - // Analyzes IAM policies to answer which identities have what accesses on - // which resources. - rpc AnalyzeIamPolicy(AnalyzeIamPolicyRequest) returns (AnalyzeIamPolicyResponse) { - option (google.api.http) = { - get: "/v1/{analysis_query.scope=*/*}:analyzeIamPolicy" - }; - } - - // Analyzes IAM policies asynchronously to answer which identities have what - // accesses on which resources, and writes the analysis results to a Google - // Cloud Storage or a BigQuery destination. For Cloud Storage destination, the - // output format is the JSON format that represents a - // [AnalyzeIamPolicyResponse][google.cloud.asset.v1.AnalyzeIamPolicyResponse]. This method implements the - // [google.longrunning.Operation][google.longrunning.Operation], which allows you to track the operation - // status. We recommend intervals of at least 2 seconds with exponential - // backoff retry to poll the operation result. The metadata contains the - // metadata for the long-running operation. - rpc AnalyzeIamPolicyLongrunning(AnalyzeIamPolicyLongrunningRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1/{analysis_query.scope=*/*}:analyzeIamPolicyLongrunning" - body: "*" - }; - option (google.longrunning.operation_info) = { - response_type: "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse" - metadata_type: "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningMetadata" - }; - } - - // Analyze moving a resource to a specified destination without kicking off - // the actual move. The analysis is best effort depending on the user's - // permissions of viewing different hierarchical policies and configurations. - // The policies and configuration are subject to change before the actual - // resource migration takes place. - rpc AnalyzeMove(AnalyzeMoveRequest) returns (AnalyzeMoveResponse) { - option (google.api.http) = { - get: "/v1/{resource=*/*}:analyzeMove" - }; - } - - // Issue a job that queries assets using a SQL statement compatible with - // [BigQuery Standard - // SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). - // - // If the query execution finishes within timeout and there's no pagination, - // the full query results will be returned in the `QueryAssetsResponse`. - // - // Otherwise, full query results can be obtained by issuing extra requests - // with the `job_reference` from the a previous `QueryAssets` call. - // - // Note, the query result has approximately 10 GB limitation enforced by - // BigQuery - // https://cloud.google.com/bigquery/docs/best-practices-performance-output, - // queries return larger results will result in errors. - rpc QueryAssets(QueryAssetsRequest) returns (QueryAssetsResponse) { - option (google.api.http) = { - post: "/v1/{parent=*/*}:queryAssets" - body: "*" - }; - } - - // Creates a saved query in a parent project/folder/organization. - rpc CreateSavedQuery(CreateSavedQueryRequest) returns (SavedQuery) { - option (google.api.http) = { - post: "/v1/{parent=*/*}/savedQueries" - body: "saved_query" - }; - option (google.api.method_signature) = "parent,saved_query,saved_query_id"; - } - - // Gets details about a saved query. - rpc GetSavedQuery(GetSavedQueryRequest) returns (SavedQuery) { - option (google.api.http) = { - get: "/v1/{name=*/*/savedQueries/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Lists all saved queries in a parent project/folder/organization. - rpc ListSavedQueries(ListSavedQueriesRequest) returns (ListSavedQueriesResponse) { - option (google.api.http) = { - get: "/v1/{parent=*/*}/savedQueries" - }; - option (google.api.method_signature) = "parent"; - } - - // Updates a saved query. - rpc UpdateSavedQuery(UpdateSavedQueryRequest) returns (SavedQuery) { - option (google.api.http) = { - patch: "/v1/{saved_query.name=*/*/savedQueries/*}" - body: "saved_query" - }; - option (google.api.method_signature) = "saved_query,update_mask"; - } - - // Deletes a saved query. - rpc DeleteSavedQuery(DeleteSavedQueryRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v1/{name=*/*/savedQueries/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Gets effective IAM policies for a batch of resources. - rpc BatchGetEffectiveIamPolicies(BatchGetEffectiveIamPoliciesRequest) returns (BatchGetEffectiveIamPoliciesResponse) { - option (google.api.http) = { - get: "/v1/{scope=*/*}/effectiveIamPolicies:batchGet" - }; - } -} - -// Represents the metadata of the longrunning operation for the -// AnalyzeIamPolicyLongrunning rpc. -message AnalyzeIamPolicyLongrunningMetadata { - // Output only. The time the operation was created. - google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; -} - -// Export asset request. -message ExportAssetsRequest { - // Required. The relative name of the root asset. This can only be an - // organization number (such as "organizations/123"), a project ID (such as - // "projects/my-project-id"), or a project number (such as "projects/12345"), - // or a folder number (such as "folders/123"). - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/Asset" - } - ]; - - // Timestamp to take an asset snapshot. This can only be set to a timestamp - // between the current time and the current time minus 35 days (inclusive). - // If not specified, the current time will be used. Due to delays in resource - // data collection and indexing, there is a volatile window during which - // running the same query may get different results. - google.protobuf.Timestamp read_time = 2; - - // A list of asset types to take a snapshot for. For example: - // "compute.googleapis.com/Disk". - // - // Regular expressions are also supported. For example: - // - // * "compute.googleapis.com.*" snapshots resources whose asset type starts - // with "compute.googleapis.com". - // * ".*Instance" snapshots resources whose asset type ends with "Instance". - // * ".*Instance.*" snapshots resources whose asset type contains "Instance". - // - // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported - // regular expression syntax. If the regular expression does not match any - // supported asset type, an INVALID_ARGUMENT error will be returned. - // - // If specified, only matching assets will be returned, otherwise, it will - // snapshot all asset types. See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) - // for all supported asset types. - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name will be - // returned. - ContentType content_type = 4; - - // Required. Output configuration indicating where the results will be output to. - OutputConfig output_config = 5 [(google.api.field_behavior) = REQUIRED]; - - // A list of relationship types to export, for example: - // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if - // content_type=RELATIONSHIP. - // * If specified: - // it snapshots specified relationships. It returns an error if - // any of the [relationship_types] doesn't belong to the supported - // relationship types of the [asset_types] or if any of the [asset_types] - // doesn't belong to the source types of the [relationship_types]. - // * Otherwise: - // it snapshots the supported relationships for all [asset_types] or returns - // an error if any of the [asset_types] has no relationship support. - // An unspecified asset types field means all supported asset_types. - // See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all - // supported asset types and relationship types. - repeated string relationship_types = 6; -} - -// The export asset response. This message is returned by the -// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned -// [google.longrunning.Operation.response][google.longrunning.Operation.response] field. -message ExportAssetsResponse { - // Time the snapshot was taken. - google.protobuf.Timestamp read_time = 1; - - // Output configuration indicating where the results were output to. - OutputConfig output_config = 2; - - // Output result indicating where the assets were exported to. For example, a - // set of actual Google Cloud Storage object uris where the assets are - // exported to. The uris can be different from what [output_config] has - // specified, as the service will split the output object into multiple ones - // once it exceeds a single Google Cloud Storage object limit. - OutputResult output_result = 3; -} - -// ListAssets request. -message ListAssetsRequest { - // Required. Name of the organization, folder, or project the assets belong to. Format: - // "organizations/[organization-number]" (such as "organizations/123"), - // "projects/[project-id]" (such as "projects/my-project-id"), - // "projects/[project-number]" (such as "projects/12345"), or - // "folders/[folder-number]" (such as "folders/12345"). - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/Asset" - } - ]; - - // Timestamp to take an asset snapshot. This can only be set to a timestamp - // between the current time and the current time minus 35 days (inclusive). - // If not specified, the current time will be used. Due to delays in resource - // data collection and indexing, there is a volatile window during which - // running the same query may get different results. - google.protobuf.Timestamp read_time = 2; - - // A list of asset types to take a snapshot for. For example: - // "compute.googleapis.com/Disk". - // - // Regular expression is also supported. For example: - // - // * "compute.googleapis.com.*" snapshots resources whose asset type starts - // with "compute.googleapis.com". - // * ".*Instance" snapshots resources whose asset type ends with "Instance". - // * ".*Instance.*" snapshots resources whose asset type contains "Instance". - // - // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported - // regular expression syntax. If the regular expression does not match any - // supported asset type, an INVALID_ARGUMENT error will be returned. - // - // If specified, only matching assets will be returned, otherwise, it will - // snapshot all asset types. See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) - // for all supported asset types. - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name will - // be returned. - ContentType content_type = 4; - - // The maximum number of assets to be returned in a single response. Default - // is 100, minimum is 1, and maximum is 1000. - int32 page_size = 5; - - // The `next_page_token` returned from the previous `ListAssetsResponse`, or - // unspecified for the first `ListAssetsRequest`. It is a continuation of a - // prior `ListAssets` call, and the API should return the next page of assets. - string page_token = 6; - - // A list of relationship types to output, for example: - // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if - // content_type=RELATIONSHIP. - // * If specified: - // it snapshots specified relationships. It returns an error if - // any of the [relationship_types] doesn't belong to the supported - // relationship types of the [asset_types] or if any of the [asset_types] - // doesn't belong to the source types of the [relationship_types]. - // * Otherwise: - // it snapshots the supported relationships for all [asset_types] or returns - // an error if any of the [asset_types] has no relationship support. - // An unspecified asset types field means all supported asset_types. - // See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) - // for all supported asset types and relationship types. - repeated string relationship_types = 7; -} - -// ListAssets response. -message ListAssetsResponse { - // Time the snapshot was taken. - google.protobuf.Timestamp read_time = 1; - - // Assets. - repeated Asset assets = 2; - - // Token to retrieve the next page of results. It expires 72 hours after the - // page token for the first page is generated. Set to empty if there are no - // remaining results. - string next_page_token = 3; -} - -// Batch get assets history request. -message BatchGetAssetsHistoryRequest { - // Required. The relative name of the root asset. It can only be an - // organization number (such as "organizations/123"), a project ID (such as - // "projects/my-project-id")", or a project number (such as "projects/12345"). - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/Asset" - } - ]; - - // A list of the full names of the assets. - // See: https://cloud.google.com/asset-inventory/docs/resource-name-format - // Example: - // - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // - // The request becomes a no-op if the asset name list is empty, and the max - // size of the asset name list is 100 in one request. - repeated string asset_names = 2; - - // Optional. The content type. - ContentType content_type = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The time window for the asset history. Both start_time and - // end_time are optional and if set, it must be after the current time minus - // 35 days. If end_time is not set, it is default to current timestamp. - // If start_time is not set, the snapshot of the assets at end_time will be - // returned. The returned results contain all temporal assets whose time - // window overlap with read_time_window. - TimeWindow read_time_window = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A list of relationship types to output, for example: - // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if - // content_type=RELATIONSHIP. - // * If specified: - // it outputs specified relationships' history on the [asset_names]. It - // returns an error if any of the [relationship_types] doesn't belong to the - // supported relationship types of the [asset_names] or if any of the - // [asset_names]'s types doesn't belong to the source types of the - // [relationship_types]. - // * Otherwise: - // it outputs the supported relationships' history on the [asset_names] or - // returns an error if any of the [asset_names]'s types has no relationship - // support. - // See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all - // supported asset types and relationship types. - repeated string relationship_types = 5 [(google.api.field_behavior) = OPTIONAL]; -} - -// Batch get assets history response. -message BatchGetAssetsHistoryResponse { - // A list of assets with valid time windows. - repeated TemporalAsset assets = 1; -} - -// Create asset feed request. -message CreateFeedRequest { - // Required. The name of the project/folder/organization where this feed - // should be created in. It can only be an organization number (such as - // "organizations/123"), a folder number (such as "folders/123"), a project ID - // (such as "projects/my-project-id")", or a project number (such as - // "projects/12345"). - string parent = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. This is the client-assigned asset feed identifier and it needs to - // be unique under a specific parent project/folder/organization. - string feed_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The feed details. The field `name` must be empty and it will be generated - // in the format of: - // projects/project_number/feeds/feed_id - // folders/folder_number/feeds/feed_id - // organizations/organization_number/feeds/feed_id - Feed feed = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Get asset feed request. -message GetFeedRequest { - // Required. The name of the Feed and it must be in the format of: - // projects/project_number/feeds/feed_id - // folders/folder_number/feeds/feed_id - // organizations/organization_number/feeds/feed_id - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudasset.googleapis.com/Feed" - } - ]; -} - -// List asset feeds request. -message ListFeedsRequest { - // Required. The parent project/folder/organization whose feeds are to be - // listed. It can only be using project/folder/organization number (such as - // "folders/12345")", or a project ID (such as "projects/my-project-id"). - string parent = 1 [(google.api.field_behavior) = REQUIRED]; -} - -message ListFeedsResponse { - // A list of feeds. - repeated Feed feeds = 1; -} - -// Update asset feed request. -message UpdateFeedRequest { - // Required. The new values of feed details. It must match an existing feed and the - // field `name` must be in the format of: - // projects/project_number/feeds/feed_id or - // folders/folder_number/feeds/feed_id or - // organizations/organization_number/feeds/feed_id. - Feed feed = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. Only updates the `feed` fields indicated by this mask. - // The field mask must not be empty, and it must not contain fields that - // are immutable or only set by the server. - google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; -} - -message DeleteFeedRequest { - // Required. The name of the feed and it must be in the format of: - // projects/project_number/feeds/feed_id - // folders/folder_number/feeds/feed_id - // organizations/organization_number/feeds/feed_id - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudasset.googleapis.com/Feed" - } - ]; -} - -// Output configuration for export assets destination. -message OutputConfig { - // Asset export destination. - oneof destination { - // Destination on Cloud Storage. - GcsDestination gcs_destination = 1; - - // Destination on BigQuery. The output table stores the fields in asset - // Protobuf as columns in BigQuery. - BigQueryDestination bigquery_destination = 2; - } -} - -// Output result of export assets. -message OutputResult { - // Asset export result. - oneof result { - // Export result on Cloud Storage. - GcsOutputResult gcs_result = 1; - } -} - -// A Cloud Storage output result. -message GcsOutputResult { - // List of uris of the Cloud Storage objects. Example: - // "gs://bucket_name/object_name". - repeated string uris = 1; -} - -// A Cloud Storage location. -message GcsDestination { - // Required. - oneof object_uri { - // The uri of the Cloud Storage object. It's the same uri that is used by - // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and - // Editing Object - // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) - // for more information. - // - // If the specified Cloud Storage object already exists and there is no - // [hold](https://cloud.google.com/storage/docs/object-holds), it will be - // overwritten with the exported result. - string uri = 1; - - // The uri prefix of all generated Cloud Storage objects. Example: - // "gs://bucket_name/object_name_prefix". Each object uri is in format: - // "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only - // contains assets for that type. <shard number> starts from 0. Example: - // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is - // the first shard of output objects containing all - // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be - // returned if file with the same name "gs://bucket_name/object_name_prefix" - // already exists. - string uri_prefix = 2; - } -} - -// A BigQuery destination for exporting assets to. -message BigQueryDestination { - // Required. The BigQuery dataset in format - // "projects/projectId/datasets/datasetId", to which the snapshot result - // should be exported. If this dataset does not exist, the export call returns - // an INVALID_ARGUMENT error. Setting the `contentType` for `exportAssets` - // determines the - // [schema](/asset-inventory/docs/exporting-to-bigquery#bigquery-schema) - // of the BigQuery table. Setting `separateTablesPerAssetType` to `TRUE` also - // influences the schema. - string dataset = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The BigQuery table to which the snapshot result should be - // written. If this table does not exist, a new table with the given name - // will be created. - string table = 2 [(google.api.field_behavior) = REQUIRED]; - - // If the destination table already exists and this flag is `TRUE`, the - // table will be overwritten by the contents of assets snapshot. If the flag - // is `FALSE` or unset and the destination table already exists, the export - // call returns an INVALID_ARGUMEMT error. - bool force = 3; - - // [partition_spec] determines whether to export to partitioned table(s) and - // how to partition the data. - // - // If [partition_spec] is unset or [partition_spec.partition_key] is unset or - // `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to - // non-partitioned table(s). [force] will decide whether to overwrite existing - // table(s). - // - // If [partition_spec] is specified. First, the snapshot results will be - // written to partitioned table(s) with two additional timestamp columns, - // readTime and requestTime, one of which will be the partition key. Secondly, - // in the case when any destination table already exists, it will first try to - // update existing table's schema as necessary by appending additional - // columns. Then, if [force] is `TRUE`, the corresponding partition will be - // overwritten by the snapshot results (data in different partitions will - // remain intact); if [force] is unset or `FALSE`, it will append the data. An - // error will be returned if the schema update or data appension fails. - PartitionSpec partition_spec = 4; - - // If this flag is `TRUE`, the snapshot results will be written to one or - // multiple tables, each of which contains results of one asset type. The - // [force] and [partition_spec] fields will apply to each of them. - // - // Field [table] will be concatenated with "_" and the asset type names (see - // https://cloud.google.com/asset-inventory/docs/supported-asset-types for - // supported asset types) to construct per-asset-type table names, in which - // all non-alphanumeric characters like "." and "/" will be substituted by - // "_". Example: if field [table] is "mytable" and snapshot results - // contain "storage.googleapis.com/Bucket" assets, the corresponding table - // name will be "mytable_storage_googleapis_com_Bucket". If any of these - // tables does not exist, a new table with the concatenated name will be - // created. - // - // When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of - // each table will include RECORD-type columns mapped to the nested fields in - // the Asset.resource.data field of that asset type (up to the 15 nested level - // BigQuery supports - // (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The - // fields in >15 nested levels will be stored in JSON format string as a child - // column of its parent RECORD column. - // - // If error occurs when exporting to any table, the whole export call will - // return an error but the export results that already succeed will persist. - // Example: if exporting to table_type_A succeeds when exporting to - // table_type_B fails during one export call, the results in table_type_A will - // persist and there will not be partial results persisting in a table. - bool separate_tables_per_asset_type = 5; -} - -// Specifications of BigQuery partitioned table as export destination. -message PartitionSpec { - // This enum is used to determine the partition key column when exporting - // assets to BigQuery partitioned table(s). Note that, if the partition key is - // a timestamp column, the actual partition is based on its date value - // (expressed in UTC. see details in - // https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables). - enum PartitionKey { - // Unspecified partition key. If used, it means using non-partitioned table. - PARTITION_KEY_UNSPECIFIED = 0; - - // The time when the snapshot is taken. If specified as partition key, the - // result table(s) is partitoned by the additional timestamp column, - // readTime. If [read_time] in ExportAssetsRequest is specified, the - // readTime column's value will be the same as it. Otherwise, its value will - // be the current time that is used to take the snapshot. - READ_TIME = 1; - - // The time when the request is received and started to be processed. If - // specified as partition key, the result table(s) is partitoned by the - // requestTime column, an additional timestamp column representing when the - // request was received. - REQUEST_TIME = 2; - } - - // The partition key for BigQuery partitioned table. - PartitionKey partition_key = 1; -} - -// A Pub/Sub destination. -message PubsubDestination { - // The name of the Pub/Sub topic to publish to. - // Example: `projects/PROJECT_ID/topics/TOPIC_ID`. - string topic = 1; -} - -// Output configuration for asset feed destination. -message FeedOutputConfig { - // Asset feed destination. - oneof destination { - // Destination on Pub/Sub. - PubsubDestination pubsub_destination = 1; - } -} - -// An asset feed used to export asset updates to a destinations. -// An asset feed filter controls what updates are exported. -// The asset feed must be created within a project, organization, or -// folder. Supported destinations are: -// Pub/Sub topics. -message Feed { - option (google.api.resource) = { - type: "cloudasset.googleapis.com/Feed" - pattern: "projects/{project}/feeds/{feed}" - pattern: "folders/{folder}/feeds/{feed}" - pattern: "organizations/{organization}/feeds/{feed}" - history: ORIGINALLY_SINGLE_PATTERN - }; - - // Required. The format will be - // projects/{project_number}/feeds/{client-assigned_feed_identifier} or - // folders/{folder_number}/feeds/{client-assigned_feed_identifier} or - // organizations/{organization_number}/feeds/{client-assigned_feed_identifier} - // - // The client-assigned feed identifier must be unique within the parent - // project/folder/organization. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // A list of the full names of the assets to receive updates. You must specify - // either or both of asset_names and asset_types. Only asset updates matching - // specified asset_names or asset_types are exported to the feed. - // Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // For a list of the full names for supported asset types, see [Resource - // name format](/asset-inventory/docs/resource-name-format). - repeated string asset_names = 2; - - // A list of types of the assets to receive updates. You must specify either - // or both of asset_names and asset_types. Only asset updates matching - // specified asset_names or asset_types are exported to the feed. - // Example: `"compute.googleapis.com/Disk"` - // - // For a list of all supported asset types, see - // [Supported asset types](/asset-inventory/docs/supported-asset-types). - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name and - // type will be returned. - ContentType content_type = 4; - - // Required. Feed output configuration defining where the asset updates are - // published to. - FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED]; - - // A condition which determines whether an asset update should be published. - // If specified, an asset will be returned only when the expression evaluates - // to true. - // When set, `expression` field in the `Expr` must be a valid [CEL expression] - // (https://github.com/google/cel-spec) on a TemporalAsset with name - // `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted - // == true") will only publish Asset deletions. Other fields of `Expr` are - // optional. - // - // See our [user - // guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes-with-condition) - // for detailed instructions. - google.type.Expr condition = 6; - - // A list of relationship types to output, for example: - // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if - // content_type=RELATIONSHIP. - // * If specified: - // it outputs specified relationship updates on the [asset_names] or the - // [asset_types]. It returns an error if any of the [relationship_types] - // doesn't belong to the supported relationship types of the [asset_names] or - // [asset_types], or any of the [asset_names] or the [asset_types] doesn't - // belong to the source types of the [relationship_types]. - // * Otherwise: - // it outputs the supported relationships of the types of [asset_names] and - // [asset_types] or returns an error if any of the [asset_names] or the - // [asset_types] has no replationship support. - // See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) - // for all supported asset types and relationship types. - repeated string relationship_types = 7; -} - -// Search all resources request. -message SearchAllResourcesRequest { - // Required. A scope can be a project, a folder, or an organization. The search is - // limited to the resources within the `scope`. The caller must be granted the - // [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions) - // permission on the desired scope. - // - // The allowed values are: - // - // * projects/{PROJECT_ID} (e.g., "projects/foo-bar") - // * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") - // * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") - // * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456") - string scope = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. The query statement. See [how to construct a - // query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) - // for more information. If not specified or empty, it will search all the - // resources within the specified `scope`. - // - // Examples: - // - // * `name:Important` to find Cloud resources whose name contains - // "Important" as a word. - // * `name=Important` to find the Cloud resource whose name is exactly - // "Important". - // * `displayName:Impor*` to find Cloud resources whose display name - // contains "Impor" as a prefix of any word in the field. - // * `location:us-west*` to find Cloud resources whose location contains both - // "us" and "west" as prefixes. - // * `labels:prod` to find Cloud resources whose labels contain "prod" as - // a key or value. - // * `labels.env:prod` to find Cloud resources that have a label "env" - // and its value is "prod". - // * `labels.env:*` to find Cloud resources that have a label "env". - // * `kmsKey:key` to find Cloud resources encrypted with a customer-managed - // encryption key whose name contains "key" as a word. This field is - // deprecated. Please use the `kmsKeys` field to retrieve KMS key - // information. - // * `kmsKeys:key` to find Cloud resources encrypted with customer-managed - // encryption keys whose name contains the word "key". - // * `relationships:instance-group-1` to find Cloud resources that have - // relationships with "instance-group-1" in the related resource name. - // * `relationships:INSTANCE_TO_INSTANCEGROUP` to find compute instances that - // have relationships of type "INSTANCE_TO_INSTANCEGROUP". - // * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find - // compute instances that have relationships with "instance-group-1" in the - // compute instance group resource name, for relationship type - // "INSTANCE_TO_INSTANCEGROUP". - // * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a - // word. - // * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain - // "ACTIVE" as a word. - // * `createTime<1609459200` to find Cloud resources that were created before - // "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of - // "2021-01-01 00:00:00 UTC" in seconds. - // * `updateTime>1609459200` to find Cloud resources that were updated after - // "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of - // "2021-01-01 00:00:00 UTC" in seconds. - // * `Important` to find Cloud resources that contain "Important" as a word - // in any of the searchable fields. - // * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any - // word in any of the searchable fields. - // * `Important location:(us-west1 OR global)` to find Cloud - // resources that contain "Important" as a word in any of the searchable - // fields and are also located in the "us-west1" region or the "global" - // location. - string query = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A list of asset types that this request searches for. If empty, it will - // search all the [searchable asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). - // - // Regular expressions are also supported. For example: - // - // * "compute.googleapis.com.*" snapshots resources whose asset type starts - // with "compute.googleapis.com". - // * ".*Instance" snapshots resources whose asset type ends with "Instance". - // * ".*Instance.*" snapshots resources whose asset type contains "Instance". - // - // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported - // regular expression syntax. If the regular expression does not match any - // supported asset type, an INVALID_ARGUMENT error will be returned. - repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The page size for search result pagination. Page size is capped at 500 even - // if a larger value is given. If set to zero, server will pick an appropriate - // default. Returned results may be fewer than requested. When this happens, - // there could be more results as long as `next_page_token` is returned. - int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If present, then retrieve the next batch of results from the preceding call - // to this method. `page_token` must be the value of `next_page_token` from - // the previous response. The values of all other method parameters, must be - // identical to those in the previous call. - string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A comma-separated list of fields specifying the sorting order of the - // results. The default order is ascending. Add " DESC" after the field name - // to indicate descending order. Redundant space characters are ignored. - // Example: "location DESC, name". - // Only singular primitive fields in the response are sortable: - // - // * name - // * assetType - // * project - // * displayName - // * description - // * location - // * createTime - // * updateTime - // * state - // * parentFullResourceName - // * parentAssetType - // - // All the other fields such as repeated fields (e.g., `networkTags`, - // `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g., - // `additionalAttributes`) are not supported. - string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A comma-separated list of fields specifying which fields to be returned in - // ResourceSearchResult. Only '*' or combination of top level fields can be - // specified. Field names of both snake_case and camelCase are supported. - // Examples: `"*"`, `"name,location"`, `"name,versionedResources"`. - // - // The read_mask paths must be valid field paths listed but not limited to - // (both snake_case and camelCase are supported): - // - // * name - // * assetType - // * project - // * displayName - // * description - // * location - // * tagKeys - // * tagValues - // * tagValueIds - // * labels - // * networkTags - // * kmsKey (This field is deprecated. Please use the `kmsKeys` field to - // retrieve KMS key information.) - // * kmsKeys - // * createTime - // * updateTime - // * state - // * additionalAttributes - // * versionedResources - // - // If read_mask is not specified, all fields except versionedResources will - // be returned. - // If only '*' is specified, all fields including versionedResources will be - // returned. - // Any invalid field path will trigger INVALID_ARGUMENT error. - google.protobuf.FieldMask read_mask = 8 [(google.api.field_behavior) = OPTIONAL]; -} - -// Search all resources response. -message SearchAllResourcesResponse { - // A list of Resources that match the search query. It contains the resource - // standard metadata information. - repeated ResourceSearchResult results = 1; - - // If there are more results than those appearing in this response, then - // `next_page_token` is included. To get the next set of results, call this - // method again using the value of `next_page_token` as `page_token`. - string next_page_token = 2; -} - -// Search all IAM policies request. -message SearchAllIamPoliciesRequest { - // Required. A scope can be a project, a folder, or an organization. The search is - // limited to the IAM policies within the `scope`. The caller must be granted - // the - // [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions) - // permission on the desired scope. - // - // The allowed values are: - // - // * projects/{PROJECT_ID} (e.g., "projects/foo-bar") - // * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") - // * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") - // * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456") - string scope = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. The query statement. See [how to construct a - // query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) - // for more information. If not specified or empty, it will search all the - // IAM policies within the specified `scope`. Note that the query string is - // compared against each Cloud IAM policy binding, including its principals, - // roles, and Cloud IAM conditions. The returned Cloud IAM policies will only - // contain the bindings that match your query. To learn more about the IAM - // policy structure, see the [IAM policy - // documentation](https://cloud.google.com/iam/help/allow-policies/structure). - // - // Examples: - // - // * `policy:amy@gmail.com` to find IAM policy bindings that specify user - // "amy@gmail.com". - // * `policy:roles/compute.admin` to find IAM policy bindings that specify - // the Compute Admin role. - // * `policy:comp*` to find IAM policy bindings that contain "comp" as a - // prefix of any word in the binding. - // * `policy.role.permissions:storage.buckets.update` to find IAM policy - // bindings that specify a role containing "storage.buckets.update" - // permission. Note that if callers don't have `iam.roles.get` access to a - // role's included permissions, policy bindings that specify this role will - // be dropped from the search results. - // * `policy.role.permissions:upd*` to find IAM policy bindings that specify a - // role containing "upd" as a prefix of any word in the role permission. - // Note that if callers don't have `iam.roles.get` access to a role's - // included permissions, policy bindings that specify this role will be - // dropped from the search results. - // * `resource:organizations/123456` to find IAM policy bindings - // that are set on "organizations/123456". - // * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to - // find IAM policy bindings that are set on the project named "myproject". - // * `Important` to find IAM policy bindings that contain "Important" as a - // word in any of the searchable fields (except for the included - // permissions). - // * `resource:(instance1 OR instance2) policy:amy` to find - // IAM policy bindings that are set on resources "instance1" or - // "instance2" and also specify user "amy". - // * `roles:roles/compute.admin` to find IAM policy bindings that specify the - // Compute Admin role. - // * `memberTypes:user` to find IAM policy bindings that contain the - // principal type "user". - string query = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The page size for search result pagination. Page size is capped at 500 even - // if a larger value is given. If set to zero, server will pick an appropriate - // default. Returned results may be fewer than requested. When this happens, - // there could be more results as long as `next_page_token` is returned. - int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If present, retrieve the next batch of results from the preceding call to - // this method. `page_token` must be the value of `next_page_token` from the - // previous response. The values of all other method parameters must be - // identical to those in the previous call. - string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A list of asset types that the IAM policies are attached to. If empty, it - // will search the IAM policies that are attached to all the [searchable asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). - // - // Regular expressions are also supported. For example: - // - // * "compute.googleapis.com.*" snapshots IAM policies attached to asset type - // starts with "compute.googleapis.com". - // * ".*Instance" snapshots IAM policies attached to asset type ends with - // "Instance". - // * ".*Instance.*" snapshots IAM policies attached to asset type contains - // "Instance". - // - // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported - // regular expression syntax. If the regular expression does not match any - // supported asset type, an INVALID_ARGUMENT error will be returned. - repeated string asset_types = 5 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A comma-separated list of fields specifying the sorting order of the - // results. The default order is ascending. Add " DESC" after the field name - // to indicate descending order. Redundant space characters are ignored. - // Example: "assetType DESC, resource". - // Only singular primitive fields in the response are sortable: - // * resource - // * assetType - // * project - // All the other fields such as repeated fields (e.g., `folders`) and - // non-primitive fields (e.g., `policy`) are not supported. - string order_by = 7 [(google.api.field_behavior) = OPTIONAL]; -} - -// Search all IAM policies response. -message SearchAllIamPoliciesResponse { - // A list of IamPolicy that match the search query. Related information such - // as the associated resource is returned along with the policy. - repeated IamPolicySearchResult results = 1; - - // Set if there are more results than those appearing in this response; to get - // the next set of results, call this method again, using this value as the - // `page_token`. - string next_page_token = 2; -} - -// IAM policy analysis query message. -message IamPolicyAnalysisQuery { - // Specifies the resource to analyze for access policies, which may be set - // directly on the resource, or on ancestors such as organizations, folders or - // projects. - message ResourceSelector { - // Required. The [full resource name] - // (https://cloud.google.com/asset-inventory/docs/resource-name-format) - // of a resource of [supported resource - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types). - string full_resource_name = 1 [(google.api.field_behavior) = REQUIRED]; - } - - // Specifies an identity for which to determine resource access, based on - // roles assigned either directly to them or to the groups they belong to, - // directly or indirectly. - message IdentitySelector { - // Required. The identity appear in the form of principals in - // [IAM policy - // binding](https://cloud.google.com/iam/reference/rest/v1/Binding). - // - // The examples of supported forms are: - // "user:mike@example.com", - // "group:admins@example.com", - // "domain:google.com", - // "serviceAccount:my-project-id@appspot.gserviceaccount.com". - // - // Notice that wildcard characters (such as * and ?) are not supported. - // You must give a specific identity. - string identity = 1 [(google.api.field_behavior) = REQUIRED]; - } - - // Specifies roles and/or permissions to analyze, to determine both the - // identities possessing them and the resources they control. If multiple - // values are specified, results will include roles or permissions matching - // any of them. The total number of roles and permissions should be equal or - // less than 10. - message AccessSelector { - // Optional. The roles to appear in result. - repeated string roles = 1 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The permissions to appear in result. - repeated string permissions = 2 [(google.api.field_behavior) = OPTIONAL]; - } - - // Contains query options. - message Options { - // Optional. If true, the identities section of the result will expand any - // Google groups appearing in an IAM policy binding. - // - // If [IamPolicyAnalysisQuery.identity_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.identity_selector] is specified, the - // identity in the result will be determined by the selector, and this flag - // is not allowed to set. - // - // If true, the default max expansion per group is 1000 for - // AssetService.AnalyzeIamPolicy][]. - // - // Default is false. - bool expand_groups = 1 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If true, the access section of result will expand any roles - // appearing in IAM policy bindings to include their permissions. - // - // If [IamPolicyAnalysisQuery.access_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.access_selector] is specified, the access - // section of the result will be determined by the selector, and this flag - // is not allowed to set. - // - // Default is false. - bool expand_roles = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If true and [IamPolicyAnalysisQuery.resource_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector] is not - // specified, the resource section of the result will expand any resource - // attached to an IAM policy to include resources lower in the resource - // hierarchy. - // - // For example, if the request analyzes for which resources user A has - // permission P, and the results include an IAM policy with P on a GCP - // folder, the results will also include resources in that folder with - // permission P. - // - // If true and [IamPolicyAnalysisQuery.resource_selector][google.cloud.asset.v1.IamPolicyAnalysisQuery.resource_selector] is specified, - // the resource section of the result will expand the specified resource to - // include resources lower in the resource hierarchy. Only project or - // lower resources are supported. Folder and organization resource cannot be - // used together with this option. - // - // For example, if the request analyzes for which users have permission P on - // a GCP project with this option enabled, the results will include all - // users who have permission P on that project or any lower resource. - // - // If true, the default max expansion per resource is 1000 for - // AssetService.AnalyzeIamPolicy][] and 100000 for - // AssetService.AnalyzeIamPolicyLongrunning][]. - // - // Default is false. - bool expand_resources = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If true, the result will output the relevant parent/child relationships - // between resources. - // Default is false. - bool output_resource_edges = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If true, the result will output the relevant membership relationships - // between groups and other groups, and between groups and principals. - // Default is false. - bool output_group_edges = 5 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If true, the response will include access analysis from identities to - // resources via service account impersonation. This is a very expensive - // operation, because many derived queries will be executed. We highly - // recommend you use [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning] rpc - // instead. - // - // For example, if the request analyzes for which resources user A has - // permission P, and there's an IAM policy states user A has - // iam.serviceAccounts.getAccessToken permission to a service account SA, - // and there's another IAM policy states service account SA has permission P - // to a GCP folder F, then user A potentially has access to the GCP folder - // F. And those advanced analysis results will be included in - // [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. - // - // Another example, if the request analyzes for who has - // permission P to a GCP folder F, and there's an IAM policy states user A - // has iam.serviceAccounts.actAs permission to a service account SA, and - // there's another IAM policy states service account SA has permission P to - // the GCP folder F, then user A potentially has access to the GCP folder - // F. And those advanced analysis results will be included in - // [AnalyzeIamPolicyResponse.service_account_impersonation_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis]. - // - // Only the following permissions are considered in this analysis: - // - // * `iam.serviceAccounts.actAs` - // * `iam.serviceAccounts.signBlob` - // * `iam.serviceAccounts.signJwt` - // * `iam.serviceAccounts.getAccessToken` - // * `iam.serviceAccounts.getOpenIdToken` - // * `iam.serviceAccounts.implicitDelegation` - // - // Default is false. - bool analyze_service_account_impersonation = 6 [(google.api.field_behavior) = OPTIONAL]; - } - - // The IAM conditions context. - message ConditionContext { - // The IAM conditions time context. - oneof TimeContext { - // The hypothetical access timestamp to evaluate IAM conditions. Note that - // this value must not be earlier than the current time; otherwise, an - // INVALID_ARGUMENT error will be returned. - google.protobuf.Timestamp access_time = 1; - } - } - - // Required. The relative name of the root asset. Only resources and IAM policies within - // the scope will be analyzed. - // - // This can only be an organization number (such as "organizations/123"), a - // folder number (such as "folders/123"), a project ID (such as - // "projects/my-project-id"), or a project number (such as "projects/12345"). - // - // To know how to get organization id, visit [here - // ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). - // - // To know how to get folder or project id, visit [here - // ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). - string scope = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. Specifies a resource for analysis. - ResourceSelector resource_selector = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. Specifies an identity for analysis. - IdentitySelector identity_selector = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. Specifies roles or permissions for analysis. This is optional. - AccessSelector access_selector = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The query options. - Options options = 5 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The hypothetical context for IAM conditions evaluation. - ConditionContext condition_context = 6 [(google.api.field_behavior) = OPTIONAL]; -} - -// A request message for [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1.AssetService.AnalyzeIamPolicy]. -message AnalyzeIamPolicyRequest { - // Required. The request query. - IamPolicyAnalysisQuery analysis_query = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. The name of a saved query, which must be in the format of: - // - // * projects/project_number/savedQueries/saved_query_id - // * folders/folder_number/savedQueries/saved_query_id - // * organizations/organization_number/savedQueries/saved_query_id - // - // If both `analysis_query` and `saved_analysis_query` are provided, they - // will be merged together with the `saved_analysis_query` as base and - // the `analysis_query` as overrides. For more details of the merge behavior, - // please refer to the - // [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) - // page. - // - // Note that you cannot override primitive fields with default value, such as - // 0 or empty string, etc., because we use proto3, which doesn't support field - // presence yet. - string saved_analysis_query = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. Amount of time executable has to complete. See JSON representation of - // [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json). - // - // If this field is set with a value less than the RPC deadline, and the - // execution of your query hasn't finished in the specified - // execution timeout, you will get a response with partial result. - // Otherwise, your query's execution will continue until the RPC deadline. - // If it's not finished until then, you will get a DEADLINE_EXCEEDED error. - // - // Default is empty. - google.protobuf.Duration execution_timeout = 2 [(google.api.field_behavior) = OPTIONAL]; -} - -// A response message for [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1.AssetService.AnalyzeIamPolicy]. -message AnalyzeIamPolicyResponse { - // An analysis message to group the query and results. - message IamPolicyAnalysis { - // The analysis query. - IamPolicyAnalysisQuery analysis_query = 1; - - // A list of [IamPolicyAnalysisResult][google.cloud.asset.v1.IamPolicyAnalysisResult] that matches the analysis query, or - // empty if no result is found. - repeated IamPolicyAnalysisResult analysis_results = 2; - - // Represents whether all entries in the [analysis_results][google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis.analysis_results] have been - // fully explored to answer the query. - bool fully_explored = 3; - - // A list of non-critical errors happened during the query handling. - repeated IamPolicyAnalysisState non_critical_errors = 5; - } - - // The main analysis that matches the original request. - IamPolicyAnalysis main_analysis = 1; - - // The service account impersonation analysis if - // [AnalyzeIamPolicyRequest.analyze_service_account_impersonation][] is - // enabled. - repeated IamPolicyAnalysis service_account_impersonation_analysis = 2; - - // Represents whether all entries in the [main_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.main_analysis] and - // [service_account_impersonation_analysis][google.cloud.asset.v1.AnalyzeIamPolicyResponse.service_account_impersonation_analysis] have been fully explored to - // answer the query in the request. - bool fully_explored = 3; -} - -// Output configuration for export IAM policy analysis destination. -message IamPolicyAnalysisOutputConfig { - // A Cloud Storage location. - message GcsDestination { - // Required. The uri of the Cloud Storage object. It's the same uri that is used by - // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and - // Editing Object - // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) - // for more information. - // - // If the specified Cloud Storage object already exists and there is no - // [hold](https://cloud.google.com/storage/docs/object-holds), it will be - // overwritten with the analysis result. - string uri = 1 [(google.api.field_behavior) = REQUIRED]; - } - - // A BigQuery destination. - message BigQueryDestination { - // This enum determines the partition key column for the bigquery tables. - // Partitioning can improve query performance and reduce query cost by - // filtering partitions. Refer to - // https://cloud.google.com/bigquery/docs/partitioned-tables for details. - enum PartitionKey { - // Unspecified partition key. Tables won't be partitioned using this - // option. - PARTITION_KEY_UNSPECIFIED = 0; - - // The time when the request is received. If specified as partition key, - // the result table(s) is partitoned by the RequestTime column, an - // additional timestamp column representing when the request was received. - REQUEST_TIME = 1; - } - - // Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId", - // to which the analysis results should be exported. If this dataset does - // not exist, the export call will return an INVALID_ARGUMENT error. - string dataset = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The prefix of the BigQuery tables to which the analysis results will be - // written. Tables will be created based on this table_prefix if not exist: - // * <table_prefix>_analysis table will contain export operation's metadata. - // * <table_prefix>_analysis_result will contain all the - // [IamPolicyAnalysisResult][google.cloud.asset.v1.IamPolicyAnalysisResult]. - // When [partition_key] is specified, both tables will be partitioned based - // on the [partition_key]. - string table_prefix = 2 [(google.api.field_behavior) = REQUIRED]; - - // The partition key for BigQuery partitioned table. - PartitionKey partition_key = 3; - - // Optional. Specifies the action that occurs if the destination table or partition - // already exists. The following values are supported: - // - // * WRITE_TRUNCATE: If the table or partition already exists, BigQuery - // overwrites the entire table or all the partitions data. - // * WRITE_APPEND: If the table or partition already exists, BigQuery - // appends the data to the table or the latest partition. - // * WRITE_EMPTY: If the table already exists and contains data, an error is - // returned. - // - // The default value is WRITE_APPEND. Each action is atomic and only occurs - // if BigQuery is able to complete the job successfully. Details are at - // https://cloud.google.com/bigquery/docs/loading-data-local#appending_to_or_overwriting_a_table_using_a_local_file. - string write_disposition = 4 [(google.api.field_behavior) = OPTIONAL]; - } - - // IAM policy analysis export destination. - oneof destination { - // Destination on Cloud Storage. - GcsDestination gcs_destination = 1; - - // Destination on BigQuery. - BigQueryDestination bigquery_destination = 2; - } -} - -// A request message for [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning]. -message AnalyzeIamPolicyLongrunningRequest { - // Required. The request query. - IamPolicyAnalysisQuery analysis_query = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. The name of a saved query, which must be in the format of: - // - // * projects/project_number/savedQueries/saved_query_id - // * folders/folder_number/savedQueries/saved_query_id - // * organizations/organization_number/savedQueries/saved_query_id - // - // If both `analysis_query` and `saved_analysis_query` are provided, they - // will be merged together with the `saved_analysis_query` as base and - // the `analysis_query` as overrides. For more details of the merge behavior, - // please refer to the - // [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) - // doc. - // - // Note that you cannot override primitive fields with default value, such as - // 0 or empty string, etc., because we use proto3, which doesn't support field - // presence yet. - string saved_analysis_query = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Required. Output configuration indicating where the results will be output to. - IamPolicyAnalysisOutputConfig output_config = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// A response message for [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning]. -message AnalyzeIamPolicyLongrunningResponse { - -} - -// A saved query which can be shared with others or used later. -message SavedQuery { - option (google.api.resource) = { - type: "cloudasset.googleapis.com/SavedQuery" - pattern: "projects/{project}/savedQueries/{saved_query}" - pattern: "folders/{folder}/savedQueries/{saved_query}" - pattern: "organizations/{organization}/savedQueries/{saved_query}" - }; - - // The query content. - message QueryContent { - oneof query_content { - // An IAM Policy Analysis query, which could be used in - // the [AssetService.AnalyzeIamPolicy][google.cloud.asset.v1.AssetService.AnalyzeIamPolicy] rpc or - // the [AssetService.AnalyzeIamPolicyLongrunning][google.cloud.asset.v1.AssetService.AnalyzeIamPolicyLongrunning] rpc. - IamPolicyAnalysisQuery iam_policy_analysis_query = 1; - } - } - - // The resource name of the saved query. The format must be: - // - // * projects/project_number/savedQueries/saved_query_id - // * folders/folder_number/savedQueries/saved_query_id - // * organizations/organization_number/savedQueries/saved_query_id - string name = 1; - - // The description of this saved query. This value should be fewer than 255 - // characters. - string description = 2; - - // Output only. The create time of this saved query. - google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The account's email address who has created this saved query. - string creator = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The last update time of this saved query. - google.protobuf.Timestamp last_update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The account's email address who has updated this saved query most recently. - string last_updater = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Labels applied on the resource. - // This value should not contain more than 10 entries. The key and value of - // each entry must be non-empty and fewer than 64 characters. - map<string, string> labels = 7; - - // The query content. - QueryContent content = 8; -} - -// Request to create a saved query. -message CreateSavedQueryRequest { - // Required. The name of the project/folder/organization where this saved_query - // should be created in. It can only be an organization number (such as - // "organizations/123"), a folder number (such as "folders/123"), a project ID - // (such as "projects/my-project-id")", or a project number (such as - // "projects/12345"). - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/SavedQuery" - } - ]; - - // Required. The saved_query details. The `name` field must be empty as it will be - // generated based on the parent and saved_query_id. - SavedQuery saved_query = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The ID to use for the saved query, which must be unique in the specified - // parent. It will become the final component of the saved query's resource - // name. - // - // This value should be 4-63 characters, and valid characters - // are /[a-z][0-9]-/. - // - // Notice that this field is required in the saved query creation, and the - // `name` field of the `saved_query` will be ignored. - string saved_query_id = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Request to get a saved query. -message GetSavedQueryRequest { - // Required. The name of the saved query and it must be in the format of: - // - // * projects/project_number/savedQueries/saved_query_id - // * folders/folder_number/savedQueries/saved_query_id - // * organizations/organization_number/savedQueries/saved_query_id - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudasset.googleapis.com/SavedQuery" - } - ]; -} - -// Request to list saved queries. -message ListSavedQueriesRequest { - // Required. The parent project/folder/organization whose savedQueries are to be - // listed. It can only be using project/folder/organization number (such as - // "folders/12345")", or a project ID (such as "projects/my-project-id"). - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/SavedQuery" - } - ]; - - // Optional. The expression to filter resources. - // The expression is a list of zero or more restrictions combined via logical - // operators `AND` and `OR`. When `AND` and `OR` are both used in the - // expression, parentheses must be appropriately used to group the - // combinations. The expression may also contain regular expressions. - // - // See https://google.aip.dev/160 for more information on the grammar. - string filter = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The maximum number of saved queries to return per page. The service may - // return fewer than this value. If unspecified, at most 50 will be returned. - // The maximum value is 1000; values above 1000 will be coerced to 1000. - int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A page token, received from a previous `ListSavedQueries` call. - // Provide this to retrieve the subsequent page. - // - // When paginating, all other parameters provided to `ListSavedQueries` must - // match the call that provided the page token. - string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; -} - -// Response of listing saved queries. -message ListSavedQueriesResponse { - // A list of savedQueries. - repeated SavedQuery saved_queries = 1; - - // A token, which can be sent as `page_token` to retrieve the next page. - // If this field is omitted, there are no subsequent pages. - string next_page_token = 2; -} - -// Request to update a saved query. -message UpdateSavedQueryRequest { - // Required. The saved query to update. - // - // The saved query's `name` field is used to identify the one to update, - // which has format as below: - // - // * projects/project_number/savedQueries/saved_query_id - // * folders/folder_number/savedQueries/saved_query_id - // * organizations/organization_number/savedQueries/saved_query_id - SavedQuery saved_query = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The list of fields to update. - google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; -} - -// Request to delete a saved query. -message DeleteSavedQueryRequest { - // Required. The name of the saved query to delete. It must be in the format of: - // - // * projects/project_number/savedQueries/saved_query_id - // * folders/folder_number/savedQueries/saved_query_id - // * organizations/organization_number/savedQueries/saved_query_id - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudasset.googleapis.com/SavedQuery" - } - ]; -} - -// The request message for performing resource move analysis. -message AnalyzeMoveRequest { - // View enum for supporting partial analysis responses. - enum AnalysisView { - // The default/unset value. - // The API will default to the FULL view. - ANALYSIS_VIEW_UNSPECIFIED = 0; - - // Full analysis including all level of impacts of the specified resource - // move. - FULL = 1; - - // Basic analysis only including blockers which will prevent the specified - // resource move at runtime. - BASIC = 2; - } - - // Required. Name of the resource to perform the analysis against. - // Only GCP Project are supported as of today. Hence, this can only be Project - // ID (such as "projects/my-project-id") or a Project Number (such as - // "projects/12345"). - string resource = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. Name of the GCP Folder or Organization to reparent the target - // resource. The analysis will be performed against hypothetically moving the - // resource to this specified desitination parent. This can only be a Folder - // number (such as "folders/123") or an Organization number (such as - // "organizations/123"). - string destination_parent = 2 [(google.api.field_behavior) = REQUIRED]; - - // Analysis view indicating what information should be included in the - // analysis response. If unspecified, the default view is FULL. - AnalysisView view = 3; -} - -// The response message for resource move analysis. -message AnalyzeMoveResponse { - // The list of analyses returned from performing the intended resource move - // analysis. The analysis is grouped by different Cloud services. - repeated MoveAnalysis move_analysis = 1; -} - -// A message to group the analysis information. -message MoveAnalysis { - // The user friendly display name of the analysis. E.g. IAM, Organization - // Policy etc. - string display_name = 1; - - oneof result { - // Analysis result of moving the target resource. - MoveAnalysisResult analysis = 2; - - // Description of error encountered when performing the analysis. - google.rpc.Status error = 3; - } -} - -// An analysis result including blockers and warnings. -message MoveAnalysisResult { - // Blocking information that would prevent the target resource from moving - // to the specified destination at runtime. - repeated MoveImpact blockers = 1; - - // Warning information indicating that moving the target resource to the - // specified destination might be unsafe. This can include important policy - // information and configuration changes, but will not block moves at runtime. - repeated MoveImpact warnings = 2; -} - -// A message to group impacts of moving the target resource. -message MoveImpact { - // User friendly impact detail in a free form message. - string detail = 1; -} - -// Output configuration query assets. -message QueryAssetsOutputConfig { - // BigQuery destination. - message BigQueryDestination { - // Required. The BigQuery dataset where the query results will be saved. It has the - // format of "projects/{projectId}/datasets/{datasetId}". - string dataset = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The BigQuery table where the query results will be saved. If this table - // does not exist, a new table with the given name will be created. - string table = 2 [(google.api.field_behavior) = REQUIRED]; - - // Specifies the action that occurs if the destination table or partition - // already exists. The following values are supported: - // - // * WRITE_TRUNCATE: If the table or partition already exists, BigQuery - // overwrites the entire table or all the partitions data. - // * WRITE_APPEND: If the table or partition already exists, BigQuery - // appends the data to the table or the latest partition. - // * WRITE_EMPTY: If the table already exists and contains data, a - // 'duplicate' error is returned in the job result. - // - // The default value is WRITE_EMPTY. - string write_disposition = 3; - } - - // BigQuery destination where the query results will be saved. - BigQueryDestination bigquery_destination = 1; -} - -// QueryAssets request. -message QueryAssetsRequest { - // Required. The relative name of the root asset. This can only be an - // organization number (such as "organizations/123"), a project ID (such as - // "projects/my-project-id"), or a project number (such as "projects/12345"), - // or a folder number (such as "folders/123"). - // - // Only assets belonging to the `parent` will be returned. - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/Asset" - } - ]; - - oneof query { - // Optional. A SQL statement that's compatible with [BigQuery Standard - // SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). - string statement = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. Reference to the query job, which is from the `QueryAssetsResponse` of - // previous `QueryAssets` call. - string job_reference = 3 [(google.api.field_behavior) = OPTIONAL]; - } - - // Optional. The maximum number of rows to return in the results. Responses are limited - // to 10 MB and 1000 rows. - // - // By default, the maximum row count is 1000. When the byte or row count limit - // is reached, the rest of the query results will be paginated. - // - // The field will be ignored when [output_config] is specified. - int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A page token received from previous `QueryAssets`. - // - // The field will be ignored when [output_config] is specified. - string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. Specifies the maximum amount of time that the client is willing to wait - // for the query to complete. By default, this limit is 5 min for the first - // query, and 1 minute for the following queries. If the query is complete, - // the `done` field in the `QueryAssetsResponse` is true, otherwise false. - // - // Like BigQuery [jobs.query - // API](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs/query#queryrequest) - // The call is not guaranteed to wait for the specified timeout; it typically - // returns after around 200 seconds (200,000 milliseconds), even if the query - // is not complete. - // - // The field will be ignored when [output_config] is specified. - google.protobuf.Duration timeout = 6 [(google.api.field_behavior) = OPTIONAL]; - - // Specifies what time period or point in time to query asset metadata at. - // * unset - query asset metadata as it is right now - // * [read_time_window] - query asset metadata as it was at any point in time - // between [start_time] and [end_time]. - // * [read_time] - query asset metadata as it was at that point in time. - // If data for the timestamp/date range selected does not exist, - // it will simply return a valid response with no rows. - oneof time { - // Optional. [start_time] is required. [start_time] must be less than [end_time] - // Defaults [end_time] to now if [start_time] is set and [end_time] isn't. - // Maximum permitted time range is 7 days. - TimeWindow read_time_window = 7 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. Queries cloud assets as they appeared at the specified point in time. - google.protobuf.Timestamp read_time = 8 [(google.api.field_behavior) = OPTIONAL]; - } - - // Optional. Destination where the query results will be saved. - // - // When this field is specified, the query results won't be saved in the - // [QueryAssetsResponse.query_result]. Instead - // [QueryAssetsResponse.output_config] will be set. - // - // Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used - // to check the status of the query job when passed to a following - // [QueryAssets] API call. - QueryAssetsOutputConfig output_config = 9 [(google.api.field_behavior) = OPTIONAL]; -} - -// QueryAssets response. -message QueryAssetsResponse { - // Reference to a query job. - string job_reference = 1; - - // The query response, which can be either an `error` or a valid `response`. - // - // If `done` == `false` and the query result is being saved in a output, the - // output_config field will be set. - // If `done` == `true`, exactly one of - // `error`, `query_result` or `output_config` will be set. - bool done = 2; - - oneof response { - // Error status. - google.rpc.Status error = 3; - - // Result of the query. - QueryResult query_result = 4; - - // Output configuration which indicates instead of being returned in API - // response on the fly, the query result will be saved in a specific output. - QueryAssetsOutputConfig output_config = 5; - } -} - -// Execution results of the query. -// -// The result is formatted as rows represented by BigQuery compatible [schema]. -// When pagination is necessary, it will contains the page token to retrieve -// the results of following pages. -message QueryResult { - // Each row hold a query result in the format of `Struct`. - repeated google.protobuf.Struct rows = 1; - - // Describes the format of the [rows]. - TableSchema schema = 2; - - // Token to retrieve the next page of the results. - string next_page_token = 3; - - // Total rows of the whole query results. - int64 total_rows = 4; -} - -// BigQuery Compatible table schema. -message TableSchema { - // Describes the fields in a table. - repeated TableFieldSchema fields = 1; -} - -// A field in TableSchema. -message TableFieldSchema { - // The field name. The name must contain only letters (a-z, A-Z), - // numbers (0-9), or underscores (_), and must start with a letter or - // underscore. The maximum length is 128 characters. - string field = 1; - - // The field data type. Possible values include - // * STRING - // * BYTES - // * INTEGER - // * FLOAT - // * BOOLEAN - // * TIMESTAMP - // * DATE - // * TIME - // * DATETIME - // * GEOGRAPHY, - // * NUMERIC, - // * BIGNUMERIC, - // * RECORD - // (where RECORD indicates that the field contains a nested schema). - string type = 2; - - // The field mode. Possible values include NULLABLE, REQUIRED and - // REPEATED. The default value is NULLABLE. - string mode = 3; - - // Describes the nested schema fields if the type property is set - // to RECORD. - repeated TableFieldSchema fields = 4; -} - -// A request message for [AssetService.BatchGetEffectiveIamPolicies][google.cloud.asset.v1.AssetService.BatchGetEffectiveIamPolicies]. -message BatchGetEffectiveIamPoliciesRequest { - // Required. Only IAM policies on or below the scope will be returned. - // - // This can only be an organization number (such as "organizations/123"), a - // folder number (such as "folders/123"), a project ID (such as - // "projects/my-project-id"), or a project number (such as "projects/12345"). - // - // To know how to get organization id, visit [here - // ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). - // - // To know how to get folder or project id, visit [here - // ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). - string scope = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "*" - } - ]; - - // Required. The names refer to the [full_resource_names] - // (https://cloud.google.com/asset-inventory/docs/resource-name-format) - // of [searchable asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). - // A maximum of 20 resources' effective policies can be retrieved in a batch. - repeated string names = 3 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "*" - } - ]; -} - -// A response message for [AssetService.BatchGetEffectiveIamPolicies][google.cloud.asset.v1.AssetService.BatchGetEffectiveIamPolicies]. -message BatchGetEffectiveIamPoliciesResponse { - // The effective IAM policies on one resource. - message EffectiveIamPolicy { - // The IAM policy and its attached resource. - message PolicyInfo { - // The full resource name the [policy][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.policy] is directly attached to. - string attached_resource = 1; - - // The IAM policy that's directly attached to the [attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource]. - google.iam.v1.Policy policy = 2; - } - - // The [full_resource_name] - // (https://cloud.google.com/asset-inventory/docs/resource-name-format) - // for which the [policies][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.policies] are computed. This is one of the - // [BatchGetEffectiveIamPoliciesRequest.names][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesRequest.names] the caller provides in the - // request. - string full_resource_name = 1; - - // The effective policies for the [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name]. - // - // These policies include the policy set on the [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name] and - // those set on its parents and ancestors up to the - // [BatchGetEffectiveIamPoliciesRequest.scope][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesRequest.scope]. Note that these policies - // are not filtered according to the resource type of the - // [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name]. - // - // These policies are hierarchically ordered by - // [PolicyInfo.attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource] starting from [full_resource_name][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.full_resource_name] - // itself to its parents and ancestors, such that policies[i]'s - // [PolicyInfo.attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource] is the child of policies[i+1]'s - // [PolicyInfo.attached_resource][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.PolicyInfo.attached_resource], if policies[i+1] exists. - repeated PolicyInfo policies = 2; - } - - // The effective policies for a batch of resources. Note that the results - // order is the same as the order of - // [BatchGetEffectiveIamPoliciesRequest.names][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesRequest.names]. When a resource does not - // have any effective IAM policies, its corresponding policy_result will - // contain empty [EffectiveIamPolicy.policies][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.policies]. - repeated EffectiveIamPolicy policy_results = 2; -} - -// Asset content type. -enum ContentType { - // Unspecified content type. - CONTENT_TYPE_UNSPECIFIED = 0; - - // Resource metadata. - RESOURCE = 1; - - // The actual IAM policy set on a resource. - IAM_POLICY = 2; - - // The Cloud Organization Policy set on an asset. - ORG_POLICY = 4; - - // The Cloud Access context manager Policy set on an asset. - ACCESS_POLICY = 5; - - // The runtime OS Inventory information. - OS_INVENTORY = 6; - - // The related resources. - RELATIONSHIP = 7; -} diff --git a/third_party/googleapis/google/cloud/asset/v1/assets.proto b/third_party/googleapis/google/cloud/asset/v1/assets.proto deleted file mode 100644 index 8f22b50..0000000 --- a/third_party/googleapis/google/cloud/asset/v1/assets.proto +++ /dev/null @@ -1,927 +0,0 @@ -// Copyright 2022 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1; - -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/orgpolicy/v1/orgpolicy.proto"; -import "google/cloud/osconfig/v1/inventory.proto"; -import "google/iam/v1/policy.proto"; -import "google/identity/accesscontextmanager/v1/access_level.proto"; -import "google/identity/accesscontextmanager/v1/access_policy.proto"; -import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; -import "google/rpc/code.proto"; - -option cc_enable_arenas = true; -option csharp_namespace = "Google.Cloud.Asset.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetProto"; -option java_package = "com.google.cloud.asset.v1"; -option php_namespace = "Google\\Cloud\\Asset\\V1"; - -// An asset in Google Cloud and its temporal metadata, including the time window -// when it was observed and its status during that window. -message TemporalAsset { - // State of prior asset. - enum PriorAssetState { - // prior_asset is not applicable for the current asset. - PRIOR_ASSET_STATE_UNSPECIFIED = 0; - - // prior_asset is populated correctly. - PRESENT = 1; - - // Failed to set prior_asset. - INVALID = 2; - - // Current asset is the first known state. - DOES_NOT_EXIST = 3; - - // prior_asset is a deletion. - DELETED = 4; - } - - // The time window when the asset data and state was observed. - TimeWindow window = 1; - - // Whether the asset has been deleted or not. - bool deleted = 2; - - // An asset in Google Cloud. - Asset asset = 3; - - // State of prior_asset. - PriorAssetState prior_asset_state = 4; - - // Prior copy of the asset. Populated if prior_asset_state is PRESENT. - // Currently this is only set for responses in Real-Time Feed. - Asset prior_asset = 5; -} - -// A time window specified by its `start_time` and `end_time`. -message TimeWindow { - // Start time of the time window (exclusive). - google.protobuf.Timestamp start_time = 1; - - // End time of the time window (inclusive). If not specified, the current - // timestamp is used instead. - google.protobuf.Timestamp end_time = 2; -} - -// An asset in Google Cloud. An asset can be any resource in the Google Cloud -// [resource -// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), -// a resource outside the Google Cloud resource hierarchy (such as Google -// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy), -// or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship). -// See [Supported asset -// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) -// for more information. -message Asset { - option (google.api.resource) = { - type: "cloudasset.googleapis.com/Asset" - pattern: "*" - }; - - // The last update timestamp of an asset. update_time is updated when - // create/update/delete operation is performed. - google.protobuf.Timestamp update_time = 11; - - // The full name of the asset. Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` - // - // See [Resource - // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string name = 1; - - // The type of the asset. Example: `compute.googleapis.com/Disk` - // - // See [Supported asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) - // for more information. - string asset_type = 2; - - // A representation of the resource. - Resource resource = 3; - - // A representation of the Cloud IAM policy set on a Google Cloud resource. - // There can be a maximum of one Cloud IAM policy set on any given resource. - // In addition, Cloud IAM policies inherit their granted access scope from any - // policies set on parent resources in the resource hierarchy. Therefore, the - // effectively policy is the union of both the policy set on this resource - // and each policy set on all of the resource's ancestry resource levels in - // the hierarchy. See - // [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) - // for more information. - google.iam.v1.Policy iam_policy = 4; - - // A representation of an [organization - // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). - // There can be more than one organization policy with different constraints - // set on a given resource. - repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; - - // A representation of an [access - // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). - oneof access_context_policy { - // Please also refer to the [access policy user - // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). - google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; - - // Please also refer to the [access level user - // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). - google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; - - // Please also refer to the [service perimeter user - // guide](https://cloud.google.com/vpc-service-controls/docs/overview). - google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 9; - } - - // A representation of runtime OS Inventory information. See [this - // topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) - // for more information. - google.cloud.osconfig.v1.Inventory os_inventory = 12; - - // DEPRECATED. This field only presents for the purpose of - // backward-compatibility. The server will never generate responses with this - // field. - // The related assets of the asset of one relationship type. One asset - // only represents one type of relationship. - RelatedAssets related_assets = 13 [deprecated = true]; - - // One related asset of the current asset. - RelatedAsset related_asset = 15; - - // The ancestry path of an asset in Google Cloud [resource - // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), - // represented as a list of relative resource names. An ancestry path starts - // with the closest ancestor in the hierarchy and ends at root. If the asset - // is a project, folder, or organization, the ancestry path starts from the - // asset itself. - // - // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` - repeated string ancestors = 10; -} - -// A representation of a Google Cloud resource. -message Resource { - // The API version. Example: `v1` - string version = 1; - - // The URL of the discovery document containing the resource's JSON schema. - // Example: - // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` - // - // This value is unspecified for resources that do not have an API based on a - // discovery document, such as Cloud Bigtable. - string discovery_document_uri = 2; - - // The JSON schema name listed in the discovery document. Example: - // `Project` - // - // This value is unspecified for resources that do not have an API based on a - // discovery document, such as Cloud Bigtable. - string discovery_name = 3; - - // The REST URL for accessing the resource. An HTTP `GET` request using this - // URL returns the resource itself. Example: - // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` - // - // This value is unspecified for resources without a REST API. - string resource_url = 4; - - // The full name of the immediate parent of this resource. See - // [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - // - // For Google Cloud assets, this value is the parent resource defined in the - // [Cloud IAM policy - // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). - // Example: - // `//cloudresourcemanager.googleapis.com/projects/my_project_123` - // - // For third-party assets, this field may be set differently. - string parent = 5; - - // The content of the resource, in which some sensitive fields are removed - // and may not be present. - google.protobuf.Struct data = 6; - - // The location of the resource in Google Cloud, such as its zone and region. - // For more information, see https://cloud.google.com/about/locations/. - string location = 8; -} - -// DEPRECATED. This message only presents for the purpose of -// backward-compatibility. The server will never populate this message in -// responses. -// The detailed related assets with the `relationship_type`. -message RelatedAssets { - option deprecated = true; - - // The detailed relationship attributes. - RelationshipAttributes relationship_attributes = 1; - - // The peer resources of the relationship. - repeated RelatedAsset assets = 2; -} - -// DEPRECATED. This message only presents for the purpose of -// backward-compatibility. The server will never populate this message in -// responses. -// The relationship attributes which include `type`, `source_resource_type`, -// `target_resource_type` and `action`. -message RelationshipAttributes { - option deprecated = true; - - // The unique identifier of the relationship type. Example: - // `INSTANCE_TO_INSTANCEGROUP` - string type = 4; - - // The source asset type. Example: `compute.googleapis.com/Instance` - string source_resource_type = 1; - - // The target asset type. Example: `compute.googleapis.com/Disk` - string target_resource_type = 2; - - // The detail of the relationship, e.g. `contains`, `attaches` - string action = 3; -} - -// An asset identifier in Google Cloud which contains its name, type and -// ancestors. An asset can be any resource in the Google Cloud [resource -// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), -// a resource outside the Google Cloud resource hierarchy (such as Google -// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). -// See [Supported asset -// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) -// for more information. -message RelatedAsset { - // The full name of the asset. Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` - // - // See [Resource - // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string asset = 1 [(google.api.resource_reference) = { - type: "cloudasset.googleapis.com/Asset" - }]; - - // The type of the asset. Example: `compute.googleapis.com/Disk` - // - // See [Supported asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) - // for more information. - string asset_type = 2; - - // The ancestors of an asset in Google Cloud [resource - // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), - // represented as a list of relative resource names. An ancestry path starts - // with the closest ancestor in the hierarchy and ends at root. - // - // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` - repeated string ancestors = 3; - - // The unique identifier of the relationship type. Example: - // `INSTANCE_TO_INSTANCEGROUP` - string relationship_type = 4; -} - -// A result of Resource Search, containing information of a cloud resource. -// Next ID: 31 -message ResourceSearchResult { - // The full resource name of this resource. Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Cloud Asset Inventory Resource Name - // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) - // for more information. - // - // To search against the `name`: - // - // * Use a field query. Example: `name:instance1` - // * Use a free text query. Example: `instance1` - string name = 1; - - // The type of this resource. Example: `compute.googleapis.com/Disk`. - // - // To search against the `asset_type`: - // - // * Specify the `asset_type` field in your search request. - string asset_type = 2; - - // The project that this resource belongs to, in the form of - // projects/{PROJECT_NUMBER}. This field is available when the resource - // belongs to a project. - // - // To search against `project`: - // - // * Use a field query. Example: `project:12345` - // * Use a free text query. Example: `12345` - // * Specify the `scope` field as this project in your search request. - string project = 3; - - // The folder(s) that this resource belongs to, in the form of - // folders/{FOLDER_NUMBER}. This field is available when the resource - // belongs to one or more folders. - // - // To search against `folders`: - // - // * Use a field query. Example: `folders:(123 OR 456)` - // * Use a free text query. Example: `123` - // * Specify the `scope` field as this folder in your search request. - repeated string folders = 17; - - // The organization that this resource belongs to, in the form of - // organizations/{ORGANIZATION_NUMBER}. This field is available when the - // resource belongs to an organization. - // - // To search against `organization`: - // - // * Use a field query. Example: `organization:123` - // * Use a free text query. Example: `123` - // * Specify the `scope` field as this organization in your search request. - string organization = 18; - - // The display name of this resource. This field is available only when the - // resource's Protobuf contains it. - // - // To search against the `display_name`: - // - // * Use a field query. Example: `displayName:"My Instance"` - // * Use a free text query. Example: `"My Instance"` - string display_name = 4; - - // One or more paragraphs of text description of this resource. Maximum length - // could be up to 1M bytes. This field is available only when the resource's - // Protobuf contains it. - // - // To search against the `description`: - // - // * Use a field query. Example: `description:"important instance"` - // * Use a free text query. Example: `"important instance"` - string description = 5; - - // Location can be `global`, regional like `us-east1`, or zonal like - // `us-west1-b`. This field is available only when the resource's Protobuf - // contains it. - // - // To search against the `location`: - // - // * Use a field query. Example: `location:us-west*` - // * Use a free text query. Example: `us-west*` - string location = 6; - - // Labels associated with this resource. See [Labelling and grouping GCP - // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) - // for more information. This field is available only when the resource's - // Protobuf contains it. - // - // To search against the `labels`: - // - // * Use a field query: - // - query on any label's key or value. Example: `labels:prod` - // - query by a given label. Example: `labels.env:prod` - // - query by a given label's existence. Example: `labels.env:*` - // * Use a free text query. Example: `prod` - map<string, string> labels = 7; - - // Network tags associated with this resource. Like labels, network tags are a - // type of annotations used to group GCP resources. See [Labelling GCP - // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) - // for more information. This field is available only when the resource's - // Protobuf contains it. - // - // To search against the `network_tags`: - // - // * Use a field query. Example: `networkTags:internal` - // * Use a free text query. Example: `internal` - repeated string network_tags = 8; - - // The Cloud KMS - // [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) - // name or - // [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) - // name. - // - // This field only presents for the purpose of backward compatibility. Please - // use the `kms_keys` field to retrieve KMS key information. This field is - // available only when the resource's Protobuf contains it and will only be - // populated for [these resource - // types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) - // for backward compatible purposes. - // - // To search against the `kms_key`: - // - // * Use a field query. Example: `kmsKey:key` - // * Use a free text query. Example: `key` - string kms_key = 10 [deprecated = true]; - - // The Cloud KMS - // [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) - // names or - // [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) - // names. This field is available only when the resource's Protobuf contains - // it. - // - // To search against the `kms_keys`: - // - // * Use a field query. Example: `kmsKeys:key` - // * Use a free text query. Example: `key` - repeated string kms_keys = 28; - - // The create timestamp of this resource, at which the resource was created. - // The granularity is in seconds. Timestamp.nanos will always be 0. This field - // is available only when the resource's Protobuf contains it. - // - // To search against `create_time`: - // - // * Use a field query. - // - value in seconds since unix epoch. Example: `createTime > 1609459200` - // - value in date string. Example: `createTime > 2021-01-01` - // - value in date-time string (must be quoted). Example: `createTime > - // "2021-01-01T00:00:00"` - google.protobuf.Timestamp create_time = 11; - - // The last update timestamp of this resource, at which the resource was last - // modified or deleted. The granularity is in seconds. Timestamp.nanos will - // always be 0. This field is available only when the resource's Protobuf - // contains it. - // - // To search against `update_time`: - // - // * Use a field query. - // - value in seconds since unix epoch. Example: `updateTime < 1609459200` - // - value in date string. Example: `updateTime < 2021-01-01` - // - value in date-time string (must be quoted). Example: `updateTime < - // "2021-01-01T00:00:00"` - google.protobuf.Timestamp update_time = 12; - - // The state of this resource. Different resources types have different state - // definitions that are mapped from various fields of different resource - // types. This field is available only when the resource's Protobuf contains - // it. - // - // Example: - // If the resource is an instance provided by Compute Engine, - // its state will include PROVISIONING, STAGING, RUNNING, STOPPING, - // SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition - // in [API - // Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances). - // If the resource is a project provided by Cloud Resource Manager, its state - // will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and - // DELETE_IN_PROGRESS. See `lifecycleState` definition in [API - // Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects). - // - // To search against the `state`: - // - // * Use a field query. Example: `state:RUNNING` - // * Use a free text query. Example: `RUNNING` - string state = 13; - - // The additional searchable attributes of this resource. The attributes may - // vary from one resource type to another. Examples: `projectId` for Project, - // `dnsName` for DNS ManagedZone. This field contains a subset of the resource - // metadata fields that are returned by the List or Get APIs provided by the - // corresponding GCP service (e.g., Compute Engine). see [API references and - // supported searchable - // attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types) - // to see which fields are included. - // - // You can search values of these fields through free text search. However, - // you should not consume the field programically as the field names and - // values may change as the GCP service updates to a new incompatible API - // version. - // - // To search against the `additional_attributes`: - // - // * Use a free text query to match the attributes values. Example: to search - // `additional_attributes = { dnsName: "foobar" }`, you can issue a query - // `foobar`. - google.protobuf.Struct additional_attributes = 9; - - // The full resource name of this resource's parent, if it has one. - // To search against the `parent_full_resource_name`: - // - // * Use a field query. Example: - // `parentFullResourceName:"project-name"` - // * Use a free text query. Example: - // `project-name` - string parent_full_resource_name = 19; - - // Versioned resource representations of this resource. This is repeated - // because there could be multiple versions of resource representations during - // version migration. - // - // This `versioned_resources` field is not searchable. Some attributes of the - // resource representations are exposed in `additional_attributes` field, so - // as to allow users to search on them. - repeated VersionedResource versioned_resources = 16; - - // Attached resources of this resource. For example, an OSConfig - // Inventory is an attached resource of a Compute Instance. This field is - // repeated because a resource could have multiple attached resources. - // - // This `attached_resources` field is not searchable. Some attributes - // of the attached resources are exposed in `additional_attributes` field, so - // as to allow users to search on them. - repeated AttachedResource attached_resources = 20; - - // A map of related resources of this resource, keyed by the - // relationship type. A relationship type is in the format of - // {SourceType}_{ACTION}_{DestType}. Example: `DISK_TO_INSTANCE`, - // `DISK_TO_NETWORK`, `INSTANCE_TO_INSTANCEGROUP`. - // See [supported relationship - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_relationship_types). - map<string, RelatedResources> relationships = 21; - - // TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. - // To search against the `tagKeys`: - // - // * Use a field query. Example: - // - `tagKeys:"123456789/env*"` - // - `tagKeys="123456789/env"` - // - `tagKeys:"env"` - // - // * Use a free text query. Example: - // - `env` - repeated string tag_keys = 23; - - // TagValue namespaced names, in the format of - // {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. - // To search against the `tagValues`: - // - // * Use a field query. Example: - // - `tagValues:"env"` - // - `tagValues:"env/prod"` - // - `tagValues:"123456789/env/prod*"` - // - `tagValues="123456789/env/prod"` - // - // * Use a free text query. Example: - // - `prod` - repeated string tag_values = 25; - - // TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. - // To search against the `tagValueIds`: - // - // * Use a field query. Example: - // - `tagValueIds:"456"` - // - `tagValueIds="tagValues/456"` - // - // * Use a free text query. Example: - // - `456` - repeated string tag_value_ids = 26; - - // The type of this resource's immediate parent, if there is one. - // - // To search against the `parent_asset_type`: - // - // * Use a field query. Example: - // `parentAssetType:"cloudresourcemanager.googleapis.com/Project"` - // * Use a free text query. Example: - // `cloudresourcemanager.googleapis.com/Project` - string parent_asset_type = 103; -} - -// Resource representation as defined by the corresponding service providing the -// resource for a given API version. -message VersionedResource { - // API version of the resource. - // - // Example: - // If the resource is an instance provided by Compute Engine v1 API as defined - // in `https://cloud.google.com/compute/docs/reference/rest/v1/instances`, - // version will be "v1". - string version = 1; - - // JSON representation of the resource as defined by the corresponding - // service providing this resource. - // - // Example: - // If the resource is an instance provided by Compute Engine, this field will - // contain the JSON representation of the instance as defined by Compute - // Engine: - // `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. - // - // You can find the resource definition for each supported resource type in - // this table: - // `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types` - google.protobuf.Struct resource = 2; -} - -// Attached resource representation, which is defined by the corresponding -// service provider. It represents an attached resource's payload. -message AttachedResource { - // The type of this attached resource. - // - // Example: `osconfig.googleapis.com/Inventory` - // - // You can find the supported attached asset types of each resource in this - // table: - // `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types` - string asset_type = 1; - - // Versioned resource representations of this attached resource. This is - // repeated because there could be multiple versions of the attached resource - // representations during version migration. - repeated VersionedResource versioned_resources = 3; -} - -// The related resources of the primary resource. -message RelatedResources { - // The detailed related resources of the primary resource. - repeated RelatedResource related_resources = 1; -} - -// The detailed related resource. -message RelatedResource { - // The type of the asset. Example: `compute.googleapis.com/Instance` - string asset_type = 1; - - // The full resource name of the related resource. Example: - // `//compute.googleapis.com/projects/my_proj_123/zones/instance/instance123` - string full_resource_name = 2; -} - -// A result of IAM Policy search, containing information of an IAM policy. -message IamPolicySearchResult { - // Explanation about the IAM policy search result. - message Explanation { - // IAM permissions - message Permissions { - // A list of permissions. A sample permission string: `compute.disk.get`. - repeated string permissions = 1; - } - - // The map from roles to their included permissions that match the - // permission query (i.e., a query containing `policy.role.permissions:`). - // Example: if query `policy.role.permissions:compute.disk.get` - // matches a policy binding that contains owner role, the - // matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The - // roles can also be found in the returned `policy` bindings. Note that the - // map is populated only for requests with permission queries. - map<string, Permissions> matched_permissions = 1; - } - - // The full resource name of the resource associated with this IAM policy. - // Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Cloud Asset Inventory Resource Name - // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) - // for more information. - // - // To search against the `resource`: - // - // * use a field query. Example: `resource:organizations/123` - string resource = 1; - - // The type of the resource associated with this IAM policy. Example: - // `compute.googleapis.com/Disk`. - // - // To search against the `asset_type`: - // - // * specify the `asset_types` field in your search request. - string asset_type = 5; - - // The project that the associated GCP resource belongs to, in the form of - // projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM - // instance, Cloud Storage bucket), the project field will indicate the - // project that contains the resource. If an IAM policy is set on a folder or - // orgnization, this field will be empty. - // - // To search against the `project`: - // - // * specify the `scope` field as this project in your search request. - string project = 2; - - // The folder(s) that the IAM policy belongs to, in the form of - // folders/{FOLDER_NUMBER}. This field is available when the IAM policy - // belongs to one or more folders. - // - // To search against `folders`: - // - // * use a field query. Example: `folders:(123 OR 456)` - // * use a free text query. Example: `123` - // * specify the `scope` field as this folder in your search request. - repeated string folders = 6; - - // The organization that the IAM policy belongs to, in the form - // of organizations/{ORGANIZATION_NUMBER}. This field is available when the - // IAM policy belongs to an organization. - // - // To search against `organization`: - // - // * use a field query. Example: `organization:123` - // * use a free text query. Example: `123` - // * specify the `scope` field as this organization in your search request. - string organization = 7; - - // The IAM policy directly set on the given resource. Note that the original - // IAM policy can contain multiple bindings. This only contains the bindings - // that match the given query. For queries that don't contain a constrain on - // policies (e.g., an empty query), this contains all the bindings. - // - // To search against the `policy` bindings: - // - // * use a field query: - // - query by the policy contained members. Example: - // `policy:amy@gmail.com` - // - query by the policy contained roles. Example: - // `policy:roles/compute.admin` - // - query by the policy contained roles' included permissions. Example: - // `policy.role.permissions:compute.instances.create` - google.iam.v1.Policy policy = 3; - - // Explanation about the IAM policy search result. It contains additional - // information to explain why the search result matches the query. - Explanation explanation = 4; -} - -// Represents the detailed state of an entity under analysis, such as a -// resource, an identity or an access. -message IamPolicyAnalysisState { - // The Google standard error code that best describes the state. - // For example: - // - OK means the analysis on this entity has been successfully finished; - // - PERMISSION_DENIED means an access denied error is encountered; - // - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started - // in time; - google.rpc.Code code = 1; - - // The human-readable description of the cause of failure. - string cause = 2; -} - -// The Condition evaluation. -message ConditionEvaluation { - // Value of this expression. - enum EvaluationValue { - // Reserved for future use. - EVALUATION_VALUE_UNSPECIFIED = 0; - - // The evaluation result is `true`. - TRUE = 1; - - // The evaluation result is `false`. - FALSE = 2; - - // The evaluation result is `conditional` when the condition expression - // contains variables that are either missing input values or have not been - // supported by Analyzer yet. - CONDITIONAL = 3; - } - - // The evaluation result. - EvaluationValue evaluation_value = 1; -} - -// IAM Policy analysis result, consisting of one IAM policy binding and derived -// access control lists. -message IamPolicyAnalysisResult { - // A Google Cloud resource under analysis. - message Resource { - // The [full resource - // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) - string full_resource_name = 1; - - // The analysis state of this resource. - IamPolicyAnalysisState analysis_state = 2; - } - - // An IAM role or permission under analysis. - message Access { - oneof oneof_access { - // The role. - string role = 1; - - // The permission. - string permission = 2; - } - - // The analysis state of this access. - IamPolicyAnalysisState analysis_state = 3; - } - - // An identity under analysis. - message Identity { - // The identity name in any form of members appear in - // [IAM policy - // binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such - // as: - // - user:foo@google.com - // - group:group1@google.com - // - serviceAccount:s1@prj1.iam.gserviceaccount.com - // - projectOwner:some_project_id - // - domain:google.com - // - allUsers - // - etc. - string name = 1; - - // The analysis state of this identity. - IamPolicyAnalysisState analysis_state = 2; - } - - // A directional edge. - message Edge { - // The source node of the edge. For example, it could be a full resource - // name for a resource node or an email of an identity. - string source_node = 1; - - // The target node of the edge. For example, it could be a full resource - // name for a resource node or an email of an identity. - string target_node = 2; - } - - // An access control list, derived from the above IAM policy binding, which - // contains a set of resources and accesses. May include one - // item from each set to compose an access control entry. - // - // NOTICE that there could be multiple access control lists for one IAM policy - // binding. The access control lists are created based on resource and access - // combinations. - // - // For example, assume we have the following cases in one IAM policy binding: - // - Permission P1 and P2 apply to resource R1 and R2; - // - Permission P3 applies to resource R2 and R3; - // - // This will result in the following access control lists: - // - AccessControlList 1: [R1, R2], [P1, P2] - // - AccessControlList 2: [R2, R3], [P3] - message AccessControlList { - // The resources that match one of the following conditions: - // - The resource_selector, if it is specified in request; - // - Otherwise, resources reachable from the policy attached resource. - repeated Resource resources = 1; - - // The accesses that match one of the following conditions: - // - The access_selector, if it is specified in request; - // - Otherwise, access specifiers reachable from the policy binding's role. - repeated Access accesses = 2; - - // Resource edges of the graph starting from the policy attached - // resource to any descendant resources. The [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] contains - // the full resource name of a parent resource and [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] - // contains the full resource name of a child resource. This field is - // present only if the output_resource_edges option is enabled in request. - repeated Edge resource_edges = 3; - - // Condition evaluation for this AccessControlList, if there is a condition - // defined in the above IAM policy binding. - ConditionEvaluation condition_evaluation = 4; - } - - // The identities and group edges. - message IdentityList { - // Only the identities that match one of the following conditions will be - // presented: - // - The identity_selector, if it is specified in request; - // - Otherwise, identities reachable from the policy binding's members. - repeated Identity identities = 1; - - // Group identity edges of the graph starting from the binding's - // group members to any node of the [identities][google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList.identities]. The [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] - // contains a group, such as `group:parent@google.com`. The - // [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] contains a member of the group, - // such as `group:child@google.com` or `user:foo@google.com`. - // This field is present only if the output_group_edges option is enabled in - // request. - repeated Edge group_edges = 2; - } - - // The [full resource - // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) - // of the resource to which the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] policy attaches. - string attached_resource_full_name = 1; - - // The Cloud IAM policy binding under analysis. - google.iam.v1.Binding iam_binding = 2; - - // The access control lists derived from the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] that match or - // potentially match resource and access selectors specified in the request. - repeated AccessControlList access_control_lists = 3; - - // The identity list derived from members of the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] that match or - // potentially match identity selector specified in the request. - IdentityList identity_list = 4; - - // Represents whether all analyses on the [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] have successfully - // finished. - bool fully_explored = 5; -} diff --git a/third_party/googleapis/google/cloud/asset/v1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1/cloudasset_grpc_service_config.json deleted file mode 100755 index cb3cd72..0000000 --- a/third_party/googleapis/google/cloud/asset/v1/cloudasset_grpc_service_config.json +++ /dev/null @@ -1,168 +0,0 @@ -{ - "methodConfig": [ - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "ExportAssets" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "CreateFeed" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "UpdateFeed" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "CreateSavedQuery" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "UpdateSavedQuery" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "AnalyzeIamPolicyLongrunning" - } - ], - "timeout": "60s" - }, - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "BatchGetAssetsHistory" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "GetFeed" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "ListAssets" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "ListFeeds" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "DeleteFeed" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "GetSavedQuery" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "ListSavedQueries" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "DeleteSavedQuery" - } - ], - "timeout": "60s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "DEADLINE_EXCEEDED", - "UNAVAILABLE" - ] - } - }, - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "SearchAllResources" - }, - { - "service": "google.cloud.asset.v1.AssetService", - "method": "SearchAllIamPolicies" - } - ], - "timeout": "30s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "UNAVAILABLE" - ] - } - }, - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "AnalyzeIamPolicy" - } - ], - "timeout": "300s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "UNAVAILABLE" - ] - } - }, - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "QueryAssets" - } - ], - "timeout": "200s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "UNAVAILABLE" - ] - } - }, - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "QueryAssetTypes" - } - ], - "timeout": "10s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "UNAVAILABLE" - ] - } - }, - { - "name": [ - { - "service": "google.cloud.asset.v1.AssetService", - "method": "BatchGetEffectiveIamPolicies" - } - ], - "timeout": "300s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "UNAVAILABLE" - ] - } - } - ] -} diff --git a/third_party/googleapis/google/cloud/asset/v1/cloudasset_v1.yaml b/third_party/googleapis/google/cloud/asset/v1/cloudasset_v1.yaml deleted file mode 100644 index 338af62..0000000 --- a/third_party/googleapis/google/cloud/asset/v1/cloudasset_v1.yaml +++ /dev/null @@ -1,48 +0,0 @@ -type: google.api.Service -config_version: 3 -name: cloudasset.googleapis.com -title: Cloud Asset API - -apis: -- name: google.cloud.asset.v1.AssetService -- name: google.longrunning.Operations - -types: -- name: google.cloud.asset.v1.AnalyzeIamPolicyLongrunningMetadata -- name: google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse - -documentation: - summary: The cloud asset API manages the history and inventory of cloud resources. - overview: |- - # Cloud Asset API - - The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset - metadata, and allows GCP users to download a dump of all asset metadata - for the resource types listed below within an organization or a project at - a given timestamp. - - Read more documents here: - https://cloud.google.com/asset-inventory/docs - -backend: - rules: - - selector: 'google.cloud.asset.v1.AssetService.*' - deadline: 600.0 - - selector: google.longrunning.Operations.GetOperation - deadline: 60.0 - -http: - rules: - - selector: google.longrunning.Operations.GetOperation - get: '/v1/{name=*/*/operations/*/**}' - -authentication: - rules: - - selector: 'google.cloud.asset.v1.AssetService.*' - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform - - selector: google.longrunning.Operations.GetOperation - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p1beta1/BUILD.bazel deleted file mode 100644 index 7cc8aac..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p1beta1/BUILD.bazel +++ /dev/null @@ -1,342 +0,0 @@ -# This file was automatically generated by BuildFileGenerator - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - -proto_library( - name = "asset_proto", - srcs = [ - "asset_service.proto", - "assets.proto", - ], - deps = [ - "//google/api:annotations_proto", - "//google/api:client_proto", - "//google/api:field_behavior_proto", - "//google/iam/v1:policy_proto", - ], -) - -proto_library_with_info( - name = "asset_proto_with_info", - deps = [ - ":asset_proto", - "//google/cloud:common_resources_proto", - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_gapic_assembly_gradle_pkg", - "java_gapic_library", - "java_gapic_test", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "asset_java_proto", - deps = [":asset_proto"], -) - -java_grpc_library( - name = "asset_java_grpc", - srcs = [":asset_proto"], - deps = [":asset_java_proto"], -) - -java_gapic_library( - name = "asset_java_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - test_deps = [ - ":asset_java_grpc", - "//google/iam/v1:iam_java_grpc", - ], - transport = "grpc+rest", - deps = [ - ":asset_java_proto", - "//google/iam/v1:iam_java_proto", - ], -) - -java_gapic_test( - name = "asset_java_gapic_test_suite", - test_classes = [ - "com.google.cloud.asset.v1p1beta1.AssetServiceClientHttpJsonTest", - "com.google.cloud.asset.v1p1beta1.AssetServiceClientTest", - ], - runtime_deps = [":asset_java_gapic_test"], -) - -# Open Source Packages -java_gapic_assembly_gradle_pkg( - name = "google-cloud-asset-v1p1beta1-java", - include_samples = True, - transport = "grpc+rest", - deps = [ - ":asset_java_gapic", - ":asset_java_grpc", - ":asset_java_proto", - ":asset_proto", - ], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_gapic_assembly_pkg", - "go_gapic_library", - "go_proto_library", - "go_test", -) - -go_proto_library( - name = "asset_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p1beta1", - protos = [":asset_proto"], - deps = [ - "//google/api:annotations_go_proto", - "//google/iam/v1:iam_go_proto", - ], -) - -go_gapic_library( - name = "asset_go_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - importpath = "cloud.google.com/go/asset/apiv1p1beta1;asset", - service_yaml = "cloudasset_v1p1beta1.yaml", - transport = "grpc+rest", - deps = [ - ":asset_go_proto", - "//google/iam/v1:iam_go_proto", - ], -) - -go_test( - name = "asset_go_gapic_test", - srcs = [":asset_go_gapic_srcjar_test"], - embed = [":asset_go_gapic"], - importpath = "cloud.google.com/go/asset/apiv1p1beta1", -) - -# Open Source Packages -go_gapic_assembly_pkg( - name = "gapi-cloud-asset-v1p1beta1-go", - deps = [ - ":asset_go_gapic", - ":asset_go_gapic_srcjar-test.srcjar", - ":asset_go_proto", - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "py_gapic_assembly_pkg", - "py_gapic_library", - "py_test", -) - -py_gapic_library( - name = "asset_py_gapic", - srcs = [":asset_proto"], - grpc_service_config = "cloudasset_grpc_service_config.json", - transport = "grpc", - deps = [ - "//google/iam/v1:iam_policy_py_proto", - ], -) - -py_test( - name = "asset_py_gapic_test", - srcs = [ - "asset_py_gapic_pytest.py", - "asset_py_gapic_test.py", - ], - legacy_create_init = False, - deps = [":asset_py_gapic"], -) - -py_gapic_assembly_pkg( - name = "asset-v1p1beta1-py", - deps = [ - ":asset_py_gapic", - ], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_gapic_assembly_pkg", - "php_gapic_library", - "php_grpc_library", - "php_proto_library", -) - -php_proto_library( - name = "asset_php_proto", - deps = [":asset_proto"], -) - -php_grpc_library( - name = "asset_php_grpc", - srcs = [":asset_proto"], - deps = [":asset_php_proto"], -) - -php_gapic_library( - name = "asset_php_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - deps = [ - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -# Open Source Packages -php_gapic_assembly_pkg( - name = "google-cloud-asset-v1p1beta1-php", - deps = [ - ":asset_php_gapic", - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -############################################################################## -# Node.js -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "nodejs_gapic_assembly_pkg", - "nodejs_gapic_library", -) - -nodejs_gapic_library( - name = "asset_nodejs_gapic", - package_name = "@google-cloud/asset", - src = ":asset_proto_with_info", - extra_protoc_parameters = ["metadata"], - grpc_service_config = "cloudasset_grpc_service_config.json", - package = "google.cloud.asset.v1p1beta1", - service_yaml = "cloudasset_v1p1beta1.yaml", - deps = [], -) - -nodejs_gapic_assembly_pkg( - name = "asset-v1p1beta1-nodejs", - deps = [ - ":asset_nodejs_gapic", - ":asset_proto", - ], -) - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "asset_ruby_proto", - deps = [":asset_proto"], -) - -ruby_grpc_library( - name = "asset_ruby_grpc", - srcs = [":asset_proto"], - deps = [":asset_ruby_proto"], -) - -ruby_cloud_gapic_library( - name = "asset_ruby_gapic", - srcs = [":asset_proto_with_info"], - extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p1beta1"], - deps = [ - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -# Open Source Packages -ruby_gapic_assembly_pkg( - name = "google-cloud-asset-v1p1beta1-ruby", - deps = [ - ":asset_ruby_gapic", - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_gapic_assembly_pkg", - "csharp_gapic_library", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "asset_csharp_proto", - deps = [":asset_proto"], -) - -csharp_grpc_library( - name = "asset_csharp_grpc", - srcs = [":asset_proto"], - deps = [":asset_csharp_proto"], -) - -csharp_gapic_library( - name = "asset_csharp_gapic", - srcs = [":asset_proto_with_info"], - common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", - grpc_service_config = "cloudasset_grpc_service_config.json", - service_yaml = "cloudasset_v1p1beta1.yaml", - deps = [ - ":asset_csharp_grpc", - ":asset_csharp_proto", - ], -) - -# Open Source Packages -csharp_gapic_assembly_pkg( - name = "google-cloud-asset-v1p1beta1-csharp", - deps = [ - ":asset_csharp_gapic", - ":asset_csharp_grpc", - ":asset_csharp_proto", - ], -) - -############################################################################## -# C++ -############################################################################## -# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p1beta1/asset_service.proto deleted file mode 100644 index d5a0d8c..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p1beta1/asset_service.proto +++ /dev/null @@ -1,149 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1p1beta1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/cloud/asset/v1p1beta1/assets.proto"; - -option csharp_namespace = "Google.Cloud.Asset.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p1beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetServiceProto"; -option java_package = "com.google.cloud.asset.v1p1beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p1beta1"; - -// Asset service definition. -service AssetService { - option (google.api.default_host) = "cloudasset.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Searches all the resources under a given accessible CRM scope - // (project/folder/organization). This RPC gives callers - // especially admins the ability to search all the resources under a scope, - // even if they don't have .get permission of all the resources. Callers - // should have cloud.assets.SearchAllResources permission on the requested - // scope, otherwise it will be rejected. - rpc SearchAllResources(SearchAllResourcesRequest) returns (SearchAllResourcesResponse) { - option (google.api.http) = { - get: "/v1p1beta1/{scope=*/*}/resources:searchAll" - }; - option (google.api.method_signature) = "scope,query,asset_types"; - } - - // Searches all the IAM policies under a given accessible CRM scope - // (project/folder/organization). This RPC gives callers - // especially admins the ability to search all the IAM policies under a scope, - // even if they don't have .getIamPolicy permission of all the IAM policies. - // Callers should have cloud.assets.SearchAllIamPolicies permission on the - // requested scope, otherwise it will be rejected. - rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest) returns (SearchAllIamPoliciesResponse) { - option (google.api.http) = { - get: "/v1p1beta1/{scope=*/*}/iamPolicies:searchAll" - }; - option (google.api.method_signature) = "scope,query"; - } -} - -// Search all resources request. -message SearchAllResourcesRequest { - // Required. The relative name of an asset. The search is limited to the resources - // within the `scope`. The allowed value must be: - // * Organization number (such as "organizations/123") - // * Folder number(such as "folders/1234") - // * Project number (such as "projects/12345") - // * Project id (such as "projects/abc") - string scope = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. The query statement. - string query = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A list of asset types that this request searches for. If empty, it will - // search all the supported asset types. - repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The page size for search result pagination. Page size is capped at 500 even - // if a larger value is given. If set to zero, server will pick an appropriate - // default. Returned results may be fewer than requested. When this happens, - // there could be more results as long as `next_page_token` is returned. - int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If present, then retrieve the next batch of results from the preceding call - // to this method. `page_token` must be the value of `next_page_token` from - // the previous response. The values of all other method parameters, must be - // identical to those in the previous call. - string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. A comma separated list of fields specifying the sorting order of the - // results. The default order is ascending. Add " desc" after the field name - // to indicate descending order. Redundant space characters are ignored. For - // example, " foo , bar desc ". - string order_by = 10 [(google.api.field_behavior) = OPTIONAL]; -} - -// Search all resources response. -message SearchAllResourcesResponse { - // A list of resource that match the search query. - repeated StandardResourceMetadata results = 1; - - // If there are more results than those appearing in this response, then - // `next_page_token` is included. To get the next set of results, call this - // method again using the value of `next_page_token` as `page_token`. - string next_page_token = 2; -} - -// Search all IAM policies request. -message SearchAllIamPoliciesRequest { - // Required. The relative name of an asset. The search is limited to the resources - // within the `scope`. The allowed value must be: - // * Organization number (such as "organizations/123") - // * Folder number(such as "folders/1234") - // * Project number (such as "projects/12345") - // * Project id (such as "projects/abc") - string scope = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. The query statement. - // Examples: - // * "policy:myuser@mydomain.com" - // * "policy:(myuser@mydomain.com viewer)" - string query = 2 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. The page size for search result pagination. Page size is capped at 500 even - // if a larger value is given. If set to zero, server will pick an appropriate - // default. Returned results may be fewer than requested. When this happens, - // there could be more results as long as `next_page_token` is returned. - int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; - - // Optional. If present, retrieve the next batch of results from the preceding call to - // this method. `page_token` must be the value of `next_page_token` from the - // previous response. The values of all other method parameters must be - // identical to those in the previous call. - string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; -} - -// Search all IAM policies response. -message SearchAllIamPoliciesResponse { - // A list of IamPolicy that match the search query. Related information such - // as the associated resource is returned along with the policy. - repeated IamPolicySearchResult results = 1; - - // Set if there are more results than those appearing in this response; to get - // the next set of results, call this method again, using this value as the - // `page_token`. - string next_page_token = 2; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p1beta1/assets.proto deleted file mode 100644 index c0ac140..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p1beta1/assets.proto +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1p1beta1; - -import "google/iam/v1/policy.proto"; - -option cc_enable_arenas = true; -option csharp_namespace = "Google.Cloud.Asset.V1P1Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p1beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetProto"; -option java_package = "com.google.cloud.asset.v1p1beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p1beta1"; - -// The standard metadata of a cloud resource. -message StandardResourceMetadata { - // The full resource name. For example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string name = 1; - - // The type of this resource. - // For example: "compute.googleapis.com/Disk". - string asset_type = 2; - - // The project that this resource belongs to, in the form of - // `projects/{project_number}`. - string project = 3; - - // The display name of this resource. - string display_name = 4; - - // One or more paragraphs of text description of this resource. Maximum length - // could be up to 1M bytes. - string description = 5; - - // Additional searchable attributes of this resource. - // Informational only. The exact set of attributes is subject to change. - // For example: project id, DNS name etc. - repeated string additional_attributes = 10; - - // Location can be "global", regional like "us-east1", or zonal like - // "us-west1-b". - string location = 11; - - // Labels associated with this resource. See [Labelling and grouping GCP - // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) - // for more information. - map<string, string> labels = 12; - - // Network tags associated with this resource. Like labels, network tags are a - // type of annotations used to group GCP resources. See [Labelling GCP - // resources](lhttps://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) - // for more information. - repeated string network_tags = 13; -} - -// The result for a IAM Policy search. -message IamPolicySearchResult { - // Explanation about the IAM policy search result. - message Explanation { - // The map from roles to their included permission matching the permission - // query (e.g. containing `policy.role.permissions:`). A sample role string: - // "roles/compute.instanceAdmin". The roles can also be found in the - // returned `policy` bindings. Note that the map is populated only if - // requesting with a permission query. - map<string, Permissions> matched_permissions = 1; - } - - // The [full resource - // name](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // of the resource associated with this IAM policy. - string resource = 1; - - // The project that the associated GCP resource belongs to, in the form of - // `projects/{project_number}`. If an IAM policy is set on a resource (like VM - // instance, Cloud Storage bucket), the project field will indicate the - // project that contains the resource. If an IAM policy is set on a folder or - // orgnization, the project field will be empty. - string project = 3; - - // The IAM policy directly set on the given resource. Note that the original - // IAM policy can contain multiple bindings. This only contains the bindings - // that match the given query. For queries that don't contain a constrain on - // policies (e.g. an empty query), this contains all the bindings. - google.iam.v1.Policy policy = 4; - - // Explanation about the IAM policy search result. It contains additional - // information to explain why the search result matches the query. - Explanation explanation = 5; -} - -// IAM permissions -message Permissions { - // A list of permissions. A sample permission string: "compute.disk.get". - repeated string permissions = 1; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_gapic.yaml deleted file mode 100644 index 0bcb880..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_gapic.yaml +++ /dev/null @@ -1,2 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_grpc_service_config.json deleted file mode 100755 index 2c59164..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_grpc_service_config.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "methodConfig": [ - { - "name": [ - { - "service": "google.cloud.asset.v1p1beta1.AssetService", - "method": "SearchAllResources" - }, - { - "service": "google.cloud.asset.v1p1beta1.AssetService", - "method": "SearchAllIamPolicies" - } - ], - "timeout": "15s", - "retryPolicy": { - "maxAttempts": 5, - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "DEADLINE_EXCEEDED", - "UNAVAILABLE" - ] - } - } - ] -} diff --git a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml deleted file mode 100644 index 74aad50..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p1beta1/cloudasset_v1p1beta1.yaml +++ /dev/null @@ -1,44 +0,0 @@ -type: google.api.Service -config_version: 3 -name: cloudasset.googleapis.com -title: Cloud Asset API - -apis: -- name: google.cloud.asset.v1p1beta1.AssetService - -documentation: - summary: The cloud asset API manages the history and inventory of cloud resources. - overview: |- - # Cloud Asset API - - The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset - metadata, and allows GCP users to download a dump of all asset metadata - for the resource types listed below within an organization or a project at - a given timestamp. - - Read more documents here: - https://cloud.google.com/asset-inventory/docs - -backend: - rules: - - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllIamPolicies - deadline: 600.0 - - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllResources - deadline: 600.0 - - selector: google.longrunning.Operations.GetOperation - deadline: 60.0 - -authentication: - rules: - - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllIamPolicies - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform - - selector: google.cloud.asset.v1p1beta1.AssetService.SearchAllResources - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform - - selector: google.longrunning.Operations.GetOperation - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p2beta1/BUILD.bazel deleted file mode 100644 index bc42348..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p2beta1/BUILD.bazel +++ /dev/null @@ -1,355 +0,0 @@ -# This file was automatically generated by BuildFileGenerator - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - -proto_library( - name = "asset_proto", - srcs = [ - "asset_service.proto", - "assets.proto", - ], - deps = [ - "//google/api:annotations_proto", - "//google/api:client_proto", - "//google/api:field_behavior_proto", - "//google/api:resource_proto", - "//google/iam/v1:policy_proto", - "//google/longrunning:operations_proto", - "@com_google_protobuf//:any_proto", - "@com_google_protobuf//:empty_proto", - "@com_google_protobuf//:field_mask_proto", - "@com_google_protobuf//:struct_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) - -proto_library_with_info( - name = "asset_proto_with_info", - deps = [ - ":asset_proto", - "//google/cloud:common_resources_proto", - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_gapic_assembly_gradle_pkg", - "java_gapic_library", - "java_gapic_test", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "asset_java_proto", - deps = [":asset_proto"], -) - -java_grpc_library( - name = "asset_java_grpc", - srcs = [":asset_proto"], - deps = [":asset_java_proto"], -) - -java_gapic_library( - name = "asset_java_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - test_deps = [ - ":asset_java_grpc", - "//google/iam/v1:iam_java_grpc", - ], - transport = "grpc+rest", - deps = [ - ":asset_java_proto", - "//google/iam/v1:iam_java_proto", - ], -) - -java_gapic_test( - name = "asset_java_gapic_test_suite", - test_classes = [ - "com.google.cloud.asset.v1p2beta1.AssetServiceClientHttpJsonTest", - "com.google.cloud.asset.v1p2beta1.AssetServiceClientTest", - ], - runtime_deps = [":asset_java_gapic_test"], -) - -# Open Source Packages -java_gapic_assembly_gradle_pkg( - name = "google-cloud-asset-v1p2beta1-java", - include_samples = True, - transport = "grpc+rest", - deps = [ - ":asset_java_gapic", - ":asset_java_grpc", - ":asset_java_proto", - ":asset_proto", - ], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_gapic_assembly_pkg", - "go_gapic_library", - "go_proto_library", - "go_test", -) - -go_proto_library( - name = "asset_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1", - protos = [":asset_proto"], - deps = [ - "//google/api:annotations_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/longrunning:longrunning_go_proto", - ], -) - -go_gapic_library( - name = "asset_go_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - importpath = "cloud.google.com/go/asset/apiv1p2beta1;asset", - service_yaml = "cloudasset_v1p2beta1.yaml", - transport = "grpc+rest", - deps = [ - ":asset_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/longrunning:longrunning_go_proto", - "@com_google_cloud_go//longrunning:go_default_library", - "@com_google_cloud_go//longrunning/autogen:go_default_library", - "@io_bazel_rules_go//proto/wkt:any_go_proto", - "@io_bazel_rules_go//proto/wkt:struct_go_proto", - ], -) - -go_test( - name = "asset_go_gapic_test", - srcs = [":asset_go_gapic_srcjar_test"], - embed = [":asset_go_gapic"], - importpath = "cloud.google.com/go/asset/apiv1p2beta1", -) - -# Open Source Packages -go_gapic_assembly_pkg( - name = "gapi-cloud-asset-v1p2beta1-go", - deps = [ - ":asset_go_gapic", - ":asset_go_gapic_srcjar-test.srcjar", - ":asset_go_proto", - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "py_gapic_assembly_pkg", - "py_gapic_library", - "py_test", -) - -py_gapic_library( - name = "asset_py_gapic", - srcs = [":asset_proto"], - grpc_service_config = "cloudasset_grpc_service_config.json", - transport = "grpc", - deps = [ - "//google/iam/v1:iam_policy_py_proto", - ], -) - -py_test( - name = "asset_py_gapic_test", - srcs = [ - "asset_py_gapic_pytest.py", - "asset_py_gapic_test.py", - ], - legacy_create_init = False, - deps = [":asset_py_gapic"], -) - -py_gapic_assembly_pkg( - name = "asset-v1p2beta1-py", - deps = [ - ":asset_py_gapic", - ], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_gapic_assembly_pkg", - "php_gapic_library", - "php_grpc_library", - "php_proto_library", -) - -php_proto_library( - name = "asset_php_proto", - deps = [":asset_proto"], -) - -php_grpc_library( - name = "asset_php_grpc", - srcs = [":asset_proto"], - deps = [":asset_php_proto"], -) - -php_gapic_library( - name = "asset_php_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - deps = [ - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -# Open Source Packages -php_gapic_assembly_pkg( - name = "google-cloud-asset-v1p2beta1-php", - deps = [ - ":asset_php_gapic", - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -############################################################################## -# Node.js -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "nodejs_gapic_assembly_pkg", - "nodejs_gapic_library", -) - -nodejs_gapic_library( - name = "asset_nodejs_gapic", - package_name = "@google-cloud/asset", - src = ":asset_proto_with_info", - extra_protoc_parameters = ["metadata"], - grpc_service_config = "cloudasset_grpc_service_config.json", - package = "google.cloud.asset.v1p2beta1", - service_yaml = "cloudasset_v1p2beta1.yaml", - deps = [], -) - -nodejs_gapic_assembly_pkg( - name = "asset-v1p2beta1-nodejs", - deps = [ - ":asset_nodejs_gapic", - ":asset_proto", - ], -) - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "asset_ruby_proto", - deps = [":asset_proto"], -) - -ruby_grpc_library( - name = "asset_ruby_grpc", - srcs = [":asset_proto"], - deps = [":asset_ruby_proto"], -) - -ruby_cloud_gapic_library( - name = "asset_ruby_gapic", - srcs = [":asset_proto_with_info"], - extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p2beta1"], - deps = [ - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -# Open Source Packages -ruby_gapic_assembly_pkg( - name = "google-cloud-asset-v1p2beta1-ruby", - deps = [ - ":asset_ruby_gapic", - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_gapic_assembly_pkg", - "csharp_gapic_library", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "asset_csharp_proto", - deps = [":asset_proto"], -) - -csharp_grpc_library( - name = "asset_csharp_grpc", - srcs = [":asset_proto"], - deps = [":asset_csharp_proto"], -) - -# Invalid C# namespaces, cannot build. -# csharp_gapic_library( -# name = "asset_csharp_gapic", -# srcs = [":asset_proto_with_info"], -# grpc_service_config = "cloudasset_grpc_service_config.json", -# common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", -# deps = [ -# ":asset_csharp_grpc", -# ":asset_csharp_proto", -# ], -# ) - -# # Open Source Packages -# csharp_gapic_assembly_pkg( -# name = "google-cloud-asset-v1p2beta1-csharp", -# deps = [ -# ":asset_csharp_gapic", -# ":asset_csharp_grpc", -# ":asset_csharp_proto", -# ], -# ) - -############################################################################## -# C++ -############################################################################## -# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p2beta1/asset_service.proto deleted file mode 100644 index 92f285f..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p2beta1/asset_service.proto +++ /dev/null @@ -1,259 +0,0 @@ -// Copyright 2019 Google LLC. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -syntax = "proto3"; - -package google.cloud.asset.v1p2beta1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/asset/v1p2beta1/assets.proto"; -import "google/protobuf/empty.proto"; -import "google/protobuf/field_mask.proto"; - -option csharp_namespace = "Google.Cloud.Asset.V1p2Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetServiceProto"; -option java_package = "com.google.cloud.asset.v1p2beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p2beta1"; - -// Asset service definition. -service AssetService { - option (google.api.default_host) = "cloudasset.googleapis.com"; - option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - - // Creates a feed in a parent project/folder/organization to listen to its - // asset updates. - rpc CreateFeed(CreateFeedRequest) returns (Feed) { - option (google.api.http) = { - post: "/v1p2beta1/{parent=*/*}/feeds" - body: "*" - }; - option (google.api.method_signature) = "parent"; - } - - // Gets details about an asset feed. - rpc GetFeed(GetFeedRequest) returns (Feed) { - option (google.api.http) = { - get: "/v1p2beta1/{name=*/*/feeds/*}" - }; - option (google.api.method_signature) = "name"; - } - - // Lists all asset feeds in a parent project/folder/organization. - rpc ListFeeds(ListFeedsRequest) returns (ListFeedsResponse) { - option (google.api.http) = { - get: "/v1p2beta1/{parent=*/*}/feeds" - }; - option (google.api.method_signature) = "parent"; - } - - // Updates an asset feed configuration. - rpc UpdateFeed(UpdateFeedRequest) returns (Feed) { - option (google.api.http) = { - patch: "/v1p2beta1/{feed.name=*/*/feeds/*}" - body: "*" - }; - option (google.api.method_signature) = "feed"; - } - - // Deletes an asset feed. - rpc DeleteFeed(DeleteFeedRequest) returns (google.protobuf.Empty) { - option (google.api.http) = { - delete: "/v1p2beta1/{name=*/*/feeds/*}" - }; - option (google.api.method_signature) = "name"; - } -} - -// Create asset feed request. -message CreateFeedRequest { - // Required. The name of the project/folder/organization where this feed - // should be created in. It can only be an organization number (such as - // "organizations/123"), a folder number (such as "folders/123"), a project ID - // (such as "projects/my-project-id")", or a project number (such as - // "projects/12345"). - string parent = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. This is the client-assigned asset feed identifier and it needs to - // be unique under a specific parent project/folder/organization. - string feed_id = 2 [(google.api.field_behavior) = REQUIRED]; - - // Required. The feed details. The field `name` must be empty and it will be generated - // in the format of: - // projects/project_number/feeds/feed_id - // folders/folder_number/feeds/feed_id - // organizations/organization_number/feeds/feed_id - Feed feed = 3 [(google.api.field_behavior) = REQUIRED]; -} - -// Get asset feed request. -message GetFeedRequest { - // Required. The name of the Feed and it must be in the format of: - // projects/project_number/feeds/feed_id - // folders/folder_number/feeds/feed_id - // organizations/organization_number/feeds/feed_id - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudasset.googleapis.com/Feed" - } - ]; -} - -// List asset feeds request. -message ListFeedsRequest { - // Required. The parent project/folder/organization whose feeds are to be - // listed. It can only be using project/folder/organization number (such as - // "folders/12345")", or a project ID (such as "projects/my-project-id"). - string parent = 1 [(google.api.field_behavior) = REQUIRED]; -} - -message ListFeedsResponse { - // A list of feeds. - repeated Feed feeds = 1; -} - -// Update asset feed request. -message UpdateFeedRequest { - // Required. The new values of feed details. It must match an existing feed and the - // field `name` must be in the format of: - // projects/project_number/feeds/feed_id or - // folders/folder_number/feeds/feed_id or - // organizations/organization_number/feeds/feed_id. - Feed feed = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. Only updates the `feed` fields indicated by this mask. - // The field mask must not be empty, and it must not contain fields that - // are immutable or only set by the server. - google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; -} - -message DeleteFeedRequest { - // Required. The name of the feed and it must be in the format of: - // projects/project_number/feeds/feed_id - // folders/folder_number/feeds/feed_id - // organizations/organization_number/feeds/feed_id - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "cloudasset.googleapis.com/Feed" - } - ]; -} - -// Output configuration for export assets destination. -message OutputConfig { - // Asset export destination. - oneof destination { - // Destination on Cloud Storage. - GcsDestination gcs_destination = 1; - } -} - -// A Cloud Storage location. -message GcsDestination { - // Required. - oneof object_uri { - // The uri of the Cloud Storage object. It's the same uri that is used by - // gsutil. For example: "gs://bucket_name/object_name". See [Viewing and - // Editing Object - // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) - // for more information. - string uri = 1; - } -} - -// A Cloud Pubsub destination. -message PubsubDestination { - // The name of the Cloud Pub/Sub topic to publish to. - // For example: `projects/PROJECT_ID/topics/TOPIC_ID`. - string topic = 1; -} - -// Output configuration for asset feed destination. -message FeedOutputConfig { - // Asset feed destination. - oneof destination { - // Destination on Cloud Pubsub. - PubsubDestination pubsub_destination = 1; - } -} - -// An asset feed used to export asset updates to a destinations. -// An asset feed filter controls what updates are exported. -// The asset feed must be created within a project, organization, or -// folder. Supported destinations are: -// Cloud Pub/Sub topics. -message Feed { - option (google.api.resource) = { - type: "cloudasset.googleapis.com/Feed" - pattern: "projects/{project}/feeds/{feed}" - pattern: "folders/{folder}/feeds/{feed}" - pattern: "organizations/{organization}/feeds/{feed}" - history: ORIGINALLY_SINGLE_PATTERN - }; - - // Required. The format will be - // projects/{project_number}/feeds/{client-assigned_feed_identifier} or - // folders/{folder_number}/feeds/{client-assigned_feed_identifier} or - // organizations/{organization_number}/feeds/{client-assigned_feed_identifier} - // - // The client-assigned feed identifier must be unique within the parent - // project/folder/organization. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // A list of the full names of the assets to receive updates. You must specify - // either or both of asset_names and asset_types. Only asset updates matching - // specified asset_names and asset_types are exported to the feed. For - // example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more info. - repeated string asset_names = 2; - - // A list of types of the assets to receive updates. You must specify either - // or both of asset_names and asset_types. Only asset updates matching - // specified asset_names and asset_types are exported to the feed. - // For example: - // "compute.googleapis.com/Disk" See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) - // for all supported asset types. - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name and - // type will be returned. - ContentType content_type = 4; - - // Required. Feed output configuration defining where the asset updates are - // published to. - FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED]; -} - -// Asset content type. -enum ContentType { - // Unspecified content type. - CONTENT_TYPE_UNSPECIFIED = 0; - - // Resource metadata. - RESOURCE = 1; - - // The actual IAM policy set on a resource. - IAM_POLICY = 2; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p2beta1/assets.proto deleted file mode 100644 index bc2a9c5..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p2beta1/assets.proto +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2019 Google LLC. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -syntax = "proto3"; - -package google.cloud.asset.v1p2beta1; - -import "google/iam/v1/policy.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option cc_enable_arenas = true; -option csharp_namespace = "Google.Cloud.Asset.v1p2beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetProto"; -option java_package = "com.google.cloud.asset.v1p2beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p2beta1"; - -// Temporal asset. In addition to the asset, the temporal asset includes the -// status of the asset and valid from and to time of it. -message TemporalAsset { - // The time window when the asset data and state was observed. - TimeWindow window = 1; - - // If the asset is deleted or not. - bool deleted = 2; - - // Asset. - Asset asset = 3; -} - -// A time window of (start_time, end_time]. -message TimeWindow { - // Start time of the time window (exclusive). - google.protobuf.Timestamp start_time = 1; - - // End time of the time window (inclusive). - // Current timestamp if not specified. - google.protobuf.Timestamp end_time = 2; -} - -// Cloud asset. This includes all Google Cloud Platform resources, -// Cloud IAM policies, and other non-GCP assets. -message Asset { - // The full name of the asset. For example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string name = 1; - - // Type of the asset. Example: "compute.googleapis.com/Disk". - string asset_type = 2; - - // Representation of the resource. - Resource resource = 3; - - // Representation of the actual Cloud IAM policy set on a cloud resource. For - // each resource, there must be at most one Cloud IAM policy set on it. - google.iam.v1.Policy iam_policy = 4; - - // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, - // represented as a list of relative resource names. Ancestry path starts with - // the closest CRM ancestor and ends at root. If the asset is a CRM - // project/folder/organization, this starts from the asset itself. - // - // Example: ["projects/123456789", "folders/5432", "organizations/1234"] - repeated string ancestors = 6; -} - -// Representation of a cloud resource. -message Resource { - // The API version. Example: "v1". - string version = 1; - - // The URL of the discovery document containing the resource's JSON schema. - // For example: - // `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. - // It will be left unspecified for resources without a discovery-based API, - // such as Cloud Bigtable. - string discovery_document_uri = 2; - - // The JSON schema name listed in the discovery document. - // Example: "Project". It will be left unspecified for resources (such as - // Cloud Bigtable) without a discovery-based API. - string discovery_name = 3; - - // The REST URL for accessing the resource. An HTTP GET operation using this - // URL returns the resource itself. - // Example: - // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. - // It will be left unspecified for resources without a REST API. - string resource_url = 4; - - // The full name of the immediate parent of this resource. See - // [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - // - // For GCP assets, it is the parent resource defined in the [Cloud IAM policy - // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). - // For example: - // `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. - // - // For third-party assets, it is up to the users to define. - string parent = 5; - - // The content of the resource, in which some sensitive fields are scrubbed - // away and may not be present. - google.protobuf.Struct data = 6; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml deleted file mode 100644 index 0bcb880..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml +++ /dev/null @@ -1,2 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json deleted file mode 100755 index 7e71470..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "methodConfig": [ - { - "name": [ - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "CreateFeed" - }, - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "UpdateFeed" - } - ], - "timeout": "60s" - }, - { - "name": [ - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "GetFeed" - }, - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "ListFeeds" - }, - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "DeleteFeed" - } - ], - "timeout": "60s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "DEADLINE_EXCEEDED", - "UNAVAILABLE" - ] - } - } - ] -} diff --git a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml deleted file mode 100644 index 19bc881..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml +++ /dev/null @@ -1,38 +0,0 @@ -type: google.api.Service -config_version: 3 -name: cloudasset.googleapis.com -title: Cloud Asset API - -apis: -- name: google.cloud.asset.v1p2beta1.AssetService - -documentation: - summary: The cloud asset API manages the history and inventory of cloud resources. - overview: |- - # Cloud Asset API - - The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset - metadata, and allows GCP users to download a dump of all asset metadata - for the resource types listed below within an organization or a project at - a given timestamp. - - Read more documents here: - https://cloud.google.com/asset-inventory/docs - -backend: - rules: - - selector: 'google.cloud.asset.v1p2beta1.AssetService.*' - deadline: 600.0 - - selector: google.longrunning.Operations.GetOperation - deadline: 60.0 - -authentication: - rules: - - selector: 'google.cloud.asset.v1p2beta1.AssetService.*' - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform - - selector: google.longrunning.Operations.GetOperation - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p5beta1/BUILD.bazel deleted file mode 100644 index 64bbc1b..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p5beta1/BUILD.bazel +++ /dev/null @@ -1,353 +0,0 @@ -# This file was automatically generated by BuildFileGenerator - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - -proto_library( - name = "asset_proto", - srcs = [ - "asset_service.proto", - "assets.proto", - ], - deps = [ - "//google/api:annotations_proto", - "//google/api:client_proto", - "//google/api:field_behavior_proto", - "//google/api:resource_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_proto", - "//google/iam/v1:policy_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_proto", - "@com_google_protobuf//:any_proto", - "@com_google_protobuf//:struct_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) - -proto_library_with_info( - name = "asset_proto_with_info", - deps = [ - ":asset_proto", - "//google/cloud:common_resources_proto", - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_gapic_assembly_gradle_pkg", - "java_gapic_library", - "java_gapic_test", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "asset_java_proto", - deps = [":asset_proto"], -) - -java_grpc_library( - name = "asset_java_grpc", - srcs = [":asset_proto"], - deps = [":asset_java_proto"], -) - -java_gapic_library( - name = "asset_java_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - test_deps = [ - ":asset_java_grpc", - "//google/iam/v1:iam_java_grpc", - ], - transport = "grpc+rest", - deps = [ - ":asset_java_proto", - "//google/iam/v1:iam_java_proto", - ], -) - -java_gapic_test( - name = "asset_java_gapic_test_suite", - test_classes = [ - "com.google.cloud.asset.v1p5beta1.AssetServiceClientHttpJsonTest", - "com.google.cloud.asset.v1p5beta1.AssetServiceClientTest", - ], - runtime_deps = [":asset_java_gapic_test"], -) - -# Open Source Packages -java_gapic_assembly_gradle_pkg( - name = "google-cloud-asset-v1p5beta1-java", - include_samples = True, - transport = "grpc+rest", - deps = [ - ":asset_java_gapic", - ":asset_java_grpc", - ":asset_java_proto", - ":asset_proto", - ], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_gapic_assembly_pkg", - "go_gapic_library", - "go_proto_library", - "go_test", -) - -go_proto_library( - name = "asset_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1", - protos = [":asset_proto"], - deps = [ - "//google/api:annotations_go_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_go_proto", - ], -) - -go_gapic_library( - name = "asset_go_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - importpath = "cloud.google.com/go/asset/apiv1p5beta1;asset", - service_yaml = "cloudasset_v1p5beta1.yaml", - transport = "grpc+rest", - deps = [ - ":asset_go_proto", - "//google/iam/v1:iam_go_proto", - ], -) - -go_test( - name = "asset_go_gapic_test", - srcs = [":asset_go_gapic_srcjar_test"], - embed = [":asset_go_gapic"], - importpath = "cloud.google.com/go/asset/apiv1p5beta1", -) - -# Open Source Packages -go_gapic_assembly_pkg( - name = "gapi-cloud-asset-v1p5beta1-go", - deps = [ - ":asset_go_gapic", - ":asset_go_gapic_srcjar-test.srcjar", - ":asset_go_proto", - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "py_gapic_assembly_pkg", - "py_gapic_library", - "py_test", -) - -py_gapic_library( - name = "asset_py_gapic", - srcs = [":asset_proto"], - grpc_service_config = "cloudasset_grpc_service_config.json", - transport = "grpc", - deps = [ - "//google/cloud/orgpolicy/v1:orgpolicy_py_original_proto", - "//google/iam/v1:iam_policy_py_proto", - "//google/identity/accesscontextmanager/v1:access_level_py_proto", - "//google/identity/accesscontextmanager/v1:access_policy_py_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_py_gapic", - "//google/identity/accesscontextmanager/v1:service_perimeter_py_proto", - ], -) - -py_test( - name = "asset_py_gapic_test", - srcs = [ - "asset_py_gapic_pytest.py", - "asset_py_gapic_test.py", - ], - legacy_create_init = False, - deps = [":asset_py_gapic"], -) - -py_gapic_assembly_pkg( - name = "asset-v1p5beta1-py", - deps = [ - ":asset_py_gapic", - ], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_gapic_assembly_pkg", - "php_gapic_library", - "php_grpc_library", - "php_proto_library", -) - -php_proto_library( - name = "asset_php_proto", - deps = [":asset_proto"], -) - -php_grpc_library( - name = "asset_php_grpc", - srcs = [":asset_proto"], - deps = [":asset_php_proto"], -) - -php_gapic_library( - name = "asset_php_gapic", - srcs = [":asset_proto_with_info"], - deps = [ - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -# Open Source Packages -php_gapic_assembly_pkg( - name = "google-cloud-asset-v1p5beta1-php", - deps = [ - ":asset_php_gapic", - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -############################################################################## -# Node.js -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "nodejs_gapic_assembly_pkg", - "nodejs_gapic_library", -) - -nodejs_gapic_library( - name = "asset_nodejs_gapic", - src = ":asset_proto_with_info", - extra_protoc_parameters = ["metadata"], - gapic_yaml = "cloudasset_gapic.yaml", - package = "google.cloud.asset.v1p5beta1", - service_yaml = "cloudasset_v1p5beta1.yaml", - deps = [], -) - -nodejs_gapic_assembly_pkg( - name = "asset-v1p5beta1-nodejs", - deps = [ - ":asset_nodejs_gapic", - ":asset_proto", - ], -) - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "asset_ruby_proto", - deps = [":asset_proto"], -) - -ruby_grpc_library( - name = "asset_ruby_grpc", - srcs = [":asset_proto"], - deps = [":asset_ruby_proto"], -) - -ruby_cloud_gapic_library( - name = "asset_ruby_gapic", - srcs = [":asset_proto_with_info"], - extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p5beta1"], - deps = [ - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -# Open Source Packages -ruby_gapic_assembly_pkg( - name = "google-cloud-asset-v1p5beta1-ruby", - deps = [ - ":asset_ruby_gapic", - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_gapic_assembly_pkg", - "csharp_gapic_library", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "asset_csharp_proto", - deps = [":asset_proto"], -) - -csharp_grpc_library( - name = "asset_csharp_grpc", - srcs = [":asset_proto"], - deps = [":asset_csharp_proto"], -) - -# Invalid C# namespaces, cannot build. -# csharp_gapic_library( -# name = "asset_csharp_gapic", -# srcs = [":asset_proto_with_info"], -# grpc_service_config = "cloudasset_grpc_service_config.json", -# common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", -# deps = [ -# ":asset_csharp_grpc", -# ":asset_csharp_proto", -# ], -# ) - -# # Open Source Packages -# csharp_gapic_assembly_pkg( -# name = "google-cloud-asset-v1p5beta1-csharp", -# deps = [ -# ":asset_csharp_gapic", -# ":asset_csharp_grpc", -# ":asset_csharp_proto", -# ], -# ) - -############################################################################## -# C++ -############################################################################## -# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p5beta1/asset_service.proto deleted file mode 100644 index 52233ad..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p5beta1/asset_service.proto +++ /dev/null @@ -1,112 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1p5beta1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/cloud/asset/v1p5beta1/assets.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.Asset.V1P5Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetServiceProto"; -option java_package = "com.google.cloud.asset.v1p5beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1"; - -// Asset service definition. -service AssetService { - option (google.api.default_host) = "cloudasset.googleapis.com"; - option (google.api.oauth_scopes) = - "https://www.googleapis.com/auth/cloud-platform"; - - // Lists assets with time and resource types and returns paged results in - // response. - rpc ListAssets(ListAssetsRequest) returns (ListAssetsResponse) { - option (google.api.http) = { - get: "/v1p5beta1/{parent=*/*}/assets" - }; - } -} - -// ListAssets request. -message ListAssetsRequest { - // Required. Name of the organization or project the assets belong to. Format: - // "organizations/[organization-number]" (such as "organizations/123"), - // "projects/[project-number]" (such as "projects/my-project-id"), or - // "projects/[project-id]" (such as "projects/12345"). - string parent = 1 [(google.api.field_behavior) = REQUIRED]; - - // Timestamp to take an asset snapshot. This can only be set to a timestamp - // between 2018-10-02 UTC (inclusive) and the current time. If not specified, - // the current time will be used. Due to delays in resource data collection - // and indexing, there is a volatile window during which running the same - // query may get different results. - google.protobuf.Timestamp read_time = 2; - - // A list of asset types of which to take a snapshot for. For example: - // "compute.googleapis.com/Disk". If specified, only matching assets will be - // returned. See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) - // for all supported asset types. - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name will - // be returned. - ContentType content_type = 4; - - // The maximum number of assets to be returned in a single response. Default - // is 100, minimum is 1, and maximum is 1000. - int32 page_size = 5; - - // The `next_page_token` returned from the previous `ListAssetsResponse`, or - // unspecified for the first `ListAssetsRequest`. It is a continuation of a - // prior `ListAssets` call, and the API should return the next page of assets. - string page_token = 6; -} - -// Asset content type. -enum ContentType { - // Unspecified content type. - CONTENT_TYPE_UNSPECIFIED = 0; - - // Resource metadata. - RESOURCE = 1; - - // The actual IAM policy set on a resource. - IAM_POLICY = 2; - - // The Cloud Organization Policy set on an asset. - ORG_POLICY = 4; - - // The Cloud Access context mananger Policy set on an asset. - ACCESS_POLICY = 5; -} - -// ListAssets response. -message ListAssetsResponse { - // Time the snapshot was taken. - google.protobuf.Timestamp read_time = 1; - - // Assets. - repeated Asset assets = 2; - - // Token to retrieve the next page of results. Set to empty if there are no - // remaining results. - string next_page_token = 3; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p5beta1/assets.proto deleted file mode 100644 index 7ad133a..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p5beta1/assets.proto +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1p5beta1; - -import "google/api/resource.proto"; -import "google/cloud/orgpolicy/v1/orgpolicy.proto"; -import "google/iam/v1/policy.proto"; -import "google/identity/accesscontextmanager/v1/access_level.proto"; -import "google/identity/accesscontextmanager/v1/access_policy.proto"; -import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; -import "google/protobuf/struct.proto"; - -option cc_enable_arenas = true; -option csharp_namespace = "Google.Cloud.Asset.V1p5Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetProto"; -option java_package = "com.google.cloud.asset.v1p5beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1"; - -// Cloud asset. This includes all Google Cloud Platform resources, -// Cloud IAM policies, and other non-GCP assets. -message Asset { - option (google.api.resource) = { - type: "cloudasset.googleapis.com/Asset" - pattern: "*" - }; - - // The full name of the asset. For example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string name = 1; - - // Type of the asset. Example: "compute.googleapis.com/Disk". - string asset_type = 2; - - // Representation of the resource. - Resource resource = 3; - - // Representation of the actual Cloud IAM policy set on a cloud resource. For - // each resource, there must be at most one Cloud IAM policy set on it. - google.iam.v1.Policy iam_policy = 4; - - // Representation of the Cloud Organization Policy set on an asset. For each - // asset, there could be multiple Organization policies with different - // constraints. - repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; - - // Representation of the Cloud Organization access policy. - oneof access_context_policy { - google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; - - google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; - - google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = - 9; - } - - // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, - // represented as a list of relative resource names. Ancestry path starts with - // the closest CRM ancestor and ends at root. If the asset is a CRM - // project/folder/organization, this starts from the asset itself. - // - // Example: ["projects/123456789", "folders/5432", "organizations/1234"] - repeated string ancestors = 10; -} - -// Representation of a cloud resource. -message Resource { - // The API version. Example: "v1". - string version = 1; - - // The URL of the discovery document containing the resource's JSON schema. - // For example: - // `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. - // It will be left unspecified for resources without a discovery-based API, - // such as Cloud Bigtable. - string discovery_document_uri = 2; - - // The JSON schema name listed in the discovery document. - // Example: "Project". It will be left unspecified for resources (such as - // Cloud Bigtable) without a discovery-based API. - string discovery_name = 3; - - // The REST URL for accessing the resource. An HTTP GET operation using this - // URL returns the resource itself. - // Example: - // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. - // It will be left unspecified for resources without a REST API. - string resource_url = 4; - - // The full name of the immediate parent of this resource. See - // [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - // - // For GCP assets, it is the parent resource defined in the [Cloud IAM policy - // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). - // For example: - // `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. - // - // For third-party assets, it is up to the users to define. - string parent = 5; - - // The content of the resource, in which some sensitive fields are scrubbed - // away and may not be present. - google.protobuf.Struct data = 6; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_gapic.yaml deleted file mode 100644 index 0bcb880..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_gapic.yaml +++ /dev/null @@ -1,2 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_grpc_service_config.json deleted file mode 100644 index 3620a5b..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_grpc_service_config.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "methodConfig": [ - { - "name": [ - { - "service": "google.cloud.asset.v1p5beta1.AssetService", - "method": "ListAssets" - } - ], - "timeout": "60s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "DEADLINE_EXCEEDED", - "UNAVAILABLE" - ] - } - } - ] -} diff --git a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml deleted file mode 100644 index 07dbada..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p5beta1/cloudasset_v1p5beta1.yaml +++ /dev/null @@ -1,32 +0,0 @@ -type: google.api.Service -config_version: 3 -name: cloudasset.googleapis.com -title: Cloud Asset API - -apis: -- name: google.cloud.asset.v1p5beta1.AssetService - -documentation: - summary: The cloud asset API manages the history and inventory of cloud resources. - overview: |- - # Cloud Asset API - - The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset - metadata, and allows GCP users to download a dump of all asset metadata - for the resource types listed below within an organization or a project at - a given timestamp. - - Read more documents here: - https://cloud.google.com/asset-inventory/docs - -backend: - rules: - - selector: google.cloud.asset.v1p5beta1.AssetService.ListAssets - deadline: 600.0 - -authentication: - rules: - - selector: google.cloud.asset.v1p5beta1.AssetService.ListAssets - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/BUILD.bazel b/third_party/googleapis/google/cloud/asset/v1p7beta1/BUILD.bazel deleted file mode 100644 index 926cd0d..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p7beta1/BUILD.bazel +++ /dev/null @@ -1,366 +0,0 @@ -# This file was automatically generated by BuildFileGenerator -# https://github.com/googleapis/rules_gapic/tree/master/bazel - -# Most of the manual changes to this file will be overwritten. -# It's **only** allowed to change the following rule attribute values: -# - names of *_gapic_assembly_* rules -# - certain parameters of *_gapic_library rules, including but not limited to: -# * extra_protoc_parameters -# * extra_protoc_file_parameters -# The complete list of preserved parameters can be found in the source code. - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - -proto_library( - name = "asset_proto", - srcs = [ - "asset_service.proto", - "assets.proto", - ], - deps = [ - "//google/api:annotations_proto", - "//google/api:client_proto", - "//google/api:field_behavior_proto", - "//google/api:resource_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_proto", - "//google/cloud/osconfig/v1:osconfig_proto", - "//google/iam/v1:policy_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_proto", - "//google/longrunning:operations_proto", - "@com_google_protobuf//:any_proto", - "@com_google_protobuf//:empty_proto", - "@com_google_protobuf//:field_mask_proto", - "@com_google_protobuf//:struct_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) - -proto_library_with_info( - name = "asset_proto_with_info", - deps = [ - ":asset_proto", - "//google/cloud:common_resources_proto", - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_gapic_assembly_gradle_pkg", - "java_gapic_library", - "java_gapic_test", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "asset_java_proto", - deps = [":asset_proto"], -) - -java_grpc_library( - name = "asset_java_grpc", - srcs = [":asset_proto"], - deps = [":asset_java_proto"], -) - -java_gapic_library( - name = "asset_java_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - test_deps = [ - ":asset_java_grpc", - "//google/iam/v1:iam_java_grpc", - ], - deps = [ - ":asset_java_proto", - "//google/iam/v1:iam_java_proto", - ], -) - -java_gapic_test( - name = "asset_java_gapic_test_suite", - test_classes = [ - "com.google.cloud.asset.v1p7beta1.AssetServiceClientTest", - ], - runtime_deps = [":asset_java_gapic_test"], -) - -# Open Source Packages -java_gapic_assembly_gradle_pkg( - name = "google-cloud-asset-v1p7beta1-java", - transport = "grpc+rest", - deps = [ - ":asset_java_gapic", - ":asset_java_grpc", - ":asset_java_proto", - ":asset_proto", - ], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_gapic_assembly_pkg", - "go_gapic_library", - "go_proto_library", - "go_test", -) - -go_proto_library( - name = "asset_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1", - protos = [":asset_proto"], - deps = [ - "//google/api:annotations_go_proto", - "//google/cloud/orgpolicy/v1:orgpolicy_go_proto", - "//google/cloud/osconfig/v1:osconfig_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/identity/accesscontextmanager/v1:accesscontextmanager_go_proto", - "//google/longrunning:longrunning_go_proto", - ], -) - -go_gapic_library( - name = "asset_go_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - importpath = "cloud.google.com/go/asset/apiv1p7beta1;asset", - metadata = True, - service_yaml = "cloudasset_v1p7beta1.yaml", - deps = [ - ":asset_go_proto", - "//google/iam/v1:iam_go_proto", - "//google/longrunning:longrunning_go_proto", - "@com_google_cloud_go//longrunning:go_default_library", - "@com_google_cloud_go//longrunning/autogen:go_default_library", - "@io_bazel_rules_go//proto/wkt:any_go_proto", - "@io_bazel_rules_go//proto/wkt:struct_go_proto", - ], -) - -go_test( - name = "asset_go_gapic_test", - srcs = [":asset_go_gapic_srcjar_test"], - embed = [":asset_go_gapic"], - importpath = "cloud.google.com/go/asset/apiv1p7beta1", -) - -# Open Source Packages -go_gapic_assembly_pkg( - name = "gapi-cloud-asset-v1p7beta1-go", - deps = [ - ":asset_go_gapic", - ":asset_go_gapic_srcjar-metadata.srcjar", - ":asset_go_gapic_srcjar-test.srcjar", - ":asset_go_proto", - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "py_gapic_assembly_pkg", - "py_gapic_library", -) - -py_gapic_library( - name = "asset_py_gapic", - srcs = [":asset_proto"], - grpc_service_config = "cloudasset_grpc_service_config.json", - transport = "grpc", -) - -# Uncomment once https://github.com/googleapis/gapic-generator-python/issues/1376 is fixed -#py_test( -# name = "asset_py_gapic_test", -# srcs = [ -# "asset_py_gapic_pytest.py", -# "asset_py_gapic_test.py", -# ], -# legacy_create_init = False, -# deps = [":asset_py_gapic"], -#) - -# Open Source Packages -py_gapic_assembly_pkg( - name = "asset-v1p7beta1-py", - deps = [ - ":asset_py_gapic", - ], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_gapic_assembly_pkg", - "php_gapic_library", - "php_grpc_library", - "php_proto_library", -) - -php_proto_library( - name = "asset_php_proto", - deps = [":asset_proto"], -) - -php_grpc_library( - name = "asset_php_grpc", - srcs = [":asset_proto"], - deps = [":asset_php_proto"], -) - -php_gapic_library( - name = "asset_php_gapic", - srcs = [":asset_proto_with_info"], - grpc_service_config = "cloudasset_grpc_service_config.json", - deps = [ - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -# Open Source Packages -php_gapic_assembly_pkg( - name = "google-cloud-asset-v1p7beta1-php", - deps = [ - ":asset_php_gapic", - ":asset_php_grpc", - ":asset_php_proto", - ], -) - -############################################################################## -# Node.js -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "nodejs_gapic_assembly_pkg", - "nodejs_gapic_library", -) - -nodejs_gapic_library( - name = "asset_nodejs_gapic", - package_name = "@google-cloud/asset", - src = ":asset_proto_with_info", - extra_protoc_parameters = ["metadata"], - grpc_service_config = "cloudasset_grpc_service_config.json", - package = "google.cloud.asset.v1p7beta1", - service_yaml = "cloudasset_v1p7beta1.yaml", - deps = [], -) - -nodejs_gapic_assembly_pkg( - name = "asset-v1p7beta1-nodejs", - deps = [ - ":asset_nodejs_gapic", - ":asset_proto", - ], -) - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "asset_ruby_proto", - deps = [":asset_proto"], -) - -ruby_grpc_library( - name = "asset_ruby_grpc", - srcs = [":asset_proto"], - deps = [":asset_ruby_proto"], -) - -ruby_cloud_gapic_library( - name = "asset_ruby_gapic", - srcs = [":asset_proto_with_info"], - extra_protoc_parameters = ["ruby-cloud-gem-name=google-cloud-asset-v1p7beta1"], - deps = [ - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -# Open Source Packages -ruby_gapic_assembly_pkg( - name = "google-cloud-asset-v1p7beta1-ruby", - deps = [ - ":asset_ruby_gapic", - ":asset_ruby_grpc", - ":asset_ruby_proto", - ], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_gapic_assembly_pkg", - "csharp_gapic_library", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "asset_csharp_proto", - deps = [":asset_proto"], -) - -csharp_grpc_library( - name = "asset_csharp_grpc", - srcs = [":asset_proto"], - deps = [":asset_csharp_proto"], -) - -# Invalid C# namespaces, cannot build. -# csharp_gapic_library( -# name = "asset_csharp_gapic", -# srcs = [":asset_proto_with_info"], -# common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", -# grpc_service_config = "cloudasset_grpc_service_config.json", -# deps = [ -# ":asset_csharp_grpc", -# ":asset_csharp_proto", -# ], -# ) - -# # Open Source Packages -# csharp_gapic_assembly_pkg( -# name = "google-cloud-asset-v1p7beta1-csharp", -# deps = [ -# ":asset_csharp_gapic", -# ":asset_csharp_grpc", -# ":asset_csharp_proto", -# ], -# ) - -############################################################################## -# C++ -############################################################################## -# Put your C++ rules here diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/asset_service.proto b/third_party/googleapis/google/cloud/asset/v1p7beta1/asset_service.proto deleted file mode 100644 index 18fcff6..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p7beta1/asset_service.proto +++ /dev/null @@ -1,313 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1p7beta1; - -import "google/api/annotations.proto"; -import "google/api/client.proto"; -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/cloud/asset/v1p7beta1/assets.proto"; -import "google/longrunning/operations.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.Asset.V1P7Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetServiceProto"; -option java_package = "com.google.cloud.asset.v1p7beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1"; - -// Asset service definition. -service AssetService { - option (google.api.default_host) = "cloudasset.googleapis.com"; - option (google.api.oauth_scopes) = - "https://www.googleapis.com/auth/cloud-platform"; - - // Exports assets with time and resource types to a given Cloud Storage - // location/BigQuery table. For Cloud Storage location destinations, the - // output format is newline-delimited JSON. Each line represents a - // [google.cloud.asset.v1p7beta1.Asset][google.cloud.asset.v1p7beta1.Asset] in - // the JSON format; for BigQuery table destinations, the output table stores - // the fields in asset proto as columns. This API implements the - // [google.longrunning.Operation][google.longrunning.Operation] API , which - // allows you to keep track of the export. We recommend intervals of at least - // 2 seconds with exponential retry to poll the export operation result. For - // regular-size resource parent, the export operation usually finishes within - // 5 minutes. - rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1p7beta1/{parent=*/*}:exportAssets" - body: "*" - }; - option (google.longrunning.operation_info) = { - response_type: "google.cloud.asset.v1p7beta1.ExportAssetsResponse" - metadata_type: "google.cloud.asset.v1p7beta1.ExportAssetsRequest" - }; - } -} - -// Export asset request. -message ExportAssetsRequest { - // Required. The relative name of the root asset. This can only be an - // organization number (such as "organizations/123"), a project ID (such as - // "projects/my-project-id"), or a project number (such as "projects/12345"), - // or a folder number (such as "folders/123"). - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - child_type: "cloudasset.googleapis.com/Asset" - } - ]; - - // Timestamp to take an asset snapshot. This can only be set to a timestamp - // between the current time and the current time minus 35 days (inclusive). - // If not specified, the current time will be used. Due to delays in resource - // data collection and indexing, there is a volatile window during which - // running the same query may get different results. - google.protobuf.Timestamp read_time = 2; - - // A list of asset types to take a snapshot for. For example: - // "compute.googleapis.com/Disk". - // - // Regular expressions are also supported. For example: - // - // * "compute.googleapis.com.*" snapshots resources whose asset type starts - // with "compute.googleapis.com". - // * ".*Instance" snapshots resources whose asset type ends with "Instance". - // * ".*Instance.*" snapshots resources whose asset type contains "Instance". - // - // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported - // regular expression syntax. If the regular expression does not match any - // supported asset type, an INVALID_ARGUMENT error will be returned. - // - // If specified, only matching assets will be returned, otherwise, it will - // snapshot all asset types. See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) - // for all supported asset types. - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name will be - // returned. - ContentType content_type = 4; - - // Required. Output configuration indicating where the results will be output - // to. - OutputConfig output_config = 5 [(google.api.field_behavior) = REQUIRED]; - - // A list of relationship types to export, for example: - // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if - // content_type=RELATIONSHIP. If specified, it will snapshot [asset_types]' - // specified relationships, or give errors if any relationship_types' - // supported types are not in [asset_types]. If not specified, it will - // snapshot all [asset_types]' supported relationships. An unspecified - // [asset_types] field means all supported asset_types. See [Introduction to - // Cloud Asset - // Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all - // supported asset types and relationship types. - repeated string relationship_types = 6; -} - -// The export asset response. This message is returned by the -// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] -// method in the returned -// [google.longrunning.Operation.response][google.longrunning.Operation.response] -// field. -message ExportAssetsResponse { - // Time the snapshot was taken. - google.protobuf.Timestamp read_time = 1; - - // Output configuration indicating where the results were output to. - OutputConfig output_config = 2; - - // Output result indicating where the assets were exported to. For example, a - // set of actual Google Cloud Storage object uris where the assets are - // exported to. The uris can be different from what [output_config] has - // specified, as the service will split the output object into multiple ones - // once it exceeds a single Google Cloud Storage object limit. - OutputResult output_result = 3; -} - -// Output configuration for export assets destination. -message OutputConfig { - // Asset export destination. - oneof destination { - // Destination on Cloud Storage. - GcsDestination gcs_destination = 1; - - // Destination on BigQuery. The output table stores the fields in asset - // proto as columns in BigQuery. - BigQueryDestination bigquery_destination = 2; - } -} - -// Output result of export assets. -message OutputResult { - // Asset export result. - oneof result { - // Export result on Cloud Storage. - GcsOutputResult gcs_result = 1; - } -} - -// A Cloud Storage output result. -message GcsOutputResult { - // List of uris of the Cloud Storage objects. Example: - // "gs://bucket_name/object_name". - repeated string uris = 1; -} - -// A Cloud Storage location. -message GcsDestination { - // Required. - oneof object_uri { - // The uri of the Cloud Storage object. It's the same uri that is used by - // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and - // Editing Object - // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) - // for more information. - string uri = 1; - - // The uri prefix of all generated Cloud Storage objects. Example: - // "gs://bucket_name/object_name_prefix". Each object uri is in format: - // "gs://bucket_name/object_name_prefix/{ASSET_TYPE}/{SHARD_NUMBER} and only - // contains assets for that type. <shard number> starts from 0. Example: - // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is - // the first shard of output objects containing all - // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be - // returned if file with the same name "gs://bucket_name/object_name_prefix" - // already exists. - string uri_prefix = 2; - } -} - -// A BigQuery destination for exporting assets to. -message BigQueryDestination { - // Required. The BigQuery dataset in format - // "projects/projectId/datasets/datasetId", to which the snapshot result - // should be exported. If this dataset does not exist, the export call returns - // an INVALID_ARGUMENT error. - string dataset = 1 [(google.api.field_behavior) = REQUIRED]; - - // Required. The BigQuery table to which the snapshot result should be - // written. If this table does not exist, a new table with the given name - // will be created. - string table = 2 [(google.api.field_behavior) = REQUIRED]; - - // If the destination table already exists and this flag is `TRUE`, the - // table will be overwritten by the contents of assets snapshot. If the flag - // is `FALSE` or unset and the destination table already exists, the export - // call returns an INVALID_ARGUMEMT error. - bool force = 3; - - // [partition_spec] determines whether to export to partitioned table(s) and - // how to partition the data. - // - // If [partition_spec] is unset or [partition_spec.partition_key] is unset or - // `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to - // non-partitioned table(s). [force] will decide whether to overwrite existing - // table(s). - // - // If [partition_spec] is specified. First, the snapshot results will be - // written to partitioned table(s) with two additional timestamp columns, - // readTime and requestTime, one of which will be the partition key. Secondly, - // in the case when any destination table already exists, it will first try to - // update existing table's schema as necessary by appending additional - // columns. Then, if [force] is `TRUE`, the corresponding partition will be - // overwritten by the snapshot results (data in different partitions will - // remain intact); if [force] is unset or `FALSE`, it will append the data. An - // error will be returned if the schema update or data appension fails. - PartitionSpec partition_spec = 4; - - // If this flag is `TRUE`, the snapshot results will be written to one or - // multiple tables, each of which contains results of one asset type. The - // [force] and [partition_spec] fields will apply to each of them. - // - // Field [table] will be concatenated with "_" and the asset type names (see - // https://cloud.google.com/asset-inventory/docs/supported-asset-types for - // supported asset types) to construct per-asset-type table names, in which - // all non-alphanumeric characters like "." and "/" will be substituted by - // "_". Example: if field [table] is "mytable" and snapshot results - // contain "storage.googleapis.com/Bucket" assets, the corresponding table - // name will be "mytable_storage_googleapis_com_Bucket". If any of these - // tables does not exist, a new table with the concatenated name will be - // created. - // - // When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of - // each table will include RECORD-type columns mapped to the nested fields in - // the Asset.resource.data field of that asset type (up to the 15 nested level - // BigQuery supports - // (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The - // fields in >15 nested levels will be stored in JSON format string as a child - // column of its parent RECORD column. - // - // If error occurs when exporting to any table, the whole export call will - // return an error but the export results that already succeed will persist. - // Example: if exporting to table_type_A succeeds when exporting to - // table_type_B fails during one export call, the results in table_type_A will - // persist and there will not be partial results persisting in a table. - bool separate_tables_per_asset_type = 5; -} - -// Specifications of BigQuery partitioned table as export destination. -message PartitionSpec { - // This enum is used to determine the partition key column when exporting - // assets to BigQuery partitioned table(s). Note that, if the partition key is - // a timestamp column, the actual partition is based on its date value - // (expressed in UTC. see details in - // https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables). - enum PartitionKey { - // Unspecified partition key. If used, it means using non-partitioned table. - PARTITION_KEY_UNSPECIFIED = 0; - - // The time when the snapshot is taken. If specified as partition key, the - // result table(s) is partitoned by the additional timestamp column, - // readTime. If [read_time] in ExportAssetsRequest is specified, the - // readTime column's value will be the same as it. Otherwise, its value will - // be the current time that is used to take the snapshot. - READ_TIME = 1; - - // The time when the request is received and started to be processed. If - // specified as partition key, the result table(s) is partitoned by the - // requestTime column, an additional timestamp column representing when the - // request was received. - REQUEST_TIME = 2; - } - - // The partition key for BigQuery partitioned table. - PartitionKey partition_key = 1; -} - -// Asset content type. -enum ContentType { - // Unspecified content type. - CONTENT_TYPE_UNSPECIFIED = 0; - - // Resource metadata. - RESOURCE = 1; - - // The actual IAM policy set on a resource. - IAM_POLICY = 2; - - // The Cloud Organization Policy set on an asset. - ORG_POLICY = 4; - - // The Cloud Access context manager Policy set on an asset. - ACCESS_POLICY = 5; - - // The related resources. - RELATIONSHIP = 7; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/assets.proto b/third_party/googleapis/google/cloud/asset/v1p7beta1/assets.proto deleted file mode 100644 index 26ac6b2..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p7beta1/assets.proto +++ /dev/null @@ -1,233 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.asset.v1p7beta1; - -import "google/api/resource.proto"; -import "google/cloud/orgpolicy/v1/orgpolicy.proto"; -import "google/cloud/osconfig/v1/inventory.proto"; -import "google/iam/v1/policy.proto"; -import "google/identity/accesscontextmanager/v1/access_level.proto"; -import "google/identity/accesscontextmanager/v1/access_policy.proto"; -import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; -import "google/protobuf/struct.proto"; -import "google/protobuf/timestamp.proto"; - -option cc_enable_arenas = true; -option csharp_namespace = "Google.Cloud.Asset.V1P7Beta1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1;asset"; -option java_multiple_files = true; -option java_outer_classname = "AssetProto"; -option java_package = "com.google.cloud.asset.v1p7beta1"; -option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1"; - -// The Cloud Asset API. - -// An asset in Google Cloud. An asset can be any resource in the Google Cloud -// [resource -// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), -// a resource outside the Google Cloud resource hierarchy (such as Google -// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). -// See [Supported asset -// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) -// for more information. -message Asset { - option (google.api.resource) = { - type: "cloudasset.googleapis.com/Asset" - pattern: "*" - }; - - // The last update timestamp of an asset. update_time is updated when - // create/update/delete operation is performed. - google.protobuf.Timestamp update_time = 11; - - // The full name of the asset. Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` - // - // See [Resource - // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string name = 1; - - // The type of the asset. Example: `compute.googleapis.com/Disk` - // - // See [Supported asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) - // for more information. - string asset_type = 2; - - // A representation of the resource. - Resource resource = 3; - - // A representation of the Cloud IAM policy set on a Google Cloud resource. - // There can be a maximum of one Cloud IAM policy set on any given resource. - // In addition, Cloud IAM policies inherit their granted access scope from any - // policies set on parent resources in the resource hierarchy. Therefore, the - // effectively policy is the union of both the policy set on this resource - // and each policy set on all of the resource's ancestry resource levels in - // the hierarchy. See - // [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for - // more information. - google.iam.v1.Policy iam_policy = 4; - - // A representation of an [organization - // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). - // There can be more than one organization policy with different constraints - // set on a given resource. - repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; - - // A representation of an [access - // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). - oneof access_context_policy { - // Please also refer to the [access policy user - // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). - google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; - - // Please also refer to the [access level user - // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). - google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; - - // Please also refer to the [service perimeter user - // guide](https://cloud.google.com/vpc-service-controls/docs/overview). - google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = - 9; - } - - // The related assets of the asset of one relationship type. - // One asset only represents one type of relationship. - RelatedAssets related_assets = 13; - - // The ancestry path of an asset in Google Cloud [resource - // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), - // represented as a list of relative resource names. An ancestry path starts - // with the closest ancestor in the hierarchy and ends at root. If the asset - // is a project, folder, or organization, the ancestry path starts from the - // asset itself. - // - // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` - repeated string ancestors = 10; -} - -// A representation of a Google Cloud resource. -message Resource { - // The API version. Example: `v1` - string version = 1; - - // The URL of the discovery document containing the resource's JSON schema. - // Example: - // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` - // - // This value is unspecified for resources that do not have an API based on a - // discovery document, such as Cloud Bigtable. - string discovery_document_uri = 2; - - // The JSON schema name listed in the discovery document. Example: - // `Project` - // - // This value is unspecified for resources that do not have an API based on a - // discovery document, such as Cloud Bigtable. - string discovery_name = 3; - - // The REST URL for accessing the resource. An HTTP `GET` request using this - // URL returns the resource itself. Example: - // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` - // - // This value is unspecified for resources without a REST API. - string resource_url = 4; - - // The full name of the immediate parent of this resource. See - // [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - // - // For Google Cloud assets, this value is the parent resource defined in the - // [Cloud IAM policy - // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). - // Example: - // `//cloudresourcemanager.googleapis.com/projects/my_project_123` - // - // For third-party assets, this field may be set differently. - string parent = 5; - - // The content of the resource, in which some sensitive fields are removed - // and may not be present. - google.protobuf.Struct data = 6; - - // The location of the resource in Google Cloud, such as its zone and region. - // For more information, see https://cloud.google.com/about/locations/. - string location = 8; -} - -// The detailed related assets with the `relationship_type`. -message RelatedAssets { - // The detailed relation attributes. - RelationshipAttributes relationship_attributes = 1; - - // The peer resources of the relationship. - repeated RelatedAsset assets = 2; -} - -// The relationship attributes which include `type`, `source_resource_type`, -// `target_resource_type` and `action`. -message RelationshipAttributes { - // The unique identifier of the relationship type. Example: - // `INSTANCE_TO_INSTANCEGROUP` - string type = 4; - - // The source asset type. Example: `compute.googleapis.com/Instance` - string source_resource_type = 1; - - // The target asset type. Example: `compute.googleapis.com/Disk` - string target_resource_type = 2; - - // The detail of the relationship, e.g. `contains`, `attaches` - string action = 3; -} - -// An asset identify in Google Cloud which contains its name, type and -// ancestors. An asset can be any resource in the Google Cloud [resource -// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), -// a resource outside the Google Cloud resource hierarchy (such as Google -// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). -// See [Supported asset -// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) -// for more information. -message RelatedAsset { - // The full name of the asset. Example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` - // - // See [Resource - // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // for more information. - string asset = 1 [(google.api.resource_reference) = { - type: "cloudasset.googleapis.com/Asset" - }]; - - // The type of the asset. Example: `compute.googleapis.com/Disk` - // - // See [Supported asset - // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) - // for more information. - string asset_type = 2; - - // The ancestors of an asset in Google Cloud [resource - // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), - // represented as a list of relative resource names. An ancestry path starts - // with the closest ancestor in the hierarchy and ends at root. - // - // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` - repeated string ancestors = 3; -} diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_gapic.yaml b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_gapic.yaml deleted file mode 100644 index 0bcb880..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_gapic.yaml +++ /dev/null @@ -1,2 +0,0 @@ -type: com.google.api.codegen.ConfigProto -config_schema_version: 2.0.0 diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_grpc_service_config.json b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_grpc_service_config.json deleted file mode 100644 index cece780..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_grpc_service_config.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "methodConfig": [ - { - "name": [ - { - "service": "google.cloud.asset.v1p7beta1.AssetService", - "method": "ExportAssets" - } - ], - "timeout": "60s", - "retryPolicy": { - "initialBackoff": "0.100s", - "maxBackoff": "60s", - "backoffMultiplier": 1.3, - "retryableStatusCodes": [ - "DEADLINE_EXCEEDED", - "UNAVAILABLE" - ] - } - } - ] -} diff --git a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml b/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml deleted file mode 100644 index 73e89e3..0000000 --- a/third_party/googleapis/google/cloud/asset/v1p7beta1/cloudasset_v1p7beta1.yaml +++ /dev/null @@ -1,41 +0,0 @@ -type: google.api.Service -config_version: 3 -name: cloudasset.googleapis.com -title: Cloud Asset API - -apis: -- name: google.cloud.asset.v1p7beta1.AssetService - -types: -- name: google.cloud.asset.v1p7beta1.Asset - -documentation: - summary: The cloud asset API manages the history and inventory of cloud resources. - overview: |- - # Cloud Asset API - - The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset - metadata, and allows GCP users to download a dump of all asset metadata - for the resource types listed below within an organization or a project at - a given timestamp. - - Read more documents here: - https://cloud.google.com/asset-inventory/docs - -backend: - rules: - - selector: google.cloud.asset.v1p7beta1.AssetService.ExportAssets - deadline: 600.0 - - selector: google.longrunning.Operations.GetOperation - deadline: 60.0 - -authentication: - rules: - - selector: google.cloud.asset.v1p7beta1.AssetService.ExportAssets - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform - - selector: google.longrunning.Operations.GetOperation - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform |