Monitor asset changes with Pub/Sub

gcloud

gcloud asset feeds create FEED_ID \
    --SCOPE \
    --billing-project=BILLING_PROJECT_ID \
    --pubsub-topic=projects/TOPIC_PROJECT_ID/topics/TOPIC_ID \
    --asset-names=ASSET_NAME_1,ASSET_NAME_2,... \
    --asset-types=ASSET_TYPE_1,ASSET_TYPE_2,... \
    --content-type=CONTENT_TYPE \
    --relationship-types=RELATIONSHIP_TYPE_1,RELATIONSHIP_TYPE_2,... \
    --condition-title="CONDITION_TITLE" \
    --condition-description="CONDITION_DESCRIPTION" \
    --condition-expression="CONDITION_EXPRESSION"

Provide the following values:

• SCOPE: Use one of the following values:

  • project=PROJECT_ID, where PROJECT_ID is the ID of the project to create the feed in.

  • folder=FOLDER_ID, where FOLDER_ID is the ID of the folder to create the feed in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organization=ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization to create the feed in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• FEED_ID: A unique asset feed identifier.

• BILLING_PROJECT_ID: Optional. The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

• TOPIC_PROJECT_ID: The ID of the project where the Pub/Sub topic is located.
• TOPIC_ID: The ID of the Pub/Sub topic to publish notifications to.
• At least one of the following asset definitions:
  • ASSET_NAME_#: Optional. A comma-separated list of asset full names.
  • ASSET_TYPE_#: Optional. A comma-separated list of searchable asset types. RE2-compatible regular expressions are supported. If the regular expression doesn't match any supported asset type, an INVALID_ARGUMENT error is returned. When --asset-types isn't specified, all asset types are returned.
• CONTENT_TYPE: Optional. The content type of the metadata you want to retrieve. When --content-type isn't specified, only basic information is returned, such as asset names, the last time the assets were updated, and what projects, folders, and organizations they belong to.
• RELATIONSHIP_TYPE_#: Optional. Only available for Security Command Center Premium and Enterprise tier subscribers. A comma-separated list of asset relationship types you want to retrieve. You must set CONTENT_TYPE to RELATIONSHIP for this to work.
• If adding an optional feed condition, include the following details in your command:
  • CONDITION_TITLE: A title to assign to the feed condition.
  • CONDITION_DESCRIPTION: A description to assign to the feed condition.
  • CONDITION_EXPRESSION: The condition expression to apply to the feed.

See the gcloud CLI reference for all options.

Example

Run the following command to create a feed in the my-topic Pub/Sub topic that notifies when changes are made to the following resources in the my-project project.

• The my-bucket Cloud Storage bucket
• Any BigQuery table

gcloud asset feeds create my-feed \
    --project=my-project \
    --pubsub-topic=projects/my-project/topics/my-topic \
    --asset-names=//storage.googleapis.com/my-bucket \
    --asset-types=bigquery.googleapis.com/Table \
    --content-type=resource

Example response

assetNames:
- //storage.googleapis.com/my-bucket
assetTypes:
- bigquery.googleapis.com/Table
condition: {}
contentType: RESOURCE
feedOutputConfig:
  pubsubDestination:
    topic: projects/my-project/topics/my-topic
name: projects/000000000000/feeds/my-feed

REST

HTTP method and URL:

POST https://cloudasset.googleapis.com/v1/SCOPE_PATH/feeds

Headers:

X-Goog-User-Project: BILLING_PROJECT_ID

Request JSON body:

{
  "feedId": "FEED_ID",
  "feed": {
    "assetNames": [
      "ASSET_NAME_1",
      "ASSET_NAME_2",
      "..."
    ],
    "assetTypes": [
      "ASSET_TYPE_1",
      "ASSET_TYPE_2",
      "..."
    ],
    "contentType": "CONTENT_TYPE",
    "relationshipTypes": [
      "RELATIONSHIP_TYPE_1",
      "RELATIONSHIP_TYPE_2",
      "..."
    ],
    "feedOutputConfig": {
      "pubsubDestination": {
        "topic": "projects/TOPIC_PROJECT_ID/topics/TOPIC_ID"
      }
    },
    "condition": {
      "title": "CONDITION_TITLE",
      "description": "CONDITION_DESCRIPTION",
      "expression": "CONDITION_EXPRESSION"
    }
  }
}

Provide the following values:

• SCOPE_PATH: Use one of the following values:

  The allowed values are:

  • projects/PROJECT_ID, where PROJECT_ID is the ID of the project to create the feed in.

  • projects/PROJECT_NUMBER, where PROJECT_NUMBER is the number of the project to create the feed in.

    How to find a Google Cloud project number

    Google Cloud console

    To find a Google Cloud project number, complete the following steps:

    1. Go to the Welcome page in the Google Cloud console.

       Go to Welcome

    2. Click the switcher list box in the menu bar.

    3. Select your organization from the list box, and then search for your project name. The project name, project number, and project ID are shown near the Welcome heading.

       Up to 4,000 resources are displayed. If you don't see the project you're looking for, go to the Manage resources page and filter the list using the name of that project.

    gcloud CLI

    You can retrieve a Google Cloud project number with the following command:

    gcloud projects describe PROJECT_ID --format="value(projectNumber)"

  • folders/FOLDER_ID, where FOLDER_ID is the ID of the folder to create the feed in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organizations/ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization to create the feed in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

• FEED_ID: A unique asset feed identifier.
• At least one of the following asset definitions:
  • ASSET_NAME_#: Optional. An array of asset full names.
  • ASSET_TYPE_#: Optional. An array of searchable asset types. RE2-compatible regular expressions are supported. If the regular expression doesn't match any supported asset type, an INVALID_ARGUMENT error is returned. When assetTypes isn't specified, all asset types are returned.
• CONTENT_TYPE: Optional. The content type of the metadata you want to retrieve. When contentType isn't specified, only basic information is returned, such as asset names, the last time the assets were updated, and what projects, folders, and organizations they belong to.
• RELATIONSHIP_TYPE_#: Optional. Only available for Security Command Center Premium and Enterprise tier subscribers. A comma-separated list of asset relationship types you want to retrieve. You must set CONTENT_TYPE to RELATIONSHIP for this to work.
• TOPIC_PROJECT_ID: The ID of the project where the Pub/Sub topic is located.
• TOPIC_ID: The ID of the Pub/Sub topic to publish notifications to.
• If adding an optional feed condition, include the following details in your command:
  • CONDITION_TITLE: A title to assign to the feed condition.
  • CONDITION_DESCRIPTION: A description to assign to the feed condition.
  • CONDITION_EXPRESSION: The condition expression to apply to the feed.

See the REST reference for all options.

Command examples

Run one of the following commands to create a feed in the my-topic Pub/Sub topic that notifies when changes are made to the following resources in the my-project project.

• The my-bucket Cloud Storage bucket
• Any BigQuery table

curl -X POST \
     -H "X-Goog-User-Project: BILLING_PROJECT_ID" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "feedId": "my-feed",
            "feed": {
              "assetNames": [
                "//storage.googleapis.com/my-bucket"
              ],
              "assetTypes": [
                "bigquery.googleapis.com/Table"
              ],
              "contentType": "RESOURCE",
              "feedOutputConfig": {
                "pubsubDestination": {
                  "topic": "projects/my-project/topics/my-topic"
                }
              }
            }
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project/feeds

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-Goog-User-Project" = "BILLING_PROJECT_ID";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "feedId": "my-feed",
  "feed": {
    "assetNames": [
      "//storage.googleapis.com/my-bucket"
    ],
    "assetTypes": [
      "bigquery.googleapis.com/Table"
    ],
    "contentType": "RESOURCE",
    "feedOutputConfig": {
      "pubsubDestination": {
        "topic": "projects/my-project/topics/my-topic"
      }
    }
  }
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project/feeds" | Select-Object -Expand Content

Example response

{
  "name": "projects/000000000000/feeds/my-feed",
  "assetNames": [
    "//storage.googleapis.com/my-bucket"
  ],
  "assetTypes": [
    "bigquery.googleapis.com/Table"
  ],
  "contentType": "RESOURCE",
  "feedOutputConfig": {
    "pubsubDestination": {
      "topic": "projects/my-project/topics/my-topic"
    }
  }
}

Go

// Sample create-feed create feed.
package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"

	asset "cloud.google.com/go/asset/apiv1"
	"cloud.google.com/go/asset/apiv1/assetpb"
)

// Command-line flags.
var (
	feedID = flag.String("feed_id", "YOUR_FEED_ID", "Identifier of Feed.")
)

func main() {
	flag.Parse()
	ctx := context.Background()
	client, err := asset.NewClient(ctx)
	if err != nil {
		log.Fatalf("asset.NewClient: %v", err)
	}
	defer client.Close()

	projectID := os.Getenv("GOOGLE_CLOUD_PROJECT")
	feedParent := fmt.Sprintf("projects/%s", projectID)
	assetNames := []string{"YOUR_ASSET_NAME"}
	topic := fmt.Sprintf("projects/%s/topics/%s", projectID, "YOUR_TOPIC_NAME")

	req := &assetpb.CreateFeedRequest{
		Parent: feedParent,
		FeedId: *feedID,
		Feed: &assetpb.Feed{
			AssetNames: assetNames,
			FeedOutputConfig: &assetpb.FeedOutputConfig{
				Destination: &assetpb.FeedOutputConfig_PubsubDestination{
					PubsubDestination: &assetpb.PubsubDestination{
						Topic: topic,
					},
				},
			},
		}}
	response, err := client.CreateFeed(ctx, req)
	if err != nil {
		log.Fatalf("client.CreateFeed: %v", err)
	}
	fmt.Print(response)
}

Java

import com.google.cloud.asset.v1.AssetServiceClient;
import com.google.cloud.asset.v1.ContentType;
import com.google.cloud.asset.v1.CreateFeedRequest;
import com.google.cloud.asset.v1.Feed;
import com.google.cloud.asset.v1.FeedOutputConfig;
import com.google.cloud.asset.v1.ProjectName;
import com.google.cloud.asset.v1.PubsubDestination;
import java.io.IOException;
import java.util.Arrays;

public class CreateFeedExample {
  // Create a feed
  public static void createFeed(
      String[] assetNames, String feedId, String topic, String projectId, ContentType contentType)
      throws IOException, IllegalArgumentException {
    // String[] assetNames = {"MY_ASSET_NAME"}
    // ContentType contentType = contentType
    // String FeedId = "MY_FEED_ID"
    // String topic = "projects/[PROJECT_ID]/topics/[TOPIC_NAME]"
    // String projectID = "MY_PROJECT_ID"
    Feed feed =
        Feed.newBuilder()
            .addAllAssetNames(Arrays.asList(assetNames))
            .setContentType(contentType)
            .setFeedOutputConfig(
                FeedOutputConfig.newBuilder()
                    .setPubsubDestination(PubsubDestination.newBuilder().setTopic(topic).build())
                    .build())
            .build();
    CreateFeedRequest request =
        CreateFeedRequest.newBuilder()
            .setParent(String.format(ProjectName.of(projectId).toString()))
            .setFeedId(feedId)
            .setFeed(feed)
            .build();
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (AssetServiceClient client = AssetServiceClient.create()) {
      Feed response = client.createFeed(request);
      System.out.println("Feed created successfully: " + response.getName());
    } catch (IOException | IllegalArgumentException e) {
      System.out.println("Error during CreateFeed: \n" + e.toString());
    }
  }
}

Node.js

/**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const feedId = 'my feed';
// const assetNames = '//storage.googleapis.com/<BUCKET_NAME1>,//storage.googleapis.com/<BUCKET_NAME2>';
// const topicName = 'projects/<PROJECT_ID>/topics/<TOPIC_ID>'
// const contentType = 'RESOURCE';

const util = require('util');
const {AssetServiceClient} = require('@google-cloud/asset');

const client = new AssetServiceClient();

async function createFeed() {
  const projectId = await client.getProjectId();
  // TODO(developer): Choose asset names, such as //storage.googleapis.com/[YOUR_BUCKET_NAME].
  // const assetNames = ['ASSET_NAME1', 'ASSET_NAME2', ...];

  const request = {
    parent: `projects/${projectId}`,
    feedId: feedId,
    feed: {
      assetNames: assetNames.split(','),
      contentType: contentType,
      feedOutputConfig: {
        pubsubDestination: {
          topic: topicName,
        },
      },
    },
  };

  // Handle the operation using the promise pattern.
  const result = await client.createFeed(request);
  // Do things with with the response.
  console.log(util.inspect(result, {depth: null}));

Python

from google.cloud import asset_v1

# TODO project_id = 'Your Google Cloud Project ID'
# TODO feed_id = 'Feed ID you want to create'
# TODO asset_names = 'List of asset names the feed listen to'
# TODO topic = "Topic name of the feed"
# TODO content_type ="Content type of the feed"

client = asset_v1.AssetServiceClient()
parent = f"projects/{project_id}"
feed = asset_v1.Feed()
feed.asset_names.extend(asset_names)
feed.feed_output_config.pubsub_destination.topic = topic
feed.content_type = content_type
response = client.create_feed(
    request={"parent": parent, "feed_id": feed_id, "feed": feed}
)
print(f"feed: {response}")

Ruby

require "google/cloud/asset"

# project_id = 'YOUR_PROJECT_ID'
# feed_id = 'NAME_OF_FEED'
# pubsub_topic = 'YOUR_PUBSUB_TOPIC'
# asset names, e.g.: //storage.googleapis.com/[YOUR_BUCKET_NAME]
# asset_names = [ASSET_NAMES, COMMMA_DELIMTTED]
asset_service = Google::Cloud::Asset.asset_service

formatted_parent = asset_service.project_path project: project_id

feed = {
  asset_names:        asset_names,
  feed_output_config: {
    pubsub_destination: {
      topic: pubsub_topic
    }
  }
}
response = asset_service.create_feed(
  parent:  formatted_parent,
  feed_id: feed_id,
  feed:    feed
)
puts "Created feed: #{response.name}"

gcloud

gcloud asset feeds describe FEED_ID \
    --SCOPE \
    --billing-project=BILLING_PROJECT_ID

Provide the following values:

• SCOPE: Use one of the following values:

  • project=PROJECT_ID, where PROJECT_ID is the ID of the project that the feed is in.

  • folder=FOLDER_ID, where FOLDER_ID is the ID of the folder that the feed is in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organization=ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization that the feed is in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

• FEED_ID: A unique asset feed identifier.

See the gcloud CLI reference for all options.

Example response

assetNames:
- //storage.googleapis.com/my-bucket
assetTypes:
- bigquery.googleapis.com/Table
condition: {}
contentType: RESOURCE
feedOutputConfig:
  pubsubDestination:
    topic: projects/my-project/topics/my-topic
name: projects/000000000000/feeds/my-feed

REST

HTTP method and URL:

GET https://cloudasset.googleapis.com/v1/SCOPE_PATH/feeds/FEED_ID

Headers:

X-Goog-User-Project: BILLING_PROJECT_ID

Provide the following values:

• SCOPE_PATH: Use one of the following values:

  The allowed values are:

  • projects/PROJECT_ID, where PROJECT_ID is the ID of the project that the feed is in.

  • projects/PROJECT_NUMBER, where PROJECT_NUMBER is the number of the project that the feed is in.

    How to find a Google Cloud project number

    Google Cloud console

    To find a Google Cloud project number, complete the following steps:

    1. Go to the Welcome page in the Google Cloud console.

       Go to Welcome

    2. Click the switcher list box in the menu bar.

    3. Select your organization from the list box, and then search for your project name. The project name, project number, and project ID are shown near the Welcome heading.

       Up to 4,000 resources are displayed. If you don't see the project you're looking for, go to the Manage resources page and filter the list using the name of that project.

    gcloud CLI

    You can retrieve a Google Cloud project number with the following command:

    gcloud projects describe PROJECT_ID --format="value(projectNumber)"

  • folders/FOLDER_ID, where FOLDER_ID is the ID of the folder that the feed is in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organizations/ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization that the feed is in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your BigQuery datasets and tables. Read more about setting the billing project.

• FEED_ID: A unique asset feed identifier.

See the REST reference for all options.

Command examples

Run one of the following commands to get a specific feed.

curl -X GET \
     -H "X-Goog-User-Project: BILLING_PROJECT_ID" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     https://cloudasset.googleapis.com/v1/projects/my-project/feeds/my-feed

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-Goog-User-Project" = "BILLING_PROJECT_ID";
  "Authorization" = "Bearer $cred"
}


Invoke-WebRequest `
  -Method GET `
  -Headers $headers `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project/feeds/my-feed" | Select-Object -Expand Content

Example response

{
  "name": "projects/000000000000/feeds/my-feed",
  "assetNames": [
    "//storage.googleapis.com/my-bucket"
  ],
  "assetTypes": [
    "bigquery.googleapis.com/Table"
  ],
  "contentType": "RESOURCE",
  "feedOutputConfig": {
    "pubsubDestination": {
      "topic": "projects/my-project/topics/my-topic"
    }
  }
}

Go

// Sample get-feed get feed.
package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"
	"strconv"

	asset "cloud.google.com/go/asset/apiv1"
	"cloud.google.com/go/asset/apiv1/assetpb"
	cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1"
)

// Command-line flags.
var (
	feedID = flag.String("feed_id", "YOUR_FEED_ID", "Identifier of Feed.")
)

func main() {
	flag.Parse()
	ctx := context.Background()
	client, err := asset.NewClient(ctx)
	if err != nil {
		log.Fatalf("asset.NewClient: %v", err)
	}
	defer client.Close()

	projectID := os.Getenv("GOOGLE_CLOUD_PROJECT")
	cloudresourcemanagerClient, err := cloudresourcemanager.NewService(ctx)
	if err != nil {
		log.Fatalf("cloudresourcemanager.NewService: %v", err)
	}

	project, err := cloudresourcemanagerClient.Projects.Get(projectID).Do()
	if err != nil {
		log.Fatalf("cloudresourcemanagerClient.Projects.Get.Do: %v", err)
	}
	projectNumber := strconv.FormatInt(project.ProjectNumber, 10)
	feedName := fmt.Sprintf("projects/%s/feeds/%s", projectNumber, *feedID)
	req := &assetpb.GetFeedRequest{
		Name: feedName}
	response, err := client.GetFeed(ctx, req)
	if err != nil {
		log.Fatalf("client.GetFeed: %v", err)
	}
	fmt.Print(response)
}

Java

import com.google.cloud.asset.v1.AssetServiceClient;
import com.google.cloud.asset.v1.Feed;

public class GetFeedExample {

  // Get a feed with full feed name
  public static void getFeed(String feedName) throws Exception {
    // String feedName = "MY_FEED_NAME"

    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (AssetServiceClient client = AssetServiceClient.create()) {
      Feed feed = client.getFeed(feedName);
      System.out.println("Get a feed: " + feedName);
    } catch (Exception e) {
      System.out.println("Error during GetFeed: \n" + e.toString());
    }
  }
}

Node.js

const util = require('util');
const {AssetServiceClient} = require('@google-cloud/asset');

const client = new AssetServiceClient();

async function getFeed() {
  const request = {
    name: feedName,
  };

  // Handle the operation using the promise pattern.
  const result = await client.getFeed(request);
  // Do things with with the response.
  console.log(util.inspect(result, {depth: null}));
}
getFeed();

Python

from google.cloud import asset_v1

# TODO feed_name = 'Feed Name you want to get'

client = asset_v1.AssetServiceClient()
response = client.get_feed(request={"name": feed_name})
print(f"gotten_feed: {response}")

gcloud

gcloud asset feeds list \
    --SCOPE \
    --billing-project=BILLING_PROJECT_ID

Provide the following values:

• SCOPE: Use one of the following values:

  • project=PROJECT_ID, where PROJECT_ID is the ID of the project that the feeds are in.

  • folder=FOLDER_ID, where FOLDER_ID is the ID of the folder that the feeds are in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organization=ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization that the feeds are in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

See the gcloud CLI reference for all options.

Example response

- assetNames:
  - //storage.googleapis.com/my-bucket
  assetTypes:
  - bigquery.googleapis.com/Table
  condition: {}
  contentType: RESOURCE
  feedOutputConfig:
    pubsubDestination:
      topic: projects/my-project/topics/my-topic
  name: projects/000000000000/feeds/my-feed

REST

HTTP method and URL:

GET https://cloudasset.googleapis.com/v1/SCOPE_PATH/feeds

Headers:

X-Goog-User-Project: BILLING_PROJECT_ID

Provide the following values:

• SCOPE_PATH: Use one of the following values:

  The allowed values are:

  • projects/PROJECT_ID, where PROJECT_ID is the ID of the project that the feeds are in.

  • projects/PROJECT_NUMBER, where PROJECT_NUMBER is the number of the project that the feeds are in.

    How to find a Google Cloud project number

    Google Cloud console

    To find a Google Cloud project number, complete the following steps:

    1. Go to the Welcome page in the Google Cloud console.

       Go to Welcome

    2. Click the switcher list box in the menu bar.

    3. Select your organization from the list box, and then search for your project name. The project name, project number, and project ID are shown near the Welcome heading.

       Up to 4,000 resources are displayed. If you don't see the project you're looking for, go to the Manage resources page and filter the list using the name of that project.

    gcloud CLI

    You can retrieve a Google Cloud project number with the following command:

    gcloud projects describe PROJECT_ID --format="value(projectNumber)"

  • folders/FOLDER_ID, where FOLDER_ID is the ID of the folder that the feeds are in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organizations/ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization that the feeds are in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your BigQuery datasets and tables. Read more about setting the billing project.

See the REST reference for all options.

Command examples

Run one of the following commands to list all feeds in the my-project project.

curl -X GET \
     -H "X-Goog-User-Project: BILLING_PROJECT_ID" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     https://cloudasset.googleapis.com/v1/projects/my-project/feeds

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-Goog-User-Project" = "BILLING_PROJECT_ID";
  "Authorization" = "Bearer $cred"
}


Invoke-WebRequest `
  -Method GET `
  -Headers $headers `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project/feeds" | Select-Object -Expand Content

Example response

{
  "feeds": [
    {
      "name": "projects/000000000000/feeds/my-feed",
      "assetNames": [
        "//storage.googleapis.com/my-bucket"
      ],
      "assetTypes": [
        "bigquery.googleapis.com/Table"
      ],
      "contentType": "RESOURCE",
      "feedOutputConfig": {
        "pubsubDestination": {
          "topic": "projects/my-project/topics/my-topic"
        }
      }
    }
  ]
}

Go

// Sample list-feeds list feeds.
package main

import (
	"context"
	"fmt"
	"log"
	"os"
	"strconv"

	asset "cloud.google.com/go/asset/apiv1"
	"cloud.google.com/go/asset/apiv1/assetpb"
	cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1"
)

func main() {
	ctx := context.Background()
	client, err := asset.NewClient(ctx)
	if err != nil {
		log.Fatalf("asset.NewClient: %v", err)
	}
	defer client.Close()

	projectID := os.Getenv("GOOGLE_CLOUD_PROJECT")
	cloudresourcemanagerClient, err := cloudresourcemanager.NewService(ctx)
	if err != nil {
		log.Fatalf("cloudresourcemanager.NewService: %v", err)
	}

	project, err := cloudresourcemanagerClient.Projects.Get(projectID).Do()
	if err != nil {
		log.Fatalf("cloudresourcemanagerClient.Projects.Get.Do: %v", err)
	}
	projectNumber := strconv.FormatInt(project.ProjectNumber, 10)
	parent := fmt.Sprintf("projects/%s", projectNumber)
	req := &assetpb.ListFeedsRequest{
		Parent: parent}
	response, err := client.ListFeeds(ctx, req)
	if err != nil {
		log.Fatalf("client.ListFeeds: %v", err)
	}
	fmt.Print(response)
}

Java

import com.google.cloud.asset.v1.AssetServiceClient;
import com.google.cloud.asset.v1.ListFeedsResponse;
import com.google.cloud.asset.v1.ProjectName;

public class ListFeedsExample {
  // List feeds in a project.
  public static void listFeeds(String projectId) throws Exception {
    // String projectId = "MY_PROJECT_ID"
    // String topic = "projects/[PROJECT_ID]/topics/[TOPIC_NAME]"

    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (AssetServiceClient client = AssetServiceClient.create()) {
      ListFeedsResponse response = client.listFeeds(ProjectName.of(projectId).toString());
      System.out.println("Listed feeds under: " + projectId);
    } catch (Exception e) {
      System.out.println("Error during ListFeeds: \n" + e.toString());
    }
  }
}

Node.js

const util = require('util');
const {AssetServiceClient} = require('@google-cloud/asset');

const client = new AssetServiceClient();

async function listFeeds() {
  const projectId = await client.getProjectId();

  const request = {
    parent: `projects/${projectId}`,
  };

  // Handle the operation using the promise pattern.
  const result = await client.listFeeds(request);
  // Do things with with the response.
  console.log(util.inspect(result, {depth: null}));

Python

from google.cloud import asset_v1

# TODO parent_resource = 'Parent resource you want to list all feeds'

client = asset_v1.AssetServiceClient()
response = client.list_feeds(request={"parent": parent_resource})
print(f"feeds: {response.feeds}")

gcloud

gcloud asset feeds update FEED_ID \
    --SCOPE \
    --billing-project=BILLING_PROJECT_ID \
    --pubsub-topic=projects/TOPIC_PROJECT_ID/topics/TOPIC_ID \
    --clear-asset-names \
    --add-asset-names=ASSET_NAME_1,ASSET_NAME_2,... \
    --remove-asset-names=ASSET_NAME_3,ASSET_NAME_4,... \
    --clear-asset-types \
    --add-asset-types=ASSET_TYPE_1,ASSET_TYPE_2,... \
    --remove-asset-types=ASSET_TYPE_3,ASSET_TYPE_4,... \
    --clear-content-type \
    --content-type=CONTENT_TYPE \
    --clear-relationship-types \
    --remove-relationship-types=RELATIONSHIP_TYPE_1,RELATIONSHIP_TYPE_2,... \
    --add-relationship-types=RELATIONSHIP_TYPE_1,RELATIONSHIP_TYPE_2,... \
    --clear-condition-title \
    --condition-title="CONDITION_TITLE" \
    --clear-condition-description \
    --condition-description="CONDITION_DESCRIPTION" \
    --clear-condition-expression
    --condition-expression="CONDITION_EXPRESSION"

Provide the following values:

• SCOPE: Use one of the following values:

  • project=PROJECT_ID, where PROJECT_ID is the ID of the project to update the feed in.

  • folder=FOLDER_ID, where FOLDER_ID is the ID of the folder to update the feed in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organization=ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization to update the feed in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• FEED_ID: A unique asset feed identifier.

• BILLING_PROJECT_ID: Optional. The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

• TOPIC_PROJECT_ID: The ID of the project where the Pub/Sub topic is located.
• TOPIC_ID: The ID of the Pub/Sub topic to publish notifications to.
• At least one of the following asset definitions:
  • ASSET_NAME_#: Optional. A comma-separated list of asset full names.
  • ASSET_TYPE_#: Optional. A comma-separated list of searchable asset types. RE2-compatible regular expressions are supported. If the regular expression doesn't match any supported asset type, an INVALID_ARGUMENT error is returned. When --asset-types isn't specified, all asset types are returned.
• CONTENT_TYPE: Optional. The content type of the metadata you want to retrieve. When --content-type isn't specified, only basic information is returned, such as asset names, the last time the assets were updated, and what projects, folders, and organizations they belong to.
• RELATIONSHIP_TYPE_#: Optional. Only available for Security Command Center Premium and Enterprise tier subscribers. A comma-separated list of asset relationship types you want to retrieve. You must set CONTENT_TYPE to RELATIONSHIP for this to work.
• If adding an optional feed condition, include the following details in your command:
  • CONDITION_TITLE: A title to assign to the feed condition.
  • CONDITION_DESCRIPTION: A description to assign to the feed condition.
  • CONDITION_EXPRESSION: The condition expression to apply to the feed.

See the gcloud CLI reference for all options.

Example

Run the following command to update the my-topic Pub/Sub topic in the my-project project. This request removes all asset names from monitoring, and adds the asset type gkemulticloud.googleapis.com/AttachedCluster.

gcloud asset feeds update my-feed \
    --project=my-project \
    --pubsub-topic=projects/my-project/topics/my-topic \
    --clear-asset-names \
    --add-asset-types=gkemulticloud.googleapis.com/AttachedCluster

Example response

assetTypes:
- bigquery.googleapis.com/Table
- gkemulticloud.googleapis.com/AttachedCluster
condition: {}
contentType: RESOURCE
feedOutputConfig:
  pubsubDestination:
    topic: projects/my-project/topics/my-topic
name: projects/000000000000/feeds/my-feed

To update the attributes of a feed, you need to specify the attribute path in the update_mask and the value of that attribute.

REST

HTTP method and URL:

PATCH https://cloudasset.googleapis.com/v1/SCOPE_PATH/feeds/FEED_ID

Headers:

X-Goog-User-Project: BILLING_PROJECT_ID

Request JSON body:

{
  "feed": {
    "assetNames": [
      "ASSET_NAME_1",
      "ASSET_NAME_2",
      "..."
    ],
    "assetTypes": [
      "ASSET_TYPE_1",
      "ASSET_TYPE_2",
      "..."
    ],
    "contentType": "CONTENT_TYPE",
    "relationshipTypes": [
      "RELATIONSHIP_TYPE_1",
      "RELATIONSHIP_TYPE_2",
      "..."
    ],
    "feedOutputConfig": {
      "pubsubDestination": {
        "topic": "projects/TOPIC_PROJECT_ID/topics/TOPIC_ID"
      }
    }
  },
  "condition": {
    "title": "CONDITION_TITLE",
    "description": "CONDITION_DESCRIPTION",
    "expression": "CONDITION_EXPRESSION"
  },
  "update_mask": {
    "paths": [
      "feed_output_config.pubsub_destination.topic",
      ATTRIBUTE_PATH_1,
      ATTRIBUTE_PATH_2,
      ...
    ]
  }
}

Provide the following values:

• SCOPE_PATH: Use one of the following values:

  The allowed values are:

  • projects/PROJECT_ID, where PROJECT_ID is the ID of the project to update the feed in.

  • projects/PROJECT_NUMBER, where PROJECT_NUMBER is the number of the project to update the feed in.

    How to find a Google Cloud project number

    Google Cloud console

    To find a Google Cloud project number, complete the following steps:

    1. Go to the Welcome page in the Google Cloud console.

       Go to Welcome

    2. Click the switcher list box in the menu bar.

    3. Select your organization from the list box, and then search for your project name. The project name, project number, and project ID are shown near the Welcome heading.

       Up to 4,000 resources are displayed. If you don't see the project you're looking for, go to the Manage resources page and filter the list using the name of that project.

    gcloud CLI

    You can retrieve a Google Cloud project number with the following command:

    gcloud projects describe PROJECT_ID --format="value(projectNumber)"

  • folders/FOLDER_ID, where FOLDER_ID is the ID of the folder to update the feed in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organizations/ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization to update the feed in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

• FEED_ID: A unique asset feed identifier.
• At least one of the following asset definitions:
  • ASSET_NAME_#: Optional. An array of asset full names.
  • ASSET_TYPE_#: Optional. An array of searchable asset types. RE2-compatible regular expressions are supported. If the regular expression doesn't match any supported asset type, an INVALID_ARGUMENT error is returned. When assetTypes isn't specified, all asset types are returned.
• CONTENT_TYPE: Optional. The content type of the metadata you want to retrieve. When contentType isn't specified, only basic information is returned, such as asset names, the last time the assets were updated, and what projects, folders, and organizations they belong to.
• RELATIONSHIP_TYPE_#: Optional. Only available for Security Command Center Premium and Enterprise tier subscribers. A comma-separated list of asset relationship types you want to retrieve. You must set CONTENT_TYPE to RELATIONSHIP for this to work.
• TOPIC_PROJECT_ID: The ID of the project where the Pub/Sub topic is located.
• TOPIC_ID: The ID of the Pub/Sub topic to publish notifications to.
• If adding an optional feed condition, include the following details in your command:
  • CONDITION_TITLE: A title to assign to the feed condition.
  • CONDITION_DESCRIPTION: A description to assign to the feed condition.
  • CONDITION_EXPRESSION: The condition expression to apply to the feed.

See the REST reference for all options.

Command examples

Run one of the following commands to update the my-topic Pub/Sub topic in the my-project project. This request removes all asset names from monitoring, and adds the asset type gkemulticloud.googleapis.com/AttachedCluster.

curl -X PATCH \
     -H "X-Goog-User-Project: BILLING_PROJECT_ID" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "feed": {
              "assetNames": [],
              "assetTypes": [
                "gkemulticloud.googleapis.com/AttachedCluster"
              ],
              "feedOutputConfig": {
                "pubsubDestination": {
                  "topic": "projects/my-project/topics/my-topic"
                }
              }
            },
            "update_mask": {
              "paths": ["feed_output_config.pubsub_destination.topic", "asset_names", "asset_types"]
            }
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project/feeds/my-feed

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-Goog-User-Project" = "BILLING_PROJECT_ID";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "feed": {
    "assetNames": [],
    "assetTypes": [
      "gkemulticloud.googleapis.com/AttachedCluster"
    ],
    "feedOutputConfig": {
      "pubsubDestination": {
        "topic": "projects/my-project/topics/my-topic"
      }
    }
  },
  "update_mask": {
    "paths": ["feed_output_config.pubsub_destination.topic", "asset_names", "asset_types"]
  }
}
"@

Invoke-WebRequest `
  -Method PATCH `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project/feeds/my-feed" | Select-Object -Expand Content

Example response

{
  "feeds": [
    {
      "name": "projects/000000000000/feeds/my-feed",
      "assetTypes": [
        "bigquery.googleapis.com/Table",
        "gkemulticloud.googleapis.com/AttachedCluster"
      ],
      "contentType": "RESOURCE",
      "feedOutputConfig": {
        "pubsubDestination": {
          "topic": "projects/my-project/topics/my-topic"
        }
      }
    }
  ]
}

Go

// Sample update-feed update feed.
package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"
	"strconv"

	asset "cloud.google.com/go/asset/apiv1"
	"cloud.google.com/go/asset/apiv1/assetpb"
	cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1"
	field_mask "google.golang.org/genproto/protobuf/field_mask"
)

// Command-line flags.
var (
	feedID = flag.String("feed_id", "YOUR_FEED_ID", "Identifier of Feed.")
)

func main() {
	flag.Parse()
	ctx := context.Background()
	client, err := asset.NewClient(ctx)
	if err != nil {
		log.Fatalf("asset.NewClient: %v", err)
	}
	defer client.Close()

	projectID := os.Getenv("GOOGLE_CLOUD_PROJECT")
	cloudresourcemanagerClient, err := cloudresourcemanager.NewService(ctx)
	if err != nil {
		log.Fatalf("cloudresourcemanager.NewService: %v", err)
	}

	project, err := cloudresourcemanagerClient.Projects.Get(projectID).Do()
	if err != nil {
		log.Fatalf("cloudresourcemanagerClient.Projects.Get.Do: %v", err)
	}
	projectNumber := strconv.FormatInt(project.ProjectNumber, 10)
	feedName := fmt.Sprintf("projects/%s/feeds/%s", projectNumber, *feedID)
	topic := fmt.Sprintf("projects/%s/topics/%s", projectID, "TOPIC_TO_UPDATE")

	req := &assetpb.UpdateFeedRequest{
		Feed: &assetpb.Feed{
			Name: feedName,
			FeedOutputConfig: &assetpb.FeedOutputConfig{
				Destination: &assetpb.FeedOutputConfig_PubsubDestination{
					PubsubDestination: &assetpb.PubsubDestination{
						Topic: topic,
					},
				},
			},
		},
		UpdateMask: &field_mask.FieldMask{
			Paths: []string{"feed_output_config.pubsub_destination.topic"},
		},
	}
	response, err := client.UpdateFeed(ctx, req)
	if err != nil {
		log.Fatalf("client.UpdateFeed: %v", err)
	}
	fmt.Print(response)
}

Java

import com.google.cloud.asset.v1.AssetServiceClient;
import com.google.cloud.asset.v1.Feed;
import com.google.cloud.asset.v1.FeedOutputConfig;
import com.google.cloud.asset.v1.PubsubDestination;
import com.google.cloud.asset.v1.UpdateFeedRequest;
import com.google.protobuf.FieldMask;

public class UpdateFeedExample {

  // Update a feed
  public static void updateFeed(String feedName, String topic) throws Exception {
    // String feedName = "MY_FEED_NAME"
    // String topic = "projects/[PROJECT_ID]/topics/[TOPIC_NAME]"
    Feed feed =
        Feed.newBuilder()
            .setName(feedName)
            .setFeedOutputConfig(
                FeedOutputConfig.newBuilder()
                    .setPubsubDestination(PubsubDestination.newBuilder().setTopic(topic).build())
                    .build())
            .build();
    UpdateFeedRequest request =
        UpdateFeedRequest.newBuilder()
            .setFeed(feed)
            .setUpdateMask(
                FieldMask.newBuilder()
                    .addPaths("feed_output_config.pubsub_destination.topic")
                    .build())
            .build();
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (AssetServiceClient client = AssetServiceClient.create()) {
      Feed response = client.updateFeed(request);
      System.out.println("Feed updated successfully: " + response.getName());
    } catch (Exception e) {
      System.out.println("Error during UpdateFeed: \n" + e.toString());
    }
  }
}

Node.js

const {AssetServiceClient} = require('@google-cloud/asset');

const client = new AssetServiceClient();
// example inputs:
// const fullQueryName = 'folders/<FOLDER_NUMBER>/savedQueries/<QUERY_ID>';
// const description = 'a new description';
async function updateSavedQuery() {
  const request = {
    savedQuery: {
      name: fullQueryName,
      description: description,
    },
    updateMask: {
      paths: ['description'],
    },
  };

  // Handle the operation using the promise pattern.
  const [query] = await client.updateSavedQuery(request);
  // Do things with with the response.
  console.log('Query name:', query.name);
  console.log('Query description:', query.description);
  console.log('Created time:', query.createTime);
  console.log('Updated time:', query.lastUpdateTime);
  console.log('Query type:', query.content.queryContent);
  console.log('Query content:', JSON.stringify(query.content, null, 4));

Python

from google.cloud import asset_v1
from google.protobuf import field_mask_pb2

# TODO feed_name = 'Feed Name you want to update'
# TODO topic = "Topic name you want to update with"

client = asset_v1.AssetServiceClient()
feed = asset_v1.Feed()
feed.name = feed_name
feed.feed_output_config.pubsub_destination.topic = topic
update_mask = field_mask_pb2.FieldMask()
# In this example, we update topic of the feed
update_mask.paths.append("feed_output_config.pubsub_destination.topic")
response = client.update_feed(request={"feed": feed, "update_mask": update_mask})
print(f"updated_feed: {response}")

gcloud

gcloud asset feeds delete FEED_ID \
    --SCOPE \
    --billing-project=BILLING_PROJECT_ID

Provide the following values:

• SCOPE: Use one of the following values:

  • project=PROJECT_ID, where PROJECT_ID is the ID of the project that the feed is in.

  • folder=FOLDER_ID, where FOLDER_ID is the ID of the folder that the feed is in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organization=ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization that the feed is in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

See the gcloud CLI reference for all options.

Example response

A successful deletion returns no response.

REST

HTTP method and URL:

DELETE https://cloudasset.googleapis.com/v1/SCOPE_PATH/feeds/FEED_ID

Headers:

X-Goog-User-Project: BILLING_PROJECT_ID

Provide the following values:

• SCOPE_PATH: Use one of the following values:

  The allowed values are:

  • projects/PROJECT_NUMBER, where PROJECT_NUMBER is the number of the project that the feed is in.

    How to find a Google Cloud project number

    Google Cloud console

    To find a Google Cloud project number, complete the following steps:

    1. Go to the Welcome page in the Google Cloud console.

       Go to Welcome

    2. Click the switcher list box in the menu bar.

    3. Select your organization from the list box, and then search for your project name. The project name, project number, and project ID are shown near the Welcome heading.

       Up to 4,000 resources are displayed. If you don't see the project you're looking for, go to the Manage resources page and filter the list using the name of that project.

    gcloud CLI

    You can retrieve a Google Cloud project number with the following command:

    gcloud projects describe PROJECT_ID --format="value(projectNumber)"

  • folders/FOLDER_ID, where FOLDER_ID is the ID of the folder that the feed is in.

    How to find the ID of a Google Cloud folder

    Google Cloud console

    To find the ID of a Google Cloud folder, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Search for your folder name. The folder ID is shown next to the folder name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud folder that's located at the organization level with the following command:

    gcloud resource-manager folders list \
        --organization=$(gcloud organizations describe ORGANIZATION_NAME \
          --format="value(name.segment(1))") \
        --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
        --format="value(ID)"

    Where TOP_LEVEL_FOLDER_NAME is a partial or full string match for the folder's name. Remove the --format flag to see more information about the found folders.

    The previous command doesn't return the IDs of subfolders within folders. To do so, run the following command using a top level folder's ID:

    gcloud resource-manager folders list --folder=FOLDER_ID

  • organizations/ORGANIZATION_ID, where ORGANIZATION_ID is the ID of the organization that the feed is in.

    How to find the ID of a Google Cloud organization

    Google Cloud console

    To find the ID of a Google Cloud organization, complete the following steps:

    1. Go to the Google Cloud console.

       Go to the Google Cloud console

    2. Click the switcher list box in the menu bar.
    3. Select your organization from the list box.
    4. Click the All tab. The organization ID is shown next to the organization name.

    gcloud CLI

    You can retrieve the ID of a Google Cloud organization with the following command:

    gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"

• BILLING_PROJECT_ID: The project ID that the default Cloud Asset Inventory service agent is in that has permissions to manage your Pub/Sub topic. Read more about setting the billing project.

See the REST reference for all options.

Command examples

Run one of the following commands to delete a specific feed.

curl -X DELETE \
     -H "X-Goog-User-Project: BILLING_PROJECT_ID" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     https://cloudasset.googleapis.com/v1/projects/000000000000/feeds/my-feed

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-Goog-User-Project" = "BILLING_PROJECT_ID";
  "Authorization" = "Bearer $cred"
}


Invoke-WebRequest `
  -Method DELETE `
  -Headers $headers `
  -Uri "https://cloudasset.googleapis.com/v1/projects/000000000000/feeds/my-feed" | Select-Object -Expand Content

Example response

{}

Go

// Sample delete-feed delete feed.
package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"
	"strconv"

	asset "cloud.google.com/go/asset/apiv1"
	"cloud.google.com/go/asset/apiv1/assetpb"
	cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1"
)

// Command-line flags.
var (
	feedID = flag.String("feed_id", "YOUR_FEED_ID", "Identifier of Feed.")
)

func main() {
	flag.Parse()
	ctx := context.Background()
	client, err := asset.NewClient(ctx)
	if err != nil {
		log.Fatalf("asset.NewClient: %v", err)
	}
	defer client.Close()

	projectID := os.Getenv("GOOGLE_CLOUD_PROJECT")
	cloudresourcemanagerClient, err := cloudresourcemanager.NewService(ctx)
	if err != nil {
		log.Fatalf("cloudresourcemanager.NewService: %v", err)
	}

	project, err := cloudresourcemanagerClient.Projects.Get(projectID).Do()
	if err != nil {
		log.Fatalf("cloudresourcemanagerClient.Projects.Get.Do: %v", err)
	}
	projectNumber := strconv.FormatInt(project.ProjectNumber, 10)
	feedName := fmt.Sprintf("projects/%s/feeds/%s", projectNumber, *feedID)
	req := &assetpb.DeleteFeedRequest{
		Name: feedName,
	}
	if err = client.DeleteFeed(ctx, req); err != nil {
		log.Fatalf("client.DeleteFeed: %v", err)
	}
	fmt.Print("Deleted Feed")
}

Java

import com.google.cloud.asset.v1.AssetServiceClient;

public class DeleteFeedExample {

  // Delete a feed with full feed name
  public static void deleteFeed(String feedName) throws Exception {
    // String feedName = "MY_FEED_NAME"

    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (AssetServiceClient client = AssetServiceClient.create()) {
      client.deleteFeed(feedName);
      System.out.println("Feed deleted");
    } catch (Exception e) {
      System.out.println("Error during DeleteFeed: \n" + e.toString());
    }
  }
}

Node.js

const util = require('util');
const {AssetServiceClient} = require('@google-cloud/asset');

const client = new AssetServiceClient();

async function deleteFeed() {
  const request = {
    name: feedName,
  };

  // Handle the operation using the promise pattern.
  const result = await client.deleteFeed(request);
  // Do things with with the response.
  console.log(util.inspect(result, {depth: null}));

Python

from google.cloud import asset_v1

# TODO feed_name = 'Feed name you want to delete'

client = asset_v1.AssetServiceClient()
client.delete_feed(request={"name": feed_name})
print("deleted_feed")