Method: batchGetAssetsHistory

Batch gets the update history of assets that overlap a time window. For RESOURCE content, this API outputs history with asset in both non-delete or deleted status. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.

HTTP request

GET https://cloudasset.googleapis.com/v1/{parent=*/*}:batchGetAssetsHistory

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

Authorization requires one or more of the following Google IAM permissions on the specified resource parent:

  • cloudasset.assets.exportResource
  • cloudasset.assets.exportIamPolicy

Query parameters

Parameters
assetNames

string

A list of the full names of the assets. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Resource Names and Resource name Format for more info.

The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.

contentType

enum (ContentType)

Optional. The content type.

readTimeWindow

object (TimeWindow)

Optional. The time window for the asset history. Both startTime and endTime are optional and if set, it must be after 2018-10-02 UTC. If endTime is not set, it is default to current timestamp. If startTime is not set, the snapshot of the assets at endTime will be returned. The returned results contain all temporal assets whose time window overlap with readTimeWindow.

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

Batch get assets history response.

JSON representation
{
  "assets": [
    {
      object (TemporalAsset)
    }
  ]
}
Fields
assets[]

object (TemporalAsset)

A list of assets with valid time windows.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

TimeWindow

A time window specified by its "startTime" and "endTime".

JSON representation
{
  "startTime": string,
  "endTime": string
}
Fields
startTime

string (Timestamp format)

instances.start time of the time window (exclusive).

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

endTime

string (Timestamp format)

End time of the time window (inclusive). If not specified, the current timestamp is used instead.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

TemporalAsset

An asset in Google Cloud and its temporal metadata, including the time window when it was observed and its status during that window.

JSON representation
{
  "window": {
    object (TimeWindow)
  },
  "deleted": boolean,
  "asset": {
    object (Asset)
  }
}
Fields
window

object (TimeWindow)

The time window when the asset data and state was observed.

deleted

boolean

Whether the asset has been deleted or not.

asset

object (Asset)

An asset in Google Cloud.

Asset

An asset in Google Cloud. An asset can be any resource in the Google Cloud resource hierarchy, a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a Cloud IAM policy.

JSON representation
{
  "name": string,
  "assetType": string,
  "resource": {
    object (Resource)
  },
  "iamPolicy": {
    object (Policy)
  },
  "orgPolicy": [
    {
      object (Policy)
    }
  ],
  "ancestors": [
    string
  ],

  // Union field access_context_policy can be only one of the following:
  "accessPolicy": {
    object (AccessPolicy)
  },
  "accessLevel": {
    object (AccessLevel)
  },
  "servicePerimeter": {
    object (ServicePerimeter)
  }
  // End of list of possible types for union field access_context_policy.
}
Fields
name

string

The full name of the asset. For example: "//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1"

See Resource names for more information.

assetType

string

The type of the asset. For example: "compute.googleapis.com/Disk"

See Supported asset types for more information.

resource

object (Resource)

A representation of the resource.

iamPolicy

object (Policy)

A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See this topic for more information.

orgPolicy[]

object (Policy)

A representation of an organization policy. There can be more than one organization policy with different constraints set on a given resource.

ancestors[]

string

The ancestry path of an asset in Google Cloud resource hierarchy, represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself.

For example: ["projects/123456789", "folders/5432", "organizations/1234"]

Union field access_context_policy. A representation of an access policy. access_context_policy can be only one of the following:
accessPolicy

object (AccessPolicy)

accessLevel

object (AccessLevel)

servicePerimeter

object (ServicePerimeter)

Resource

A representation of a Google Cloud resource.

JSON representation
{
  "version": string,
  "discoveryDocumentUri": string,
  "discoveryName": string,
  "resourceUrl": string,
  "parent": string,
  "data": {
    object
  }
}
Fields
version

string

The API version. For example: "v1"

discoveryDocumentUri

string

The URL of the discovery document containing the resource's JSON schema. For example: "https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"

This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.

discoveryName

string

The JSON schema name listed in the discovery document. For example: "Project"

This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.

resourceUrl

string

The REST URL for accessing the resource. An HTTP GET request using this URL returns the resource itself. For example: "https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123"

This value is unspecified for resources without a REST API.

parent

string

The full name of the immediate parent of this resource. See Resource Names for more information.

For Google Cloud assets, this value is the parent resource defined in the Cloud IAM policy hierarchy. For example: "//cloudresourcemanager.googleapis.com/projects/my_project_123"

For third-party assets, this field may be set differently.

data

object (Struct format)

The content of the resource, in which some sensitive fields are removed and may not be present.

Try it!