Method: assetUpdates.list

Lists asset updates within a time window and returns paged results in response.

HTTP request

GET https://cloudasset.googleapis.com/v1p7beta1/{parent=*/*}/assetUpdates

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. name of the organization or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-number]" (such as "projects/my-project-id"), or "projects/[project-id]" (such as "projects/12345").

Authorization requires one or more of the following IAM permissions on the specified resource parent:

  • cloudasset.assets.listResource
  • cloudasset.assets.listIamPolicy

Query parameters

Parameters
updateTimeWindow

object (UpdateTimeWindow)

The time window configuration for the asset updates. Both startTime and endTime must be within 35 days from now. endTime is optional and not set, it is default to current timestamp. The returned results contain all assets created, updated or deleted in updateTimeWindow.time_window.

assetTypes

string

A list of asset types to list the updates for. For example: "compute.googleapis.com/Disk".

Regular expression is also supported. For example:

  • "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com".
  • ".*Instance" snapshots resources whose asset type ends with "Instance".
  • ".*Instance.*" snapshots resources whose asset type contains "Instance".

See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.

If specified, only matching assets will be returned.

At most one of assetTypes and assetNames should be specified. If neither is specified, all assets under the parent will be returned.

assetNames

string

A list of the full names of the assets to list the updates for. See: https://cloud.google.com/asset-inventory/docs/resource-name-format Example:

//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.

If specified, only assets in the list will be returned.

At most one of assetTypes and assetNames should be specified. If neither is specified, all assets under the parent will be returned.

contentType

enum (ContentType)

Asset content type. If not specified, no content but the asset name will be returned.

pageSize

integer

The maximum number of assets to be returned in a single response. Default is 100, minimum is 1, and maximum is 1000.

pageToken

string

The nextPageToken returned from the previous ListAssetsResponse, or unspecified for the first ListAssetsRequest. It is a continuation of a prior assets.list call, and the API should return the next page of assets.

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

assets.list response.

JSON representation
{
  "assetUpdates": [
    {
      object (Asset)
    }
  ],
  "updateTimeWindow": {
    object (UpdateTimeWindow)
  },
  "nextPageToken": string
}
Fields
assetUpdates[]

object (Asset)

Asset updates in the time window.

updateTimeWindow

object (UpdateTimeWindow)

time window configuration of the list request.

nextPageToken

string

Token to retrieve the next page of results. Set to empty if there are no remaining results.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Asset

An asset in Google Cloud. An asset can be any resource in the Google Cloud resource hierarchy, a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See Supported asset types for more information.

JSON representation
{
  "updateTime": string,
  "name": string,
  "assetType": string,
  "deleted": boolean,
  "resource": {
    object (Resource)
  },
  "iamPolicy": {
    object (Policy)
  },
  "orgPolicy": [
    {
      object (Policy)
    }
  ],
  "ancestors": [
    string
  ],

  // Union field access_context_policy can be only one of the following:
  "accessPolicy": {
    object (AccessPolicy)
  },
  "accessLevel": {
    object (AccessLevel)
  },
  "servicePerimeter": {
    object (ServicePerimeter)
  }
  // End of list of possible types for union field access_context_policy.
}
Fields
updateTime

string (Timestamp format)

The last update timestamp of an asset. updateTime is updated when create/update/delete operation is performed.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

name

string

The full name of the asset. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1

See Resource names for more information.

assetType

string

The type of the asset. Example: compute.googleapis.com/Disk

See Supported asset types for more information.

deleted

boolean

Whether the asset has been deleted or not.

resource

object (Resource)

A representation of the resource.

iamPolicy

object (Policy)

A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See this topic for more information.

orgPolicy[]

object (Policy)

A representation of an organization policy. There can be more than one organization policy with different constraints set on a given resource.

ancestors[]

string

The ancestry path of an asset in Google Cloud resource hierarchy, represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself.

Example: ["projects/123456789", "folders/5432", "organizations/1234"]

Union field access_context_policy. A representation of an access policy. access_context_policy can be only one of the following:
accessPolicy

object (AccessPolicy)

Please also refer to the access policy user guide.

accessLevel

object (AccessLevel)

Please also refer to the access level user guide.

servicePerimeter

object (ServicePerimeter)

Please also refer to the service perimeter user guide.

Resource

A representation of a Google Cloud resource.

JSON representation
{
  "version": string,
  "discoveryDocumentUri": string,
  "discoveryName": string,
  "resourceUrl": string,
  "parent": string,
  "data": {
    object
  },
  "location": string
}
Fields
version

string

The API version. Example: v1

discoveryDocumentUri

string

The URL of the discovery document containing the resource's JSON schema. Example: https://www.googleapis.com/discovery/v1/apis/compute/v1/rest

This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.

discoveryName

string

The JSON schema name listed in the discovery document. Example: Project

This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.

resourceUrl

string

The REST URL for accessing the resource. An HTTP GET request using this URL returns the resource itself. Example: https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123

This value is unspecified for resources without a REST API.

parent

string

The full name of the immediate parent of this resource. See Resource Names for more information.

For Google Cloud assets, this value is the parent resource defined in the Cloud IAM policy hierarchy. Example: //cloudresourcemanager.googleapis.com/projects/my_project_123

For third-party assets, this field may be set differently.

data

object (Struct format)

The content of the resource, in which some sensitive fields are removed and may not be present.

location

string

The location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/.