REST Resource: folders.inventorySettings.exportSettings

Resource: ExportSetting

Settings that configure CAI to export assets on given schedules. An [InventorySettings] might have multiple [ExportSetting], each with a unique identifier.

JSON representation
{
  "name": string,
  "assetTypes": [
    string
  ],
  "contentType": enum (ContentType),
  "gcsSetting": {
    object (GcsSetting)
  },
  "bigquerySetting": {
    object (BigQuerySetting)
  }
}
Fields
name

string

The format will be: organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{exportSetting} or folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{exportSetting} or projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{exportSetting}

assetTypes[]

string

Asset types of resources that will be exported on schedule. For example: "compute.googleapis.com/Disk".

Regular expressions are also supported. For example:

  • "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com".
  • ".*Instance" snapshots resources whose asset type ends with "Instance".
  • ".*Instance.*" snapshots resources whose asset type contains "Instance".

See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.

If specified, only matching assets will be returned. See Introduction to Cloud Asset Inventory for all supported asset types.

contentType

enum (ContentType)

Required. Asset content type. Currently only RESOURCE, IAM_POLICY, ORG_POLICY, ACCESS_POLICY are supported.

gcsSetting

object (GcsSetting)

Setting to configure scheduled export output to GCS. At least one of [gcsSetting] and [bigquerySetting] should be set.

bigquerySetting

object (BigQuerySetting)

Setting to configure scheduled export output to BigQuery. At least one of [gcs_settings] and [bigquery_settings] should be set.

ContentType

Asset content type.

Enums
CONTENT_TYPE_UNSPECIFIED Unspecified content type.
RESOURCE Resource metadata.
IAM_POLICY The actual IAM policy set on a resource.
ORG_POLICY The Cloud Organization Policy set on an asset.
ACCESS_POLICY The Cloud Access context manager Policy set on an asset.

GcsSetting

Setting for scheduled export to GCS.

JSON representation
{
  "destination": {
    object (GcsDestination)
  },
  "snapshotSchedule": {
    object (ScheduleConfig)
  }
}
Fields
destination

object (GcsDestination)

Required. Destination on Cloud Storage.

snapshotSchedule

object (ScheduleConfig)

Schedule for scheduled export of asset snapshot.

GcsDestination

A Cloud Storage location.

JSON representation
{

  // Union field object_uri can be only one of the following:
  "uri": string,
  "uriPrefix": string
  // End of list of possible types for union field object_uri.
}
Fields
Union field object_uri. Required. object_uri can be only one of the following:
uri

string

The uri of the Cloud Storage object. It's the same uri that is used by gsutil. Example: "gs://bucketName/objectName". See Viewing and Editing Object metadata for more information.

In the case of scheduled export, a path indiciating when the export happens will be added in between the bucketName and objectName. For example: the real destination for an scheduled snapshot is: gs://bucketName/{YYYY}/{MM}/{DD}/snapshot/{HHMMSS}/file

uriPrefix

string

The uri prefix of all generated Cloud Storage objects. Example: "gs://bucketName/objectNamePrefix". Each object uri is in format: "gs://bucketName/objectNamePrefix/{ASSET_TYPE}/{SHARD_NUMBER} and only contains assets for that type. starts from 0. Example: "gs://bucketName/objectNamePrefix/compute.googleapis.com/Disk/0" is the first shard of output objects containing all compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be returned if file with the same name "gs://bucketName/objectNamePrefix" already exists.

In the case of scheduled export, a path indiciating when the export happens will be appended. For example: the real destination for an scheduled snapshot is: gs://bucketName/objectNamePrefix/{YYYY}/{MM}/{DD}/snapshot/{HHMMSS}/{ASSET_TYPE}/{SHARD_NUMBER}

ScheduleConfig

Schedule for scheduled export. This is used to configure scheduled export for both GCS and BigQuery.

JSON representation
{
  "crontab": string,
  "timeZone": string
}
Fields
crontab

string

Required. Cron-tab formatted schedule by which the job will execute Format: minute, hour, day of month, month, day of week e.g. 0 0 * * WED = every Wednesday More examples: https://crontab.guru/examples.html

timeZone

string

Specifies the time zone to be used in interpreting [crontab]. The value of this field must be a time zone name from the tz database.

Note that some time zones include a provision for daylight savings time. The rules for daylight saving time are determined by the chosen tz. For UTC use the string "utc". If a time zone is not specified, the default will be in UTC (also known as GMT).

BigQuerySetting

Setting for scheduled export to BigQuery.

JSON representation
{
  "destination": {
    object (BigQueryDestination)
  },
  "snapshotSchedule": {
    object (ScheduleConfig)
  }
}
Fields
destination

object (BigQueryDestination)

Required. Destination on BigQuery. The output table stores the fields in asset proto as columns in BigQuery.

snapshotSchedule

object (ScheduleConfig)

Schedule for scheduled export of asset snapshot.

BigQueryDestination

A BigQuery destination for exporting assets to.

JSON representation
{
  "dataset": string,
  "table": string,
  "force": boolean,
  "partitionSpec": {
    object (PartitionSpec)
  },
  "separateTablesPerAssetType": boolean
}
Fields
dataset

string

Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId", to which the snapshot result should be exported. If this dataset does not exist, the export call returns an INVALID_ARGUMENT error.

table

string

Required. The BigQuery table to which the snapshot result should be written. If this table does not exist, a new table with the given name will be created.

In the case of scheduled export, the real destination is [table] appended with a suffix indicating the point-in-time of the snapshot. For example, suppose field [table] is "mytable". When [separateTablesPerAssetType] and is FALSE, the destination will be "mytable_snapshot_20201122060000", and when [separateTablesPerAssetType] and is TRUE and the [assetTypes] contains "storage.googleapis.com/Bucket", the destination will be "mytable_snapshot_20201122060000_storage_googleapis_com_Bucket"

force

boolean

If the destination table already exists and this flag is TRUE, the table will be overwritten by the contents of assets snapshot. If the flag is FALSE or unset and the destination table already exists, the export call returns an INVALID_ARGUMEMT error.

partitionSpec

object (PartitionSpec)

[partitionSpec] determines whether to export to partitioned table(s) and how to partition the data.

If [partitionSpec] is unset or [partitionSpec.partition_key] is unset or PARTITION_KEY_UNSPECIFIED, the snapshot results will be exported to non-partitioned table(s). [force] will decide whether to overwrite existing table(s).

If [partitionSpec] is specified. First, the snapshot results will be written to partitioned table(s) with two additional timestamp columns, readTime and requestTime, one of which will be the partition key. Secondly, in the case when any destination table already exists, it will first try to update existing table's schema as necessary by appending additional columns. Then, if [force] is TRUE, the corresponding partition will be overwritten by the snapshot results (data in different partitions will remain intact); if [force] is unset or FALSE, it will append the data. An error will be returned if the schema update or data appension fails.

separateTablesPerAssetType

boolean

If this flag is TRUE, the snapshot results will be written to one or multiple tables, each of which contains results of one asset type. The [force] and [partitionSpec] fields will apply to each of them.

Field [table] will be concatenated with "_" and the asset type names (see https://cloud.google.com/asset-inventory/docs/supported-asset-types for supported asset types) to construct per-asset-type table names, in which all non-alphanumeric characters like "." and "/" will be substituted by "_". Example: if field [table] is "mytable" and snapshot results contain "storage.googleapis.com/Bucket" assets, the corresponding table name will be "mytable_storage_googleapis_com_Bucket". If any of these tables does not exist, a new table with the concatenated name will be created.

When [contentType] in the ExportAssetsRequest is RESOURCE, the schema of each table will include RECORD-type columns mapped to the nested fields in the Asset.resource.data field of that asset type (up to the 15 nested level BigQuery supports (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The fields in >15 nested levels will be stored in JSON format string as a child column of its parent RECORD column.

If error occurs when exporting to any table, the whole export call will return an error but the export results that already succeed will persist. Example: if exporting to table_type_A succeeds when exporting to table_type_B fails during one export call, the results in table_type_A will persist and there will not be partial results persisting in a table.

PartitionSpec

Specifications of BigQuery partitioned table as export destination.

JSON representation
{
  "partitionKey": enum (PartitionKey)
}
Fields
partitionKey

enum (PartitionKey)

The partition key for BigQuery partitioned table.

PartitionKey

This enum is used to determine the partition key column when exporting assets to BigQuery partitioned table(s). Note that, if the partition key is a timestamp column, the actual partition is based on its date value (expressed in UTC. see details in https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables).

Enums
PARTITION_KEY_UNSPECIFIED Unspecified partition key. If used, it means using non-partitioned table.
READ_TIME The time when the snapshot is taken. If specified as partition key, the result table(s) is partitoned by the additional timestamp column, readTime. If [readTime] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
REQUEST_TIME The time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitoned by the requestTime column, an additional timestamp column representing when the request was received.

Methods

create

Creates an export setting.

delete

Deletes an export setting.

get

Gets details about an export setting.

list

Lists all export settings under a [InventorySettings].

patch

Updates an export setting.