Index
AssetService(interface)Asset(message)BatchGetAssetsHistoryRequest(message)BatchGetAssetsHistoryResponse(message)BigQueryDestination(message)ContentType(enum)CreateFeedRequest(message)DeleteFeedRequest(message)ExportAssetsRequest(message)ExportAssetsResponse(message)Feed(message)FeedOutputConfig(message)GcsDestination(message)GetFeedRequest(message)ListFeedsRequest(message)ListFeedsResponse(message)OutputConfig(message)PubsubDestination(message)Resource(message)TemporalAsset(message)TimeWindow(message)UpdateFeedRequest(message)
AssetService
Asset service definition.
| BatchGetAssetsHistory | |
|---|---|
|
Batch gets the update history of assets that overlap a time window. For RESOURCE content, this API outputs history with asset in both non-delete or deleted status. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.
|
|
| CreateFeed | |
|---|---|
|
Creates a feed in a parent project/folder/organization to listen to its asset updates.
|
|
| DeleteFeed | |
|---|---|
|
Deletes an asset feed.
|
|
| ExportAssets | |
|---|---|
|
Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the
|
|
| GetFeed | |
|---|---|
|
Gets details about an asset feed.
|
|
| ListFeeds | |
|---|---|
|
Lists all asset feeds in a parent project/folder/organization.
|
|
| UpdateFeed | |
|---|---|
|
Updates an asset feed configuration.
|
|
Asset
An asset in Google Cloud. An asset can be any resource in the Google Cloud resource hierarchy, a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a Cloud IAM policy.
| Fields | ||
|---|---|---|
name |
The full name of the asset. For example: "//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1" See Resource names for more information. |
|
asset_type |
The type of the asset. For example: "compute.googleapis.com/Disk" See Supported asset types for more information. |
|
resource |
A representation of the resource. |
|
iam_policy |
A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See this topic for more information. |
|
org_policy[] |
A representation of an organization policy. There can be more than one organization policy with different constraints set on a given resource. |
|
ancestors[] |
The ancestry path of an asset in Google Cloud resource hierarchy, represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. For example: |
|
Union field access_context_policy. A representation of an access policy. access_context_policy can be only one of the following: |
||
access_policy |
||
access_level |
||
service_perimeter |
||
BatchGetAssetsHistoryRequest
Batch get assets history request.
| Fields | |
|---|---|
parent |
Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345"). Authorization requires one or more of the following Google IAM permissions on the specified resource
|
asset_names[] |
A list of the full names of the assets. For example: The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request. |
content_type |
Optional. The content type. |
read_time_window |
Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after 2018-10-02 UTC. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window. |
BatchGetAssetsHistoryResponse
Batch get assets history response.
| Fields | |
|---|---|
assets[] |
A list of assets with valid time windows. |
BigQueryDestination
A BigQuery destination.
| Fields | |
|---|---|
dataset |
Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId", to which the snapshot result should be exported. If this dataset does not exist, the export call returns an error. |
table |
Required. The BigQuery table to which the snapshot result should be written. If this table does not exist, a new table with the given name will be created. |
force |
If the destination table already exists and this flag is |
ContentType
Asset content type.
| Enums | |
|---|---|
CONTENT_TYPE_UNSPECIFIED |
Unspecified content type. |
RESOURCE |
Resource metadata. |
IAM_POLICY |
The actual IAM policy set on a resource. |
ORG_POLICY |
The Cloud Organization Policy set on an asset. |
ACCESS_POLICY |
The Cloud Access context mananger Policy set on an asset. |
CreateFeedRequest
Create asset feed request.
| Fields | |
|---|---|
parent |
Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345"). |
feed_id |
Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization. |
feed |
Required. The feed details. The field |
DeleteFeedRequest
| Fields | |
|---|---|
name |
Required. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id |
ExportAssetsRequest
Export asset request.
| Fields | |
|---|---|
parent |
Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). Authorization requires one or more of the following Google IAM permissions on the specified resource
|
read_time |
Timestamp to take an asset snapshot. This can only be set to a timestamp between 2018-10-02 UTC (inclusive) and the current time. If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results. |
asset_types[] |
A list of asset types of which to take a snapshot for. For example: "compute.googleapis.com/Disk". If specified, only matching assets will be returned. See Introduction to Cloud Asset Inventory for all supported asset types. |
content_type |
Asset content type. If not specified, no content but the asset name will be returned. |
output_config |
Required. Output configuration indicating where the results will be output to. All results will be in newline delimited JSON format. |
ExportAssetsResponse
The export asset response. This message is returned by the google.longrunning.Operations.GetOperation method in the returned google.longrunning.Operation.response field.
| Fields | |
|---|---|
read_time |
Time the snapshot was taken. |
output_config |
Output configuration indicating where the results were output to. All results are in JSON format. |
Feed
An asset feed used to export asset updates to a destinations. An asset feed filter controls what updates are exported. The asset feed must be created within a project, organization, or folder. Supported destinations are: Cloud Pub/Sub topics.
| Fields | |
|---|---|
name |
Required. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier} The client-assigned feed identifier must be unique within the parent project/folder/organization. |
asset_names[] |
A list of the full names of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names and asset_types are exported to the feed. For example: |
asset_types[] |
A list of types of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names and asset_types are exported to the feed. For example: See this topic for a list of all supported asset types. |
content_type |
Asset content type. If not specified, no content but the asset name and type will be returned. |
feed_output_config |
Required. Feed output configuration defining where the asset updates are published to. |
FeedOutputConfig
Output configuration for asset feed destination.
| Fields | |
|---|---|
pubsub_destination |
Destination on Cloud Pubsub. |
GcsDestination
A Cloud Storage location.
| Fields | ||
|---|---|---|
Union field object_uri. Required. object_uri can be only one of the following: |
||
uri |
The uri of the Cloud Storage object. It's the same uri that is used by gsutil. For example: "gs://bucket_name/object_name". See Viewing and Editing Object Metadata for more information. |
|
uri_prefix |
The uri prefix of all generated Cloud Storage objects. For example: "gs://bucket_name/object_name_prefix". Each object uri is in format: "gs://bucket_name/object_name_prefix/ |
|
GetFeedRequest
Get asset feed request.
| Fields | |
|---|---|
name |
Required. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id |
ListFeedsRequest
List asset feeds request.
| Fields | |
|---|---|
parent |
Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id"). |
ListFeedsResponse
| Fields | |
|---|---|
feeds[] |
A list of feeds. |
OutputConfig
Output configuration for export assets destination.
| Fields | ||
|---|---|---|
Union field destination. Asset export destination. destination can be only one of the following: |
||
gcs_destination |
Destination on Cloud Storage. |
|
BigQuery_destination |
Destination on BigQuery. The output table stores the fields in asset proto as columns in BigQuery. The resource/iam_policy field is converted to a record with each field to a column, except metadata to a single JSON string. |
|
PubsubDestination
A Cloud Pubsub destination.
| Fields | |
|---|---|
topic |
The name of the Cloud Pub/Sub topic to publish to. For example: |
Resource
A representation of a Google Cloud resource.
| Fields | |
|---|---|
version |
The API version. For example: "v1" |
discovery_document_uri |
The URL of the discovery document containing the resource's JSON schema. For example: "https://www.googleapis.com/discovery/v1/apis/compute/v1/rest" This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable. |
discovery_name |
The JSON schema name listed in the discovery document. For example: "Project" This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable. |
resource_url |
The REST URL for accessing the resource. An HTTP This value is unspecified for resources without a REST API. |
parent |
The full name of the immediate parent of this resource. See Resource Names for more information. For Google Cloud assets, this value is the parent resource defined in the Cloud IAM policy hierarchy. For example: "//cloudresourcemanager.googleapis.com/projects/my_project_123" For third-party assets, this field may be set differently. |
data |
The content of the resource, in which some sensitive fields are removed and may not be present. |
TemporalAsset
An asset in Google Cloud and its temporal metadata, including the time window when it was observed and its status during that window.
| Fields | |
|---|---|
window |
The time window when the asset data and state was observed. |
deleted |
Whether the asset has been deleted or not. |
asset |
An asset in Google Cloud. |
TimeWindow
A time window specified by its "start_time" and "end_time".
| Fields | |
|---|---|
start_time |
Start time of the time window (exclusive). |
end_time |
End time of the time window (inclusive). If not specified, the current timestamp is used instead. |
UpdateFeedRequest
Update asset feed request.
| Fields | |
|---|---|
feed |
Required. The new values of feed details. It must match an existing feed and the field |
update_mask |
Required. Only updates the |