Package google.cloud.asset.v1beta1

Index

AssetService

Asset service definition.

BatchGetAssetsHistory

rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse)

Batch gets the update history of assets that overlap a time window. For RESOURCE content, this API outputs history with asset in both non-delete or deleted status. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.
ExportAssets

rpc ExportAssets(ExportAssetsRequest) returns (Operation)

Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API allowing you to keep track of the export.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Asset

Cloud asset. This includes all Google Cloud Platform resources, Cloud IAM policies, and other non-GCP assets.

Fields
name

string

The full name of the asset. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Resource Names for more information.

asset_type

string

Type of the asset. Example: "google.compute.Disk".

resource

Resource

Representation of the resource.

iam_policy

Policy

Representation of the actual Cloud IAM policy set on a cloud resource. For each resource, there must be at most one Cloud IAM policy set on it.

BatchGetAssetsHistoryRequest

Batch get assets history request.

Fields
parent

string

Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

Authorization requires one or more of the following Google IAM permissions on the specified resource parent:

  • cloudasset.assets.exportResource
  • cloudasset.assets.exportIamPolicy
asset_names[]

string

A list of the full names of the assets. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Resource Names for more info.

The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.
content_type

ContentType

Optional. The content type.

read_time_window

TimeWindow

Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after 2018-10-02 UTC. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.

BatchGetAssetsHistoryResponse

Batch get assets history response.

Fields
assets[]

TemporalAsset

A list of assets with valid time windows.

ContentType

Asset content type.

Enums
CONTENT_TYPE_UNSPECIFIED Unspecified content type.
RESOURCE Resource metadata.
IAM_POLICY The actual IAM policy set on a resource.

ExportAssetsRequest

Export asset request.

Fields
parent

string

Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project number (such as "projects/12345"), or a folder number (such as "folders/123").

Authorization requires one or more of the following Google IAM permissions on the specified resource parent:

  • cloudasset.assets.exportResource
  • cloudasset.assets.exportIamPolicy
read_time

Timestamp

Timestamp to take an asset snapshot. This can only be set to a timestamp between 2018-10-02 UTC (inclusive) and the current time. If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.

asset_types[]

string

A list of asset types of which to take a snapshot for. For example: "google.compute.Disk". If specified, only matching assets will be returned. See Introduction to Cloud Asset Inventory for all supported asset types.

content_type

ContentType

Asset content type. If not specified, no content but the asset name will be returned.

output_config

OutputConfig

Required. Output configuration indicating where the results will be output to. All results will be in newline delimited JSON format.

ExportAssetsResponse

The export asset response. This message is returned by the google.longrunning.Operations.GetOperation method in the returned google.longrunning.Operation.response field.

Fields
read_time

Timestamp

Time the snapshot was taken.

output_config

OutputConfig

Output configuration indicating where the results were output to. All results are in JSON format.

GcsDestination

A Cloud Storage location.

Fields
Union field object_uri. Required. object_uri can be only one of the following:
uri

string

The uri of the Cloud Storage object. It's the same uri that is used by gsutil. For example: "gs://bucket_name/object_name". See Viewing and Editing Object Metadata for more information.

uri_prefix

string

The uri prefix of all generated Cloud Storage objects. For example: "gs://bucket_name/object_name_prefix". Each object uri is in format: "gs://bucket_name/object_name_prefix// and only contains assets for that type. starts from 0. For example: "gs://bucket_name/object_name_prefix/google.compute.disk/0" is the first shard of output objects containing all google.compute.disk assets. An INVALID_ARGUMENT error will be returned if file with the same name "gs://bucket_name/object_name_prefix" already exists.

OutputConfig

Output configuration for export assets destination.

Fields
gcs_destination

GcsDestination

Destination on Cloud Storage.

Resource

Representation of a cloud resource.

Fields
version

string

The API version. Example: "v1".

discovery_document_uri

string

The URL of the discovery document containing the resource's JSON schema. For example: "https://www.googleapis.com/discovery/v1/apis/compute/v1/rest". It will be left unspecified for resources without a discovery-based API, such as Cloud Bigtable.

discovery_name

string

The JSON schema name listed in the discovery document. Example: "Project". It will be left unspecified for resources (such as Cloud Bigtable) without a discovery-based API.

resource_url

string

The REST URL for accessing the resource. An HTTP GET operation using this URL returns the resource itself. Example: https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123. It will be left unspecified for resources without a REST API.

parent

string

The full name of the immediate parent of this resource. See Resource Names for more information.

For GCP assets, it is the parent resource defined in the Cloud IAM policy hierarchy. For example: "//cloudresourcemanager.googleapis.com/projects/my_project_123".

For third-party assets, it is up to the users to define.
data

Struct

The content of the resource, in which some sensitive fields are scrubbed away and may not be present.

TemporalAsset

Temporal asset. In addition to the asset, the temporal asset includes the status of the asset and valid from and to time of it.

Fields
window

TimeWindow

The time window when the asset data and state was observed.

deleted

bool

If the asset is deleted or not.

asset

Asset

Asset.

TimeWindow

A time window of (start_time, end_time].

Fields
start_time

Timestamp

Start time of the time window (exclusive).

end_time

Timestamp

End time of the time window (inclusive). Current timestamp if not specified.

Was this page helpful? Let us know how we did: