Google Cloud Asset V1 Client - Class AssetServiceClient (1.10.2)

Reference documentation and code samples for the Google Cloud Asset V1 Client class AssetServiceClient.

Service Description: Asset service definition.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$assetServiceClient = new AssetServiceClient();
try {
    $analysisQuery = new IamPolicyAnalysisQuery();
    $response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
} finally {
    $assetServiceClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Methods

feedName

Formats a string containing the fully-qualified path to represent a feed resource.

Parameters
NameDescription
project string
feed string
Returns
TypeDescription
stringThe formatted feed resource.

folderName

Formats a string containing the fully-qualified path to represent a folder resource.

Parameter
NameDescription
folder string
Returns
TypeDescription
stringThe formatted folder resource.

folderFeedName

Formats a string containing the fully-qualified path to represent a folder_feed resource.

Parameters
NameDescription
folder string
feed string
Returns
TypeDescription
stringThe formatted folder_feed resource.

folderSavedQueryName

Formats a string containing the fully-qualified path to represent a folder_saved_query resource.

Parameters
NameDescription
folder string
savedQuery string
Returns
TypeDescription
stringThe formatted folder_saved_query resource.

organizationName

Formats a string containing the fully-qualified path to represent a organization resource.

Parameter
NameDescription
organization string
Returns
TypeDescription
stringThe formatted organization resource.

organizationFeedName

Formats a string containing the fully-qualified path to represent a organization_feed resource.

Parameters
NameDescription
organization string
feed string
Returns
TypeDescription
stringThe formatted organization_feed resource.

organizationSavedQueryName

Formats a string containing the fully-qualified path to represent a organization_saved_query resource.

Parameters
NameDescription
organization string
savedQuery string
Returns
TypeDescription
stringThe formatted organization_saved_query resource.

projectName

Formats a string containing the fully-qualified path to represent a project resource.

Parameter
NameDescription
project string
Returns
TypeDescription
stringThe formatted project resource.

projectFeedName

Formats a string containing the fully-qualified path to represent a project_feed resource.

Parameters
NameDescription
project string
feed string
Returns
TypeDescription
stringThe formatted project_feed resource.

projectSavedQueryName

Formats a string containing the fully-qualified path to represent a project_saved_query resource.

Parameters
NameDescription
project string
savedQuery string
Returns
TypeDescription
stringThe formatted project_saved_query resource.

savedQueryName

Formats a string containing the fully-qualified path to represent a saved_query resource.

Parameters
NameDescription
project string
savedQuery string
Returns
TypeDescription
stringThe formatted saved_query resource.

parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

  • feed: projects/{project}/feeds/{feed}
  • folder: folders/{folder}
  • folderFeed: folders/{folder}/feeds/{feed}
  • folderSavedQuery: folders/{folder}/savedQueries/{saved_query}
  • organization: organizations/{organization}
  • organizationFeed: organizations/{organization}/feeds/{feed}
  • organizationSavedQuery: organizations/{organization}/savedQueries/{saved_query}
  • project: projects/{project}
  • projectFeed: projects/{project}/feeds/{feed}
  • projectSavedQuery: projects/{project}/savedQueries/{saved_query}
  • savedQuery: projects/{project}/savedQueries/{saved_query}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
NameDescription
formattedName string

The formatted name string

template string

Optional name of template to match

Returns
TypeDescription
arrayAn associative array from name component IDs to component values.

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
TypeDescription
Google\ApiCore\LongRunning\OperationsClient

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
NameDescription
operationName string

The name of the long running operation

methodName string

The name of the method used to start the operation

Returns
TypeDescription
Google\ApiCore\OperationResponse

__construct

Constructor.

Parameters
NameDescription
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

analyzeIamPolicy

Analyzes IAM policies to answer which identities have what accesses on which resources.

Parameters
NameDescription
analysisQuery Google\Cloud\Asset\V1\IamPolicyAnalysisQuery

Required. The request query.

optionalArgs array

Optional.

↳ savedAnalysisQuery string

Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both analysis_query and saved_analysis_query are provided, they will be merged together with the saved_analysis_query as base and the analysis_query as overrides. For more details of the merge behavior, please refer to the MergeFrom page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.

↳ executionTimeout Duration

Optional. Amount of time executable has to complete. See JSON representation of Duration. If this field is set with a value less than the RPC deadline, and the execution of your query hasn't finished in the specified execution timeout, you will get a response with partial result. Otherwise, your query's execution will continue until the RPC deadline. If it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default is empty.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;

/**
 * @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM
 *                                   policies within the scope will be analyzed.
 *
 *                                   This can only be an organization number (such as "organizations/123"), a
 *                                   folder number (such as "folders/123"), a project ID (such as
 *                                   "projects/my-project-id"), or a project number (such as "projects/12345").
 *
 *                                   To know how to get organization id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
 *
 *                                   To know how to get folder or project id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
 */
function analyze_iam_policy_sample(string $analysisQueryScope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $analysisQuery = (new IamPolicyAnalysisQuery())
        ->setScope($analysisQueryScope);

    // Call the API and handle any network failures.
    try {
        /** @var AnalyzeIamPolicyResponse $response */
        $response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $analysisQueryScope = '[SCOPE]';

    analyze_iam_policy_sample($analysisQueryScope);
}

analyzeIamPolicyLongrunning

Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse.

This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation.

Parameters
NameDescription
analysisQuery Google\Cloud\Asset\V1\IamPolicyAnalysisQuery

Required. The request query.

outputConfig Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig

Required. Output configuration indicating where the results will be output to.

optionalArgs array

Optional.

↳ savedAnalysisQuery string

Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both analysis_query and saved_analysis_query are provided, they will be merged together with the saved_analysis_query as base and the analysis_query as overrides. For more details of the merge behavior, please refer to the MergeFrom doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyLongrunningResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;
use Google\Rpc\Status;

/**
 * @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM
 *                                   policies within the scope will be analyzed.
 *
 *                                   This can only be an organization number (such as "organizations/123"), a
 *                                   folder number (such as "folders/123"), a project ID (such as
 *                                   "projects/my-project-id"), or a project number (such as "projects/12345").
 *
 *                                   To know how to get organization id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
 *
 *                                   To know how to get folder or project id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
 */
function analyze_iam_policy_longrunning_sample(string $analysisQueryScope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $analysisQuery = (new IamPolicyAnalysisQuery())
        ->setScope($analysisQueryScope);
    $outputConfig = new IamPolicyAnalysisOutputConfig();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $assetServiceClient->analyzeIamPolicyLongrunning($analysisQuery, $outputConfig);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AnalyzeIamPolicyLongrunningResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $analysisQueryScope = '[SCOPE]';

    analyze_iam_policy_longrunning_sample($analysisQueryScope);
}

analyzeMove

Analyze moving a resource to a specified destination without kicking off the actual move. The analysis is best effort depending on the user's permissions of viewing different hierarchical policies and configurations.

The policies and configuration are subject to change before the actual resource migration takes place.

Parameters
NameDescription
resource string

Required. Name of the resource to perform the analysis against. Only Google Cloud projects are supported as of today. Hence, this can only be a project ID (such as "projects/my-project-id") or a project number (such as "projects/12345").

destinationParent string

Required. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123").

optionalArgs array

Optional.

↳ view int

Analysis view indicating what information should be included in the analysis response. If unspecified, the default view is FULL. For allowed values, use constants defined on Google\Cloud\Asset\V1\AnalyzeMoveRequest\AnalysisView

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\AnalyzeMoveResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeMoveResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $resource          Name of the resource to perform the analysis against.
 *                                  Only Google Cloud projects are supported as of today. Hence, this can only
 *                                  be a project ID (such as "projects/my-project-id") or a project number
 *                                  (such as "projects/12345").
 * @param string $destinationParent Name of the Google Cloud folder or organization to reparent the
 *                                  target resource. The analysis will be performed against hypothetically
 *                                  moving the resource to this specified desitination parent. This can only be
 *                                  a folder number (such as "folders/123") or an organization number (such as
 *                                  "organizations/123").
 */
function analyze_move_sample(string $resource, string $destinationParent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var AnalyzeMoveResponse $response */
        $response = $assetServiceClient->analyzeMove($resource, $destinationParent);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $destinationParent = '[DESTINATION_PARENT]';

    analyze_move_sample($resource, $destinationParent);
}

analyzeOrgPolicies

Analyzes organization policies under a scope.

Parameters
NameDescription
scope string

Required. The organization to scope the request. Only organization policies within the scope will be analyzed.

  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
constraint string

Required. The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint.

optionalArgs array

Optional.

↳ filter string

The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is consolidated_policy.attached_resource, and the only supported operator is =. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001".

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPoliciesResponse\OrgPolicyResult;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $scope      The organization to scope the request. Only organization
 *                           policies within the scope will be analyzed.
 *
 *                           * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 * @param string $constraint The name of the constraint to analyze organization policies for.
 *                           The response only contains analyzed organization policies for the provided
 *                           constraint.
 */
function analyze_org_policies_sample(string $scope, string $constraint): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->analyzeOrgPolicies($scope, $constraint);

        /** @var OrgPolicyResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $constraint = '[CONSTRAINT]';

    analyze_org_policies_sample($scope, $constraint);
}

analyzeOrgPolicyGovernedAssets

Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints:

  • storage.uniformBucketLevelAccess
  • iam.disableServiceAccountKeyCreation
  • iam.allowedPolicyMemberDomains
  • compute.vmExternalIpAccess
  • appengine.enforceServiceAccountActAsCheck
  • gcp.resourceLocations
  • compute.trustedImageProjects
  • compute.skipDefaultNetworkCreation
  • compute.requireOsLogin
  • compute.disableNestedVirtualization

This RPC only returns either resources of types supported by searchable asset types, or IAM policies.

Parameters
NameDescription
scope string

Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output assets will also be limited to the ones governed by those in-scope organization policies.

  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
constraint string

Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint.

optionalArgs array

Optional.

↳ filter string

The expression to filter the governed assets in result. The only supported fields for governed resources are governed_resource.project and governed_resource.folders. The only supported fields for governed iam policies are governed_iam_policy.project and governed_iam_policy.folders. The only supported operator is =. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPolicyGovernedAssetsResponse\GovernedAsset;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $scope      The organization to scope the request. Only organization
 *                           policies within the scope will be analyzed. The output assets will
 *                           also be limited to the ones governed by those in-scope organization
 *                           policies.
 *
 *                           * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 * @param string $constraint The name of the constraint to analyze governed assets for. The
 *                           analysis only contains analyzed organization policies for the provided
 *                           constraint.
 */
function analyze_org_policy_governed_assets_sample(string $scope, string $constraint): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->analyzeOrgPolicyGovernedAssets($scope, $constraint);

        /** @var GovernedAsset $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $constraint = '[CONSTRAINT]';

    analyze_org_policy_governed_assets_sample($scope, $constraint);
}

analyzeOrgPolicyGovernedContainers

Analyzes organization policies governed containers (projects, folders or organization) under a scope.

Parameters
NameDescription
scope string

Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies.

  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
constraint string

Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint.

optionalArgs array

Optional.

↳ filter string

The expression to filter the governed containers in result. The only supported field is parent, and the only supported operator is =. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001".

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPolicyGovernedContainersResponse\GovernedContainer;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $scope      The organization to scope the request. Only organization
 *                           policies within the scope will be analyzed. The output containers will
 *                           also be limited to the ones governed by those in-scope organization
 *                           policies.
 *
 *                           * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 * @param string $constraint The name of the constraint to analyze governed containers for.
 *                           The analysis only contains organization policies for the provided
 *                           constraint.
 */
function analyze_org_policy_governed_containers_sample(string $scope, string $constraint): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->analyzeOrgPolicyGovernedContainers($scope, $constraint);

        /** @var GovernedContainer $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $constraint = '[CONSTRAINT]';

    analyze_org_policy_governed_containers_sample($scope, $constraint);
}

batchGetAssetsHistory

Batch gets the update history of assets that overlap a time window.

For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.

Parameters
NameDescription
parent string

Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

contentType int

Optional. The content type. For allowed values, use constants defined on {@see \Google\Cloud\Asset\V1\ContentType}

readTimeWindow Google\Cloud\Asset\V1\TimeWindow

Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after the current time minus 35 days. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.

optionalArgs array

Optional.

↳ assetNames string[]

A list of the full names of the assets. See: https://cloud.google.com/asset-inventory/docs/resource-name-format Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.

↳ relationshipTypes string[]

Optional. A list of relationship types to output, for example: INSTANCE_TO_INSTANCEGROUP. This field should only be specified if content_type=RELATIONSHIP. * If specified: it outputs specified relationships' history on the [asset_names]. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_names] or if any of the [asset_names]'s types doesn't belong to the source types of the [relationship_types]. * Otherwise: it outputs the supported relationships' history on the [asset_names] or returns an error if any of the [asset_names]'s types has no relationship support. See Introduction to Cloud Asset Inventory for all supported asset types and relationship types.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse;
use Google\Cloud\Asset\V1\ContentType;
use Google\Cloud\Asset\V1\TimeWindow;

/**
 * @param string $parent      The relative name of the root asset. It can only be an
 *                            organization number (such as "organizations/123"), a project ID (such as
 *                            "projects/my-project-id")", or a project number (such as "projects/12345").
 * @param int    $contentType Optional. The content type.
 */
function batch_get_assets_history_sample(string $parent, int $contentType): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $readTimeWindow = new TimeWindow();

    // Call the API and handle any network failures.
    try {
        /** @var BatchGetAssetsHistoryResponse $response */
        $response = $assetServiceClient->batchGetAssetsHistory($parent, $contentType, $readTimeWindow);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';
    $contentType = ContentType::CONTENT_TYPE_UNSPECIFIED;

    batch_get_assets_history_sample($parent, $contentType);
}

batchGetEffectiveIamPolicies

Gets effective IAM policies for a batch of resources.

Parameters
NameDescription
scope string

Required. Only IAM policies on or below the scope will be returned.

This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345").

To know how to get organization id, visit here .

To know how to get folder or project id, visit here .

names string[]

Required. The names refer to the full_resource_names of searchable asset types. A maximum of 20 resources' effective policies can be retrieved in a batch.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse;

/**
 * @param string $scope        Only IAM policies on or below the scope will be returned.
 *
 *                             This can only be an organization number (such as "organizations/123"), a
 *                             folder number (such as "folders/123"), a project ID (such as
 *                             "projects/my-project-id"), or a project number (such as "projects/12345").
 *
 *                             To know how to get organization id, visit [here
 *                             ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
 *
 *                             To know how to get folder or project id, visit [here
 *                             ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
 * @param string $namesElement The names refer to the [full_resource_names]
 *                             (https://cloud.google.com/asset-inventory/docs/resource-name-format)
 *                             of [searchable asset
 *                             types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
 *                             A maximum of 20 resources' effective policies can be retrieved in a batch.
 */
function batch_get_effective_iam_policies_sample(string $scope, string $namesElement): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $names = [$namesElement,];

    // Call the API and handle any network failures.
    try {
        /** @var BatchGetEffectiveIamPoliciesResponse $response */
        $response = $assetServiceClient->batchGetEffectiveIamPolicies($scope, $names);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $namesElement = '[NAMES]';

    batch_get_effective_iam_policies_sample($scope, $namesElement);
}

createFeed

Creates a feed in a parent project/folder/organization to listen to its asset updates.

Parameters
NameDescription
parent string

Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

feedId string

Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.

feed Google\Cloud\Asset\V1\Feed

Required. The feed details. The field name must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\Feed
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;

/**
 * @param string $parent   The name of the project/folder/organization where this feed
 *                         should be created in. It can only be an organization number (such as
 *                         "organizations/123"), a folder number (such as "folders/123"), a project ID
 *                         (such as "projects/my-project-id")", or a project number (such as
 *                         "projects/12345").
 * @param string $feedId   This is the client-assigned asset feed identifier and it needs to
 *                         be unique under a specific parent project/folder/organization.
 * @param string $feedName The format will be
 *                         projects/{project_number}/feeds/{client-assigned_feed_identifier} or
 *                         folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
 *                         organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
 *
 *                         The client-assigned feed identifier must be unique within the parent
 *                         project/folder/organization.
 */
function create_feed_sample(string $parent, string $feedId, string $feedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $feedFeedOutputConfig = new FeedOutputConfig();
    $feed = (new Feed())
        ->setName($feedName)
        ->setFeedOutputConfig($feedFeedOutputConfig);

    // Call the API and handle any network failures.
    try {
        /** @var Feed $response */
        $response = $assetServiceClient->createFeed($parent, $feedId, $feed);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';
    $feedId = '[FEED_ID]';
    $feedName = '[NAME]';

    create_feed_sample($parent, $feedId, $feedName);
}

createSavedQuery

Creates a saved query in a parent project/folder/organization.

Parameters
NameDescription
parent string

Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

savedQuery Google\Cloud\Asset\V1\SavedQuery

Required. The saved_query details. The name field must be empty as it will be generated based on the parent and saved_query_id.

savedQueryId string

Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name.

This value should be 4-63 characters, and valid characters are [a-z][0-9]-.

Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\SavedQuery
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;

/**
 * @param string $formattedParent The name of the project/folder/organization where this
 *                                saved_query should be created in. It can only be an organization number
 *                                (such as "organizations/123"), a folder number (such as "folders/123"), a
 *                                project ID (such as "projects/my-project-id")", or a project number (such
 *                                as "projects/12345"). Please see
 *                                {@see AssetServiceClient::projectName()} for help formatting this field.
 * @param string $savedQueryId    The ID to use for the saved query, which must be unique in the
 *                                specified parent. It will become the final component of the saved query's
 *                                resource name.
 *
 *                                This value should be 4-63 characters, and valid characters
 *                                are `[a-z][0-9]-`.
 *
 *                                Notice that this field is required in the saved query creation, and the
 *                                `name` field of the `saved_query` will be ignored.
 */
function create_saved_query_sample(string $formattedParent, string $savedQueryId): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $savedQuery = new SavedQuery();

    // Call the API and handle any network failures.
    try {
        /** @var SavedQuery $response */
        $response = $assetServiceClient->createSavedQuery($formattedParent, $savedQuery, $savedQueryId);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AssetServiceClient::projectName('[PROJECT]');
    $savedQueryId = '[SAVED_QUERY_ID]';

    create_saved_query_sample($formattedParent, $savedQueryId);
}

deleteFeed

Deletes an asset feed.

Parameters
NameDescription
name string

Required. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $formattedName The name of the feed and it must be in the format of:
 *                              projects/project_number/feeds/feed_id
 *                              folders/folder_number/feeds/feed_id
 *                              organizations/organization_number/feeds/feed_id
 *                              Please see {@see AssetServiceClient::feedName()} for help formatting this field.
 */
function delete_feed_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        $assetServiceClient->deleteFeed($formattedName);
        printf('Call completed successfully.' . PHP_EOL);
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');

    delete_feed_sample($formattedName);
}

deleteSavedQuery

Deletes a saved query.

Parameters
NameDescription
name string

Required. The name of the saved query to delete. It must be in the format of:

  • projects/project_number/savedQueries/saved_query_id
  • folders/folder_number/savedQueries/saved_query_id
  • organizations/organization_number/savedQueries/saved_query_id
optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $formattedName The name of the saved query to delete. It must be in the format
 *                              of:
 *
 *                              * projects/project_number/savedQueries/saved_query_id
 *                              * folders/folder_number/savedQueries/saved_query_id
 *                              * organizations/organization_number/savedQueries/saved_query_id
 *                              Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
 */
function delete_saved_query_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        $assetServiceClient->deleteSavedQuery($formattedName);
        printf('Call completed successfully.' . PHP_EOL);
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');

    delete_saved_query_sample($formattedName);
}

exportAssets

Exports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset Protobuf as columns. This API implements the google.longrunning.Operation API, which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.

Parameters
NameDescription
parent string

Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").

outputConfig Google\Cloud\Asset\V1\OutputConfig

Required. Output configuration indicating where the results will be output to.

optionalArgs array

Optional.

↳ readTime Timestamp

Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.

↳ assetTypes string[]

A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types.

↳ contentType int

Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on Google\Cloud\Asset\V1\ContentType

↳ relationshipTypes string[]

A list of relationship types to export, for example: INSTANCE_TO_INSTANCEGROUP. This field should only be specified if content_type=RELATIONSHIP. * If specified: it snapshots specified relationships. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_types] or if any of the [asset_types] doesn't belong to the source types of the [relationship_types]. * Otherwise: it snapshots the supported relationships for all [asset_types] or returns an error if any of the [asset_types] has no relationship support. An unspecified asset types field means all supported asset_types. See Introduction to Cloud Asset Inventory for all supported asset types and relationship types.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ExportAssetsResponse;
use Google\Cloud\Asset\V1\OutputConfig;
use Google\Rpc\Status;

/**
 * @param string $parent The relative name of the root asset. This can only be an
 *                       organization number (such as "organizations/123"), a project ID (such as
 *                       "projects/my-project-id"), or a project number (such as "projects/12345"),
 *                       or a folder number (such as "folders/123").
 */
function export_assets_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $outputConfig = new OutputConfig();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $assetServiceClient->exportAssets($parent, $outputConfig);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ExportAssetsResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    export_assets_sample($parent);
}

getFeed

Gets details about an asset feed.

Parameters
NameDescription
name string

Required. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\Feed
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;

/**
 * @param string $formattedName The name of the Feed and it must be in the format of:
 *                              projects/project_number/feeds/feed_id
 *                              folders/folder_number/feeds/feed_id
 *                              organizations/organization_number/feeds/feed_id
 *                              Please see {@see AssetServiceClient::feedName()} for help formatting this field.
 */
function get_feed_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Feed $response */
        $response = $assetServiceClient->getFeed($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');

    get_feed_sample($formattedName);
}

getSavedQuery

Gets details about a saved query.

Parameters
NameDescription
name string

Required. The name of the saved query and it must be in the format of:

  • projects/project_number/savedQueries/saved_query_id
  • folders/folder_number/savedQueries/saved_query_id
  • organizations/organization_number/savedQueries/saved_query_id
optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\SavedQuery
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;

/**
 * @param string $formattedName The name of the saved query and it must be in the format of:
 *
 *                              * projects/project_number/savedQueries/saved_query_id
 *                              * folders/folder_number/savedQueries/saved_query_id
 *                              * organizations/organization_number/savedQueries/saved_query_id
 *                              Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
 */
function get_saved_query_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var SavedQuery $response */
        $response = $assetServiceClient->getSavedQuery($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');

    get_saved_query_sample($formattedName);
}

listAssets

Lists assets with time and resource types and returns paged results in response.

Parameters
NameDescription
parent string

Required. Name of the organization, folder, or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), "projects/[project-number]" (such as "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").

optionalArgs array

Optional.

↳ readTime Timestamp

Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.

↳ assetTypes string[]

A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types.

↳ contentType int

Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on Google\Cloud\Asset\V1\ContentType

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ relationshipTypes string[]

A list of relationship types to output, for example: INSTANCE_TO_INSTANCEGROUP. This field should only be specified if content_type=RELATIONSHIP. * If specified: it snapshots specified relationships. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_types] or if any of the [asset_types] doesn't belong to the source types of the [relationship_types]. * Otherwise: it snapshots the supported relationships for all [asset_types] or returns an error if any of the [asset_types] has no relationship support. An unspecified asset types field means all supported asset_types. See Introduction to Cloud Asset Inventory for all supported asset types and relationship types.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\Asset;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $parent Name of the organization, folder, or project the assets belong
 *                       to. Format: "organizations/[organization-number]" (such as
 *                       "organizations/123"), "projects/[project-id]" (such as
 *                       "projects/my-project-id"), "projects/[project-number]" (such as
 *                       "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
 */
function list_assets_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->listAssets($parent);

        /** @var Asset $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    list_assets_sample($parent);
}

listFeeds

Lists all asset feeds in a parent project/folder/organization.

Parameters
NameDescription
parent string

Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\ListFeedsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ListFeedsResponse;

/**
 * @param string $parent The parent project/folder/organization whose feeds are to be
 *                       listed. It can only be using project/folder/organization number (such as
 *                       "folders/12345")", or a project ID (such as "projects/my-project-id").
 */
function list_feeds_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var ListFeedsResponse $response */
        $response = $assetServiceClient->listFeeds($parent);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    list_feeds_sample($parent);
}

listSavedQueries

Lists all saved queries in a parent project/folder/organization.

Parameters
NameDescription
parent string

Required. The parent project/folder/organization whose savedQueries are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").

optionalArgs array

Optional.

↳ filter string

Optional. The expression to filter resources. The expression is a list of zero or more restrictions combined via logical operators AND and OR. When AND and OR are both used in the expression, parentheses must be appropriately used to group the combinations. The expression may also contain regular expressions. See https://google.aip.dev/160 for more information on the grammar.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;

/**
 * @param string $formattedParent The parent project/folder/organization whose savedQueries are to
 *                                be listed. It can only be using project/folder/organization number (such as
 *                                "folders/12345")", or a project ID (such as "projects/my-project-id"). Please see
 *                                {@see AssetServiceClient::projectName()} for help formatting this field.
 */
function list_saved_queries_sample(string $formattedParent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->listSavedQueries($formattedParent);

        /** @var SavedQuery $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AssetServiceClient::projectName('[PROJECT]');

    list_saved_queries_sample($formattedParent);
}

queryAssets

Issue a job that queries assets using a SQL statement compatible with BigQuery Standard SQL.

If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the QueryAssetsResponse.

Otherwise, full query results can be obtained by issuing extra requests with the job_reference from the a previous QueryAssets call.

Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.

Parameters
NameDescription
parent string

Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").

Only assets belonging to the parent will be returned.

optionalArgs array

Optional.

↳ statement string

Optional. A SQL statement that's compatible with BigQuery Standard SQL.

↳ jobReference string

Optional. Reference to the query job, which is from the QueryAssetsResponse of previous QueryAssets call.

↳ pageSize int

Optional. The maximum number of rows to return in the results. Responses are limited to 10 MB and 1000 rows. By default, the maximum row count is 1000. When the byte or row count limit is reached, the rest of the query results will be paginated. The field will be ignored when [output_config] is specified.

↳ pageToken string

Optional. A page token received from previous QueryAssets. The field will be ignored when [output_config] is specified.

↳ timeout Duration

Optional. Specifies the maximum amount of time that the client is willing to wait for the query to complete. By default, this limit is 5 min for the first query, and 1 minute for the following queries. If the query is complete, the done field in the QueryAssetsResponse is true, otherwise false. Like BigQuery jobs.query API The call is not guaranteed to wait for the specified timeout; it typically returns after around 200 seconds (200,000 milliseconds), even if the query is not complete. The field will be ignored when [output_config] is specified.

↳ readTimeWindow TimeWindow

Optional. [start_time] is required. [start_time] must be less than [end_time] Defaults [end_time] to now if [start_time] is set and [end_time] isn't. Maximum permitted time range is 7 days.

↳ readTime Timestamp

Optional. Queries cloud assets as they appeared at the specified point in time.

↳ outputConfig QueryAssetsOutputConfig

Optional. Destination where the query results will be saved. When this field is specified, the query results won't be saved in the [QueryAssetsResponse.query_result]. Instead [QueryAssetsResponse.output_config] will be set. Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used to check the status of the query job when passed to a following [QueryAssets] API call.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\QueryAssetsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\QueryAssetsResponse;

/**
 * @param string $parent The relative name of the root asset. This can only be an
 *                       organization number (such as "organizations/123"), a project ID (such as
 *                       "projects/my-project-id"), or a project number (such as "projects/12345"),
 *                       or a folder number (such as "folders/123").
 *
 *                       Only assets belonging to the `parent` will be returned.
 */
function query_assets_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var QueryAssetsResponse $response */
        $response = $assetServiceClient->queryAssets($parent);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    query_assets_sample($parent);
}

searchAllIamPolicies

Searches all IAM policies within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope, otherwise the request will be rejected.

Parameters
NameDescription
scope string

Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the scope. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope.

The allowed values are:

  • projects/{PROJECT_ID} (e.g., "projects/foo-bar")
  • projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
  • folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
optionalArgs array

Optional.

↳ query string

Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified scope. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation. Examples: * policy:amy@gmail.com to find IAM policy bindings that specify user "amy@gmail.com". * policy:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role. * policy:comp* to find IAM policy bindings that contain "comp" as a prefix of any word in the binding. * policy.role.permissions:storage.buckets.update to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * policy.role.permissions:upd* to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * resource:organizations/123456 to find IAM policy bindings that are set on "organizations/123456". * resource=//cloudresourcemanager.googleapis.com/projects/myproject to find IAM policy bindings that are set on the project named "myproject". * Important to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions). * resource:(instance1 OR instance2) policy:amy to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy". * roles:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role. * memberTypes:user to find IAM policy bindings that contain the principal type "user".

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ assetTypes string[]

Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the searchable asset types. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".Instance." snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.

↳ orderBy string

Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * resource * assetType * project All the other fields such as repeated fields (e.g., folders) and non-primitive fields (e.g., policy) are not supported.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicySearchResult;

/**
 * @param string $scope A scope can be a project, a folder, or an organization. The
 *                      search is limited to the IAM policies within the `scope`. The caller must
 *                      be granted the
 *                      [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
 *                      permission on the desired scope.
 *
 *                      The allowed values are:
 *
 *                      * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
 *                      * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
 *                      * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
 *                      * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 */
function search_all_iam_policies_sample(string $scope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->searchAllIamPolicies($scope);

        /** @var IamPolicySearchResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';

    search_all_iam_policies_sample($scope);
}

searchAllResources

Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllResources permission on the desired scope, otherwise the request will be rejected.

Parameters
NameDescription
scope string

Required. A scope can be a project, a folder, or an organization. The search is limited to the resources within the scope. The caller must be granted the cloudasset.assets.searchAllResources permission on the desired scope.

The allowed values are:

  • projects/{PROJECT_ID} (e.g., "projects/foo-bar")
  • projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
  • folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
optionalArgs array

Optional.

↳ query string

Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the resources within the specified scope. Examples: * name:Important to find Google Cloud resources whose name contains "Important" as a word. * name=Important to find the Google Cloud resource whose name is exactly "Important". * displayName:Impor* to find Google Cloud resources whose display name contains "Impor" as a prefix of any word in the field. * location:us-west* to find Google Cloud resources whose location contains both "us" and "west" as prefixes. * labels:prod to find Google Cloud resources whose labels contain "prod" as a key or value. * labels.env:prod to find Google Cloud resources that have a label "env" and its value is "prod". * labels.env:* to find Google Cloud resources that have a label "env". * kmsKey:key to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains "key" as a word. This field is deprecated. Please use the kmsKeys field to retrieve Cloud KMS key information. * kmsKeys:key to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word "key". * relationships:instance-group-1 to find Google Cloud resources that have relationships with "instance-group-1" in the related resource name. * relationships:INSTANCE_TO_INSTANCEGROUP to find Compute Engine instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". * relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1 to find Compute Engine instances that have relationships with "instance-group-1" in the Compute Engine instance group resource name, for relationship type "INSTANCE_TO_INSTANCEGROUP". * state:ACTIVE to find Google Cloud resources whose state contains "ACTIVE" as a word. * NOT state:ACTIVE to find Google Cloud resources whose state doesn't contain "ACTIVE" as a word. * createTime<1609459200 to find Google Cloud resources that were created before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * updateTime>1609459200 to find Google Cloud resources that were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * Important to find Google Cloud resources that contain "Important" as a word in any of the searchable fields. * Impor* to find Google Cloud resources that contain "Impor" as a prefix of any word in any of the searchable fields. * Important location:(us-west1 OR global) to find Google Cloud resources that contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location.

↳ assetTypes string[]

Optional. A list of asset types that this request searches for. If empty, it will search all the searchable asset types. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ orderBy string

Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., networkTags, kmsKeys), map fields (e.g., labels) and struct fields (e.g., additionalAttributes) are not supported.

↳ readMask FieldMask

Optional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only '' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `"","name,location","name,versionedResources". The read_mask paths must be valid field paths listed but not limited to (both snake_case and camelCase are supported): * name * assetType * project * displayName * description * location * tagKeys * tagValues * tagValueIds * labels * networkTags * kmsKey (This field is deprecated. Please use thekmsKeys` field to retrieve Cloud KMS key information.) * kmsKeys * createTime * updateTime * state * additionalAttributes * versionedResources If read_mask is not specified, all fields except versionedResources will be returned. If only '*' is specified, all fields including versionedResources will be returned. Any invalid field path will trigger INVALID_ARGUMENT error.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ResourceSearchResult;

/**
 * @param string $scope A scope can be a project, a folder, or an organization. The
 *                      search is limited to the resources within the `scope`. The caller must be
 *                      granted the
 *                      [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
 *                      permission on the desired scope.
 *
 *                      The allowed values are:
 *
 *                      * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
 *                      * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
 *                      * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
 *                      * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 */
function search_all_resources_sample(string $scope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->searchAllResources($scope);

        /** @var ResourceSearchResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';

    search_all_resources_sample($scope);
}

updateFeed

Updates an asset feed configuration.

Parameters
NameDescription
feed Google\Cloud\Asset\V1\Feed

Required. The new values of feed details. It must match an existing feed and the field name must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.

updateMask Google\Protobuf\FieldMask

Required. Only updates the feed fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\Feed
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;
use Google\Protobuf\FieldMask;

/**
 * @param string $feedName The format will be
 *                         projects/{project_number}/feeds/{client-assigned_feed_identifier} or
 *                         folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
 *                         organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
 *
 *                         The client-assigned feed identifier must be unique within the parent
 *                         project/folder/organization.
 */
function update_feed_sample(string $feedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $feedFeedOutputConfig = new FeedOutputConfig();
    $feed = (new Feed())
        ->setName($feedName)
        ->setFeedOutputConfig($feedFeedOutputConfig);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var Feed $response */
        $response = $assetServiceClient->updateFeed($feed, $updateMask);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $feedName = '[NAME]';

    update_feed_sample($feedName);
}

updateSavedQuery

Updates a saved query.

Parameters
NameDescription
savedQuery Google\Cloud\Asset\V1\SavedQuery

Required. The saved query to update.

The saved query's name field is used to identify the one to update, which has format as below:

  • projects/project_number/savedQueries/saved_query_id
  • folders/folder_number/savedQueries/saved_query_id
  • organizations/organization_number/savedQueries/saved_query_id
updateMask Google\Protobuf\FieldMask

Required. The list of fields to update.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Asset\V1\SavedQuery
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
use Google\Protobuf\FieldMask;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_saved_query_sample(): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $savedQuery = new SavedQuery();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var SavedQuery $response */
        $response = $assetServiceClient->updateSavedQuery($savedQuery, $updateMask);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

Constants

SERVICE_NAME

Value: 'google.cloud.asset.v1.AssetService'

The name of the service.

SERVICE_ADDRESS

Value: 'cloudasset.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.