Google Cloud Asset V1 Client - Class AssetServiceClient (1.10.2)

Reference documentation and code samples for the Google Cloud Asset V1 Client class AssetServiceClient.

Service Description: Asset service definition.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$assetServiceClient = new AssetServiceClient();
try {
    $analysisQuery = new IamPolicyAnalysisQuery();
    $response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
} finally {
    $assetServiceClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Methods

feedName

Formats a string containing the fully-qualified path to represent a feed resource.

Parameters
Name	Description
`project`	`string`
`feed`	`string`

Returns
Type	Description
`string`	The formatted feed resource.

folderName

Formats a string containing the fully-qualified path to represent a folder resource.

Parameter
Name	Description
`folder`	`string`

Returns
Type	Description
`string`	The formatted folder resource.

folderFeedName

Formats a string containing the fully-qualified path to represent a folder_feed resource.

Parameters
Name	Description
`folder`	`string`
`feed`	`string`

Returns
Type	Description
`string`	The formatted folder_feed resource.

folderSavedQueryName

Formats a string containing the fully-qualified path to represent a folder_saved_query resource.

Parameters
Name	Description
`folder`	`string`
`savedQuery`	`string`

Returns
Type	Description
`string`	The formatted folder_saved_query resource.

organizationName

Formats a string containing the fully-qualified path to represent a organization resource.

Parameter
Name	Description
`organization`	`string`

Returns
Type	Description
`string`	The formatted organization resource.

organizationFeedName

Formats a string containing the fully-qualified path to represent a organization_feed resource.

Parameters
Name	Description
`organization`	`string`
`feed`	`string`

Returns
Type	Description
`string`	The formatted organization_feed resource.

organizationSavedQueryName

Formats a string containing the fully-qualified path to represent a organization_saved_query resource.

Parameters
Name	Description
`organization`	`string`
`savedQuery`	`string`

Returns
Type	Description
`string`	The formatted organization_saved_query resource.

projectName

Formats a string containing the fully-qualified path to represent a project resource.

Parameter
Name	Description
`project`	`string`

Returns
Type	Description
`string`	The formatted project resource.

projectFeedName

Formats a string containing the fully-qualified path to represent a project_feed resource.

Parameters
Name	Description
`project`	`string`
`feed`	`string`

Returns
Type	Description
`string`	The formatted project_feed resource.

projectSavedQueryName

Formats a string containing the fully-qualified path to represent a project_saved_query resource.

Parameters
Name	Description
`project`	`string`
`savedQuery`	`string`

Returns
Type	Description
`string`	The formatted project_saved_query resource.

savedQueryName

Formats a string containing the fully-qualified path to represent a saved_query resource.

Parameters
Name	Description
`project`	`string`
`savedQuery`	`string`

Returns
Type	Description
`string`	The formatted saved_query resource.

parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

feed: projects/{project}/feeds/{feed}
folder: folders/{folder}
folderFeed: folders/{folder}/feeds/{feed}
folderSavedQuery: folders/{folder}/savedQueries/{saved_query}
organization: organizations/{organization}
organizationFeed: organizations/{organization}/feeds/{feed}
organizationSavedQuery: organizations/{organization}/savedQueries/{saved_query}
project: projects/{project}
projectFeed: projects/{project}/feeds/{feed}
projectSavedQuery: projects/{project}/savedQueries/{saved_query}
savedQuery: projects/{project}/savedQueries/{saved_query}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
Name	Description
`formattedName`	`string` The formatted name string
`template`	`string` Optional name of template to match

Returns
Type	Description
`array`	An associative array from name component IDs to component values.

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
Type	Description
`Google\ApiCore\LongRunning\OperationsClient`

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
Name	Description
`operationName`	`string` The name of the long running operation
`methodName`	`string` The name of the method used to start the operation

Returns
Type	Description
`Google\ApiCore\OperationResponse`

__construct

Constructor.

Parameters
Name	Description
`options`	`array` Optional. Options for configuring the service API wrapper.
`↳ apiEndpoint`	`string` The address of the API remote host. May optionally include the port, formatted as "
`↳ credentials`	`string\|array\|FetchAuthTokenInterface\|CredentialsWrapper` The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.
`↳ credentialsConfig`	`array` Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .
`↳ disableRetries`	`bool` Determines whether or not retries defined by the client configuration should be disabled. Defaults to `false`.
`↳ clientConfig`	`string\|array` Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.
`↳ transport`	`string\|TransportInterface` The transport used for executing network requests. May be either the string `rest` or `grpc`. Defaults to `grpc` if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.
`↳ transportConfig`	`array` Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.
`↳ clientCertSource`	`callable` A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

analyzeIamPolicy

Analyzes IAM policies to answer which identities have what accesses on which resources.

Parameters
Name	Description
`analysisQuery`	`Google\Cloud\Asset\V1\IamPolicyAnalysisQuery` Required. The request query.
`optionalArgs`	`array` Optional.
`↳ savedAnalysisQuery`	`string` Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the MergeFrom page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
`↳ executionTimeout`	`Duration` Optional. Amount of time executable has to complete. See JSON representation of Duration. If this field is set with a value less than the RPC deadline, and the execution of your query hasn't finished in the specified execution timeout, you will get a response with partial result. Otherwise, your query's execution will continue until the RPC deadline. If it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default is empty.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;

/**
 * @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM
 *                                   policies within the scope will be analyzed.
 *
 *                                   This can only be an organization number (such as "organizations/123"), a
 *                                   folder number (such as "folders/123"), a project ID (such as
 *                                   "projects/my-project-id"), or a project number (such as "projects/12345").
 *
 *                                   To know how to get organization id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
 *
 *                                   To know how to get folder or project id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
 */
function analyze_iam_policy_sample(string $analysisQueryScope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $analysisQuery = (new IamPolicyAnalysisQuery())
        ->setScope($analysisQueryScope);

    // Call the API and handle any network failures.
    try {
        /** @var AnalyzeIamPolicyResponse $response */
        $response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $analysisQueryScope = '[SCOPE]';

    analyze_iam_policy_sample($analysisQueryScope);
}

analyzeIamPolicyLongrunning

Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse.

This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation.

Parameters
Name	Description
`analysisQuery`	`Google\Cloud\Asset\V1\IamPolicyAnalysisQuery` Required. The request query.
`outputConfig`	`Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig` Required. Output configuration indicating where the results will be output to.
`optionalArgs`	`array` Optional.
`↳ savedAnalysisQuery`	`string` Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the MergeFrom doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyLongrunningResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;
use Google\Rpc\Status;

/**
 * @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM
 *                                   policies within the scope will be analyzed.
 *
 *                                   This can only be an organization number (such as "organizations/123"), a
 *                                   folder number (such as "folders/123"), a project ID (such as
 *                                   "projects/my-project-id"), or a project number (such as "projects/12345").
 *
 *                                   To know how to get organization id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
 *
 *                                   To know how to get folder or project id, visit [here
 *                                   ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
 */
function analyze_iam_policy_longrunning_sample(string $analysisQueryScope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $analysisQuery = (new IamPolicyAnalysisQuery())
        ->setScope($analysisQueryScope);
    $outputConfig = new IamPolicyAnalysisOutputConfig();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $assetServiceClient->analyzeIamPolicyLongrunning($analysisQuery, $outputConfig);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AnalyzeIamPolicyLongrunningResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $analysisQueryScope = '[SCOPE]';

    analyze_iam_policy_longrunning_sample($analysisQueryScope);
}

analyzeMove

Analyze moving a resource to a specified destination without kicking off the actual move. The analysis is best effort depending on the user's permissions of viewing different hierarchical policies and configurations.

The policies and configuration are subject to change before the actual resource migration takes place.

Parameters
Name	Description
`resource`	`string` Required. Name of the resource to perform the analysis against. Only Google Cloud projects are supported as of today. Hence, this can only be a project ID (such as "projects/my-project-id") or a project number (such as "projects/12345").
`destinationParent`	`string` Required. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123").
`optionalArgs`	`array` Optional.
`↳ view`	`int` Analysis view indicating what information should be included in the analysis response. If unspecified, the default view is FULL. For allowed values, use constants defined on Google\Cloud\Asset\V1\AnalyzeMoveRequest\AnalysisView
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\AnalyzeMoveResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeMoveResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $resource          Name of the resource to perform the analysis against.
 *                                  Only Google Cloud projects are supported as of today. Hence, this can only
 *                                  be a project ID (such as "projects/my-project-id") or a project number
 *                                  (such as "projects/12345").
 * @param string $destinationParent Name of the Google Cloud folder or organization to reparent the
 *                                  target resource. The analysis will be performed against hypothetically
 *                                  moving the resource to this specified desitination parent. This can only be
 *                                  a folder number (such as "folders/123") or an organization number (such as
 *                                  "organizations/123").
 */
function analyze_move_sample(string $resource, string $destinationParent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var AnalyzeMoveResponse $response */
        $response = $assetServiceClient->analyzeMove($resource, $destinationParent);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $destinationParent = '[DESTINATION_PARENT]';

    analyze_move_sample($resource, $destinationParent);
}

analyzeOrgPolicies

Analyzes organization policies under a scope.

Parameters
Name	Description
`scope`	`string` Required. The organization to scope the request. Only organization policies within the scope will be analyzed. organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
`constraint`	`string` Required. The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint.
`optionalArgs`	`array` Optional.
`↳ filter`	`string` The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is `consolidated_policy.attached_resource`, and the only supported operator is `=`. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001".
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPoliciesResponse\OrgPolicyResult;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $scope      The organization to scope the request. Only organization
 *                           policies within the scope will be analyzed.
 *
 *                           * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 * @param string $constraint The name of the constraint to analyze organization policies for.
 *                           The response only contains analyzed organization policies for the provided
 *                           constraint.
 */
function analyze_org_policies_sample(string $scope, string $constraint): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->analyzeOrgPolicies($scope, $constraint);

        /** @var OrgPolicyResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $constraint = '[CONSTRAINT]';

    analyze_org_policies_sample($scope, $constraint);
}

analyzeOrgPolicyGovernedAssets

Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints:

storage.uniformBucketLevelAccess
iam.disableServiceAccountKeyCreation
iam.allowedPolicyMemberDomains
compute.vmExternalIpAccess
appengine.enforceServiceAccountActAsCheck
gcp.resourceLocations
compute.trustedImageProjects
compute.skipDefaultNetworkCreation
compute.requireOsLogin
compute.disableNestedVirtualization

This RPC only returns either resources of types supported by searchable asset types, or IAM policies.

Parameters
Name	Description
`scope`	`string` Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output assets will also be limited to the ones governed by those in-scope organization policies. organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
`constraint`	`string` Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint.
`optionalArgs`	`array` Optional.
`↳ filter`	`string` The expression to filter the governed assets in result. The only supported fields for governed resources are `governed_resource.project` and `governed_resource.folders`. The only supported fields for governed iam policies are `governed_iam_policy.project` and `governed_iam_policy.folders`. The only supported operator is `=`. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPolicyGovernedAssetsResponse\GovernedAsset;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $scope      The organization to scope the request. Only organization
 *                           policies within the scope will be analyzed. The output assets will
 *                           also be limited to the ones governed by those in-scope organization
 *                           policies.
 *
 *                           * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 * @param string $constraint The name of the constraint to analyze governed assets for. The
 *                           analysis only contains analyzed organization policies for the provided
 *                           constraint.
 */
function analyze_org_policy_governed_assets_sample(string $scope, string $constraint): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->analyzeOrgPolicyGovernedAssets($scope, $constraint);

        /** @var GovernedAsset $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $constraint = '[CONSTRAINT]';

    analyze_org_policy_governed_assets_sample($scope, $constraint);
}

analyzeOrgPolicyGovernedContainers

Analyzes organization policies governed containers (projects, folders or organization) under a scope.

Parameters
Name	Description
`scope`	`string` Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies. organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
`constraint`	`string` Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint.
`optionalArgs`	`array` Optional.
`↳ filter`	`string` The expression to filter the governed containers in result. The only supported field is `parent`, and the only supported operator is `=`. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001".
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPolicyGovernedContainersResponse\GovernedContainer;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $scope      The organization to scope the request. Only organization
 *                           policies within the scope will be analyzed. The output containers will
 *                           also be limited to the ones governed by those in-scope organization
 *                           policies.
 *
 *                           * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 * @param string $constraint The name of the constraint to analyze governed containers for.
 *                           The analysis only contains organization policies for the provided
 *                           constraint.
 */
function analyze_org_policy_governed_containers_sample(string $scope, string $constraint): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->analyzeOrgPolicyGovernedContainers($scope, $constraint);

        /** @var GovernedContainer $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $constraint = '[CONSTRAINT]';

    analyze_org_policy_governed_containers_sample($scope, $constraint);
}

batchGetAssetsHistory

Batch gets the update history of assets that overlap a time window.

For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.

Parameters
Name	Description
`parent`	`string` Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
`contentType`	`int` Optional. The content type. For allowed values, use constants defined on {@see \Google\Cloud\Asset\V1\ContentType}
`readTimeWindow`	`Google\Cloud\Asset\V1\TimeWindow` Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after the current time minus 35 days. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.
`optionalArgs`	`array` Optional.
`↳ assetNames`	`string[]` A list of the full names of the assets. See: https://cloud.google.com/asset-inventory/docs/resource-name-format Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.
`↳ relationshipTypes`	`string[]` Optional. A list of relationship types to output, for example: `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if content_type=RELATIONSHIP. * If specified: it outputs specified relationships' history on the [asset_names]. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_names] or if any of the [asset_names]'s types doesn't belong to the source types of the [relationship_types]. * Otherwise: it outputs the supported relationships' history on the [asset_names] or returns an error if any of the [asset_names]'s types has no relationship support. See Introduction to Cloud Asset Inventory for all supported asset types and relationship types.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse;
use Google\Cloud\Asset\V1\ContentType;
use Google\Cloud\Asset\V1\TimeWindow;

/**
 * @param string $parent      The relative name of the root asset. It can only be an
 *                            organization number (such as "organizations/123"), a project ID (such as
 *                            "projects/my-project-id")", or a project number (such as "projects/12345").
 * @param int    $contentType Optional. The content type.
 */
function batch_get_assets_history_sample(string $parent, int $contentType): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $readTimeWindow = new TimeWindow();

    // Call the API and handle any network failures.
    try {
        /** @var BatchGetAssetsHistoryResponse $response */
        $response = $assetServiceClient->batchGetAssetsHistory($parent, $contentType, $readTimeWindow);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';
    $contentType = ContentType::CONTENT_TYPE_UNSPECIFIED;

    batch_get_assets_history_sample($parent, $contentType);
}

batchGetEffectiveIamPolicies

Gets effective IAM policies for a batch of resources.

Parameters
Name	Description
`scope`	`string` Required. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
`names`	`string[]` Required. The names refer to the full_resource_names of searchable asset types. A maximum of 20 resources' effective policies can be retrieved in a batch.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse;

/**
 * @param string $scope        Only IAM policies on or below the scope will be returned.
 *
 *                             This can only be an organization number (such as "organizations/123"), a
 *                             folder number (such as "folders/123"), a project ID (such as
 *                             "projects/my-project-id"), or a project number (such as "projects/12345").
 *
 *                             To know how to get organization id, visit [here
 *                             ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
 *
 *                             To know how to get folder or project id, visit [here
 *                             ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
 * @param string $namesElement The names refer to the [full_resource_names]
 *                             (https://cloud.google.com/asset-inventory/docs/resource-name-format)
 *                             of [searchable asset
 *                             types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
 *                             A maximum of 20 resources' effective policies can be retrieved in a batch.
 */
function batch_get_effective_iam_policies_sample(string $scope, string $namesElement): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $names = [$namesElement,];

    // Call the API and handle any network failures.
    try {
        /** @var BatchGetEffectiveIamPoliciesResponse $response */
        $response = $assetServiceClient->batchGetEffectiveIamPolicies($scope, $names);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';
    $namesElement = '[NAMES]';

    batch_get_effective_iam_policies_sample($scope, $namesElement);
}

createFeed

Creates a feed in a parent project/folder/organization to listen to its asset updates.

Parameters
Name	Description
`parent`	`string` Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
`feedId`	`string` Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.
`feed`	`Google\Cloud\Asset\V1\Feed` Required. The feed details. The field `name` must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\Feed`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;

/**
 * @param string $parent   The name of the project/folder/organization where this feed
 *                         should be created in. It can only be an organization number (such as
 *                         "organizations/123"), a folder number (such as "folders/123"), a project ID
 *                         (such as "projects/my-project-id")", or a project number (such as
 *                         "projects/12345").
 * @param string $feedId   This is the client-assigned asset feed identifier and it needs to
 *                         be unique under a specific parent project/folder/organization.
 * @param string $feedName The format will be
 *                         projects/{project_number}/feeds/{client-assigned_feed_identifier} or
 *                         folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
 *                         organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
 *
 *                         The client-assigned feed identifier must be unique within the parent
 *                         project/folder/organization.
 */
function create_feed_sample(string $parent, string $feedId, string $feedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $feedFeedOutputConfig = new FeedOutputConfig();
    $feed = (new Feed())
        ->setName($feedName)
        ->setFeedOutputConfig($feedFeedOutputConfig);

    // Call the API and handle any network failures.
    try {
        /** @var Feed $response */
        $response = $assetServiceClient->createFeed($parent, $feedId, $feed);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';
    $feedId = '[FEED_ID]';
    $feedName = '[NAME]';

    create_feed_sample($parent, $feedId, $feedName);
}

createSavedQuery

Creates a saved query in a parent project/folder/organization.

Parameters
Name	Description
`parent`	`string` Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
`savedQuery`	`Google\Cloud\Asset\V1\SavedQuery` Required. The saved_query details. The `name` field must be empty as it will be generated based on the parent and saved_query_id.
`savedQueryId`	`string` Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are `[a-z][0-9]-`. Notice that this field is required in the saved query creation, and the `name` field of the `saved_query` will be ignored.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\SavedQuery`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;

/**
 * @param string $formattedParent The name of the project/folder/organization where this
 *                                saved_query should be created in. It can only be an organization number
 *                                (such as "organizations/123"), a folder number (such as "folders/123"), a
 *                                project ID (such as "projects/my-project-id")", or a project number (such
 *                                as "projects/12345"). Please see
 *                                {@see AssetServiceClient::projectName()} for help formatting this field.
 * @param string $savedQueryId    The ID to use for the saved query, which must be unique in the
 *                                specified parent. It will become the final component of the saved query's
 *                                resource name.
 *
 *                                This value should be 4-63 characters, and valid characters
 *                                are `[a-z][0-9]-`.
 *
 *                                Notice that this field is required in the saved query creation, and the
 *                                `name` field of the `saved_query` will be ignored.
 */
function create_saved_query_sample(string $formattedParent, string $savedQueryId): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $savedQuery = new SavedQuery();

    // Call the API and handle any network failures.
    try {
        /** @var SavedQuery $response */
        $response = $assetServiceClient->createSavedQuery($formattedParent, $savedQuery, $savedQueryId);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AssetServiceClient::projectName('[PROJECT]');
    $savedQueryId = '[SAVED_QUERY_ID]';

    create_saved_query_sample($formattedParent, $savedQueryId);
}

deleteFeed

Deletes an asset feed.

Parameters
Name	Description
`name`	`string` Required. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $formattedName The name of the feed and it must be in the format of:
 *                              projects/project_number/feeds/feed_id
 *                              folders/folder_number/feeds/feed_id
 *                              organizations/organization_number/feeds/feed_id
 *                              Please see {@see AssetServiceClient::feedName()} for help formatting this field.
 */
function delete_feed_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        $assetServiceClient->deleteFeed($formattedName);
        printf('Call completed successfully.' . PHP_EOL);
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');

    delete_feed_sample($formattedName);
}

deleteSavedQuery

Deletes a saved query.

Parameters
Name	Description
`name`	`string` Required. The name of the saved query to delete. It must be in the format of: projects/project_number/savedQueries/saved_query_id folders/folder_number/savedQueries/saved_query_id organizations/organization_number/savedQueries/saved_query_id
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $formattedName The name of the saved query to delete. It must be in the format
 *                              of:
 *
 *                              * projects/project_number/savedQueries/saved_query_id
 *                              * folders/folder_number/savedQueries/saved_query_id
 *                              * organizations/organization_number/savedQueries/saved_query_id
 *                              Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
 */
function delete_saved_query_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        $assetServiceClient->deleteSavedQuery($formattedName);
        printf('Call completed successfully.' . PHP_EOL);
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');

    delete_saved_query_sample($formattedName);
}

exportAssets

Exports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset Protobuf as columns. This API implements the google.longrunning.Operation API, which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.

Parameters
Name	Description
`parent`	`string` Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").
`outputConfig`	`Google\Cloud\Asset\V1\OutputConfig` Required. Output configuration indicating where the results will be output to.
`optionalArgs`	`array` Optional.
`↳ readTime`	`Timestamp` Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
`↳ assetTypes`	`string[]` A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types.
`↳ contentType`	`int` Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on Google\Cloud\Asset\V1\ContentType
`↳ relationshipTypes`	`string[]` A list of relationship types to export, for example: `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if content_type=RELATIONSHIP. * If specified: it snapshots specified relationships. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_types] or if any of the [asset_types] doesn't belong to the source types of the [relationship_types]. * Otherwise: it snapshots the supported relationships for all [asset_types] or returns an error if any of the [asset_types] has no relationship support. An unspecified asset types field means all supported asset_types. See Introduction to Cloud Asset Inventory for all supported asset types and relationship types.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ExportAssetsResponse;
use Google\Cloud\Asset\V1\OutputConfig;
use Google\Rpc\Status;

/**
 * @param string $parent The relative name of the root asset. This can only be an
 *                       organization number (such as "organizations/123"), a project ID (such as
 *                       "projects/my-project-id"), or a project number (such as "projects/12345"),
 *                       or a folder number (such as "folders/123").
 */
function export_assets_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $outputConfig = new OutputConfig();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $assetServiceClient->exportAssets($parent, $outputConfig);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ExportAssetsResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    export_assets_sample($parent);
}

getFeed

Gets details about an asset feed.

Parameters
Name	Description
`name`	`string` Required. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\Feed`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;

/**
 * @param string $formattedName The name of the Feed and it must be in the format of:
 *                              projects/project_number/feeds/feed_id
 *                              folders/folder_number/feeds/feed_id
 *                              organizations/organization_number/feeds/feed_id
 *                              Please see {@see AssetServiceClient::feedName()} for help formatting this field.
 */
function get_feed_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var Feed $response */
        $response = $assetServiceClient->getFeed($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');

    get_feed_sample($formattedName);
}

getSavedQuery

Gets details about a saved query.

Parameters
Name	Description
`name`	`string` Required. The name of the saved query and it must be in the format of: projects/project_number/savedQueries/saved_query_id folders/folder_number/savedQueries/saved_query_id organizations/organization_number/savedQueries/saved_query_id
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\SavedQuery`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;

/**
 * @param string $formattedName The name of the saved query and it must be in the format of:
 *
 *                              * projects/project_number/savedQueries/saved_query_id
 *                              * folders/folder_number/savedQueries/saved_query_id
 *                              * organizations/organization_number/savedQueries/saved_query_id
 *                              Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
 */
function get_saved_query_sample(string $formattedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var SavedQuery $response */
        $response = $assetServiceClient->getSavedQuery($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');

    get_saved_query_sample($formattedName);
}

listAssets

Lists assets with time and resource types and returns paged results in response.

Parameters
Name	Description
`parent`	`string` Required. Name of the organization, folder, or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), "projects/[project-number]" (such as "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
`optionalArgs`	`array` Optional.
`↳ readTime`	`Timestamp` Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
`↳ assetTypes`	`string[]` A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types.
`↳ contentType`	`int` Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on Google\Cloud\Asset\V1\ContentType
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ relationshipTypes`	`string[]` A list of relationship types to output, for example: `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if content_type=RELATIONSHIP. * If specified: it snapshots specified relationships. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_types] or if any of the [asset_types] doesn't belong to the source types of the [relationship_types]. * Otherwise: it snapshots the supported relationships for all [asset_types] or returns an error if any of the [asset_types] has no relationship support. An unspecified asset types field means all supported asset_types. See Introduction to Cloud Asset Inventory for all supported asset types and relationship types.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\Asset;
use Google\Cloud\Asset\V1\AssetServiceClient;

/**
 * @param string $parent Name of the organization, folder, or project the assets belong
 *                       to. Format: "organizations/[organization-number]" (such as
 *                       "organizations/123"), "projects/[project-id]" (such as
 *                       "projects/my-project-id"), "projects/[project-number]" (such as
 *                       "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
 */
function list_assets_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->listAssets($parent);

        /** @var Asset $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    list_assets_sample($parent);
}

listFeeds

Lists all asset feeds in a parent project/folder/organization.

Parameters
Name	Description
`parent`	`string` Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\ListFeedsResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ListFeedsResponse;

/**
 * @param string $parent The parent project/folder/organization whose feeds are to be
 *                       listed. It can only be using project/folder/organization number (such as
 *                       "folders/12345")", or a project ID (such as "projects/my-project-id").
 */
function list_feeds_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var ListFeedsResponse $response */
        $response = $assetServiceClient->listFeeds($parent);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    list_feeds_sample($parent);
}

listSavedQueries

Lists all saved queries in a parent project/folder/organization.

Parameters
Name	Description
`parent`	`string` Required. The parent project/folder/organization whose savedQueries are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").
`optionalArgs`	`array` Optional.
`↳ filter`	`string` Optional. The expression to filter resources. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. When `AND` and `OR` are both used in the expression, parentheses must be appropriately used to group the combinations. The expression may also contain regular expressions. See https://google.aip.dev/160 for more information on the grammar.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;

/**
 * @param string $formattedParent The parent project/folder/organization whose savedQueries are to
 *                                be listed. It can only be using project/folder/organization number (such as
 *                                "folders/12345")", or a project ID (such as "projects/my-project-id"). Please see
 *                                {@see AssetServiceClient::projectName()} for help formatting this field.
 */
function list_saved_queries_sample(string $formattedParent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->listSavedQueries($formattedParent);

        /** @var SavedQuery $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AssetServiceClient::projectName('[PROJECT]');

    list_saved_queries_sample($formattedParent);
}

queryAssets

Issue a job that queries assets using a SQL statement compatible with BigQuery Standard SQL.

If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the QueryAssetsResponse.

Otherwise, full query results can be obtained by issuing extra requests with the job_reference from the a previous QueryAssets call.

Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.

Parameters
Name	Description
`parent`	`string` Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). Only assets belonging to the `parent` will be returned.
`optionalArgs`	`array` Optional.
`↳ statement`	`string` Optional. A SQL statement that's compatible with BigQuery Standard SQL.
`↳ jobReference`	`string` Optional. Reference to the query job, which is from the `QueryAssetsResponse` of previous `QueryAssets` call.
`↳ pageSize`	`int` Optional. The maximum number of rows to return in the results. Responses are limited to 10 MB and 1000 rows. By default, the maximum row count is 1000. When the byte or row count limit is reached, the rest of the query results will be paginated. The field will be ignored when [output_config] is specified.
`↳ pageToken`	`string` Optional. A page token received from previous `QueryAssets`. The field will be ignored when [output_config] is specified.
`↳ timeout`	`Duration` Optional. Specifies the maximum amount of time that the client is willing to wait for the query to complete. By default, this limit is 5 min for the first query, and 1 minute for the following queries. If the query is complete, the `done` field in the `QueryAssetsResponse` is true, otherwise false. Like BigQuery jobs.query API The call is not guaranteed to wait for the specified timeout; it typically returns after around 200 seconds (200,000 milliseconds), even if the query is not complete. The field will be ignored when [output_config] is specified.
`↳ readTimeWindow`	`TimeWindow` Optional. [start_time] is required. [start_time] must be less than [end_time] Defaults [end_time] to now if [start_time] is set and [end_time] isn't. Maximum permitted time range is 7 days.
`↳ readTime`	`Timestamp` Optional. Queries cloud assets as they appeared at the specified point in time.
`↳ outputConfig`	`QueryAssetsOutputConfig` Optional. Destination where the query results will be saved. When this field is specified, the query results won't be saved in the [QueryAssetsResponse.query_result]. Instead [QueryAssetsResponse.output_config] will be set. Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used to check the status of the query job when passed to a following [QueryAssets] API call.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\QueryAssetsResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\QueryAssetsResponse;

/**
 * @param string $parent The relative name of the root asset. This can only be an
 *                       organization number (such as "organizations/123"), a project ID (such as
 *                       "projects/my-project-id"), or a project number (such as "projects/12345"),
 *                       or a folder number (such as "folders/123").
 *
 *                       Only assets belonging to the `parent` will be returned.
 */
function query_assets_sample(string $parent): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var QueryAssetsResponse $response */
        $response = $assetServiceClient->queryAssets($parent);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $parent = '[PARENT]';

    query_assets_sample($parent);
}

searchAllIamPolicies

Searches all IAM policies within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope, otherwise the request will be rejected.

Parameters
Name	Description
`scope`	`string` Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the `scope`. The caller must be granted the `cloudasset.assets.searchAllIamPolicies` permission on the desired scope. The allowed values are: projects/{PROJECT_ID} (e.g., "projects/foo-bar") projects/{PROJECT_NUMBER} (e.g., "projects/12345678") folders/{FOLDER_NUMBER} (e.g., "folders/1234567") organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
`optionalArgs`	`array` Optional.
`↳ query`	`string` Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified `scope`. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation. Examples: * `policy:amy@gmail.com` to find IAM policy bindings that specify user "amy@gmail.com". * `policy:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role. * `policy:comp` to find IAM policy bindings that contain "comp" as a prefix of any word in the binding. `policy.role.permissions:storage.buckets.update` to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * `policy.role.permissions:upd` to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. `resource:organizations/123456` to find IAM policy bindings that are set on "organizations/123456". * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to find IAM policy bindings that are set on the project named "myproject". * `Important` to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions). * `resource:(instance1 OR instance2) policy:amy` to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy". * `roles:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role. * `memberTypes:user` to find IAM policy bindings that contain the principal type "user".
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ assetTypes`	`string[]` Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the searchable asset types. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".Instance." snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
`↳ orderBy`	`string` Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * resource * assetType * project All the other fields such as repeated fields (e.g., `folders`) and non-primitive fields (e.g., `policy`) are not supported.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicySearchResult;

/**
 * @param string $scope A scope can be a project, a folder, or an organization. The
 *                      search is limited to the IAM policies within the `scope`. The caller must
 *                      be granted the
 *                      [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
 *                      permission on the desired scope.
 *
 *                      The allowed values are:
 *
 *                      * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
 *                      * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
 *                      * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
 *                      * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 */
function search_all_iam_policies_sample(string $scope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->searchAllIamPolicies($scope);

        /** @var IamPolicySearchResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';

    search_all_iam_policies_sample($scope);
}

searchAllResources

Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllResources permission on the desired scope, otherwise the request will be rejected.

Parameters
Name	Description
`scope`	`string` Required. A scope can be a project, a folder, or an organization. The search is limited to the resources within the `scope`. The caller must be granted the `cloudasset.assets.searchAllResources` permission on the desired scope. The allowed values are: projects/{PROJECT_ID} (e.g., "projects/foo-bar") projects/{PROJECT_NUMBER} (e.g., "projects/12345678") folders/{FOLDER_NUMBER} (e.g., "folders/1234567") organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
`optionalArgs`	`array` Optional.
`↳ query`	`string` Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Google Cloud resources whose name contains "Important" as a word. * `name=Important` to find the Google Cloud resource whose name is exactly "Important". * `displayName:Impor` to find Google Cloud resources whose display name contains "Impor" as a prefix of any word in the field. `location:us-west` to find Google Cloud resources whose location contains both "us" and "west" as prefixes. `labels:prod` to find Google Cloud resources whose labels contain "prod" as a key or value. * `labels.env:prod` to find Google Cloud resources that have a label "env" and its value is "prod". * `labels.env:` to find Google Cloud resources that have a label "env". `kmsKey:key` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains "key" as a word. This field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word "key". * `relationships:instance-group-1` to find Google Cloud resources that have relationships with "instance-group-1" in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine instances that have relationships with "instance-group-1" in the Compute Engine instance group resource name, for relationship type "INSTANCE_TO_INSTANCEGROUP". * `state:ACTIVE` to find Google Cloud resources whose state contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain "ACTIVE" as a word. * `createTime<1609459200` to find Google Cloud resources that were created before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `updateTime>1609459200` to find Google Cloud resources that were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `Important` to find Google Cloud resources that contain "Important" as a word in any of the searchable fields. * `Impor` to find Google Cloud resources that contain "Impor" as a prefix of any word in any of the searchable fields. `Important location:(us-west1 OR global)` to find Google Cloud resources that contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location.
`↳ assetTypes`	`string[]` Optional. A list of asset types that this request searches for. If empty, it will search all the searchable asset types. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ orderBy`	`string` Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., `networkTags`, `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) are not supported.
`↳ readMask`	`FieldMask` Optional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only '' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `""`,`"name,location"`,`"name,versionedResources"`. The read_mask paths must be valid field paths listed but not limited to (both snake_case and camelCase are supported): * name * assetType * project * displayName * description * location * tagKeys * tagValues * tagValueIds * labels * networkTags * kmsKey (This field is deprecated. Please use the`kmsKeys` field to retrieve Cloud KMS key information.) * kmsKeys * createTime * updateTime * state * additionalAttributes * versionedResources If read_mask is not specified, all fields except versionedResources will be returned. If only '*' is specified, all fields including versionedResources will be returned. Any invalid field path will trigger INVALID_ARGUMENT error.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ResourceSearchResult;

/**
 * @param string $scope A scope can be a project, a folder, or an organization. The
 *                      search is limited to the resources within the `scope`. The caller must be
 *                      granted the
 *                      [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
 *                      permission on the desired scope.
 *
 *                      The allowed values are:
 *
 *                      * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
 *                      * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
 *                      * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
 *                      * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
 */
function search_all_resources_sample(string $scope): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $assetServiceClient->searchAllResources($scope);

        /** @var ResourceSearchResult $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $scope = '[SCOPE]';

    search_all_resources_sample($scope);
}

updateFeed

Updates an asset feed configuration.

Parameters
Name	Description
`feed`	`Google\Cloud\Asset\V1\Feed` Required. The new values of feed details. It must match an existing feed and the field `name` must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.
`updateMask`	`Google\Protobuf\FieldMask` Required. Only updates the `feed` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\Feed`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;
use Google\Protobuf\FieldMask;

/**
 * @param string $feedName The format will be
 *                         projects/{project_number}/feeds/{client-assigned_feed_identifier} or
 *                         folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
 *                         organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
 *
 *                         The client-assigned feed identifier must be unique within the parent
 *                         project/folder/organization.
 */
function update_feed_sample(string $feedName): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $feedFeedOutputConfig = new FeedOutputConfig();
    $feed = (new Feed())
        ->setName($feedName)
        ->setFeedOutputConfig($feedFeedOutputConfig);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var Feed $response */
        $response = $assetServiceClient->updateFeed($feed, $updateMask);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $feedName = '[NAME]';

    update_feed_sample($feedName);
}

updateSavedQuery

Updates a saved query.

Parameters
Name	Description
`savedQuery`	`Google\Cloud\Asset\V1\SavedQuery` Required. The saved query to update. The saved query's `name` field is used to identify the one to update, which has format as below: projects/project_number/savedQueries/saved_query_id folders/folder_number/savedQueries/saved_query_id organizations/organization_number/savedQueries/saved_query_id
`updateMask`	`Google\Protobuf\FieldMask` Required. The list of fields to update.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Asset\V1\SavedQuery`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
use Google\Protobuf\FieldMask;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_saved_query_sample(): void
{
    // Create a client.
    $assetServiceClient = new AssetServiceClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $savedQuery = new SavedQuery();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var SavedQuery $response */
        $response = $assetServiceClient->updateSavedQuery($savedQuery, $updateMask);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

Constants

SERVICE_NAME

Value: 'google.cloud.asset.v1.AssetService'

The name of the service.

SERVICE_ADDRESS

Value: 'cloudasset.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.