Reference documentation and code samples for the Google Cloud Asset V1 Client class AssetServiceClient.
Service Description: Asset service definition.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
$assetServiceClient = new AssetServiceClient();
try {
$analysisQuery = new IamPolicyAnalysisQuery();
$response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
} finally {
$assetServiceClient->close();
}
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.
Methods
feedName
Formats a string containing the fully-qualified path to represent a feed resource.
Parameters | |
---|---|
Name | Description |
project |
string
|
feed |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted feed resource. |
folderName
Formats a string containing the fully-qualified path to represent a folder resource.
Parameter | |
---|---|
Name | Description |
folder |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted folder resource. |
folderFeedName
Formats a string containing the fully-qualified path to represent a folder_feed resource.
Parameters | |
---|---|
Name | Description |
folder |
string
|
feed |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted folder_feed resource. |
folderSavedQueryName
Formats a string containing the fully-qualified path to represent a folder_saved_query resource.
Parameters | |
---|---|
Name | Description |
folder |
string
|
savedQuery |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted folder_saved_query resource. |
organizationName
Formats a string containing the fully-qualified path to represent a organization resource.
Parameter | |
---|---|
Name | Description |
organization |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted organization resource. |
organizationFeedName
Formats a string containing the fully-qualified path to represent a organization_feed resource.
Parameters | |
---|---|
Name | Description |
organization |
string
|
feed |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted organization_feed resource. |
organizationSavedQueryName
Formats a string containing the fully-qualified path to represent a organization_saved_query resource.
Parameters | |
---|---|
Name | Description |
organization |
string
|
savedQuery |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted organization_saved_query resource. |
projectName
Formats a string containing the fully-qualified path to represent a project resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project resource. |
projectFeedName
Formats a string containing the fully-qualified path to represent a project_feed resource.
Parameters | |
---|---|
Name | Description |
project |
string
|
feed |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project_feed resource. |
projectSavedQueryName
Formats a string containing the fully-qualified path to represent a project_saved_query resource.
Parameters | |
---|---|
Name | Description |
project |
string
|
savedQuery |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project_saved_query resource. |
savedQueryName
Formats a string containing the fully-qualified path to represent a saved_query resource.
Parameters | |
---|---|
Name | Description |
project |
string
|
savedQuery |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted saved_query resource. |
parseName
Parses a formatted name string and returns an associative array of the components in the name.
The following name formats are supported: Template: Pattern
- feed: projects/{project}/feeds/{feed}
- folder: folders/{folder}
- folderFeed: folders/{folder}/feeds/{feed}
- folderSavedQuery: folders/{folder}/savedQueries/{saved_query}
- organization: organizations/{organization}
- organizationFeed: organizations/{organization}/feeds/{feed}
- organizationSavedQuery: organizations/{organization}/savedQueries/{saved_query}
- project: projects/{project}
- projectFeed: projects/{project}/feeds/{feed}
- projectSavedQuery: projects/{project}/savedQueries/{saved_query}
- savedQuery: projects/{project}/savedQueries/{saved_query}
The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.
Parameters | |
---|---|
Name | Description |
formattedName |
string
The formatted name string |
template |
string
Optional name of template to match |
Returns | |
---|---|
Type | Description |
array | An associative array from name component IDs to component values. |
getOperationsClient
Return an OperationsClient object with the same endpoint as $this.
Returns | |
---|---|
Type | Description |
Google\ApiCore\LongRunning\OperationsClient |
resumeOperation
Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.
Parameters | |
---|---|
Name | Description |
operationName |
string
The name of the long running operation |
methodName |
string
The name of the method used to start the operation |
Returns | |
---|---|
Type | Description |
Google\ApiCore\OperationResponse |
__construct
Constructor.
Parameters | |
---|---|
Name | Description |
options |
array
Optional. Options for configuring the service API wrapper. |
↳ apiEndpoint |
string
The address of the API remote host. May optionally include the port, formatted as "
|
↳ credentials |
string|array|FetchAuthTokenInterface|CredentialsWrapper
The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored. |
↳ credentialsConfig |
array
Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() . |
↳ disableRetries |
bool
Determines whether or not retries defined by the client configuration should be disabled. Defaults to |
↳ clientConfig |
string|array
Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder. |
↳ transport |
string|TransportInterface
The transport used for executing network requests. May be either the string |
↳ transportConfig |
array
Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options. |
↳ clientCertSource |
callable
A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS. |
analyzeIamPolicy
Analyzes IAM policies to answer which identities have what accesses on which resources.
Parameters | |
---|---|
Name | Description |
analysisQuery |
Google\Cloud\Asset\V1\IamPolicyAnalysisQuery
Required. The request query. |
optionalArgs |
array
Optional. |
↳ savedAnalysisQuery |
string
Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both |
↳ executionTimeout |
Duration
Optional. Amount of time executable has to complete. See JSON representation of Duration. If this field is set with a value less than the RPC deadline, and the execution of your query hasn't finished in the specified execution timeout, you will get a response with partial result. Otherwise, your query's execution will continue until the RPC deadline. If it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default is empty. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;
/**
* @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM
* policies within the scope will be analyzed.
*
* This can only be an organization number (such as "organizations/123"), a
* folder number (such as "folders/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345").
*
* To know how to get organization id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
*
* To know how to get folder or project id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
*/
function analyze_iam_policy_sample(string $analysisQueryScope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$analysisQuery = (new IamPolicyAnalysisQuery())
->setScope($analysisQueryScope);
// Call the API and handle any network failures.
try {
/** @var AnalyzeIamPolicyResponse $response */
$response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$analysisQueryScope = '[SCOPE]';
analyze_iam_policy_sample($analysisQueryScope);
}
analyzeIamPolicyLongrunning
Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse.
This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation.
Parameters | |
---|---|
Name | Description |
analysisQuery |
Google\Cloud\Asset\V1\IamPolicyAnalysisQuery
Required. The request query. |
outputConfig |
Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig
Required. Output configuration indicating where the results will be output to. |
optionalArgs |
array
Optional. |
↳ savedAnalysisQuery |
string
Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\OperationResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyLongrunningResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;
use Google\Rpc\Status;
/**
* @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM
* policies within the scope will be analyzed.
*
* This can only be an organization number (such as "organizations/123"), a
* folder number (such as "folders/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345").
*
* To know how to get organization id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
*
* To know how to get folder or project id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
*/
function analyze_iam_policy_longrunning_sample(string $analysisQueryScope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$analysisQuery = (new IamPolicyAnalysisQuery())
->setScope($analysisQueryScope);
$outputConfig = new IamPolicyAnalysisOutputConfig();
// Call the API and handle any network failures.
try {
/** @var OperationResponse $response */
$response = $assetServiceClient->analyzeIamPolicyLongrunning($analysisQuery, $outputConfig);
$response->pollUntilComplete();
if ($response->operationSucceeded()) {
/** @var AnalyzeIamPolicyLongrunningResponse $result */
$result = $response->getResult();
printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
} else {
/** @var Status $error */
$error = $response->getError();
printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$analysisQueryScope = '[SCOPE]';
analyze_iam_policy_longrunning_sample($analysisQueryScope);
}
analyzeMove
Analyze moving a resource to a specified destination without kicking off the actual move. The analysis is best effort depending on the user's permissions of viewing different hierarchical policies and configurations.
The policies and configuration are subject to change before the actual resource migration takes place.
Parameters | |
---|---|
Name | Description |
resource |
string
Required. Name of the resource to perform the analysis against. Only Google Cloud projects are supported as of today. Hence, this can only be a project ID (such as "projects/my-project-id") or a project number (such as "projects/12345"). |
destinationParent |
string
Required. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123"). |
optionalArgs |
array
Optional. |
↳ view |
int
Analysis view indicating what information should be included in the analysis response. If unspecified, the default view is FULL. For allowed values, use constants defined on Google\Cloud\Asset\V1\AnalyzeMoveRequest\AnalysisView |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\AnalyzeMoveResponse |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeMoveResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $resource Name of the resource to perform the analysis against.
* Only Google Cloud projects are supported as of today. Hence, this can only
* be a project ID (such as "projects/my-project-id") or a project number
* (such as "projects/12345").
* @param string $destinationParent Name of the Google Cloud folder or organization to reparent the
* target resource. The analysis will be performed against hypothetically
* moving the resource to this specified desitination parent. This can only be
* a folder number (such as "folders/123") or an organization number (such as
* "organizations/123").
*/
function analyze_move_sample(string $resource, string $destinationParent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var AnalyzeMoveResponse $response */
$response = $assetServiceClient->analyzeMove($resource, $destinationParent);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
$destinationParent = '[DESTINATION_PARENT]';
analyze_move_sample($resource, $destinationParent);
}
analyzeOrgPolicies
Analyzes organization policies under a scope.
Parameters | |
---|---|
Name | Description |
scope |
string
Required. The organization to scope the request. Only organization policies within the scope will be analyzed.
|
constraint |
string
Required. The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint. |
optionalArgs |
array
Optional. |
↳ filter |
string
The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPoliciesResponse\OrgPolicyResult;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $scope The organization to scope the request. Only organization
* policies within the scope will be analyzed.
*
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
* @param string $constraint The name of the constraint to analyze organization policies for.
* The response only contains analyzed organization policies for the provided
* constraint.
*/
function analyze_org_policies_sample(string $scope, string $constraint): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->analyzeOrgPolicies($scope, $constraint);
/** @var OrgPolicyResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
$constraint = '[CONSTRAINT]';
analyze_org_policies_sample($scope, $constraint);
}
analyzeOrgPolicyGovernedAssets
Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints:
- storage.uniformBucketLevelAccess
- iam.disableServiceAccountKeyCreation
- iam.allowedPolicyMemberDomains
- compute.vmExternalIpAccess
- appengine.enforceServiceAccountActAsCheck
- gcp.resourceLocations
- compute.trustedImageProjects
- compute.skipDefaultNetworkCreation
- compute.requireOsLogin
- compute.disableNestedVirtualization
This RPC only returns either resources of types supported by searchable asset types, or IAM policies.
Parameters | |
---|---|
Name | Description |
scope |
string
Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output assets will also be limited to the ones governed by those in-scope organization policies.
|
constraint |
string
Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint. |
optionalArgs |
array
Optional. |
↳ filter |
string
The expression to filter the governed assets in result. The only supported fields for governed resources are |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPolicyGovernedAssetsResponse\GovernedAsset;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $scope The organization to scope the request. Only organization
* policies within the scope will be analyzed. The output assets will
* also be limited to the ones governed by those in-scope organization
* policies.
*
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
* @param string $constraint The name of the constraint to analyze governed assets for. The
* analysis only contains analyzed organization policies for the provided
* constraint.
*/
function analyze_org_policy_governed_assets_sample(string $scope, string $constraint): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->analyzeOrgPolicyGovernedAssets($scope, $constraint);
/** @var GovernedAsset $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
$constraint = '[CONSTRAINT]';
analyze_org_policy_governed_assets_sample($scope, $constraint);
}
analyzeOrgPolicyGovernedContainers
Analyzes organization policies governed containers (projects, folders or organization) under a scope.
Parameters | |
---|---|
Name | Description |
scope |
string
Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies.
|
constraint |
string
Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint. |
optionalArgs |
array
Optional. |
↳ filter |
string
The expression to filter the governed containers in result. The only supported field is |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AnalyzeOrgPolicyGovernedContainersResponse\GovernedContainer;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $scope The organization to scope the request. Only organization
* policies within the scope will be analyzed. The output containers will
* also be limited to the ones governed by those in-scope organization
* policies.
*
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
* @param string $constraint The name of the constraint to analyze governed containers for.
* The analysis only contains organization policies for the provided
* constraint.
*/
function analyze_org_policy_governed_containers_sample(string $scope, string $constraint): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->analyzeOrgPolicyGovernedContainers($scope, $constraint);
/** @var GovernedContainer $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
$constraint = '[CONSTRAINT]';
analyze_org_policy_governed_containers_sample($scope, $constraint);
}
batchGetAssetsHistory
Batch gets the update history of assets that overlap a time window.
For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345"). |
contentType |
int
Optional. The content type. For allowed values, use constants defined on {@see \Google\Cloud\Asset\V1\ContentType} |
readTimeWindow |
Google\Cloud\Asset\V1\TimeWindow
Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after the current time minus 35 days. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window. |
optionalArgs |
array
Optional. |
↳ assetNames |
string[]
A list of the full names of the assets. See: https://cloud.google.com/asset-inventory/docs/resource-name-format Example: |
↳ relationshipTypes |
string[]
Optional. A list of relationship types to output, for example: |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse;
use Google\Cloud\Asset\V1\ContentType;
use Google\Cloud\Asset\V1\TimeWindow;
/**
* @param string $parent The relative name of the root asset. It can only be an
* organization number (such as "organizations/123"), a project ID (such as
* "projects/my-project-id")", or a project number (such as "projects/12345").
* @param int $contentType Optional. The content type.
*/
function batch_get_assets_history_sample(string $parent, int $contentType): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$readTimeWindow = new TimeWindow();
// Call the API and handle any network failures.
try {
/** @var BatchGetAssetsHistoryResponse $response */
$response = $assetServiceClient->batchGetAssetsHistory($parent, $contentType, $readTimeWindow);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
$contentType = ContentType::CONTENT_TYPE_UNSPECIFIED;
batch_get_assets_history_sample($parent, $contentType);
}
batchGetEffectiveIamPolicies
Gets effective IAM policies for a batch of resources.
Parameters | |
---|---|
Name | Description |
scope |
string
Required. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here . |
names |
string[]
Required. The names refer to the full_resource_names of searchable asset types. A maximum of 20 resources' effective policies can be retrieved in a batch. |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse;
/**
* @param string $scope Only IAM policies on or below the scope will be returned.
*
* This can only be an organization number (such as "organizations/123"), a
* folder number (such as "folders/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345").
*
* To know how to get organization id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
*
* To know how to get folder or project id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
* @param string $namesElement The names refer to the [full_resource_names]
* (https://cloud.google.com/asset-inventory/docs/resource-name-format)
* of [searchable asset
* types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
* A maximum of 20 resources' effective policies can be retrieved in a batch.
*/
function batch_get_effective_iam_policies_sample(string $scope, string $namesElement): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$names = [$namesElement,];
// Call the API and handle any network failures.
try {
/** @var BatchGetEffectiveIamPoliciesResponse $response */
$response = $assetServiceClient->batchGetEffectiveIamPolicies($scope, $names);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
$namesElement = '[NAMES]';
batch_get_effective_iam_policies_sample($scope, $namesElement);
}
createFeed
Creates a feed in a parent project/folder/organization to listen to its asset updates.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). |
feedId |
string
Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization. |
feed |
Google\Cloud\Asset\V1\Feed
Required. The feed details. The field |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\Feed |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;
/**
* @param string $parent The name of the project/folder/organization where this feed
* should be created in. It can only be an organization number (such as
* "organizations/123"), a folder number (such as "folders/123"), a project ID
* (such as "projects/my-project-id"), or a project number (such as
* "projects/12345").
* @param string $feedId This is the client-assigned asset feed identifier and it needs to
* be unique under a specific parent project/folder/organization.
* @param string $feedName The format will be
* projects/{project_number}/feeds/{client-assigned_feed_identifier} or
* folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
* organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
*
* The client-assigned feed identifier must be unique within the parent
* project/folder/organization.
*/
function create_feed_sample(string $parent, string $feedId, string $feedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$feedFeedOutputConfig = new FeedOutputConfig();
$feed = (new Feed())
->setName($feedName)
->setFeedOutputConfig($feedFeedOutputConfig);
// Call the API and handle any network failures.
try {
/** @var Feed $response */
$response = $assetServiceClient->createFeed($parent, $feedId, $feed);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
$feedId = '[FEED_ID]';
$feedName = '[NAME]';
create_feed_sample($parent, $feedId, $feedName);
}
createSavedQuery
Creates a saved query in a parent project/folder/organization.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). |
savedQuery |
Google\Cloud\Asset\V1\SavedQuery
Required. The saved_query details. The |
savedQueryId |
string
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters
are Notice that this field is required in the saved query creation, and the
|
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\SavedQuery |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
/**
* @param string $formattedParent The name of the project/folder/organization where this
* saved_query should be created in. It can only be an organization number
* (such as "organizations/123"), a folder number (such as "folders/123"), a
* project ID (such as "projects/my-project-id"), or a project number (such as
* "projects/12345"). Please see
* {@see AssetServiceClient::projectName()} for help formatting this field.
* @param string $savedQueryId The ID to use for the saved query, which must be unique in the
* specified parent. It will become the final component of the saved query's
* resource name.
*
* This value should be 4-63 characters, and valid characters
* are `[a-z][0-9]-`.
*
* Notice that this field is required in the saved query creation, and the
* `name` field of the `saved_query` will be ignored.
*/
function create_saved_query_sample(string $formattedParent, string $savedQueryId): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$savedQuery = new SavedQuery();
// Call the API and handle any network failures.
try {
/** @var SavedQuery $response */
$response = $assetServiceClient->createSavedQuery($formattedParent, $savedQuery, $savedQueryId);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = AssetServiceClient::projectName('[PROJECT]');
$savedQueryId = '[SAVED_QUERY_ID]';
create_saved_query_sample($formattedParent, $savedQueryId);
}
deleteFeed
Deletes an asset feed.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $formattedName The name of the feed and it must be in the format of:
* projects/project_number/feeds/feed_id
* folders/folder_number/feeds/feed_id
* organizations/organization_number/feeds/feed_id
* Please see {@see AssetServiceClient::feedName()} for help formatting this field.
*/
function delete_feed_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
$assetServiceClient->deleteFeed($formattedName);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');
delete_feed_sample($formattedName);
}
deleteSavedQuery
Deletes a saved query.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The name of the saved query to delete. It must be in the format of:
|
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $formattedName The name of the saved query to delete. It must be in the format
* of:
*
* * projects/project_number/savedQueries/saved_query_id
* * folders/folder_number/savedQueries/saved_query_id
* * organizations/organization_number/savedQueries/saved_query_id
* Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
*/
function delete_saved_query_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
$assetServiceClient->deleteSavedQuery($formattedName);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');
delete_saved_query_sample($formattedName);
}
exportAssets
Exports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset Protobuf as columns. This API implements the google.longrunning.Operation API, which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). |
outputConfig |
Google\Cloud\Asset\V1\OutputConfig
Required. Output configuration indicating where the results will be output to. |
optionalArgs |
array
Optional. |
↳ readTime |
Timestamp
Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results. |
↳ assetTypes |
string[]
A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types. |
↳ contentType |
int
Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on Google\Cloud\Asset\V1\ContentType |
↳ relationshipTypes |
string[]
A list of relationship types to export, for example: |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\OperationResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ExportAssetsResponse;
use Google\Cloud\Asset\V1\OutputConfig;
use Google\Rpc\Status;
/**
* @param string $parent The relative name of the root asset. This can only be an
* organization number (such as "organizations/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345"),
* or a folder number (such as "folders/123").
*/
function export_assets_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$outputConfig = new OutputConfig();
// Call the API and handle any network failures.
try {
/** @var OperationResponse $response */
$response = $assetServiceClient->exportAssets($parent, $outputConfig);
$response->pollUntilComplete();
if ($response->operationSucceeded()) {
/** @var ExportAssetsResponse $result */
$result = $response->getResult();
printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
} else {
/** @var Status $error */
$error = $response->getError();
printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
export_assets_sample($parent);
}
getFeed
Gets details about an asset feed.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\Feed |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
/**
* @param string $formattedName The name of the Feed and it must be in the format of:
* projects/project_number/feeds/feed_id
* folders/folder_number/feeds/feed_id
* organizations/organization_number/feeds/feed_id
* Please see {@see AssetServiceClient::feedName()} for help formatting this field.
*/
function get_feed_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var Feed $response */
$response = $assetServiceClient->getFeed($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');
get_feed_sample($formattedName);
}
getSavedQuery
Gets details about a saved query.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The name of the saved query and it must be in the format of:
|
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\SavedQuery |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
/**
* @param string $formattedName The name of the saved query and it must be in the format of:
*
* * projects/project_number/savedQueries/saved_query_id
* * folders/folder_number/savedQueries/saved_query_id
* * organizations/organization_number/savedQueries/saved_query_id
* Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
*/
function get_saved_query_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var SavedQuery $response */
$response = $assetServiceClient->getSavedQuery($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');
get_saved_query_sample($formattedName);
}
listAssets
Lists assets with time and resource types and returns paged results in response.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. Name of the organization, folder, or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), "projects/[project-number]" (such as "projects/12345"), or "folders/[folder-number]" (such as "folders/12345"). |
optionalArgs |
array
Optional. |
↳ readTime |
Timestamp
Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results. |
↳ assetTypes |
string[]
A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types. |
↳ contentType |
int
Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on Google\Cloud\Asset\V1\ContentType |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ relationshipTypes |
string[]
A list of relationship types to output, for example: |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\Asset;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $parent Name of the organization, folder, or project the assets belong
* to. Format: "organizations/[organization-number]" (such as
* "organizations/123"), "projects/[project-id]" (such as
* "projects/my-project-id"), "projects/[project-number]" (such as
* "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
*/
function list_assets_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->listAssets($parent);
/** @var Asset $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
list_assets_sample($parent);
}
listFeeds
Lists all asset feeds in a parent project/folder/organization.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id"). |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\ListFeedsResponse |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ListFeedsResponse;
/**
* @param string $parent The parent project/folder/organization whose feeds are to be
* listed. It can only be using project/folder/organization number (such as
* "folders/12345")", or a project ID (such as "projects/my-project-id").
*/
function list_feeds_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var ListFeedsResponse $response */
$response = $assetServiceClient->listFeeds($parent);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
list_feeds_sample($parent);
}
listSavedQueries
Lists all saved queries in a parent project/folder/organization.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The parent project/folder/organization whose savedQueries are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id"). |
optionalArgs |
array
Optional. |
↳ filter |
string
Optional. The expression to filter resources. The expression is a list of zero or more restrictions combined via logical operators |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
/**
* @param string $formattedParent The parent project/folder/organization whose savedQueries are to
* be listed. It can only be using project/folder/organization number (such as
* "folders/12345")", or a project ID (such as "projects/my-project-id"). Please see
* {@see AssetServiceClient::projectName()} for help formatting this field.
*/
function list_saved_queries_sample(string $formattedParent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->listSavedQueries($formattedParent);
/** @var SavedQuery $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = AssetServiceClient::projectName('[PROJECT]');
list_saved_queries_sample($formattedParent);
}
queryAssets
Issue a job that queries assets using a SQL statement compatible with BigQuery Standard SQL.
If the query execution finishes within timeout and there's no pagination,
the full query results will be returned in the QueryAssetsResponse
.
Otherwise, full query results can be obtained by issuing extra requests
with the job_reference
from the a previous QueryAssets
call.
Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). Only assets belonging to the |
optionalArgs |
array
Optional. |
↳ statement |
string
Optional. A SQL statement that's compatible with BigQuery Standard SQL. |
↳ jobReference |
string
Optional. Reference to the query job, which is from the |
↳ pageSize |
int
Optional. The maximum number of rows to return in the results. Responses are limited to 10 MB and 1000 rows. By default, the maximum row count is 1000. When the byte or row count limit is reached, the rest of the query results will be paginated. The field will be ignored when [output_config] is specified. |
↳ pageToken |
string
Optional. A page token received from previous |
↳ timeout |
Duration
Optional. Specifies the maximum amount of time that the client is willing to wait for the query to complete. By default, this limit is 5 min for the first query, and 1 minute for the following queries. If the query is complete, the |
↳ readTimeWindow |
TimeWindow
Optional. [start_time] is required. [start_time] must be less than [end_time] Defaults [end_time] to now if [start_time] is set and [end_time] isn't. Maximum permitted time range is 7 days. |
↳ readTime |
Timestamp
Optional. Queries cloud assets as they appeared at the specified point in time. |
↳ outputConfig |
QueryAssetsOutputConfig
Optional. Destination where the query results will be saved. When this field is specified, the query results won't be saved in the [QueryAssetsResponse.query_result]. Instead [QueryAssetsResponse.output_config] will be set. Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used to check the status of the query job when passed to a following [QueryAssets] API call. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\QueryAssetsResponse |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\QueryAssetsResponse;
/**
* @param string $parent The relative name of the root asset. This can only be an
* organization number (such as "organizations/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345"),
* or a folder number (such as "folders/123").
*
* Only assets belonging to the `parent` will be returned.
*/
function query_assets_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var QueryAssetsResponse $response */
$response = $assetServiceClient->queryAssets($parent);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
query_assets_sample($parent);
}
searchAllIamPolicies
Searches all IAM policies within the specified scope, such as a project,
folder, or organization. The caller must be granted the
cloudasset.assets.searchAllIamPolicies
permission on the desired scope,
otherwise the request will be rejected.
Parameters | |
---|---|
Name | Description |
scope |
string
Required. A scope can be a project, a folder, or an organization. The
search is limited to the IAM policies within the The allowed values are:
|
optionalArgs |
array
Optional. |
↳ query |
string
Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ assetTypes |
string[]
Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the searchable asset types. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".Instance." snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. |
↳ orderBy |
string
Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * resource * assetType * project All the other fields such as repeated fields (e.g., |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicySearchResult;
/**
* @param string $scope A scope can be a project, a folder, or an organization. The
* search is limited to the IAM policies within the `scope`. The caller must
* be granted the
* [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
* permission on the desired scope.
*
* The allowed values are:
*
* * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
* * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
* * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
*/
function search_all_iam_policies_sample(string $scope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->searchAllIamPolicies($scope);
/** @var IamPolicySearchResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
search_all_iam_policies_sample($scope);
}
searchAllResources
Searches all Google Cloud resources within the specified scope, such as a
project, folder, or organization. The caller must be granted the
cloudasset.assets.searchAllResources
permission on the desired scope,
otherwise the request will be rejected.
Parameters | |
---|---|
Name | Description |
scope |
string
Required. A scope can be a project, a folder, or an organization. The
search is limited to the resources within the The allowed values are:
|
optionalArgs |
array
Optional. |
↳ query |
string
Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the resources within the specified |
↳ assetTypes |
string[]
Optional. A list of asset types that this request searches for. If empty, it will search all the searchable asset types. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ orderBy |
string
Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., |
↳ readMask |
FieldMask
Optional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only '' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `"" |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ResourceSearchResult;
/**
* @param string $scope A scope can be a project, a folder, or an organization. The
* search is limited to the resources within the `scope`. The caller must be
* granted the
* [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
* permission on the desired scope.
*
* The allowed values are:
*
* * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
* * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
* * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
*/
function search_all_resources_sample(string $scope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->searchAllResources($scope);
/** @var ResourceSearchResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
search_all_resources_sample($scope);
}
updateFeed
Updates an asset feed configuration.
Parameters | |
---|---|
Name | Description |
feed |
Google\Cloud\Asset\V1\Feed
Required. The new values of feed details. It must match an existing feed
and the field |
updateMask |
Google\Protobuf\FieldMask
Required. Only updates the |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\Feed |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;
use Google\Protobuf\FieldMask;
/**
* @param string $feedName The format will be
* projects/{project_number}/feeds/{client-assigned_feed_identifier} or
* folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
* organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
*
* The client-assigned feed identifier must be unique within the parent
* project/folder/organization.
*/
function update_feed_sample(string $feedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$feedFeedOutputConfig = new FeedOutputConfig();
$feed = (new Feed())
->setName($feedName)
->setFeedOutputConfig($feedFeedOutputConfig);
$updateMask = new FieldMask();
// Call the API and handle any network failures.
try {
/** @var Feed $response */
$response = $assetServiceClient->updateFeed($feed, $updateMask);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$feedName = '[NAME]';
update_feed_sample($feedName);
}
updateSavedQuery
Updates a saved query.
Parameters | |
---|---|
Name | Description |
savedQuery |
Google\Cloud\Asset\V1\SavedQuery
Required. The saved query to update. The saved query's
|
updateMask |
Google\Protobuf\FieldMask
Required. The list of fields to update. |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\Asset\V1\SavedQuery |
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
use Google\Protobuf\FieldMask;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_saved_query_sample(): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$savedQuery = new SavedQuery();
$updateMask = new FieldMask();
// Call the API and handle any network failures.
try {
/** @var SavedQuery $response */
$response = $assetServiceClient->updateSavedQuery($savedQuery, $updateMask);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
Constants
SERVICE_NAME
Value: 'google.cloud.asset.v1.AssetService'
The name of the service.
SERVICE_ADDRESS
Value: 'cloudasset.googleapis.com'
The default address of the service.
DEFAULT_SERVICE_PORT
Value: 443
The default port of the service.
CODEGEN_NAME
Value: 'gapic'
The name of the code generator, to be included in the agent header.