package google.cloud.asset.v1p2beta1

Get desktop application:
View/edit binary Protocol Buffers messages

Asset service definition.

• rpc ExportAssets (ExportAssetsRequest, longrunning.Operation)

  asset_service.proto:44

  Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you to keep track of the export.

  message ExportAssetsRequest

  asset_service.proto:102

  Export asset request.

  • string parent = 1

    Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345").

  • optional protobuf.Timestamp read_time = 2

    Timestamp to take an asset snapshot. This can only be set to a timestamp between 2018-10-02 UTC (inclusive) and the current time. If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.

  • repeated string asset_types = 3

    A list of asset types of which to take a snapshot for. For example: "compute.googleapis.com/Disk". If specified, only matching assets will be returned. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) for all supported asset types.

  • ContentType content_type = 4

    Asset content type. If not specified, no content but the asset name will be returned.

  • optional OutputConfig output_config = 5

    Required. Output configuration indicating where the results will be output to. All results will be in newline delimited JSON format.

• rpc BatchGetAssetsHistory (BatchGetAssetsHistoryRequest, BatchGetAssetsHistoryResponse)

  asset_service.proto:56

  Batch gets the update history of assets that overlap a time window. For RESOURCE content, this API outputs history with asset in both non-delete or deleted status. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history.

  message BatchGetAssetsHistoryRequest

  asset_service.proto:144

  Batch get assets history request.

  • string parent = 1

    Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

  • repeated string asset_names = 2

    A list of the full names of the assets. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) and [Resource Name Format](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format) for more info. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.

  • ContentType content_type = 3

    Required. The content type.

  • optional TimeWindow read_time_window = 4

    Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after 2018-10-02 UTC. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.

  message BatchGetAssetsHistoryResponse

  asset_service.proto:175

  Batch get assets history response.

  • repeated TemporalAsset assets = 1

    A list of assets with valid time windows.

• rpc CreateFeed (CreateFeedRequest, Feed)

  asset_service.proto:64

  Creates a feed in a parent project/folder/organization to listen to its asset updates.

  message CreateFeedRequest

  asset_service.proto:181

  Create asset feed request.

  • string parent = 1

    Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").

  • string feed_id = 2

    Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.

  • optional Feed feed = 3

    The feed details. The field `name` must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

• rpc GetFeed (GetFeedRequest, Feed)

  asset_service.proto:72

  Gets details about an asset feed.

  message GetFeedRequest

  asset_service.proto:202

  Get asset feed request.

  • string name = 1

    The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

• rpc ListFeeds (ListFeedsRequest, ListFeedsResponse)

  asset_service.proto:79

  Lists all asset feeds in a parent project/folder/organization.

  message ListFeedsRequest

  asset_service.proto:211

  List asset feeds request.

  • string parent = 1

    Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").

  message ListFeedsResponse

  asset_service.proto:219

  List asset feeds response.

  • repeated Feed feeds = 1

    A list of feeds.

• rpc UpdateFeed (UpdateFeedRequest, Feed)

  asset_service.proto:86

  Updates an asset feed configuration.

  message UpdateFeedRequest

  asset_service.proto:225

  Update asset feed request.

  • optional Feed feed = 1

    The new values of feed details. It must match an existing feed and the field `name` must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.

  • optional protobuf.FieldMask update_mask = 2

    Only updates the `feed` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.

• rpc DeleteFeed (DeleteFeedRequest, protobuf.Empty)

  asset_service.proto:94

  Deletes an asset feed.

  message DeleteFeedRequest

  asset_service.proto:240

  Delete asset feed request.

  • string name = 1

    The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

Cloud asset. This includes all Google Cloud Platform resources, Cloud IAM policies, and other non-GCP assets.

Used in: TemporalAsset

• string name = 1

  The full name of the asset. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.

• string asset_type = 2

  Type of the asset. Example: "compute.googleapis.com/Disk".

• optional Resource resource = 3

  Representation of the resource.

• optional iam.v1.Policy iam_policy = 4

  Representation of the actual Cloud IAM policy set on a cloud resource. For each resource, there must be at most one Cloud IAM policy set on it.

• bytes iam_policy_name = 5

  Cloud IAM policy name of the Cloud IAM policy set on a cloud resource. For each resource, there must be at most one Cloud IAM policy name associated with it.

• repeated string ancestors = 6

  Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, represented as a list of relative resource names. Ancestry path starts with the closest CRM ancestor and ending at a visible root. If the asset is a CRM project/ folder/organization, this starts from the asset itself. Example: ["projects/123456789", "folders/5432", "organizations/1234"]

A Bigquery destination.

Used in: OutputConfig

• string dataset = 1

  Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId", to which the snapshot result should be exported. If this dataset does not exist, the export call returns an error.

• string table = 2

  Required. The BigQuery table to which the snapshot result should be written. If this table does not exist, a new table with the given name will be created.

• bool force = 3

  If the destination table already exists and this flag is `TRUE`, the table will be overwritten by the contents of assets snapshot. If the flag is not set and the destination table already exists, the export call returns an error.

Asset content type.

Used in: BatchGetAssetsHistoryRequest, ExportAssetsRequest, Feed

• CONTENT_TYPE_UNSPECIFIED = 0

  Unspecified content type.

• RESOURCE = 1

  Resource metadata.

• IAM_POLICY = 2

  The actual IAM policy set on a resource.

• IAM_POLICY_NAME = 3

  The IAM policy name for the IAM policy set on a resource.

• ORG_POLICY = 4

• ACCESS_POLICY = 5

  The Cloud Access context mananger Policy set on an asset.

The export asset response. This message is returned by the [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned [google.longrunning.Operation.response][google.longrunning.Operation.response] field.

• optional protobuf.Timestamp read_time = 1

  Time the snapshot was taken.

• optional OutputConfig output_config = 2

  Output configuration indicating where the results were output to. All results are in JSON format.

An asset feed used to export asset updates to a destinations. An asset feed filter controls what updates are exported. The asset feed must be created within a project, organization, or folder. Supported destinations are: Cloud Pub/Sub topics.

Used as response type in: AssetService.CreateFeed, AssetService.GetFeed, AssetService.UpdateFeed

Used as field type in: CreateFeedRequest, ListFeedsResponse, UpdateFeedRequest

• string name = 1

  Required. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier} The client-assigned feed identifier must be unique within the parent project/folder/organization.

• repeated string asset_names = 2

  A list of the full names of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names and asset_types are exported to the feed. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info.

• repeated string asset_types = 3

  A list of types of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names and asset_types are exported to the feed. For example: "compute.googleapis.com/Disk" See [Introduction to Cloud Asset Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) for all supported asset types.

• ContentType content_type = 4

  Asset content type. If not specified, no content but the asset name and type will be returned.

• optional FeedOutputConfig feed_output_config = 5

  Required. Feed output configuration defining where the asset updates are published to.

Output configuration for asset feed destination.

Used in: Feed

• oneof destination

  Asset feed destination.

  • PubsubDestination pubsub_destination = 1

    Destination on Cloud Pubsub.

A Cloud Storage location.

Used in: OutputConfig

• oneof object_uri

  Required.

  • string uri = 1

    The uri of the Cloud Storage object. It's the same uri that is used by gsutil. For example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information.

  • string uri_prefix = 2

    The uri prefix of all generated Cloud Storage objects. For example: "gs://bucket_name/object_name_prefix". Each object uri is in format: "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only contains assets for that type. <shard number> starts from 0. For example: "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is the first shard of output objects containing all compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be returned if file with the same name "gs://bucket_name/object_name_prefix" already exists.

Output configuration for export assets destination.

Used in: ExportAssetsRequest, ExportAssetsResponse

• oneof destination

  Asset export destination.

  • GcsDestination gcs_destination = 1

    Destination on Cloud Storage.

  • BigQueryDestination bigquery_destination = 2

    Destination on Bigquery. The output table stores the fields in asset proto as columns in BigQuery. The resource/iam_policy field is converted to a record with each field to a column, except metadata to a single JSON string.

A Cloud Pubsub destination.

Used in: FeedOutputConfig

• string topic = 1

  The name of the Cloud Pub/Sub topic to publish to. For example: `projects/PROJECT_ID/topics/TOPIC_ID`.

Representation of a cloud resource.

Used in: Asset

• string version = 1

  The API version. Example: "v1".

• string discovery_document_uri = 2

  The URL of the discovery document containing the resource's JSON schema. For example: `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. It will be left unspecified for resources without a discovery-based API, such as Cloud Bigtable.

• string discovery_name = 3

  The JSON schema name listed in the discovery document. Example: "Project". It will be left unspecified for resources (such as Cloud Bigtable) without a discovery-based API.

• string resource_url = 4

  The REST URL for accessing the resource. An HTTP GET operation using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. It will be left unspecified for resources without a REST API.

• string parent = 5

  The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For GCP assets, it is the parent resource defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). For example: `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. For third-party assets, it is up to the users to define.

• optional protobuf.Struct data = 6

  The content of the resource, in which some sensitive fields are scrubbed away and may not be present.

• optional protobuf.Any internal_data = 7

  The actual metadata content for the resource, only visible for internal users.

Temporal asset. In addition to the asset, the temporal asset includes the status of the asset and valid from and to time of it.

Used in: BatchGetAssetsHistoryResponse

• optional TimeWindow window = 1

  The time window when the asset data and state was observed.

• bool deleted = 2

  If the asset is deleted or not.

• optional Asset asset = 3

  Asset.

A time window of (start_time, end_time].

Used in: BatchGetAssetsHistoryRequest, TemporalAsset

• optional protobuf.Timestamp start_time = 1

  Start time of the time window (exclusive).

• optional protobuf.Timestamp end_time = 2

  End time of the time window (inclusive). Current timestamp if not specified.