Types for Cloud Asset API Client#
-
class
google.cloud.asset_v1.types.
Any
# -
type_url
# Field google.protobuf.Any.type_url
-
value
# Field google.protobuf.Any.value
-
-
class
google.cloud.asset_v1.types.
Asset
# Cloud asset. This includes all Google Cloud Platform resources, Cloud IAM policies, and other non-GCP assets.
-
name
# The full name of the asset. For example:
//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1
. See https://cloud.google.com/apis/design/resource_names#full_resource_name for more information.
-
asset_type
# Type of the asset. Example: “compute.googleapis.com/Disk”.
-
resource
# Representation of the resource.
-
iam_policy
# Representation of the actual Cloud IAM policy set on a cloud resource. For each resource, there must be at most one Cloud IAM policy set on it.
-
asset_type
Field google.cloud.asset.v1.Asset.asset_type
-
iam_policy
Field google.cloud.asset.v1.Asset.iam_policy
-
name
Field google.cloud.asset.v1.Asset.name
-
resource
Field google.cloud.asset.v1.Asset.resource
-
-
class
google.cloud.asset_v1.types.
AuditConfigDelta
# One delta entry for AuditConfig. Each individual change (only one exempted_member in each entry) to a AuditConfig will be a separate entry.
-
action
# The action that was performed on an audit configuration in a policy. Required
-
service
# Specifies a service that was configured for Cloud Audit Logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services. Required
-
exempted_member
# A single identity that is exempted from “data access” audit logging for the
service
specified above. Follows the same format of Binding.members.
-
log_type
# Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always enabled, and cannot be configured. Required
-
action
Field google.iam.v1.AuditConfigDelta.action
-
exempted_member
Field google.iam.v1.AuditConfigDelta.exempted_member
-
log_type
Field google.iam.v1.AuditConfigDelta.log_type
-
service
Field google.iam.v1.AuditConfigDelta.service
-
-
class
google.cloud.asset_v1.types.
BatchGetAssetsHistoryRequest
# Batch get assets history request.
-
parent
# Required. The relative name of the root asset. It can only be an organization number (such as “organizations/123”), a project ID (such as “projects/my-project-id”)”, or a project number (such as “projects/12345”).
-
asset_names
# A list of the full names of the assets. For example:
//compu te.googleapis.com/projects/my_project_123/zones/zone1/instance s/instance1
. See Resource Names and Resource Name Format for more info. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.
-
content_type
# Required. The content type.
-
read_time_window
# Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after 2018-10-02 UTC. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.
-
asset_names
Field google.cloud.asset.v1.BatchGetAssetsHistoryRequest.asset_names
-
content_type
Field google.cloud.asset.v1.BatchGetAssetsHistoryRequest.content_type
-
parent
Field google.cloud.asset.v1.BatchGetAssetsHistoryRequest.parent
-
read_time_window
Field google.cloud.asset.v1.BatchGetAssetsHistoryRequest.read_time_window
-
-
class
google.cloud.asset_v1.types.
BatchGetAssetsHistoryResponse
# Batch get assets history response.
-
assets
# A list of assets with valid time windows.
-
assets
Field google.cloud.asset.v1.BatchGetAssetsHistoryResponse.assets
-
-
class
google.cloud.asset_v1.types.
Binding
# Associates
members
with arole
.-
role
# Role that is assigned to
members
. For example,roles/viewer
,roles/editor
, orroles/owner
.
-
members
# Specifies the identities requesting access for a Cloud Platform resource.
members
can have the following values: -allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. -allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. -user:{emailid}
: An email address that represents a specific Google account. For example,alice@gmail.com
. -serviceAccount:{emailid}
: An email address that represents a service account. For example,my-other- app@appspot.gserviceaccount.com
. -group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. -domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
.
-
condition
# The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
-
condition
Field google.iam.v1.Binding.condition
-
members
Field google.iam.v1.Binding.members
-
role
Field google.iam.v1.Binding.role
-
-
class
google.cloud.asset_v1.types.
BindingDelta
# One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.
-
action
# The action that was performed on a Binding. Required
-
role
# Role that is assigned to
members
. For example,roles/viewer
,roles/editor
, orroles/owner
. Required
-
member
# A single identity requesting access for a Cloud Platform resource. Follows the same format of Binding.members. Required
-
condition
# Unimplemented. The condition that is associated with this binding. This field is logged only for Cloud Audit Logging.
-
action
Field google.iam.v1.BindingDelta.action
-
condition
Field google.iam.v1.BindingDelta.condition
-
member
Field google.iam.v1.BindingDelta.member
-
role
Field google.iam.v1.BindingDelta.role
-
-
class
google.cloud.asset_v1.types.
CancelOperationRequest
# -
name
# Field google.longrunning.CancelOperationRequest.name
-
-
class
google.cloud.asset_v1.types.
DeleteOperationRequest
# -
name
# Field google.longrunning.DeleteOperationRequest.name
-
-
class
google.cloud.asset_v1.types.
ExportAssetsRequest
# Export asset request.
-
parent
# Required. The relative name of the root asset. This can only be an organization number (such as “organizations/123”), a project ID (such as “projects/my-project-id”), or a project number (such as “projects/12345”), or a folder number (such as “folders/123”).
-
read_time
# Timestamp to take an asset snapshot. This can only be set to a timestamp between 2018-10-02 UTC (inclusive) and the current time. If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
-
asset_types
# A list of asset types of which to take a snapshot for. For example: “compute.googleapis.com/Disk”. If specified, only matching assets will be returned. See Introduction to Cloud Asset Inventory for all supported asset types.
-
content_type
# Asset content type. If not specified, no content but the asset name will be returned.
-
output_config
# Required. Output configuration indicating where the results will be output to. All results will be in newline delimited JSON format.
-
asset_types
Field google.cloud.asset.v1.ExportAssetsRequest.asset_types
-
content_type
Field google.cloud.asset.v1.ExportAssetsRequest.content_type
-
output_config
Field google.cloud.asset.v1.ExportAssetsRequest.output_config
-
parent
Field google.cloud.asset.v1.ExportAssetsRequest.parent
-
read_time
Field google.cloud.asset.v1.ExportAssetsRequest.read_time
-
-
class
google.cloud.asset_v1.types.
ExportAssetsResponse
# The export asset response. This message is returned by the [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned [google.longrunning.Operation.response][google.longrunning.Operation.response] field.
-
read_time
# Time the snapshot was taken.
-
output_config
# Output configuration indicating where the results were output to. All results are in JSON format.
-
output_config
Field google.cloud.asset.v1.ExportAssetsResponse.output_config
-
read_time
Field google.cloud.asset.v1.ExportAssetsResponse.read_time
-
-
class
google.cloud.asset_v1.types.
Expr
# -
description
# Field google.type.Expr.description
-
expression
# Field google.type.Expr.expression
-
location
# Field google.type.Expr.location
-
title
# Field google.type.Expr.title
-
-
class
google.cloud.asset_v1.types.
GcsDestination
# A Cloud Storage location.
-
object_uri
# Required.
-
uri
# The uri of the Cloud Storage object. It’s the same uri that is used by gsutil. For example: “gs://bucket_name/object_name”. See Viewing and Editing Object Metadata for more information.
-
uri
Field google.cloud.asset.v1.GcsDestination.uri
-
-
class
google.cloud.asset_v1.types.
GetOperationRequest
# -
name
# Field google.longrunning.GetOperationRequest.name
-
-
class
google.cloud.asset_v1.types.
ListOperationsRequest
# -
filter
# Field google.longrunning.ListOperationsRequest.filter
-
name
# Field google.longrunning.ListOperationsRequest.name
-
page_size
# Field google.longrunning.ListOperationsRequest.page_size
-
page_token
# Field google.longrunning.ListOperationsRequest.page_token
-
-
class
google.cloud.asset_v1.types.
ListOperationsResponse
# -
next_page_token
# Field google.longrunning.ListOperationsResponse.next_page_token
-
operations
# Field google.longrunning.ListOperationsResponse.operations
-
-
class
google.cloud.asset_v1.types.
Operation
# -
deserialize
()# Creates new method instance from given serialized data.
-
done
# Field google.longrunning.Operation.done
-
error
# Field google.longrunning.Operation.error
-
metadata
# Field google.longrunning.Operation.metadata
-
name
# Field google.longrunning.Operation.name
-
response
# Field google.longrunning.Operation.response
-
-
class
google.cloud.asset_v1.types.
OperationInfo
# -
metadata_type
# Field google.longrunning.OperationInfo.metadata_type
-
response_type
# Field google.longrunning.OperationInfo.response_type
-
-
class
google.cloud.asset_v1.types.
OutputConfig
# Output configuration for export assets destination.
-
destination
# Asset export destination.
-
gcs_destination
# Destination on Cloud Storage.
-
gcs_destination
Field google.cloud.asset.v1.OutputConfig.gcs_destination
-
-
class
google.cloud.asset_v1.types.
Policy
# Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A
Policy
consists of a list ofbindings
. Abinding
binds a list ofmembers
to arole
, where the members can be user accounts, Google groups, Google domains, and service accounts. Arole
is a named list of permissions defined by IAM.JSON Example
{ "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] }
YAML Example
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner - members: - user:sean@example.com role: roles/viewer
For a description of IAM and its features, see the IAM developer’s guide.
-
version
# Deprecated.
-
bindings
# Associates a list of
members
to arole
.bindings
with no members will result in an error.
-
etag
# etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. If noetag
is provided in the call tosetIamPolicy
, then the existing policy is overwritten blindly.
-
bindings
Field google.iam.v1.Policy.bindings
-
etag
Field google.iam.v1.Policy.etag
-
version
Field google.iam.v1.Policy.version
-
-
class
google.cloud.asset_v1.types.
PolicyDelta
# The difference delta between two policies.
-
binding_deltas
# The delta for Bindings between two policies.
-
audit_config_deltas
# The delta for AuditConfigs between two policies.
-
audit_config_deltas
Field google.iam.v1.PolicyDelta.audit_config_deltas
-
binding_deltas
Field google.iam.v1.PolicyDelta.binding_deltas
-
-
class
google.cloud.asset_v1.types.
Resource
# Representation of a cloud resource.
-
version
# The API version. Example: “v1”.
-
discovery_document_uri
# The URL of the discovery document containing the resource’s JSON schema. For example:
"https://www.googleapis.com/discov ery/v1/apis/compute/v1/rest"
. It will be left unspecified for resources without a discovery-based API, such as Cloud Bigtable.
-
discovery_name
# The JSON schema name listed in the discovery document. Example: “Project”. It will be left unspecified for resources (such as Cloud Bigtable) without a discovery-based API.
-
resource_url
# The REST URL for accessing the resource. An HTTP GET operation using this URL returns the resource itself. Example:
https://cloudresourcemanager.googleapis.com/v1/projects/my- project-123
. It will be left unspecified for resources without a REST API.
-
parent
# The full name of the immediate parent of this resource. See Resource Names for more information. For GCP assets, it is the parent resource defined in the Cloud IAM policy hierarchy. For example:
"//cloudresourcemanager.go ogleapis.com/projects/my_project_123"
. For third-party assets, it is up to the users to define.
-
data
# The content of the resource, in which some sensitive fields are scrubbed away and may not be present.
-
data
Field google.cloud.asset.v1.Resource.data
-
discovery_document_uri
Field google.cloud.asset.v1.Resource.discovery_document_uri
-
discovery_name
Field google.cloud.asset.v1.Resource.discovery_name
-
parent
Field google.cloud.asset.v1.Resource.parent
-
resource_url
Field google.cloud.asset.v1.Resource.resource_url
-
version
Field google.cloud.asset.v1.Resource.version
-
-
class
google.cloud.asset_v1.types.
Status
# -
code
# Field google.rpc.Status.code
-
details
# Field google.rpc.Status.details
-
message
# Field google.rpc.Status.message
-
-
class
google.cloud.asset_v1.types.
Struct
# -
class
FieldsEntry
# -
key
# Field google.protobuf.Struct.FieldsEntry.key
-
value
# Field google.protobuf.Struct.FieldsEntry.value
-
-
fields
# Field google.protobuf.Struct.fields
-
class
-
class
google.cloud.asset_v1.types.
TemporalAsset
# Temporal asset. In addition to the asset, the temporal asset includes the status of the asset and valid from and to time of it.
-
window
# The time window when the asset data and state was observed.
-
deleted
# If the asset is deleted or not.
-
asset
# Asset.
-
asset
Field google.cloud.asset.v1.TemporalAsset.asset
-
deleted
Field google.cloud.asset.v1.TemporalAsset.deleted
-
window
Field google.cloud.asset.v1.TemporalAsset.window
-
-
class
google.cloud.asset_v1.types.
TimeWindow
# A time window of (start_time, end_time].
-
start_time
# Start time of the time window (exclusive).
-
end_time
# End time of the time window (inclusive). Current timestamp if not specified.
-
end_time
Field google.cloud.asset.v1.TimeWindow.end_time
-
start_time
Field google.cloud.asset.v1.TimeWindow.start_time
-
-
class
google.cloud.asset_v1.types.
Timestamp
# -
nanos
# Field google.protobuf.Timestamp.nanos
-
seconds
# Field google.protobuf.Timestamp.seconds
-
-
class
google.cloud.asset_v1.types.
Value
# -
bool_value
# Field google.protobuf.Value.bool_value
-
list_value
# Field google.protobuf.Value.list_value
-
null_value
# Field google.protobuf.Value.null_value
-
number_value
# Field google.protobuf.Value.number_value
-
string_value
# Field google.protobuf.Value.string_value
-
struct_value
# Field google.protobuf.Value.struct_value
-