From a9636723076205516d2fa6d449560c0fdf54d851 Mon Sep 17 00:00:00 2001 From: yoshi-automation Date: Tue, 14 Jul 2020 04:29:31 -0700 Subject: [PATCH] feat(cloudasset): update the API #### cloudasset:v1 The following keys were added: - resources.v1.methods.searchAllIamPolicies.description - resources.v1.methods.searchAllIamPolicies.flatPath - resources.v1.methods.searchAllIamPolicies.httpMethod - resources.v1.methods.searchAllIamPolicies.id - resources.v1.methods.searchAllIamPolicies.parameterOrder - resources.v1.methods.searchAllIamPolicies.parameters.pageSize.description - resources.v1.methods.searchAllIamPolicies.parameters.pageSize.format - resources.v1.methods.searchAllIamPolicies.parameters.pageSize.location - resources.v1.methods.searchAllIamPolicies.parameters.pageSize.type - resources.v1.methods.searchAllIamPolicies.parameters.pageToken.description - resources.v1.methods.searchAllIamPolicies.parameters.pageToken.location - resources.v1.methods.searchAllIamPolicies.parameters.pageToken.type - resources.v1.methods.searchAllIamPolicies.parameters.query.description - resources.v1.methods.searchAllIamPolicies.parameters.query.location - resources.v1.methods.searchAllIamPolicies.parameters.query.type - resources.v1.methods.searchAllIamPolicies.parameters.scope.description - resources.v1.methods.searchAllIamPolicies.parameters.scope.location - resources.v1.methods.searchAllIamPolicies.parameters.scope.pattern - resources.v1.methods.searchAllIamPolicies.parameters.scope.required - resources.v1.methods.searchAllIamPolicies.parameters.scope.type - resources.v1.methods.searchAllIamPolicies.path - resources.v1.methods.searchAllIamPolicies.response.$ref - resources.v1.methods.searchAllIamPolicies.scopes - resources.v1.methods.searchAllResources.description - resources.v1.methods.searchAllResources.flatPath - resources.v1.methods.searchAllResources.httpMethod - resources.v1.methods.searchAllResources.id - resources.v1.methods.searchAllResources.parameterOrder - resources.v1.methods.searchAllResources.parameters.assetTypes.description - resources.v1.methods.searchAllResources.parameters.assetTypes.location - resources.v1.methods.searchAllResources.parameters.assetTypes.repeated - resources.v1.methods.searchAllResources.parameters.assetTypes.type - resources.v1.methods.searchAllResources.parameters.orderBy.description - resources.v1.methods.searchAllResources.parameters.orderBy.location - resources.v1.methods.searchAllResources.parameters.orderBy.type - resources.v1.methods.searchAllResources.parameters.pageSize.description - resources.v1.methods.searchAllResources.parameters.pageSize.format - resources.v1.methods.searchAllResources.parameters.pageSize.location - resources.v1.methods.searchAllResources.parameters.pageSize.type - resources.v1.methods.searchAllResources.parameters.pageToken.description - resources.v1.methods.searchAllResources.parameters.pageToken.location - resources.v1.methods.searchAllResources.parameters.pageToken.type - resources.v1.methods.searchAllResources.parameters.query.description - resources.v1.methods.searchAllResources.parameters.query.location - resources.v1.methods.searchAllResources.parameters.query.type - resources.v1.methods.searchAllResources.parameters.scope.description - resources.v1.methods.searchAllResources.parameters.scope.location - resources.v1.methods.searchAllResources.parameters.scope.pattern - resources.v1.methods.searchAllResources.parameters.scope.required - resources.v1.methods.searchAllResources.parameters.scope.type - resources.v1.methods.searchAllResources.path - resources.v1.methods.searchAllResources.response.$ref - resources.v1.methods.searchAllResources.scopes - schemas.Explanation.description - schemas.Explanation.id - schemas.Explanation.properties.matchedPermissions.additionalProperties.$ref - schemas.Explanation.properties.matchedPermissions.description - schemas.Explanation.properties.matchedPermissions.type - schemas.Explanation.type - schemas.Feed.properties.condition.$ref - schemas.Feed.properties.condition.description - schemas.IamPolicySearchResult.description - schemas.IamPolicySearchResult.id - schemas.IamPolicySearchResult.properties.explanation.$ref - schemas.IamPolicySearchResult.properties.explanation.description - schemas.IamPolicySearchResult.properties.policy.$ref - schemas.IamPolicySearchResult.properties.policy.description - schemas.IamPolicySearchResult.properties.project.description - schemas.IamPolicySearchResult.properties.project.type - schemas.IamPolicySearchResult.properties.resource.description - schemas.IamPolicySearchResult.properties.resource.type - schemas.IamPolicySearchResult.type - schemas.Permissions.description - schemas.Permissions.id - schemas.Permissions.properties.permissions.description - schemas.Permissions.properties.permissions.items.type - schemas.Permissions.properties.permissions.type - schemas.Permissions.type - schemas.ResourceSearchResult.description - schemas.ResourceSearchResult.id - schemas.ResourceSearchResult.properties.additionalAttributes.additionalProperties.description - schemas.ResourceSearchResult.properties.additionalAttributes.additionalProperties.type - schemas.ResourceSearchResult.properties.additionalAttributes.description - schemas.ResourceSearchResult.properties.additionalAttributes.type - schemas.ResourceSearchResult.properties.assetType.description - schemas.ResourceSearchResult.properties.assetType.type - schemas.ResourceSearchResult.properties.description.description - schemas.ResourceSearchResult.properties.description.type - schemas.ResourceSearchResult.properties.displayName.description - schemas.ResourceSearchResult.properties.displayName.type - schemas.ResourceSearchResult.properties.labels.additionalProperties.type - schemas.ResourceSearchResult.properties.labels.description - schemas.ResourceSearchResult.properties.labels.type - schemas.ResourceSearchResult.properties.location.description - schemas.ResourceSearchResult.properties.location.type - schemas.ResourceSearchResult.properties.name.description - schemas.ResourceSearchResult.properties.name.type - schemas.ResourceSearchResult.properties.networkTags.description - schemas.ResourceSearchResult.properties.networkTags.items.type - schemas.ResourceSearchResult.properties.networkTags.type - schemas.ResourceSearchResult.properties.project.description - schemas.ResourceSearchResult.properties.project.type - schemas.ResourceSearchResult.type - schemas.SearchAllIamPoliciesResponse.description - schemas.SearchAllIamPoliciesResponse.id - schemas.SearchAllIamPoliciesResponse.properties.nextPageToken.description - schemas.SearchAllIamPoliciesResponse.properties.nextPageToken.type - schemas.SearchAllIamPoliciesResponse.properties.results.description - schemas.SearchAllIamPoliciesResponse.properties.results.items.$ref - schemas.SearchAllIamPoliciesResponse.properties.results.type - schemas.SearchAllIamPoliciesResponse.type - schemas.SearchAllResourcesResponse.description - schemas.SearchAllResourcesResponse.id - schemas.SearchAllResourcesResponse.properties.nextPageToken.description - schemas.SearchAllResourcesResponse.properties.nextPageToken.type - schemas.SearchAllResourcesResponse.properties.results.description - schemas.SearchAllResourcesResponse.properties.results.items.$ref - schemas.SearchAllResourcesResponse.properties.results.type - schemas.SearchAllResourcesResponse.type - schemas.TemporalAsset.properties.priorAsset.$ref - schemas.TemporalAsset.properties.priorAsset.description - schemas.TemporalAsset.properties.priorAssetState.description - schemas.TemporalAsset.properties.priorAssetState.enum - schemas.TemporalAsset.properties.priorAssetState.enumDescriptions - schemas.TemporalAsset.properties.priorAssetState.type The following keys were changed: - schemas.ExportAssetsRequest.properties.assetTypes.description --- discovery/cloudasset-v1.json | 263 +++++++++++++++- src/apis/cloudasset/v1.ts | 561 ++++++++++++++++++++++++++++++++++- 2 files changed, 821 insertions(+), 3 deletions(-) diff --git a/discovery/cloudasset-v1.json b/discovery/cloudasset-v1.json index c4e3f7f50a..b97565a03b 100644 --- a/discovery/cloudasset-v1.json +++ b/discovery/cloudasset-v1.json @@ -353,11 +353,104 @@ "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] + }, + "searchAllIamPolicies": { + "description": "Searches all the IAM policies within the given accessible scope (e.g., a\nproject, a folder or an organization). Callers should have\n`cloud.assets.SearchAllIamPolicies` permission upon the requested scope,\notherwise the request will be rejected.", + "flatPath": "v1/{v1Id}/{v1Id1}:searchAllIamPolicies", + "httpMethod": "GET", + "id": "cloudasset.searchAllIamPolicies", + "parameterOrder": [ + "scope" + ], + "parameters": { + "pageSize": { + "description": "Optional. The page size for search result pagination. Page size is capped at 500 even\nif a larger value is given. If set to zero, server will pick an appropriate\ndefault. Returned results may be fewer than requested. When this happens,\nthere could be more results as long as `next_page_token` is returned.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional. If present, retrieve the next batch of results from the preceding call to\nthis method. `page_token` must be the value of `next_page_token` from the\nprevious response. The values of all other method parameters must be\nidentical to those in the previous call.", + "location": "query", + "type": "string" + }, + "query": { + "description": "Optional. The query statement. An empty query can be specified to search all the IAM\npolicies within the given `scope`.\n\nExamples:\n\n* `policy : \"amy@gmail.com\"` to find Cloud IAM policy bindings that\n specify user \"amy@gmail.com\".\n* `policy : \"roles/compute.admin\"` to find Cloud IAM policy bindings that\n specify the Compute Admin role.\n* `policy.role.permissions : \"storage.buckets.update\"` to find Cloud IAM\n policy bindings that specify a role containing \"storage.buckets.update\"\n permission.\n* `resource : \"organizations/123\"` to find Cloud IAM policy bindings that\n are set on \"organizations/123\".\n* `(resource : (\"organizations/123\" OR \"folders/1234\") AND policy : \"amy\")`\n to find Cloud IAM policy bindings that are set on \"organizations/123\" or\n \"folders/1234\", and also specify user \"amy\".\n\nSee [how to construct a\nquery](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)\nfor more details.", + "location": "query", + "type": "string" + }, + "scope": { + "description": "Required. A scope can be a project, a folder or an organization. The search is\nlimited to the IAM policies within the `scope`.\n\nThe allowed values are:\n\n* projects/{PROJECT_ID}\n* projects/{PROJECT_NUMBER}\n* folders/{FOLDER_NUMBER}\n* organizations/{ORGANIZATION_NUMBER}", + "location": "path", + "pattern": "^[^/]+/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+scope}:searchAllIamPolicies", + "response": { + "$ref": "SearchAllIamPoliciesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "searchAllResources": { + "description": "Searches all the resources within the given accessible scope (e.g., a\nproject, a folder or an organization). Callers should have\n`cloud.assets.SearchAllResources` permission upon the requested scope,\notherwise the request will be rejected.", + "flatPath": "v1/{v1Id}/{v1Id1}:searchAllResources", + "httpMethod": "GET", + "id": "cloudasset.searchAllResources", + "parameterOrder": [ + "scope" + ], + "parameters": { + "assetTypes": { + "description": "Optional. A list of asset types that this request searches for. If empty, it will\nsearch all the [searchable asset\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).", + "location": "query", + "repeated": true, + "type": "string" + }, + "orderBy": { + "description": "Optional. A comma separated list of fields specifying the sorting order of the\nresults. The default order is ascending. Add \" DESC\" after the field name\nto indicate descending order. Redundant space characters are ignored.\nExample: \"location DESC, name\". Only string fields in the response are\nsortable, including `name`, `displayName`, `description`, `location`. All\nthe other fields such as repeated fields (e.g., `networkTags`), map\nfields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)\nare not supported.", + "location": "query", + "type": "string" + }, + "pageSize": { + "description": "Optional. The page size for search result pagination. Page size is capped at 500 even\nif a larger value is given. If set to zero, server will pick an appropriate\ndefault. Returned results may be fewer than requested. When this happens,\nthere could be more results as long as `next_page_token` is returned.", + "format": "int32", + "location": "query", + "type": "integer" + }, + "pageToken": { + "description": "Optional. If present, then retrieve the next batch of results from the preceding call\nto this method. `page_token` must be the value of `next_page_token` from\nthe previous response. The values of all other method parameters, must be\nidentical to those in the previous call.", + "location": "query", + "type": "string" + }, + "query": { + "description": "Optional. The query statement. An empty query can be specified to search all the\nresources of certain `asset_types` within the given `scope`.\n\nExamples:\n\n* `name : \"Important\"` to find Cloud resources whose name contains\n \"Important\" as a word.\n* `displayName : \"Impor*\"` to find Cloud resources whose display name\n contains \"Impor\" as a word prefix.\n* `description : \"*por*\"` to find Cloud resources whose description\n contains \"por\" as a substring.\n* `location : \"us-west*\"` to find Cloud resources whose location is\n prefixed with \"us-west\".\n* `labels : \"prod\"` to find Cloud resources whose labels contain \"prod\" as\n a key or value.\n* `labels.env : \"prod\"` to find Cloud resources which have a label \"env\"\n and its value is \"prod\".\n* `labels.env : *` to find Cloud resources which have a label \"env\".\n* `\"Important\"` to find Cloud resources which contain \"Important\" as a word\n in any of the searchable fields.\n* `\"Impor*\"` to find Cloud resources which contain \"Impor\" as a word prefix\n in any of the searchable fields.\n* `\"*por*\"` to find Cloud resources which contain \"por\" as a substring in\n any of the searchable fields.\n* `(\"Important\" AND location : (\"us-west1\" OR \"global\"))` to find Cloud\n resources which contain \"Important\" as a word in any of the searchable\n fields and are also located in the \"us-west1\" region or the \"global\"\n location.\n\nSee [how to construct a\nquery](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)\nfor more details.", + "location": "query", + "type": "string" + }, + "scope": { + "description": "Required. A scope can be a project, a folder or an organization. The search is\nlimited to the resources within the `scope`.\n\nThe allowed values are:\n\n* projects/{PROJECT_ID}\n* projects/{PROJECT_NUMBER}\n* folders/{FOLDER_NUMBER}\n* organizations/{ORGANIZATION_NUMBER}", + "location": "path", + "pattern": "^[^/]+/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+scope}:searchAllResources", + "response": { + "$ref": "SearchAllResourcesResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] } } } }, - "revision": "20200613", + "revision": "20200707", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "Asset": { @@ -538,12 +631,26 @@ "properties": {}, "type": "object" }, + "Explanation": { + "description": "Explanation about the IAM policy search result.", + "id": "Explanation", + "properties": { + "matchedPermissions": { + "additionalProperties": { + "$ref": "Permissions" + }, + "description": "The map from roles to their included permissions that match the\npermission query (i.e., a query containing `policy.role.permissions:`).\nExample: if query `policy.role.permissions : \"compute.disk.get\"`\nmatches a policy binding that contains owner role, the\nmatched_permissions will be `{\"roles/owner\": [\"compute.disk.get\"]}`. The\nroles can also be found in the returned `policy` bindings. Note that the\nmap is populated only for requests with permission queries.", + "type": "object" + } + }, + "type": "object" + }, "ExportAssetsRequest": { "description": "Export asset request.", "id": "ExportAssetsRequest", "properties": { "assetTypes": { - "description": "A list of asset types of which to take a snapshot for. Example:\n\"compute.googleapis.com/Disk\". If specified, only matching assets will be\nreturned. See [Introduction to Cloud Asset\nInventory](https://cloud.google.com/asset-inventory/docs/overview)\nfor all supported asset types.", + "description": "A list of asset types to take a snapshot for. For example:\n\"compute.googleapis.com/Disk\".\n\nRegular expressions are also supported. For example:\n\n* \"compute.googleapis.com.*\" snapshots resources whose asset type starts\nwith \"compute.googleapis.com\".\n* \".*Instance\" snapshots resources whose asset type ends with \"Instance\".\n* \".*Instance.*\" snapshots resources whose asset type contains \"Instance\".\n\nSee [RE2](https://github.com/google/re2/wiki/Syntax) for all supported\nregular expression syntax. If the regular expression does not match any\nsupported asset type, an INVALID_ARGUMENT error will be returned.\n\nIf specified, only matching assets will be returned, otherwise, it will\nsnapshot all asset types. See [Introduction to Cloud Asset\nInventory](https://cloud.google.com/asset-inventory/docs/overview)\nfor all supported asset types.", "items": { "type": "string" }, @@ -620,6 +727,10 @@ }, "type": "array" }, + "condition": { + "$ref": "Expr", + "description": "A condition which determines whether an asset update should be published.\nIf specified, an asset will be returned only when the expression evaluates\nto true.\nWhen set, `expression` field in the `Expr` must be a valid [CEL expression]\n(https://github.com/google/cel-spec) on a TemporalAsset with name\n`temporal_asset`. Example: a Feed with expression (\"temporal_asset.deleted\n== true\") will only publish Asset deletions. Other fields of `Expr` are\noptional." + }, "contentType": { "description": "Asset content type. If not specified, no content but the asset name and\ntype will be returned.", "enum": [ @@ -1097,6 +1208,29 @@ }, "type": "object" }, + "IamPolicySearchResult": { + "description": "A result of IAM Policy search, containing information of an IAM policy.", + "id": "IamPolicySearchResult", + "properties": { + "explanation": { + "$ref": "Explanation", + "description": "Explanation about the IAM policy search result. It contains additional\ninformation to explain why the search result matches the query." + }, + "policy": { + "$ref": "Policy", + "description": "The IAM policy directly set on the given resource. Note that the original\nIAM policy can contain multiple bindings. This only contains the bindings\nthat match the given query. For queries that don't contain a constrain on\npolicies (e.g., an empty query), this contains all the bindings.\n\nTo search against the `policy` bindings:\n\n* use a field query, as following:\n - query by the policy contained members. Example:\n `policy : \"amy@gmail.com\"`\n - query by the policy contained roles. Example:\n `policy : \"roles/compute.admin\"`\n - query by the policy contained roles' implied permissions. Example:\n `policy.role.permissions : \"compute.instances.create\"`" + }, + "project": { + "description": "The project that the associated GCP resource belongs to, in the form of\nprojects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM\ninstance, Cloud Storage bucket), the project field will indicate the\nproject that contains the resource. If an IAM policy is set on a folder or\norgnization, the project field will be empty.\n\nTo search against the `project`:\n\n* specify the `scope` field as this project in your search request.", + "type": "string" + }, + "resource": { + "description": "The full resource name of the resource associated with this IAM policy.\nExample:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Cloud Asset Inventory Resource Name\nFormat](https://cloud.google.com/asset-inventory/docs/resource-name-format)\nfor more information.\n\nTo search against the `resource`:\n\n* use a field query. Example: `resource : \"organizations/123\"`", + "type": "string" + } + }, + "type": "object" + }, "ListFeedsResponse": { "id": "ListFeedsResponse", "properties": { @@ -1160,6 +1294,20 @@ }, "type": "object" }, + "Permissions": { + "description": "IAM permissions", + "id": "Permissions", + "properties": { + "permissions": { + "description": "A list of permissions. A sample permission string: `compute.disk.get`.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "Policy": { "description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).", "id": "Policy", @@ -1241,6 +1389,95 @@ }, "type": "object" }, + "ResourceSearchResult": { + "description": "A result of Resource Search, containing information of a cloud resoure.", + "id": "ResourceSearchResult", + "properties": { + "additionalAttributes": { + "additionalProperties": { + "description": "Properties of the object.", + "type": "any" + }, + "description": "The additional attributes of this resource. The attributes may vary from\none resource type to another. Examples: `projectId` for Project,\n`dnsName` for DNS ManagedZone. This field contains a subset of the resource\nmetadata fields that are returned by the List or Get APIs provided by the\ncorresponding GCP service (e.g., Compute Engine). see [API\nreferences](https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_resource_types)\nof CAIS supported resource types. You can search values of these fields\nthrough free text search. However, you should not consume the field\nprogramically as the field names and values may change as the GCP service\n(e.g., Compute Engine) updates to a new incompatible API version.\n\nTo search against the `additional_attributes`:\n\n* use a free text query to match the attributes values. Example: to search\n `additional_attributes = { dnsName: \"foobar\" }`, you can issue a query\n `\"foobar\"`.", + "type": "object" + }, + "assetType": { + "description": "The type of this resource. Example: `compute.googleapis.com/Disk`.\n\nTo search against the `asset_type`:\n\n* specify the `asset_type` field in your search request.", + "type": "string" + }, + "description": { + "description": "One or more paragraphs of text description of this resource. Maximum length\ncould be up to 1M bytes.\n\nTo search against the `description`:\n\n* use a field query. Example: `description : \"*important instance*\"`\n* use a free text query. Example: `\"*important instance*\"`", + "type": "string" + }, + "displayName": { + "description": "The display name of this resource.\n\nTo search against the `display_name`:\n\n* use a field query. Example: `displayName : \"My Instance\"`\n* use a free text query. Example: `\"My Instance\"`", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels associated with this resource. See [Labelling and grouping GCP\nresources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)\nfor more information.\n\nTo search against the `labels`:\n\n* use a field query, as following:\n - query on any label's key or value. Example: `labels : \"prod\"`\n - query by a given label. Example: `labels.env : \"prod\"`\n - query by a given label'sexistence. Example: `labels.env : *`\n* use a free text query. Example: `\"prod\"`", + "type": "object" + }, + "location": { + "description": "Location can be `global`, regional like `us-east1`, or zonal like\n`us-west1-b`.\n\nTo search against the `location`:\n\n* use a field query. Example: `location : \"us-west*\"`\n* use a free text query. Example: `\"us-west*\"`", + "type": "string" + }, + "name": { + "description": "The full resource name of this resource. Example:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Cloud Asset Inventory Resource Name\nFormat](https://cloud.google.com/asset-inventory/docs/resource-name-format)\nfor more information.\n\nTo search against the `name`:\n\n* use a field query. Example: `name : \"instance1\"`\n* use a free text query. Example: `\"instance1\"`", + "type": "string" + }, + "networkTags": { + "description": "Network tags associated with this resource. Like labels, network tags are a\ntype of annotations used to group GCP resources. See [Labelling GCP\nresources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)\nfor more information.\n\nTo search against the `network_tags`:\n\n* use a field query. Example: `networkTags : \"internal\"`\n* use a free text query. Example: `\"internal\"`", + "items": { + "type": "string" + }, + "type": "array" + }, + "project": { + "description": "The project that this resource belongs to, in the form of\nprojects/{PROJECT_NUMBER}.\n\nTo search against the `project`:\n\n* specify the `scope` field as this project in your search request.", + "type": "string" + } + }, + "type": "object" + }, + "SearchAllIamPoliciesResponse": { + "description": "Search all IAM policies response.", + "id": "SearchAllIamPoliciesResponse", + "properties": { + "nextPageToken": { + "description": "Set if there are more results than those appearing in this response; to get\nthe next set of results, call this method again, using this value as the\n`page_token`.", + "type": "string" + }, + "results": { + "description": "A list of IamPolicy that match the search query. Related information such\nas the associated resource is returned along with the policy.", + "items": { + "$ref": "IamPolicySearchResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "SearchAllResourcesResponse": { + "description": "Search all resources response.", + "id": "SearchAllResourcesResponse", + "properties": { + "nextPageToken": { + "description": "If there are more results than those appearing in this response, then\n`next_page_token` is included. To get the next set of results, call this\nmethod again using the value of `next_page_token` as `page_token`.", + "type": "string" + }, + "results": { + "description": "A list of Resources that match the search query. It contains the resource\nstandard metadata information.", + "items": { + "$ref": "ResourceSearchResult" + }, + "type": "array" + } + }, + "type": "object" + }, "Status": { "description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).", "id": "Status", @@ -1280,6 +1517,28 @@ "description": "Whether the asset has been deleted or not.", "type": "boolean" }, + "priorAsset": { + "$ref": "Asset", + "description": "Prior copy of the asset. Populated if prior_asset_state is PRESENT.\nCurrently this is only set for responses in Real-Time Feed." + }, + "priorAssetState": { + "description": "State of prior_asset.", + "enum": [ + "PRIOR_ASSET_STATE_UNSPECIFIED", + "PRESENT", + "INVALID", + "DOES_NOT_EXIST", + "DELETED" + ], + "enumDescriptions": [ + "prior_asset is not applicable for the current asset.", + "prior_asset is populated correctly.", + "Failed to set prior_asset.", + "Current asset is the first known state.", + "prior_asset is a deletion." + ], + "type": "string" + }, "window": { "$ref": "TimeWindow", "description": "The time window when the asset data and state was observed." diff --git a/src/apis/cloudasset/v1.ts b/src/apis/cloudasset/v1.ts index dbf0dae9c3..e23fc40cf9 100644 --- a/src/apis/cloudasset/v1.ts +++ b/src/apis/cloudasset/v1.ts @@ -262,12 +262,21 @@ export namespace cloudasset_v1 { * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`. */ export interface Schema$Empty {} + /** + * Explanation about the IAM policy search result. + */ + export interface Schema$Explanation { + /** + * The map from roles to their included permissions that match the permission query (i.e., a query containing `policy.role.permissions:`). Example: if query `policy.role.permissions : "compute.disk.get"` matches a policy binding that contains owner role, the matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The roles can also be found in the returned `policy` bindings. Note that the map is populated only for requests with permission queries. + */ + matchedPermissions?: {[key: string]: Schema$Permissions} | null; + } /** * Export asset request. */ export interface Schema$ExportAssetsRequest { /** - * A list of asset types of which to take a snapshot for. Example: "compute.googleapis.com/Disk". If specified, only matching assets will be returned. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all supported asset types. + * A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all supported asset types. */ assetTypes?: string[] | null; /** @@ -316,6 +325,10 @@ export namespace cloudasset_v1 { * A list of types of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. Example: `"compute.googleapis.com/Disk"` See [this topic](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for a list of all supported asset types. */ assetTypes?: string[] | null; + /** + * A condition which determines whether an asset update should be published. If specified, an asset will be returned only when the expression evaluates to true. When set, `expression` field in the `Expr` must be a valid [CEL expression] (https://github.com/google/cel-spec) on a TemporalAsset with name `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted == true") will only publish Asset deletions. Other fields of `Expr` are optional. + */ + condition?: Schema$Expr; /** * Asset content type. If not specified, no content but the asset name and type will be returned. */ @@ -632,6 +645,27 @@ export namespace cloudasset_v1 { */ enableRestriction?: boolean | null; } + /** + * A result of IAM Policy search, containing information of an IAM policy. + */ + export interface Schema$IamPolicySearchResult { + /** + * Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query. + */ + explanation?: Schema$Explanation; + /** + * The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g., an empty query), this contains all the bindings. To search against the `policy` bindings: * use a field query, as following: - query by the policy contained members. Example: `policy : "amy@gmail.com"` - query by the policy contained roles. Example: `policy : "roles/compute.admin"` - query by the policy contained roles' implied permissions. Example: `policy.role.permissions : "compute.instances.create"` + */ + policy?: Schema$Policy; + /** + * The project that the associated GCP resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, the project field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request. + */ + project?: string | null; + /** + * The full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information. To search against the `resource`: * use a field query. Example: `resource : "organizations/123"` + */ + resource?: string | null; + } export interface Schema$ListFeedsResponse { /** * A list of feeds. @@ -676,6 +710,15 @@ export namespace cloudasset_v1 { */ gcsDestination?: Schema$GcsDestination; } + /** + * IAM permissions + */ + export interface Schema$Permissions { + /** + * A list of permissions. A sample permission string: `compute.disk.get`. + */ + permissions?: string[] | null; + } /** * An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). */ @@ -739,6 +782,73 @@ export namespace cloudasset_v1 { */ version?: string | null; } + /** + * A result of Resource Search, containing information of a cloud resoure. + */ + export interface Schema$ResourceSearchResult { + /** + * The additional attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding GCP service (e.g., Compute Engine). see [API references](https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_resource_types) of CAIS supported resource types. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the GCP service (e.g., Compute Engine) updates to a new incompatible API version. To search against the `additional_attributes`: * use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `"foobar"`. + */ + additionalAttributes?: {[key: string]: any} | null; + /** + * The type of this resource. Example: `compute.googleapis.com/Disk`. To search against the `asset_type`: * specify the `asset_type` field in your search request. + */ + assetType?: string | null; + /** + * One or more paragraphs of text description of this resource. Maximum length could be up to 1M bytes. To search against the `description`: * use a field query. Example: `description : "*important instance*"` * use a free text query. Example: `"*important instance*"` + */ + description?: string | null; + /** + * The display name of this resource. To search against the `display_name`: * use a field query. Example: `displayName : "My Instance"` * use a free text query. Example: `"My Instance"` + */ + displayName?: string | null; + /** + * Labels associated with this resource. See [Labelling and grouping GCP resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. To search against the `labels`: * use a field query, as following: - query on any label's key or value. Example: `labels : "prod"` - query by a given label. Example: `labels.env : "prod"` - query by a given label'sexistence. Example: `labels.env : *` * use a free text query. Example: `"prod"` + */ + labels?: {[key: string]: string} | null; + /** + * Location can be `global`, regional like `us-east1`, or zonal like `us-west1-b`. To search against the `location`: * use a field query. Example: `location : "us-west*"` * use a free text query. Example: `"us-west*"` + */ + location?: string | null; + /** + * The full resource name of this resource. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information. To search against the `name`: * use a field query. Example: `name : "instance1"` * use a free text query. Example: `"instance1"` + */ + name?: string | null; + /** + * Network tags associated with this resource. Like labels, network tags are a type of annotations used to group GCP resources. See [Labelling GCP resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. To search against the `network_tags`: * use a field query. Example: `networkTags : "internal"` * use a free text query. Example: `"internal"` + */ + networkTags?: string[] | null; + /** + * The project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}. To search against the `project`: * specify the `scope` field as this project in your search request. + */ + project?: string | null; + } + /** + * Search all IAM policies response. + */ + export interface Schema$SearchAllIamPoliciesResponse { + /** + * Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the `page_token`. + */ + nextPageToken?: string | null; + /** + * A list of IamPolicy that match the search query. Related information such as the associated resource is returned along with the policy. + */ + results?: Schema$IamPolicySearchResult[]; + } + /** + * Search all resources response. + */ + export interface Schema$SearchAllResourcesResponse { + /** + * If there are more results than those appearing in this response, then `next_page_token` is included. To get the next set of results, call this method again using the value of `next_page_token` as `page_token`. + */ + nextPageToken?: string | null; + /** + * A list of Resources that match the search query. It contains the resource standard metadata information. + */ + results?: Schema$ResourceSearchResult[]; + } /** * The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). */ @@ -768,6 +878,14 @@ export namespace cloudasset_v1 { * Whether the asset has been deleted or not. */ deleted?: boolean | null; + /** + * Prior copy of the asset. Populated if prior_asset_state is PRESENT. Currently this is only set for responses in Real-Time Feed. + */ + priorAsset?: Schema$Asset; + /** + * State of prior_asset. + */ + priorAssetState?: string | null; /** * The time window when the asset data and state was observed. */ @@ -855,6 +973,7 @@ export namespace cloudasset_v1 { * // { * // "assetNames": [], * // "assetTypes": [], + * // "condition": {}, * // "contentType": "my_contentType", * // "feedOutputConfig": {}, * // "name": "my_name" @@ -1121,6 +1240,7 @@ export namespace cloudasset_v1 { * // { * // "assetNames": [], * // "assetTypes": [], + * // "condition": {}, * // "contentType": "my_contentType", * // "feedOutputConfig": {}, * // "name": "my_name" @@ -1402,6 +1522,7 @@ export namespace cloudasset_v1 { * // { * // "assetNames": [], * // "assetTypes": [], + * // "condition": {}, * // "contentType": "my_contentType", * // "feedOutputConfig": {}, * // "name": "my_name" @@ -2001,6 +2122,398 @@ export namespace cloudasset_v1 { return createAPIRequest(parameters); } } + + /** + * cloudasset.searchAllIamPolicies + * @desc Searches all the IAM policies within the given accessible scope (e.g., a project, a folder or an organization). Callers should have `cloud.assets.SearchAllIamPolicies` permission upon the requested scope, otherwise the request will be rejected. + * @example + * // Before running the sample: + * // - Enable the API at: + * // https://console.developers.google.com/apis/api/cloudasset.googleapis.com + * // - Login into gcloud by running: + * // `$ gcloud auth application-default login` + * // - Install the npm module by running: + * // `$ npm install googleapis` + * + * const {google} = require('googleapis'); + * const cloudasset = google.cloudasset('v1'); + * + * async function main() { + * const auth = new google.auth.GoogleAuth({ + * // Scopes can be specified either as an array or as a single, space-delimited string. + * scopes: ['https://www.googleapis.com/auth/cloud-platform'], + * }); + * + * // Acquire an auth client, and bind it to all future calls + * const authClient = await auth.getClient(); + * google.options({auth: authClient}); + * + * // Do the magic + * const res = await cloudasset.searchAllIamPolicies({ + * // Optional. The page size for search result pagination. Page size is capped at 500 even + * // if a larger value is given. If set to zero, server will pick an appropriate + * // default. Returned results may be fewer than requested. When this happens, + * // there could be more results as long as `next_page_token` is returned. + * pageSize: 'placeholder-value', + * // Optional. If present, retrieve the next batch of results from the preceding call to + * // this method. `page_token` must be the value of `next_page_token` from the + * // previous response. The values of all other method parameters must be + * // identical to those in the previous call. + * pageToken: 'placeholder-value', + * // Optional. The query statement. An empty query can be specified to search all the IAM + * // policies within the given `scope`. + * // + * // Examples: + * // + * // * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that + * // specify user "amy@gmail.com". + * // * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that + * // specify the Compute Admin role. + * // * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM + * // policy bindings that specify a role containing "storage.buckets.update" + * // permission. + * // * `resource : "organizations/123"` to find Cloud IAM policy bindings that + * // are set on "organizations/123". + * // * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")` + * // to find Cloud IAM policy bindings that are set on "organizations/123" or + * // "folders/1234", and also specify user "amy". + * // + * // See [how to construct a + * // query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) + * // for more details. + * query: 'placeholder-value', + * // Required. A scope can be a project, a folder or an organization. The search is + * // limited to the IAM policies within the `scope`. + * // + * // The allowed values are: + * // + * // * projects/{PROJECT_ID} + * // * projects/{PROJECT_NUMBER} + * // * folders/{FOLDER_NUMBER} + * // * organizations/{ORGANIZATION_NUMBER} + * scope: '[^/]+/[^/]+', + * }); + * console.log(res.data); + * + * // Example response + * // { + * // "nextPageToken": "my_nextPageToken", + * // "results": [] + * // } + * } + * + * main().catch(e => { + * console.error(e); + * throw e; + * }); + * + * @alias cloudasset.searchAllIamPolicies + * @memberOf! () + * + * @param {object} params Parameters for request + * @param {integer=} params.pageSize Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. + * @param {string=} params.pageToken Optional. If present, retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters must be identical to those in the previous call. + * @param {string=} params.query Optional. The query statement. An empty query can be specified to search all the IAM policies within the given `scope`. Examples: * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that specify user "amy@gmail.com". * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that specify the Compute Admin role. * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM policy bindings that specify a role containing "storage.buckets.update" permission. * `resource : "organizations/123"` to find Cloud IAM policy bindings that are set on "organizations/123". * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")` to find Cloud IAM policy bindings that are set on "organizations/123" or "folders/1234", and also specify user "amy". See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) for more details. + * @param {string} params.scope Required. A scope can be a project, a folder or an organization. The search is limited to the IAM policies within the `scope`. The allowed values are: * projects/{PROJECT_ID} * projects/{PROJECT_NUMBER} * folders/{FOLDER_NUMBER} * organizations/{ORGANIZATION_NUMBER} + * @param {object} [options] Optionally override request options, such as `url`, `method`, and `encoding`. + * @param {callback} callback The callback that handles the response. + * @return {object} Request object + */ + searchAllIamPolicies( + params: Params$Resource$V1$Searchalliampolicies, + options: StreamMethodOptions + ): GaxiosPromise; + searchAllIamPolicies( + params?: Params$Resource$V1$Searchalliampolicies, + options?: MethodOptions + ): GaxiosPromise; + searchAllIamPolicies( + params: Params$Resource$V1$Searchalliampolicies, + options: StreamMethodOptions | BodyResponseCallback, + callback: BodyResponseCallback + ): void; + searchAllIamPolicies( + params: Params$Resource$V1$Searchalliampolicies, + options: + | MethodOptions + | BodyResponseCallback, + callback: BodyResponseCallback + ): void; + searchAllIamPolicies( + params: Params$Resource$V1$Searchalliampolicies, + callback: BodyResponseCallback + ): void; + searchAllIamPolicies( + callback: BodyResponseCallback + ): void; + searchAllIamPolicies( + paramsOrCallback?: + | Params$Resource$V1$Searchalliampolicies + | BodyResponseCallback + | BodyResponseCallback, + optionsOrCallback?: + | MethodOptions + | StreamMethodOptions + | BodyResponseCallback + | BodyResponseCallback, + callback?: + | BodyResponseCallback + | BodyResponseCallback + ): + | void + | GaxiosPromise + | GaxiosPromise { + let params = (paramsOrCallback || + {}) as Params$Resource$V1$Searchalliampolicies; + let options = (optionsOrCallback || {}) as MethodOptions; + + if (typeof paramsOrCallback === 'function') { + callback = paramsOrCallback; + params = {} as Params$Resource$V1$Searchalliampolicies; + options = {}; + } + + if (typeof optionsOrCallback === 'function') { + callback = optionsOrCallback; + options = {}; + } + + const rootUrl = options.rootUrl || 'https://cloudasset.googleapis.com/'; + const parameters = { + options: Object.assign( + { + url: (rootUrl + '/v1/{+scope}:searchAllIamPolicies').replace( + /([^:]\/)\/+/g, + '$1' + ), + method: 'GET', + }, + options + ), + params, + requiredParams: ['scope'], + pathParams: ['scope'], + context: this.context, + }; + if (callback) { + createAPIRequest( + parameters, + callback as BodyResponseCallback<{} | void> + ); + } else { + return createAPIRequest( + parameters + ); + } + } + + /** + * cloudasset.searchAllResources + * @desc Searches all the resources within the given accessible scope (e.g., a project, a folder or an organization). Callers should have `cloud.assets.SearchAllResources` permission upon the requested scope, otherwise the request will be rejected. + * @example + * // Before running the sample: + * // - Enable the API at: + * // https://console.developers.google.com/apis/api/cloudasset.googleapis.com + * // - Login into gcloud by running: + * // `$ gcloud auth application-default login` + * // - Install the npm module by running: + * // `$ npm install googleapis` + * + * const {google} = require('googleapis'); + * const cloudasset = google.cloudasset('v1'); + * + * async function main() { + * const auth = new google.auth.GoogleAuth({ + * // Scopes can be specified either as an array or as a single, space-delimited string. + * scopes: ['https://www.googleapis.com/auth/cloud-platform'], + * }); + * + * // Acquire an auth client, and bind it to all future calls + * const authClient = await auth.getClient(); + * google.options({auth: authClient}); + * + * // Do the magic + * const res = await cloudasset.searchAllResources({ + * // Optional. A list of asset types that this request searches for. If empty, it will + * // search all the [searchable asset + * // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). + * assetTypes: 'placeholder-value', + * // Optional. A comma separated list of fields specifying the sorting order of the + * // results. The default order is ascending. Add " DESC" after the field name + * // to indicate descending order. Redundant space characters are ignored. + * // Example: "location DESC, name". Only string fields in the response are + * // sortable, including `name`, `displayName`, `description`, `location`. All + * // the other fields such as repeated fields (e.g., `networkTags`), map + * // fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) + * // are not supported. + * orderBy: 'placeholder-value', + * // Optional. The page size for search result pagination. Page size is capped at 500 even + * // if a larger value is given. If set to zero, server will pick an appropriate + * // default. Returned results may be fewer than requested. When this happens, + * // there could be more results as long as `next_page_token` is returned. + * pageSize: 'placeholder-value', + * // Optional. If present, then retrieve the next batch of results from the preceding call + * // to this method. `page_token` must be the value of `next_page_token` from + * // the previous response. The values of all other method parameters, must be + * // identical to those in the previous call. + * pageToken: 'placeholder-value', + * // Optional. The query statement. An empty query can be specified to search all the + * // resources of certain `asset_types` within the given `scope`. + * // + * // Examples: + * // + * // * `name : "Important"` to find Cloud resources whose name contains + * // "Important" as a word. + * // * `displayName : "Impor*"` to find Cloud resources whose display name + * // contains "Impor" as a word prefix. + * // * `description : "*por*"` to find Cloud resources whose description + * // contains "por" as a substring. + * // * `location : "us-west*"` to find Cloud resources whose location is + * // prefixed with "us-west". + * // * `labels : "prod"` to find Cloud resources whose labels contain "prod" as + * // a key or value. + * // * `labels.env : "prod"` to find Cloud resources which have a label "env" + * // and its value is "prod". + * // * `labels.env : *` to find Cloud resources which have a label "env". + * // * `"Important"` to find Cloud resources which contain "Important" as a word + * // in any of the searchable fields. + * // * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix + * // in any of the searchable fields. + * // * `"*por*"` to find Cloud resources which contain "por" as a substring in + * // any of the searchable fields. + * // * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud + * // resources which contain "Important" as a word in any of the searchable + * // fields and are also located in the "us-west1" region or the "global" + * // location. + * // + * // See [how to construct a + * // query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) + * // for more details. + * query: 'placeholder-value', + * // Required. A scope can be a project, a folder or an organization. The search is + * // limited to the resources within the `scope`. + * // + * // The allowed values are: + * // + * // * projects/{PROJECT_ID} + * // * projects/{PROJECT_NUMBER} + * // * folders/{FOLDER_NUMBER} + * // * organizations/{ORGANIZATION_NUMBER} + * scope: '[^/]+/[^/]+', + * }); + * console.log(res.data); + * + * // Example response + * // { + * // "nextPageToken": "my_nextPageToken", + * // "results": [] + * // } + * } + * + * main().catch(e => { + * console.error(e); + * throw e; + * }); + * + * @alias cloudasset.searchAllResources + * @memberOf! () + * + * @param {object} params Parameters for request + * @param {string=} params.assetTypes Optional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). + * @param {string=} params.orderBy Optional. A comma separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only string fields in the response are sortable, including `name`, `displayName`, `description`, `location`. All the other fields such as repeated fields (e.g., `networkTags`), map fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) are not supported. + * @param {integer=} params.pageSize Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. + * @param {string=} params.pageToken Optional. If present, then retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters, must be identical to those in the previous call. + * @param {string=} params.query Optional. The query statement. An empty query can be specified to search all the resources of certain `asset_types` within the given `scope`. Examples: * `name : "Important"` to find Cloud resources whose name contains "Important" as a word. * `displayName : "Impor*"` to find Cloud resources whose display name contains "Impor" as a word prefix. * `description : "*por*"` to find Cloud resources whose description contains "por" as a substring. * `location : "us-west*"` to find Cloud resources whose location is prefixed with "us-west". * `labels : "prod"` to find Cloud resources whose labels contain "prod" as a key or value. * `labels.env : "prod"` to find Cloud resources which have a label "env" and its value is "prod". * `labels.env : *` to find Cloud resources which have a label "env". * `"Important"` to find Cloud resources which contain "Important" as a word in any of the searchable fields. * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix in any of the searchable fields. * `"*por*"` to find Cloud resources which contain "por" as a substring in any of the searchable fields. * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud resources which contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more details. + * @param {string} params.scope Required. A scope can be a project, a folder or an organization. The search is limited to the resources within the `scope`. The allowed values are: * projects/{PROJECT_ID} * projects/{PROJECT_NUMBER} * folders/{FOLDER_NUMBER} * organizations/{ORGANIZATION_NUMBER} + * @param {object} [options] Optionally override request options, such as `url`, `method`, and `encoding`. + * @param {callback} callback The callback that handles the response. + * @return {object} Request object + */ + searchAllResources( + params: Params$Resource$V1$Searchallresources, + options: StreamMethodOptions + ): GaxiosPromise; + searchAllResources( + params?: Params$Resource$V1$Searchallresources, + options?: MethodOptions + ): GaxiosPromise; + searchAllResources( + params: Params$Resource$V1$Searchallresources, + options: StreamMethodOptions | BodyResponseCallback, + callback: BodyResponseCallback + ): void; + searchAllResources( + params: Params$Resource$V1$Searchallresources, + options: + | MethodOptions + | BodyResponseCallback, + callback: BodyResponseCallback + ): void; + searchAllResources( + params: Params$Resource$V1$Searchallresources, + callback: BodyResponseCallback + ): void; + searchAllResources( + callback: BodyResponseCallback + ): void; + searchAllResources( + paramsOrCallback?: + | Params$Resource$V1$Searchallresources + | BodyResponseCallback + | BodyResponseCallback, + optionsOrCallback?: + | MethodOptions + | StreamMethodOptions + | BodyResponseCallback + | BodyResponseCallback, + callback?: + | BodyResponseCallback + | BodyResponseCallback + ): + | void + | GaxiosPromise + | GaxiosPromise { + let params = (paramsOrCallback || + {}) as Params$Resource$V1$Searchallresources; + let options = (optionsOrCallback || {}) as MethodOptions; + + if (typeof paramsOrCallback === 'function') { + callback = paramsOrCallback; + params = {} as Params$Resource$V1$Searchallresources; + options = {}; + } + + if (typeof optionsOrCallback === 'function') { + callback = optionsOrCallback; + options = {}; + } + + const rootUrl = options.rootUrl || 'https://cloudasset.googleapis.com/'; + const parameters = { + options: Object.assign( + { + url: (rootUrl + '/v1/{+scope}:searchAllResources').replace( + /([^:]\/)\/+/g, + '$1' + ), + method: 'GET', + }, + options + ), + params, + requiredParams: ['scope'], + pathParams: ['scope'], + context: this.context, + }; + if (callback) { + createAPIRequest( + parameters, + callback as BodyResponseCallback<{} | void> + ); + } else { + return createAPIRequest(parameters); + } + } } export interface Params$Resource$V1$Batchgetassetshistory @@ -2037,4 +2550,50 @@ export namespace cloudasset_v1 { */ requestBody?: Schema$ExportAssetsRequest; } + export interface Params$Resource$V1$Searchalliampolicies + extends StandardParameters { + /** + * Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. + */ + pageSize?: number; + /** + * Optional. If present, retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters must be identical to those in the previous call. + */ + pageToken?: string; + /** + * Optional. The query statement. An empty query can be specified to search all the IAM policies within the given `scope`. Examples: * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that specify user "amy@gmail.com". * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that specify the Compute Admin role. * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM policy bindings that specify a role containing "storage.buckets.update" permission. * `resource : "organizations/123"` to find Cloud IAM policy bindings that are set on "organizations/123". * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")` to find Cloud IAM policy bindings that are set on "organizations/123" or "folders/1234", and also specify user "amy". See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) for more details. + */ + query?: string; + /** + * Required. A scope can be a project, a folder or an organization. The search is limited to the IAM policies within the `scope`. The allowed values are: * projects/{PROJECT_ID} * projects/{PROJECT_NUMBER} * folders/{FOLDER_NUMBER} * organizations/{ORGANIZATION_NUMBER} + */ + scope?: string; + } + export interface Params$Resource$V1$Searchallresources + extends StandardParameters { + /** + * Optional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). + */ + assetTypes?: string[]; + /** + * Optional. A comma separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only string fields in the response are sortable, including `name`, `displayName`, `description`, `location`. All the other fields such as repeated fields (e.g., `networkTags`), map fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) are not supported. + */ + orderBy?: string; + /** + * Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. + */ + pageSize?: number; + /** + * Optional. If present, then retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters, must be identical to those in the previous call. + */ + pageToken?: string; + /** + * Optional. The query statement. An empty query can be specified to search all the resources of certain `asset_types` within the given `scope`. Examples: * `name : "Important"` to find Cloud resources whose name contains "Important" as a word. * `displayName : "Impor*"` to find Cloud resources whose display name contains "Impor" as a word prefix. * `description : "*por*"` to find Cloud resources whose description contains "por" as a substring. * `location : "us-west*"` to find Cloud resources whose location is prefixed with "us-west". * `labels : "prod"` to find Cloud resources whose labels contain "prod" as a key or value. * `labels.env : "prod"` to find Cloud resources which have a label "env" and its value is "prod". * `labels.env : *` to find Cloud resources which have a label "env". * `"Important"` to find Cloud resources which contain "Important" as a word in any of the searchable fields. * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix in any of the searchable fields. * `"*por*"` to find Cloud resources which contain "por" as a substring in any of the searchable fields. * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud resources which contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more details. + */ + query?: string; + /** + * Required. A scope can be a project, a folder or an organization. The search is limited to the resources within the `scope`. The allowed values are: * projects/{PROJECT_ID} * projects/{PROJECT_NUMBER} * folders/{FOLDER_NUMBER} * organizations/{ORGANIZATION_NUMBER} + */ + scope?: string; + } }