-
Notifications
You must be signed in to change notification settings - Fork 598
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add
SearchAllResources
and SearchAllIamPolicies
rpcs in ass…
…et service proto (#332) * run compile protos * fix from package.json
- Loading branch information
1 parent
b042391
commit 81366f5
Showing
10 changed files
with
6,009 additions
and
950 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -37,12 +37,14 @@ option php_namespace = "Google\\Cloud\\Asset\\V1"; | |
// Asset service definition. | ||
service AssetService { | ||
option (google.api.default_host) = "cloudasset.googleapis.com"; | ||
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; | ||
option (google.api.oauth_scopes) = | ||
"https://www.googleapis.com/auth/cloud-platform"; | ||
|
||
// Exports assets with time and resource types to a given Cloud Storage | ||
// location. The output format is newline-delimited JSON. | ||
// This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you | ||
// to keep track of the export. | ||
// This API implements the | ||
// [google.longrunning.Operation][google.longrunning.Operation] API allowing | ||
// you to keep track of the export. | ||
rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { | ||
option (google.api.http) = { | ||
post: "/v1/{parent=*/*}:exportAssets" | ||
|
@@ -61,7 +63,8 @@ service AssetService { | |
// attached IAM POLICY both exist. This can create gaps in the output history. | ||
// If a specified asset does not exist, this API returns an INVALID_ARGUMENT | ||
// error. | ||
rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) { | ||
rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) | ||
returns (BatchGetAssetsHistoryResponse) { | ||
option (google.api.http) = { | ||
get: "/v1/{parent=*/*}:batchGetAssetsHistory" | ||
}; | ||
|
@@ -109,6 +112,30 @@ service AssetService { | |
}; | ||
option (google.api.method_signature) = "name"; | ||
} | ||
|
||
// Searches all the resources within the given accessible scope (e.g., a | ||
// project, a folder or an organization). Callers should have | ||
// cloud.assets.SearchAllResources permission upon the requested scope, | ||
// otherwise the request will be rejected. | ||
rpc SearchAllResources(SearchAllResourcesRequest) | ||
returns (SearchAllResourcesResponse) { | ||
option (google.api.http) = { | ||
get: "/v1/{scope=*/*}:searchAllResources" | ||
}; | ||
option (google.api.method_signature) = "scope,query,asset_types"; | ||
} | ||
|
||
// Searches all the IAM policies within the given accessible scope (e.g., a | ||
// project, a folder or an organization). Callers should have | ||
// cloud.assets.SearchAllIamPolicies permission upon the requested scope, | ||
// otherwise the request will be rejected. | ||
rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest) | ||
returns (SearchAllIamPoliciesResponse) { | ||
option (google.api.http) = { | ||
get: "/v1/{scope=*/*}:searchAllIamPolicies" | ||
}; | ||
option (google.api.method_signature) = "scope,query"; | ||
} | ||
} | ||
|
||
// Export asset request. | ||
|
@@ -148,8 +175,10 @@ message ExportAssetsRequest { | |
} | ||
|
||
// The export asset response. This message is returned by the | ||
// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned | ||
// [google.longrunning.Operation.response][google.longrunning.Operation.response] field. | ||
// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] | ||
// method in the returned | ||
// [google.longrunning.Operation.response][google.longrunning.Operation.response] | ||
// field. | ||
message ExportAssetsResponse { | ||
// Time the snapshot was taken. | ||
google.protobuf.Timestamp read_time = 1; | ||
|
@@ -214,9 +243,8 @@ message CreateFeedRequest { | |
// be unique under a specific parent project/folder/organization. | ||
string feed_id = 2 [(google.api.field_behavior) = REQUIRED]; | ||
|
||
// Required. The feed details. The field `name` must be empty and it will be generated | ||
// in the format of: | ||
// projects/project_number/feeds/feed_id | ||
// Required. The feed details. The field `name` must be empty and it will be | ||
// generated in the format of: projects/project_number/feeds/feed_id | ||
// folders/folder_number/feeds/feed_id | ||
// organizations/organization_number/feeds/feed_id | ||
Feed feed = 3 [(google.api.field_behavior) = REQUIRED]; | ||
|
@@ -230,9 +258,7 @@ message GetFeedRequest { | |
// organizations/organization_number/feeds/feed_id | ||
string name = 1 [ | ||
(google.api.field_behavior) = REQUIRED, | ||
(google.api.resource_reference) = { | ||
type: "cloudasset.googleapis.com/Feed" | ||
} | ||
(google.api.resource_reference) = { type: "cloudasset.googleapis.com/Feed" } | ||
]; | ||
} | ||
|
||
|
@@ -251,8 +277,8 @@ message ListFeedsResponse { | |
|
||
// Update asset feed request. | ||
message UpdateFeedRequest { | ||
// Required. The new values of feed details. It must match an existing feed and the | ||
// field `name` must be in the format of: | ||
// Required. The new values of feed details. It must match an existing feed | ||
// and the field `name` must be in the format of: | ||
// projects/project_number/feeds/feed_id or | ||
// folders/folder_number/feeds/feed_id or | ||
// organizations/organization_number/feeds/feed_id. | ||
|
@@ -261,7 +287,8 @@ message UpdateFeedRequest { | |
// Required. Only updates the `feed` fields indicated by this mask. | ||
// The field mask must not be empty, and it must not contain fields that | ||
// are immutable or only set by the server. | ||
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; | ||
google.protobuf.FieldMask update_mask = 2 | ||
[(google.api.field_behavior) = REQUIRED]; | ||
} | ||
|
||
message DeleteFeedRequest { | ||
|
@@ -271,9 +298,7 @@ message DeleteFeedRequest { | |
// organizations/organization_number/feeds/feed_id | ||
string name = 1 [ | ||
(google.api.field_behavior) = REQUIRED, | ||
(google.api.resource_reference) = { | ||
type: "cloudasset.googleapis.com/Feed" | ||
} | ||
(google.api.resource_reference) = { type: "cloudasset.googleapis.com/Feed" } | ||
]; | ||
} | ||
|
||
|
@@ -401,7 +426,156 @@ message Feed { | |
|
||
// Required. Feed output configuration defining where the asset updates are | ||
// published to. | ||
FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED]; | ||
FeedOutputConfig feed_output_config = 5 | ||
[(google.api.field_behavior) = REQUIRED]; | ||
} | ||
|
||
// Search all resources request. | ||
message SearchAllResourcesRequest { | ||
// Required. A scope can be a project, a folder or an organization. The search | ||
// is limited to the resources within the `scope`. | ||
// | ||
// The allowed values are: | ||
// | ||
// * projects/{PROJECT_ID} | ||
// * projects/{PROJECT_NUMBER} | ||
// * folders/{FOLDER_NUMBER} | ||
// * organizations/{ORGANIZATION_NUMBER} | ||
string scope = 1 [(google.api.field_behavior) = REQUIRED]; | ||
|
||
// Optional. The query statement. An empty query can be specified to search | ||
// all the resources of certain `asset_types` within the given `scope`. | ||
// | ||
// Examples: | ||
// | ||
// * `name : "Important"` to find Cloud resources whose name contains | ||
// "Important" as a word. | ||
// * `displayName : "Impor*"` to find Cloud resources whose display name | ||
// contains "Impor" as a word prefix. | ||
// * `description : "*por*"` to find Cloud resources whose description | ||
// contains "por" as a substring. | ||
// * `location : "us-west*"` to find Cloud resources whose location is | ||
// prefixed with "us-west". | ||
// * `labels : "prod"` to find Cloud resources whose labels contain "prod" as | ||
// a key or value. | ||
// * `labels.env : "prod"` to find Cloud resources which have a label "env" | ||
// and its value is "prod". | ||
// * `labels.env : *` to find Cloud resources which have a label "env". | ||
// * `"Important"` to find Cloud resources which contain "Important" as a word | ||
// in any of the searchable fields. | ||
// * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix | ||
// in any of the searchable fields. | ||
// * `"*por*"` to find Cloud resources which contain "por" as a substring in | ||
// any of the searchable fields. | ||
// * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud | ||
// resources which contain "Important" as a word in any of the searchable | ||
// fields and are also located in the "us-west1" region or the "global" | ||
// location. | ||
// | ||
// See [how to construct a | ||
// query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) | ||
// for more details. | ||
string query = 2 [(google.api.field_behavior) = OPTIONAL]; | ||
|
||
// Optional. A list of asset types that this request searches for. If empty, | ||
// it will search all the [searchable asset | ||
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). | ||
repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL]; | ||
|
||
// Optional. The page size for search result pagination. Page size is capped | ||
// at 500 even if a larger value is given. If set to zero, server will pick an | ||
// appropriate default. Returned results may be fewer than requested. When | ||
// this happens, there could be more results as long as `next_page_token` is | ||
// returned. | ||
int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL]; | ||
|
||
// Optional. If present, then retrieve the next batch of results from the | ||
// preceding call to this method. `page_token` must be the value of | ||
// `next_page_token` from the previous response. The values of all other | ||
// method parameters, must be identical to those in the previous call. | ||
string page_token = 5 [(google.api.field_behavior) = OPTIONAL]; | ||
|
||
// Optional. A comma separated list of fields specifying the sorting order of | ||
// the results. The default order is ascending. Add " DESC" after the field | ||
// name to indicate descending order. Redundant space characters are ignored. | ||
// Example: "location DESC, name". See [supported resource metadata | ||
// fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields) | ||
// for more details. | ||
string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; | ||
} | ||
|
||
// Search all resources response. | ||
message SearchAllResourcesResponse { | ||
// A list of Resources that match the search query. It contains the resource | ||
// standard metadata information. | ||
repeated ResourceSearchResult results = 1; | ||
|
||
// If there are more results than those appearing in this response, then | ||
// `next_page_token` is included. To get the next set of results, call this | ||
// method again using the value of `next_page_token` as `page_token`. | ||
string next_page_token = 2; | ||
} | ||
|
||
// Search all IAM policies request. | ||
message SearchAllIamPoliciesRequest { | ||
// Required. A scope can be a project, a folder or an organization. The search | ||
// is limited to the IAM policies within the `scope`. | ||
// | ||
// The allowed values are: | ||
// | ||
// * projects/{PROJECT_ID} | ||
// * projects/{PROJECT_NUMBER} | ||
// * folders/{FOLDER_NUMBER} | ||
// * organizations/{ORGANIZATION_NUMBER} | ||
string scope = 1 [(google.api.field_behavior) = REQUIRED]; | ||
|
||
// Optional. The query statement. An empty query can be specified to search | ||
// all the IAM policies within the given `scope`. | ||
// | ||
// Examples: | ||
// | ||
// * `policy : "[email protected]"` to find Cloud IAM policy bindings that | ||
// specify user "[email protected]". | ||
// * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that | ||
// specify the Compute Admin role. | ||
// * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM | ||
// policy bindings that specify a role containing "storage.buckets.update" | ||
// permission. | ||
// * `resource : "organizations/123"` to find Cloud IAM policy bindings that | ||
// are set on "organizations/123". | ||
// * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")` | ||
// to find Cloud IAM policy bindings that are set on "organizations/123" or | ||
// "folders/1234", and also specify user "amy". | ||
// | ||
// See [how to construct a | ||
// query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) | ||
// for more details. | ||
string query = 2 [(google.api.field_behavior) = OPTIONAL]; | ||
|
||
// Optional. The page size for search result pagination. Page size is capped | ||
// at 500 even if a larger value is given. If set to zero, server will pick an | ||
// appropriate default. Returned results may be fewer than requested. When | ||
// this happens, there could be more results as long as `next_page_token` is | ||
// returned. | ||
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL]; | ||
|
||
// Optional. If present, retrieve the next batch of results from the preceding | ||
// call to this method. `page_token` must be the value of `next_page_token` | ||
// from the previous response. The values of all other method parameters must | ||
// be identical to those in the previous call. | ||
string page_token = 4 [(google.api.field_behavior) = OPTIONAL]; | ||
} | ||
|
||
// Search all IAM policies response. | ||
message SearchAllIamPoliciesResponse { | ||
// A list of IamPolicy that match the search query. Related information such | ||
// as the associated resource is returned along with the policy. | ||
repeated IamPolicySearchResult results = 1; | ||
|
||
// Set if there are more results than those appearing in this response; to get | ||
// the next set of results, call this method again, using this value as the | ||
// `page_token`. | ||
string next_page_token = 2; | ||
} | ||
|
||
// Asset content type. | ||
|
Oops, something went wrong.