Skip to content

Commit

Permalink
feat: add SearchAllResources and SearchAllIamPolicies rpcs in ass…
Browse files Browse the repository at this point in the history
…et service proto (#332)

* run compile protos

* fix from package.json
  • Loading branch information
xiaozhenliu-gg5 authored May 20, 2020
1 parent b042391 commit 81366f5
Show file tree
Hide file tree
Showing 10 changed files with 6,009 additions and 950 deletions.
2 changes: 1 addition & 1 deletion packages/google-cloud-asset/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
"fix": "gts fix",
"lint": "gts check",
"predocs-test": "npm run docs",
"prepare": "npm run compile",
"prepare": "npm run compile-protos && npm run compile",
"system-test": "c8 mocha build/system-test",
"test": "c8 mocha build/test",
"prelint": "cd samples; npm link ../; npm install",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,14 @@ option php_namespace = "Google\\Cloud\\Asset\\V1";
// Asset service definition.
service AssetService {
option (google.api.default_host) = "cloudasset.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
option (google.api.oauth_scopes) =
"https://www.googleapis.com/auth/cloud-platform";

// Exports assets with time and resource types to a given Cloud Storage
// location. The output format is newline-delimited JSON.
// This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
// to keep track of the export.
// This API implements the
// [google.longrunning.Operation][google.longrunning.Operation] API allowing
// you to keep track of the export.
rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1/{parent=*/*}:exportAssets"
Expand All @@ -61,7 +63,8 @@ service AssetService {
// attached IAM POLICY both exist. This can create gaps in the output history.
// If a specified asset does not exist, this API returns an INVALID_ARGUMENT
// error.
rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) {
rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest)
returns (BatchGetAssetsHistoryResponse) {
option (google.api.http) = {
get: "/v1/{parent=*/*}:batchGetAssetsHistory"
};
Expand Down Expand Up @@ -109,6 +112,30 @@ service AssetService {
};
option (google.api.method_signature) = "name";
}

// Searches all the resources within the given accessible scope (e.g., a
// project, a folder or an organization). Callers should have
// cloud.assets.SearchAllResources permission upon the requested scope,
// otherwise the request will be rejected.
rpc SearchAllResources(SearchAllResourcesRequest)
returns (SearchAllResourcesResponse) {
option (google.api.http) = {
get: "/v1/{scope=*/*}:searchAllResources"
};
option (google.api.method_signature) = "scope,query,asset_types";
}

// Searches all the IAM policies within the given accessible scope (e.g., a
// project, a folder or an organization). Callers should have
// cloud.assets.SearchAllIamPolicies permission upon the requested scope,
// otherwise the request will be rejected.
rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest)
returns (SearchAllIamPoliciesResponse) {
option (google.api.http) = {
get: "/v1/{scope=*/*}:searchAllIamPolicies"
};
option (google.api.method_signature) = "scope,query";
}
}

// Export asset request.
Expand Down Expand Up @@ -148,8 +175,10 @@ message ExportAssetsRequest {
}

// The export asset response. This message is returned by the
// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned
// [google.longrunning.Operation.response][google.longrunning.Operation.response] field.
// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation]
// method in the returned
// [google.longrunning.Operation.response][google.longrunning.Operation.response]
// field.
message ExportAssetsResponse {
// Time the snapshot was taken.
google.protobuf.Timestamp read_time = 1;
Expand Down Expand Up @@ -214,9 +243,8 @@ message CreateFeedRequest {
// be unique under a specific parent project/folder/organization.
string feed_id = 2 [(google.api.field_behavior) = REQUIRED];

// Required. The feed details. The field `name` must be empty and it will be generated
// in the format of:
// projects/project_number/feeds/feed_id
// Required. The feed details. The field `name` must be empty and it will be
// generated in the format of: projects/project_number/feeds/feed_id
// folders/folder_number/feeds/feed_id
// organizations/organization_number/feeds/feed_id
Feed feed = 3 [(google.api.field_behavior) = REQUIRED];
Expand All @@ -230,9 +258,7 @@ message GetFeedRequest {
// organizations/organization_number/feeds/feed_id
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudasset.googleapis.com/Feed"
}
(google.api.resource_reference) = { type: "cloudasset.googleapis.com/Feed" }
];
}

Expand All @@ -251,8 +277,8 @@ message ListFeedsResponse {

// Update asset feed request.
message UpdateFeedRequest {
// Required. The new values of feed details. It must match an existing feed and the
// field `name` must be in the format of:
// Required. The new values of feed details. It must match an existing feed
// and the field `name` must be in the format of:
// projects/project_number/feeds/feed_id or
// folders/folder_number/feeds/feed_id or
// organizations/organization_number/feeds/feed_id.
Expand All @@ -261,7 +287,8 @@ message UpdateFeedRequest {
// Required. Only updates the `feed` fields indicated by this mask.
// The field mask must not be empty, and it must not contain fields that
// are immutable or only set by the server.
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
google.protobuf.FieldMask update_mask = 2
[(google.api.field_behavior) = REQUIRED];
}

message DeleteFeedRequest {
Expand All @@ -271,9 +298,7 @@ message DeleteFeedRequest {
// organizations/organization_number/feeds/feed_id
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudasset.googleapis.com/Feed"
}
(google.api.resource_reference) = { type: "cloudasset.googleapis.com/Feed" }
];
}

Expand Down Expand Up @@ -401,7 +426,156 @@ message Feed {

// Required. Feed output configuration defining where the asset updates are
// published to.
FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED];
FeedOutputConfig feed_output_config = 5
[(google.api.field_behavior) = REQUIRED];
}

// Search all resources request.
message SearchAllResourcesRequest {
// Required. A scope can be a project, a folder or an organization. The search
// is limited to the resources within the `scope`.
//
// The allowed values are:
//
// * projects/{PROJECT_ID}
// * projects/{PROJECT_NUMBER}
// * folders/{FOLDER_NUMBER}
// * organizations/{ORGANIZATION_NUMBER}
string scope = 1 [(google.api.field_behavior) = REQUIRED];

// Optional. The query statement. An empty query can be specified to search
// all the resources of certain `asset_types` within the given `scope`.
//
// Examples:
//
// * `name : "Important"` to find Cloud resources whose name contains
// "Important" as a word.
// * `displayName : "Impor*"` to find Cloud resources whose display name
// contains "Impor" as a word prefix.
// * `description : "*por*"` to find Cloud resources whose description
// contains "por" as a substring.
// * `location : "us-west*"` to find Cloud resources whose location is
// prefixed with "us-west".
// * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
// a key or value.
// * `labels.env : "prod"` to find Cloud resources which have a label "env"
// and its value is "prod".
// * `labels.env : *` to find Cloud resources which have a label "env".
// * `"Important"` to find Cloud resources which contain "Important" as a word
// in any of the searchable fields.
// * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
// in any of the searchable fields.
// * `"*por*"` to find Cloud resources which contain "por" as a substring in
// any of the searchable fields.
// * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
// resources which contain "Important" as a word in any of the searchable
// fields and are also located in the "us-west1" region or the "global"
// location.
//
// See [how to construct a
// query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
// for more details.
string query = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. A list of asset types that this request searches for. If empty,
// it will search all the [searchable asset
// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL];

// Optional. The page size for search result pagination. Page size is capped
// at 500 even if a larger value is given. If set to zero, server will pick an
// appropriate default. Returned results may be fewer than requested. When
// this happens, there could be more results as long as `next_page_token` is
// returned.
int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL];

// Optional. If present, then retrieve the next batch of results from the
// preceding call to this method. `page_token` must be the value of
// `next_page_token` from the previous response. The values of all other
// method parameters, must be identical to those in the previous call.
string page_token = 5 [(google.api.field_behavior) = OPTIONAL];

// Optional. A comma separated list of fields specifying the sorting order of
// the results. The default order is ascending. Add " DESC" after the field
// name to indicate descending order. Redundant space characters are ignored.
// Example: "location DESC, name". See [supported resource metadata
// fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
// for more details.
string order_by = 6 [(google.api.field_behavior) = OPTIONAL];
}

// Search all resources response.
message SearchAllResourcesResponse {
// A list of Resources that match the search query. It contains the resource
// standard metadata information.
repeated ResourceSearchResult results = 1;

// If there are more results than those appearing in this response, then
// `next_page_token` is included. To get the next set of results, call this
// method again using the value of `next_page_token` as `page_token`.
string next_page_token = 2;
}

// Search all IAM policies request.
message SearchAllIamPoliciesRequest {
// Required. A scope can be a project, a folder or an organization. The search
// is limited to the IAM policies within the `scope`.
//
// The allowed values are:
//
// * projects/{PROJECT_ID}
// * projects/{PROJECT_NUMBER}
// * folders/{FOLDER_NUMBER}
// * organizations/{ORGANIZATION_NUMBER}
string scope = 1 [(google.api.field_behavior) = REQUIRED];

// Optional. The query statement. An empty query can be specified to search
// all the IAM policies within the given `scope`.
//
// Examples:
//
// * `policy : "[email protected]"` to find Cloud IAM policy bindings that
// specify user "[email protected]".
// * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
// specify the Compute Admin role.
// * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
// policy bindings that specify a role containing "storage.buckets.update"
// permission.
// * `resource : "organizations/123"` to find Cloud IAM policy bindings that
// are set on "organizations/123".
// * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
// to find Cloud IAM policy bindings that are set on "organizations/123" or
// "folders/1234", and also specify user "amy".
//
// See [how to construct a
// query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
// for more details.
string query = 2 [(google.api.field_behavior) = OPTIONAL];

// Optional. The page size for search result pagination. Page size is capped
// at 500 even if a larger value is given. If set to zero, server will pick an
// appropriate default. Returned results may be fewer than requested. When
// this happens, there could be more results as long as `next_page_token` is
// returned.
int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];

// Optional. If present, retrieve the next batch of results from the preceding
// call to this method. `page_token` must be the value of `next_page_token`
// from the previous response. The values of all other method parameters must
// be identical to those in the previous call.
string page_token = 4 [(google.api.field_behavior) = OPTIONAL];
}

// Search all IAM policies response.
message SearchAllIamPoliciesResponse {
// A list of IamPolicy that match the search query. Related information such
// as the associated resource is returned along with the policy.
repeated IamPolicySearchResult results = 1;

// Set if there are more results than those appearing in this response; to get
// the next set of results, call this method again, using this value as the
// `page_token`.
string next_page_token = 2;
}

// Asset content type.
Expand Down
Loading

0 comments on commit 81366f5

Please sign in to comment.