Blame - docs/dyn/cloudasset_v1beta1.projects.html - platform/external/python/google-api-python-client

2019-06-14 16:50:42 -0700

[diff] [blame]

84

<p class="firstline">Batch gets the update history of assets that overlap a time window.</p>

85

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

86

<code><a href="#exportAssets">exportAssets(parent, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

87

<p class="firstline">Exports assets with time and resource types to a given Cloud Storage</p>

88

<h3>Method Details</h3>

89

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

90

<code class="details" id="batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, assetNames=None, readTimeWindow_endTime=None, readTimeWindow_startTime=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

91

<pre>Batch gets the update history of assets that overlap a time window.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

92

For IAM_POLICY content, this API outputs history when the asset and its

93

attached IAM POLICY both exist. This can create gaps in the output history.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

94

Otherwise, this API outputs history with asset in both non-delete or

95

deleted status.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

96

If a specified asset does not exist, this API returns an INVALID_ARGUMENT

error.

Args:

parent: string, Required. The relative name of the root asset. It can only be an

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

101

organization number (such as "organizations/123"), a project ID (such as

102

"projects/my-project-id")", or a project number (such as "projects/12345"). (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

103

contentType: string, Optional. The content type.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

104

assetNames: string, A list of the full names of the assets. For example:

105

`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.

106

See [Resource

107

Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)

108

for more info.

109

110

The request becomes a no-op if the asset name list is empty, and the max

111

size of the asset name list is 100 in one request. (repeated)

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

112

readTimeWindow_endTime: string, End time of the time window (inclusive). If not specified, the current

113

timestamp is used instead.

114

readTimeWindow_startTime: string, Start time of the time window (exclusive).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

115

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

122

123

{ # Batch get assets history response.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

124

"assets": [ # A list of assets with valid time windows.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

125

{ # An asset in Google Cloud and its temporal metadata, including the time window

126

# when it was observed and its status during that window.

127

"window": { # A time window specified by its `start_time` and `end_time`. # The time window when the asset data and state was observed.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

128

"startTime": "A String", # Start time of the time window (exclusive).

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

129

"endTime": "A String", # End time of the time window (inclusive). If not specified, the current

130

# timestamp is used instead.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

131

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

132

"deleted": True or False, # Whether the asset has been deleted or not.

133

"asset": { # An asset in Google Cloud. An asset can be any resource in the Google Cloud # An asset in Google Cloud.

134

# [resource

135

# hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),

136

# a resource outside the Google Cloud resource hierarchy (such as Google

137

# Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).

138

# See [Supported asset

139

# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)

140

# for more information.

141

"servicePerimeter": { # `ServicePerimeter` describes a set of Google Cloud resources which can freely # Please also refer to the [service perimeter user

142

# guide](https://cloud.google.com/vpc-service-controls/docs/overview).

143

# import and export data amongst themselves, but not export outside of the

144

# `ServicePerimeter`. If a request with a source within this `ServicePerimeter`

145

# has a target outside of the `ServicePerimeter`, the request will be blocked.

146

# Otherwise the request is allowed. There are two types of Service Perimeter -

147

# Regular and Bridge. Regular Service Perimeters cannot overlap, a single

148

# Google Cloud project can only belong to a single regular Service Perimeter.

149

# Service Perimeter Bridges can contain only Google Cloud projects as members,

150

# a single Google Cloud project may belong to multiple Service Perimeter

151

# Bridges.

152

"perimeterType": "A String", # Perimeter type indicator. A single project is

153

# allowed to be a member of single regular perimeter, but multiple service

154

# perimeter bridges. A project cannot be a included in a perimeter bridge

155

# without being included in regular perimeter. For perimeter bridges,

156

# the restricted service list as well as access level lists must be

157

# empty.

158

"status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,

159

# restricted services and access levels that determine perimeter

160

# content and boundaries.

161

# describe specific Service Perimeter configuration.

162

"restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter

163

# restrictions. For example, if `storage.googleapis.com` is specified, access

164

# to the storage buckets inside the perimeter must meet the perimeter's

165

# access restrictions.

166

"A String",

167

],

168

"accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the

169

# `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed

170

# must be in the same policy as this `ServicePerimeter`. Referencing a

171

# nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are

172

# listed, resources within the perimeter can only be accessed via Google

173

# Cloud calls with request origins within the perimeter. Example:

174

# `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.

175

# For Service Perimeter Bridge, must be empty.

176

"A String",

177

],

178

"vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.

179

# Perimeter.

180

"enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of

181

# APIs specified in 'allowed_services'.

182

"allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty

183

# unless 'enable_restriction' is True.

"A String",

],

},

"resources": [ # A list of Google Cloud resources that are inside of the service perimeter.

188

# Currently only projects are allowed. Format: `projects/{project_number}`

189

"A String",

190

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

191

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

192

"useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly

193

# exists for all Service Perimeters, and that spec is identical to the

194

# status for those Service Perimeters. When this flag is set, it inhibits the

195

# generation of the implicit spec, thereby allowing the user to explicitly

196

# provide a configuration ("spec") to use in a dry-run version of the Service

197

# Perimeter. This allows the user to test changes to the enforced config

198

# ("status") without actually enforcing them. This testing is done through

199

# analyzing the differences between currently enforced and suggested

200

# restrictions. use_explicit_dry_run_spec must bet set to True if any of the

201

# fields in the spec are set to non-default values.

202

"description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect

203

# behavior.

204

"name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`

205

# component must begin with a letter and only include alphanumeric and '_'.

206

# Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`

207

"title": "A String", # Human readable title. Must be unique within the Policy.

208

"spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration

209

# allows to specify and test ServicePerimeter configuration without enforcing

210

# actual access restrictions. Only allowed to be set when the

211

# "use_explicit_dry_run_spec" flag is set.

212

# describe specific Service Perimeter configuration.

213

"restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter

214

# restrictions. For example, if `storage.googleapis.com` is specified, access

215

# to the storage buckets inside the perimeter must meet the perimeter's

216

# access restrictions.

217

"A String",

218

],

219

"accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the

220

# `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed

221

# must be in the same policy as this `ServicePerimeter`. Referencing a

222

# nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are

223

# listed, resources within the perimeter can only be accessed via Google

224

# Cloud calls with request origins within the perimeter. Example:

225

# `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.

226

# For Service Perimeter Bridge, must be empty.

227

"A String",

228

],

229

"vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.

230

# Perimeter.

231

"enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of

232

# APIs specified in 'allowed_services'.

233

"allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty

234

# unless 'enable_restriction' is True.

"A String",

],

},

"resources": [ # A list of Google Cloud resources that are inside of the service perimeter.

239

# Currently only projects are allowed. Format: `projects/{project_number}`

240

"A String",

241

],

242

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

243

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

244

"iamPolicy": { # An Identity and Access Management (IAM) policy, which specifies access # A representation of the Cloud IAM policy set on a Google Cloud resource.

245

# There can be a maximum of one Cloud IAM policy set on any given resource.

246

# In addition, Cloud IAM policies inherit their granted access scope from any

247

# policies set on parent resources in the resource hierarchy. Therefore, the

248

# effectively policy is the union of both the policy set on this resource

249

# and each policy set on all of the resource's ancestry resource levels in

250

# the hierarchy. See

251

# [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for

252

# more information.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

253

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

254

#

255

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

256

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

257

# `members` to a single `role`. Members can be user accounts, service accounts,

258

# Google groups, and domains (such as G Suite). A `role` is a named list of

259

# permissions; each `role` can be an IAM predefined role or a user-created

260

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

261

#

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

262

# For some types of Google Cloud resources, a `binding` can also specify a

263

# `condition`, which is a logical expression that allows access to a resource

264

# only if the expression evaluates to `true`. A condition can add constraints

265

# based on attributes of the request, the resource, or both. To learn which

266

# resources support conditions in their IAM policies, see the

267

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

268

#

269

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

270

#

271

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

272

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

273

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

274

# "role": "roles/resourcemanager.organizationAdmin",

275

# "members": [

276

# "user:mike@example.com",

277

# "group:admins@example.com",

278

# "domain:google.com",

279

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

280

# ]

281

# },

282

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

283

# "role": "roles/resourcemanager.organizationViewer",

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

284

# "members": [

285

# "user:eve@example.com"

286

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

287

# "condition": {

288

# "title": "expirable access",

289

# "description": "Does not grant access after Sep 2020",

290

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

291

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

292

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

293

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

294

# "etag": "BwWWja0YfJA=",

295

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

296

# }

297

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

298

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

303

# - group:admins@example.com

304

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

305

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

306

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

307

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

308

# - user:eve@example.com

309

# role: roles/resourcemanager.organizationViewer

310

# condition:

311

# title: expirable access

312

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

313

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

314

# - etag: BwWWja0YfJA=

315

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

316

#

317

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

318

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

319

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

320

# `condition` that determines how and when the `bindings` are applied. Each

321

# of the `bindings` must contain at least one member.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

322

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

323

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

324

#

325

# If the condition evaluates to `true`, then this binding applies to the

326

# current request.

327

#

328

# If the condition evaluates to `false`, then this binding does not apply to

329

# the current request. However, a different role binding might grant the same

330

# role to one or more of the members in this binding.

331

#

332

# To learn which resources support conditions in their IAM policies, see the

333

# [IAM

334

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

335

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

336

# are documented at https://github.com/google/cel-spec.

337

#

338

# Example (Comparison):

339

#

340

# title: "Summary size limit"

341

# description: "Determines if a summary is less than 100 chars"

342

# expression: "document.summary.size() < 100"

343

#

344

# Example (Equality):

345

#

346

# title: "Requestor is owner"

347

# description: "Determines if requestor is the document owner"

348

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

353

# description: "Determine whether the document should be publicly visible"

354

# expression: "document.type != 'private' && document.type != 'internal'"

355

#

356

# Example (Data Manipulation):

357

#

358

# title: "Notification string"

359

# description: "Create a notification string with a timestamp."

360

# expression: "'New message received at ' + string(document.create_time)"

361

#

362

# The exact variables and functions that may be referenced within an expression

363

# are determined by the service that evaluates it. See the service

364

# documentation for additional information.

365

"location": "A String", # Optional. String indicating the location of the expression for error

366

# reporting, e.g. a file name and a position in the file.

367

"description": "A String", # Optional. Description of the expression. This is a longer text which

368

# describes the expression, e.g. when hovered over it in a UI.

369

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

370

# its purpose. This can be used e.g. in UIs which allow to enter the

371

# expression.

372

"expression": "A String", # Textual representation of an expression in Common Expression Language

373

# syntax.

374

},

375

"role": "A String", # Role that is assigned to `members`.

376

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

377

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

378

# `members` can have the following values:

379

#

380

# * `allUsers`: A special identifier that represents anyone who is

381

# on the internet; with or without a Google account.

382

#

383

# * `allAuthenticatedUsers`: A special identifier that represents anyone

384

# who is authenticated with a Google account or a service account.

385

#

386

# * `user:{emailid}`: An email address that represents a specific Google

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

387

# account. For example, `alice@example.com` .

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

388

#

389

#

390

# * `serviceAccount:{emailid}`: An email address that represents a service

391

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

392

#

393

# * `group:{emailid}`: An email address that represents a Google group.

394

# For example, `admins@example.com`.

395

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

396

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

397

# identifier) representing a user that has been recently deleted. For

398

# example, `alice@example.com?uid=123456789012345678901`. If the user is

399

# recovered, this value reverts to `user:{emailid}` and the recovered user

400

# retains the role in the binding.

401

#

402

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

403

# unique identifier) representing a service account that has been recently

404

# deleted. For example,

405

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

406

# If the service account is undeleted, this value reverts to

407

# `serviceAccount:{emailid}` and the undeleted service account retains the

408

# role in the binding.

409

#

410

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

411

# identifier) representing a Google group that has been recently

412

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

413

# the group is recovered, this value reverts to `group:{emailid}` and the

414

# recovered group retains the role in the binding.

415

#

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

416

#

417

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

418

# users of that domain. For example, `google.com` or `example.com`.

419

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

420

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

421

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

422

},

423

],

424

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

425

{ # Specifies the audit configuration for a service.

426

# The configuration determines which permission types are logged, and what

427

# identities, if any, are exempted from logging.

428

# An AuditConfig must have one or more AuditLogConfigs.

429

#

430

# If there are AuditConfigs for both `allServices` and a specific service,

431

# the union of the two AuditConfigs is used for that service: the log_types

432

# specified in each AuditConfig are enabled, and the exempted_members in each

433

# AuditLogConfig are exempted.

434

#

435

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

441

# "audit_log_configs": [

442

# {

443

# "log_type": "DATA_READ",

444

# "exempted_members": [

445

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

450

# },

451

# {

452

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

458

# "audit_log_configs": [

459

# {

460

# "log_type": "DATA_READ"

461

# },

462

# {

463

# "log_type": "DATA_WRITE",

464

# "exempted_members": [

465

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

474

# logging. It also exempts jose@example.com from DATA_READ logging, and

475

# aliya@example.com from DATA_WRITE logging.

476

"auditLogConfigs": [ # The configuration for logging of each type of permission.

477

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

482

# {

483

# "log_type": "DATA_READ",

484

# "exempted_members": [

485

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

495

# jose@example.com from DATA_READ logging.

496

"logType": "A String", # The log type that this config enables.

497

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

498

# permission.

499

# Follows the same format of Binding.members.

"A String",

],

},

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

505

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

506

# `allServices` is a special value that covers all services.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

507

},

508

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

509

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

510

# prevent simultaneous updates of a policy from overwriting each other.

511

# It is strongly suggested that systems make use of the `etag` in the

512

# read-modify-write cycle to perform policy updates in order to avoid race

513

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

514

# systems are expected to put that etag in the request to `setIamPolicy` to

515

# ensure that their change will be applied to the same version of the policy.

516

#

517

# **Important:** If you use IAM Conditions, you must include the `etag` field

518

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

519

# you to overwrite a version `3` policy with a version `1` policy, and all of

520

# the conditions in the version `3` policy are lost.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

521

"version": 42, # Specifies the format of the policy.

522

#

523

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

524

# are rejected.

525

#

526

# Any operation that affects conditional role bindings must specify version

527

# `3`. This requirement applies to the following operations:

528

#

529

# * Getting a policy that includes a conditional role binding

530

# * Adding a conditional role binding to a policy

531

# * Changing a conditional role binding in a policy

532

# * Removing any role binding, with or without a condition, from a policy

533

# that includes conditions

534

#

535

# **Important:** If you use IAM Conditions, you must include the `etag` field

536

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

537

# you to overwrite a version `3` policy with a version `1` policy, and all of

538

# the conditions in the version `3` policy are lost.

539

#

540

# If a policy does not include any conditions, operations on that policy may

541

# specify any valid version or leave the field unset.

542

#

543

# To learn which resources support conditions in their IAM policies, see the

544

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

545

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

546

"accessLevel": { # An `AccessLevel` is a label that can be applied to requests to Google Cloud # Please also refer to the [access level user

547

# guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).

548

# services, along with a list of requirements necessary for the label to be

549

# applied.

550

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

551

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

552

# must begin with a letter and only include alphanumeric and '_'. Format:

553

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

554

# of the `short_name` component is 50 characters.

555

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

556

# to represent the necessary conditions for the level to apply to a request.

557

# See CEL spec at: https://github.com/google/cel-spec

558

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

559

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

560

# are documented at https://github.com/google/cel-spec.

561

#

562

# Example (Comparison):

563

#

564

# title: "Summary size limit"

565

# description: "Determines if a summary is less than 100 chars"

566

# expression: "document.summary.size() < 100"

567

#

568

# Example (Equality):

569

#

570

# title: "Requestor is owner"

571

# description: "Determines if requestor is the document owner"

572

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

577

# description: "Determine whether the document should be publicly visible"

578

# expression: "document.type != 'private' && document.type != 'internal'"

579

#

580

# Example (Data Manipulation):

581

#

582

# title: "Notification string"

583

# description: "Create a notification string with a timestamp."

584

# expression: "'New message received at ' + string(document.create_time)"

585

#

586

# The exact variables and functions that may be referenced within an expression

587

# are determined by the service that evaluates it. See the service

588

# documentation for additional information.

589

"location": "A String", # Optional. String indicating the location of the expression for error

590

# reporting, e.g. a file name and a position in the file.

591

"description": "A String", # Optional. Description of the expression. This is a longer text which

592

# describes the expression, e.g. when hovered over it in a UI.

593

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

594

# its purpose. This can be used e.g. in UIs which allow to enter the

595

# expression.

596

"expression": "A String", # Textual representation of an expression in Common Expression Language

# syntax.

},

},

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

601

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

602

# granted this `AccessLevel`. If AND is used, each `Condition` in

603

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

604

# is used, at least one `Condition` in `conditions` must be satisfied for the

605

# `AccessLevel` to be applied. Default behavior is AND.

606

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

607

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

608

# AND over its fields. So a Condition is true if: 1) the request IP is from one

609

# of the listed subnetworks AND 2) the originating device complies with the

610

# listed device policy AND 3) all listed access levels are granted AND 4) the

611

# request was sent at a time allowed by the DateTimeRestriction.

612

"regions": [ # The request must originate from one of the provided countries/regions.

613

# Must be valid ISO 3166-1 alpha-2 codes.

614

"A String",

615

],

616

"members": [ # The request must be made by one of the provided user or service

617

# accounts. Groups are not supported.

618

# Syntax:

619

# `user:{emailid}`

620

# `serviceAccount:{emailid}`

621

# If not specified, a request may come from any user.

622

"A String",

623

],

624

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

625

# Condition to be true. If not specified, all devices are allowed.

626

# given access level. A `DevicePolicy` specifies requirements for requests from

627

# devices to be granted access levels, it does not do any enforcement on the

628

# device. `DevicePolicy` acts as an AND over all specified fields, and each

629

# repeated field is an OR over its elements. Any unset fields are ignored. For

630

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

631

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

632

# true for requests originating from encrypted Linux desktops and encrypted

633

# Windows desktops.

634

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

635

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

636

{ # A restriction on the OS type and version of devices making requests.

637

"osType": "A String", # Required. The allowed OS type.

638

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

639

# satisfies the constraint. Format: `"major.minor.patch"`.

640

# Examples: `"10.5.301"`, `"9.2.1"`.

641

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

642

# Verifications includes requirements that the device is enterprise-managed,

643

# conformant to domain policies, and the caller has permission to call

644

# the API targeted by the request.

645

},

646

],

647

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

648

# Defaults to `false`.

649

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

654

"A String",

655

],

656

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

657

},

658

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

659

# a CIDR IP address block, the specified IP address portion must be properly

660

# truncated (i.e. all the host bits must be zero) or the input is considered

661

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

662

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

663

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

664

# the listed subnets in order for this Condition to be true. If empty, all IP

665

# addresses are allowed.

666

"A String",

667

],

668

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

669

# its non-empty fields, each field must be false for the Condition overall to

670

# be satisfied. Defaults to false.

671

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

672

# resource name. Referencing an `AccessLevel` which does not exist is an

673

# error. All access levels listed must be granted for the Condition

674

# to be true. Example:

675

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

"A String",

],

},

],

},

"title": "A String", # Human readable title. Must be unique within the Policy.

682

},

683

"name": "A String", # The full name of the asset. Example:

684

# `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`

685

#

686

# See [Resource

687

# names](https://cloud.google.com/apis/design/resource_names#full_resource_name)

688

# for more information.

689

"accessPolicy": { # `AccessPolicy` is a container for `AccessLevels` (which define the necessary # Please also refer to the [access policy user

690

# guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).

691

# attributes to use Google Cloud services) and `ServicePerimeters` (which

692

# define regions of services able to freely pass data within a perimeter). An

693

# access policy is globally visible within an organization, and the

694

# restrictions it specifies apply to all projects within an organization.

695

"title": "A String", # Required. Human readable title. Does not affect behavior.

696

"parent": "A String", # Required. The parent of this `AccessPolicy` in the Cloud Resource

697

# Hierarchy. Currently immutable once created. Format:

698

# `organizations/{organization_id}`

699

"name": "A String", # Output only. Resource name of the `AccessPolicy`. Format:

700

# `accessPolicies/{policy_id}`

701

"etag": "A String", # Output only. An opaque identifier for the current version of the

702

# `AccessPolicy`. This will always be a strongly validated etag, meaning that

703

# two Access Polices will be identical if and only if their etags are

704

# identical. Clients should not expect this to be in any specific format.

705

},

706

"orgPolicy": [ # A representation of an [organization

707

# policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).

708

# There can be more than one organization policy with different constraints

709

# set on a given resource.

710

{ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`

711

# for configurations of Cloud Platform resources.

712

"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for

713

# concurrency control.

714

#

715

# When the `Policy` is returned from either a `GetPolicy` or a

716

# `ListOrgPolicy` request, this `etag` indicates the version of the current

717

# `Policy` to use when executing a read-modify-write loop.

718

#

719

# When the `Policy` is returned from a `GetEffectivePolicy` request, the

720

# `etag` will be unset.

721

#

722

# When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value

723

# that was returned from a `GetOrgPolicy` request as part of a

724

# read-modify-write loop for concurrency control. Not setting the `etag`in a

725

# `SetOrgPolicy` request will result in an unconditional write of the

726

# `Policy`.

727

"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,

728

# `constraints/serviceuser.services`.

729

#

730

# A [list of available

731

# constraints](/resource-manager/docs/organization-policy/org-policy-constraints)

732

# is available.

733

#

734

# Immutable after creation.

735

"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.

736

# resource.

737

"enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any

738

# configuration is acceptable.

739

#

740

# Suppose you have a `Constraint`

741

# `constraints/compute.disableSerialPortAccess` with `constraint_default`

742

# set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following

743

# behavior:

744

# - If the `Policy` at this resource has enforced set to `false`, serial

745

# port connection attempts will be allowed.

746

# - If the `Policy` at this resource has enforced set to `true`, serial

747

# port connection attempts will be refused.

748

# - If the `Policy` at this resource is `RestoreDefault`, serial port

749

# connection attempts will be allowed.

750

# - If no `Policy` is set at this resource or anywhere higher in the

751

# resource hierarchy, serial port connection attempts will be allowed.

752

# - If no `Policy` is set at this resource, but one exists higher in the

753

# resource hierarchy, the behavior is as if the`Policy` were set at

754

# this resource.

755

#

756

# The following examples demonstrate the different possible layerings:

757

#

758

# Example 1 (nearest `Constraint` wins):

759

# `organizations/foo` has a `Policy` with:

760

# {enforced: false}

761

# `projects/bar` has no `Policy` set.

762

# The constraint at `projects/bar` and `organizations/foo` will not be

763

# enforced.

764

#

765

# Example 2 (enforcement gets replaced):

766

# `organizations/foo` has a `Policy` with:

767

# {enforced: false}

768

# `projects/bar` has a `Policy` with:

769

# {enforced: true}

770

# The constraint at `organizations/foo` is not enforced.

771

# The constraint at `projects/bar` is enforced.

772

#

773

# Example 3 (RestoreDefault):

774

# `organizations/foo` has a `Policy` with:

775

# {enforced: true}

776

# `projects/bar` has a `Policy` with:

777

# {RestoreDefault: {}}

778

# The constraint at `organizations/foo` is enforced.

779

# The constraint at `projects/bar` is not enforced, because

780

# `constraint_default` for the `Constraint` is `ALLOW`.

781

},

782

"updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the

783

# server, not specified by the caller, and represents the last time a call to

784

# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will

785

# be ignored.

786

"listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.

787

# resource.

788

#

789

# `ListPolicy` can define specific values and subtrees of Cloud Resource

790

# Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that

791

# are allowed or denied by setting the `allowed_values` and `denied_values`

792

# fields. This is achieved by using the `under:` and optional `is:` prefixes.

793

# The `under:` prefix is used to denote resource subtree values.

794

# The `is:` prefix is used to denote specific values, and is required only

795

# if the value contains a ":". Values prefixed with "is:" are treated the

796

# same as values with no prefix.

797

# Ancestry subtrees must be in one of the following formats:

798

# - "projects/<project-id>", e.g. "projects/tokyo-rain-123"

799

# - "folders/<folder-id>", e.g. "folders/1234"

800

# - "organizations/<organization-id>", e.g. "organizations/1234"

801

# The `supports_under` field of the associated `Constraint` defines whether

802

# ancestry prefixes can be used. You can set `allowed_values` and

803

# `denied_values` in the same `Policy` if `all_values` is

804

# `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all

805

# values. If `all_values` is set to either `ALLOW` or `DENY`,

806

# `allowed_values` and `denied_values` must be unset.

807

"inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.

808

#

809

# By default, a `ListPolicy` set at a resource supersedes any `Policy` set

810

# anywhere up the resource hierarchy. However, if `inherit_from_parent` is

811

# set to `true`, then the values from the effective `Policy` of the parent

812

# resource are inherited, meaning the values set in this `Policy` are

813

# added to the values inherited up the hierarchy.

814

#

815

# Setting `Policy` hierarchies that inherit both allowed values and denied

816

# values isn't recommended in most circumstances to keep the configuration

817

# simple and understandable. However, it is possible to set a `Policy` with

818

# `allowed_values` set that inherits a `Policy` with `denied_values` set.

819

# In this case, the values that are allowed must be in `allowed_values` and

820

# not present in `denied_values`.

821

#

822

# For example, suppose you have a `Constraint`

823

# `constraints/serviceuser.services`, which has a `constraint_type` of

824

# `list_constraint`, and with `constraint_default` set to `ALLOW`.

825

# Suppose that at the Organization level, a `Policy` is applied that

826

# restricts the allowed API activations to {`E1`, `E2`}. Then, if a

827

# `Policy` is applied to a project below the Organization that has

828

# `inherit_from_parent` set to `false` and field all_values set to DENY,

829

# then an attempt to activate any API will be denied.

830

#

831

# The following examples demonstrate different possible layerings for

832

# `projects/bar` parented by `organizations/foo`:

833

#

834

# Example 1 (no inherited values):

835

# `organizations/foo` has a `Policy` with values:

836

# {allowed_values: "E1" allowed_values:"E2"}

837

# `projects/bar` has `inherit_from_parent` `false` and values:

838

# {allowed_values: "E3" allowed_values: "E4"}

839

# The accepted values at `organizations/foo` are `E1`, `E2`.

840

# The accepted values at `projects/bar` are `E3`, and `E4`.

841

#

842

# Example 2 (inherited values):

843

# `organizations/foo` has a `Policy` with values:

844

# {allowed_values: "E1" allowed_values:"E2"}

845

# `projects/bar` has a `Policy` with values:

846

# {value: "E3" value: "E4" inherit_from_parent: true}

847

# The accepted values at `organizations/foo` are `E1`, `E2`.

848

# The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.

849

#

850

# Example 3 (inheriting both allowed and denied values):

851

# `organizations/foo` has a `Policy` with values:

852

# {allowed_values: "E1" allowed_values: "E2"}

853

# `projects/bar` has a `Policy` with:

854

# {denied_values: "E1"}

855

# The accepted values at `organizations/foo` are `E1`, `E2`.

856

# The value accepted at `projects/bar` is `E2`.

857

#

858

# Example 4 (RestoreDefault):

859

# `organizations/foo` has a `Policy` with values:

860

# {allowed_values: "E1" allowed_values:"E2"}

861

# `projects/bar` has a `Policy` with values:

862

# {RestoreDefault: {}}

863

# The accepted values at `organizations/foo` are `E1`, `E2`.

864

# The accepted values at `projects/bar` are either all or none depending on

865

# the value of `constraint_default` (if `ALLOW`, all; if

866

# `DENY`, none).

867

#

868

# Example 5 (no policy inherits parent policy):

869

# `organizations/foo` has no `Policy` set.

870

# `projects/bar` has no `Policy` set.

871

# The accepted values at both levels are either all or none depending on

872

# the value of `constraint_default` (if `ALLOW`, all; if

873

# `DENY`, none).

874

#

875

# Example 6 (ListConstraint allowing all):

876

# `organizations/foo` has a `Policy` with values:

877

# {allowed_values: "E1" allowed_values: "E2"}

878

# `projects/bar` has a `Policy` with:

879

# {all: ALLOW}

880

# The accepted values at `organizations/foo` are `E1`, E2`.

881

# Any value is accepted at `projects/bar`.

882

#

883

# Example 7 (ListConstraint allowing none):

884

# `organizations/foo` has a `Policy` with values:

885

# {allowed_values: "E1" allowed_values: "E2"}

886

# `projects/bar` has a `Policy` with:

887

# {all: DENY}

888

# The accepted values at `organizations/foo` are `E1`, E2`.

889

# No value is accepted at `projects/bar`.

890

#

891

# Example 10 (allowed and denied subtrees of Resource Manager hierarchy):

892

# Given the following resource hierarchy

893

# O1->{F1, F2}; F1->{P1}; F2->{P2, P3},

894

# `organizations/foo` has a `Policy` with values:

895

# {allowed_values: "under:organizations/O1"}

896

# `projects/bar` has a `Policy` with:

897

# {allowed_values: "under:projects/P3"}

898

# {denied_values: "under:folders/F2"}

899

# The accepted values at `organizations/foo` are `organizations/O1`,

900

# `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,

901

# `projects/P3`.

902

# The accepted values at `projects/bar` are `organizations/O1`,

903

# `folders/F1`, `projects/P1`.

904

"allValues": "A String", # The policy all_values state.

905

"deniedValues": [ # List of values denied at this resource. Can only be set if `all_values`

906

# is set to `ALL_VALUES_UNSPECIFIED`.

907

"A String",

908

],

909

"allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values`

910

# is set to `ALL_VALUES_UNSPECIFIED`.

911

"A String",

912

],

913

"suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration

914

# that matches the value specified in this `Policy`. If `suggested_value`

915

# is not set, it will inherit the value specified higher in the hierarchy,

916

# unless `inherit_from_parent` is `false`.

917

},

918

"version": 42, # Version of the `Policy`. Default version is 0;

919

"restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of

920

# `Constraint` type.

921

# `constraint_default` enforcement behavior of the specific `Constraint` at

922

# this resource.

923

#

924

# Suppose that `constraint_default` is set to `ALLOW` for the

925

# `Constraint` `constraints/serviceuser.services`. Suppose that organization

926

# foo.com sets a `Policy` at their Organization resource node that restricts

927

# the allowed service activations to deny all service activations. They

928

# could then set a `Policy` with the `policy_type` `restore_default` on

929

# several experimental projects, restoring the `constraint_default`

930

# enforcement of the `Constraint` for only those projects, allowing those

931

# projects to have all services activated.

},

},

],

"resource": { # A representation of a Google Cloud resource. # A representation of the resource.

936

"resourceUrl": "A String", # The REST URL for accessing the resource. An HTTP `GET` request using this

937

# URL returns the resource itself. Example:

938

# `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`

939

#

940

# This value is unspecified for resources without a REST API.

941

"discoveryName": "A String", # The JSON schema name listed in the discovery document. Example:

942

# `Project`

943

#

944

# This value is unspecified for resources that do not have an API based on a

945

# discovery document, such as Cloud Bigtable.

946

"version": "A String", # The API version. Example: `v1`

947

"data": { # The content of the resource, in which some sensitive fields are removed

948

# and may not be present.

949

"a_key": "", # Properties of the object.

950

},

951

"parent": "A String", # The full name of the immediate parent of this resource. See

952

# [Resource

953

# Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)

954

# for more information.

955

#

956

# For Google Cloud assets, this value is the parent resource defined in the

957

# [Cloud IAM policy

958

# hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).

959

# Example:

960

# `//cloudresourcemanager.googleapis.com/projects/my_project_123`

961

#

962

# For third-party assets, this field may be set differently.

963

"discoveryDocumentUri": "A String", # The URL of the discovery document containing the resource's JSON schema.

964

# Example:

965

# `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`

966

#

967

# This value is unspecified for resources that do not have an API based on a

968

# discovery document, such as Cloud Bigtable.

969

},

970

"assetType": "A String", # The type of the asset. Example: `compute.googleapis.com/Disk`

971

#

972

# See [Supported asset

973

# types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)

974

# for more information.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

},

},

],

}</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

982

<code class="details" id="exportAssets">exportAssets(parent, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

983

<pre>Exports assets with time and resource types to a given Cloud Storage

984

location. The output format is newline-delimited JSON.

985

This API implements the google.longrunning.Operation API allowing you

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

986

to keep track of the export. We recommend intervals of at least 2 seconds

987

with exponential retry to poll the export operation result. For

988

regular-size resource parent, the export operation usually finishes within

989

5 minutes.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

990

991

Args:

992

parent: string, Required. The relative name of the root asset. This can only be an

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

993

organization number (such as "organizations/123"), a project ID (such as

994

"projects/my-project-id"), a project number (such as "projects/12345"), or

995

a folder number (such as "folders/123"). (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

996

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

997

The object takes the form of:

998

999

{ # Export asset request.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1000

"outputConfig": { # Output configuration for export assets destination. # Required. Output configuration indicating where the results will be output

1001

# to. All results will be in newline delimited JSON format.

1002

"gcsDestination": { # A Cloud Storage location. # Destination on Cloud Storage.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1003

"uriPrefix": "A String", # The uri prefix of all generated Cloud Storage objects. For example:

1004

# "gs://bucket_name/object_name_prefix". Each object uri is in format:

1005

# "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only

1006

# contains assets for that type. <shard number> starts from 0. For example:

1007

# "gs://bucket_name/object_name_prefix/google.compute.disk/0" is the first

1008

# shard of output objects containing all google.compute.disk assets.

1009

# An INVALID_ARGUMENT error will be returned if file with the same name

1010

# "gs://bucket_name/object_name_prefix" already exists.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1011

"uri": "A String", # The uri of the Cloud Storage object. It's the same uri that is used by

1012

# gsutil. For example: "gs://bucket_name/object_name". See [Viewing and

1013

# Editing Object

1014

# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)

1015

# for more information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1016

},

1017

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1018

"readTime": "A String", # Timestamp to take an asset snapshot. This can only be set to a timestamp

1019

# between 2018-10-02 UTC (inclusive) and the current time. If not specified,

1020

# the current time will be used. Due to delays in resource data collection

1021

# and indexing, there is a volatile window during which running the same

1022

# query may get different results.

1023

"contentType": "A String", # Asset content type. If not specified, no content but the asset name will be

1024

# returned.

1025

"assetTypes": [ # A list of asset types of which to take a snapshot for. For example:

1026

# "google.compute.Disk". If specified, only matching assets will be returned.

1027

# See [Introduction to Cloud Asset

1028

# Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview)

1029

# for all supported asset types.

1030

"A String",

1031

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1032

}

1033

1034

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1041

1042

{ # This resource represents a long-running operation that is the result of a

1043

# network API call.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1044

"metadata": { # Service-specific metadata associated with the operation. It typically

1045

# contains progress information and common metadata such as create time.

1046

# Some services might not provide such metadata. Any method that returns a

1047

# long-running operation should document the metadata type, if any.

1048

"a_key": "", # Properties of the object. Contains field @type with type URL.

1049

},

1050

"done": True or False, # If the value is `false`, it means the operation is still in progress.

1051

# If `true`, the operation is completed, and either `error` or `response` is

1052

# available.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1053

"name": "A String", # The server-assigned name, which is only unique within the same service that

1054

# originally returns it. If you use the default HTTP mapping, the

1055

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1056

"response": { # The normal response of the operation in case of success. If the original

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1057

# method returns no data on success, such as `Delete`, the response is

1058

# `google.protobuf.Empty`. If the original method is standard

1059

# `Get`/`Create`/`Update`, the response should be the resource. For other

1060

# methods, the response should have the type `XxxResponse`, where `Xxx`

1061

# is the original method name. For example, if the original method name

1062

# is `TakeSnapshot()`, the inferred response type is

1063

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1064

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1065

},

Bu Sun Kim