diff --git a/clients/cloud_asset/README.md b/clients/cloud_asset/README.md index 11b6f93bdc..5a66d7a965 100644 --- a/clients/cloud_asset/README.md +++ b/clients/cloud_asset/README.md @@ -2,7 +2,7 @@ Cloud Asset API client library. -The cloud asset API manages the history and inventory of cloud resources. +The Cloud Asset API manages the history and inventory of Google Cloud resources. ## Installation diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/effective_iam_policies.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/effective_iam_policies.ex index 7edca503bf..12ba3e13f9 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/effective_iam_policies.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/effective_iam_policies.ex @@ -31,7 +31,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.EffectiveIamPolicies do ## Parameters * `connection` (*type:* `GoogleApi.CloudAsset.V1.Connection.t`) - Connection to server - * `v1_id` (*type:* `String.t`) - Part of `scope`. Required. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). + * `v1_id` (*type:* `String.t`) - Part of `scope`. Required. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). * `v1_id1` (*type:* `String.t`) - Part of `scope`. See documentation of `v1Id`. * `optional_params` (*type:* `keyword()`) - Optional parameters * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. @@ -45,7 +45,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.EffectiveIamPolicies do * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). - * `:names` (*type:* `list(String.t)`) - Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). A maximum of 20 resources' effective policies can be retrieved in a batch. + * `:names` (*type:* `list(String.t)`) - Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch. * `opts` (*type:* `keyword()`) - Call options ## Returns diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/feeds.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/feeds.ex index 388fe597d7..389932d42e 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/feeds.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/feeds.ex @@ -31,7 +31,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.Feeds do ## Parameters * `connection` (*type:* `GoogleApi.CloudAsset.V1.Connection.t`) - Connection to server - * `v1_id` (*type:* `String.t`) - Part of `parent`. Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345"). + * `v1_id` (*type:* `String.t`) - Part of `parent`. Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). * `v1_id1` (*type:* `String.t`) - Part of `parent`. See documentation of `v1Id`. * `optional_params` (*type:* `keyword()`) - Optional parameters * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/saved_queries.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/saved_queries.ex index 618633060b..225247d75d 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/saved_queries.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/saved_queries.ex @@ -31,7 +31,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.SavedQueries do ## Parameters * `connection` (*type:* `GoogleApi.CloudAsset.V1.Connection.t`) - Connection to server - * `v1_id` (*type:* `String.t`) - Part of `parent`. Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345"). + * `v1_id` (*type:* `String.t`) - Part of `parent`. Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). * `v1_id1` (*type:* `String.t`) - Part of `parent`. See documentation of `v1Id`. * `optional_params` (*type:* `keyword()`) - Optional parameters * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. @@ -45,7 +45,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.SavedQueries do * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). - * `:savedQueryId` (*type:* `String.t`) - Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are /a-z-/. Notice that this field is required in the saved query creation, and the `name` field of the `saved_query` will be ignored. + * `:savedQueryId` (*type:* `String.t`) - Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are `a-z-`. Notice that this field is required in the saved query creation, and the `name` field of the `saved_query` will be ignored. * `:body` (*type:* `GoogleApi.CloudAsset.V1.Model.SavedQuery.t`) - * `opts` (*type:* `keyword()`) - Call options diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/v1.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/v1.ex index f2fb6f4b16..f860dc8259 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/v1.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/api/v1.ex @@ -31,7 +31,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do ## Parameters * `connection` (*type:* `GoogleApi.CloudAsset.V1.Connection.t`) - Connection to server - * `v1_id` (*type:* `String.t`) - Part of `analysisQuery.scope`. Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). + * `v1_id` (*type:* `String.t`) - Part of `analysisQuery.scope`. Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). * `v1_id1` (*type:* `String.t`) - Part of `analysisQuery.scope`. See documentation of `v1Id`. * `optional_params` (*type:* `keyword()`) - Optional parameters * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. @@ -49,15 +49,15 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:"analysisQuery.accessSelector.roles"` (*type:* `list(String.t)`) - Optional. The roles to appear in result. * `:"analysisQuery.conditionContext.accessTime"` (*type:* `DateTime.t`) - The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned. * `:"analysisQuery.identitySelector.identity"` (*type:* `String.t`) - Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity. - * `:"analysisQuery.options.analyzeServiceAccountImpersonation"` (*type:* `boolean()`) - Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.serviceAccounts.getAccessToken` * `iam.serviceAccounts.getOpenIdToken` * `iam.serviceAccounts.implicitDelegation` Default is false. + * `:"analysisQuery.options.analyzeServiceAccountImpersonation"` (*type:* `boolean()`) - Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.serviceAccounts.getAccessToken` * `iam.serviceAccounts.getOpenIdToken` * `iam.serviceAccounts.implicitDelegation` Default is false. * `:"analysisQuery.options.expandGroups"` (*type:* `boolean()`) - Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false. - * `:"analysisQuery.options.expandResources"` (*type:* `boolean()`) - Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false. + * `:"analysisQuery.options.expandResources"` (*type:* `boolean()`) - Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false. * `:"analysisQuery.options.expandRoles"` (*type:* `boolean()`) - Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false. * `:"analysisQuery.options.outputGroupEdges"` (*type:* `boolean()`) - Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false. * `:"analysisQuery.options.outputResourceEdges"` (*type:* `boolean()`) - Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false. * `:"analysisQuery.resourceSelector.fullResourceName"` (*type:* `String.t`) - Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types). * `:executionTimeout` (*type:* `String.t`) - Optional. Amount of time executable has to complete. See JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json). If this field is set with a value less than the RPC deadline, and the execution of your query hasn't finished in the specified execution timeout, you will get a response with partial result. Otherwise, your query's execution will continue until the RPC deadline. If it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default is empty. - * `:savedAnalysisQuery` (*type:* `String.t`) - Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet. + * `:savedAnalysisQuery` (*type:* `String.t`) - Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet. * `opts` (*type:* `keyword()`) - Call options ## Returns @@ -127,7 +127,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do ## Parameters * `connection` (*type:* `GoogleApi.CloudAsset.V1.Connection.t`) - Connection to server - * `v1_id` (*type:* `String.t`) - Part of `analysisQuery.scope`. Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). + * `v1_id` (*type:* `String.t`) - Part of `analysisQuery.scope`. Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). * `v1_id1` (*type:* `String.t`) - Part of `analysisQuery.scope`. See documentation of `v1Id`. * `optional_params` (*type:* `keyword()`) - Optional parameters * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. @@ -203,7 +203,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do ## Parameters * `connection` (*type:* `GoogleApi.CloudAsset.V1.Connection.t`) - Connection to server - * `v1_id` (*type:* `String.t`) - Part of `resource`. Required. Name of the resource to perform the analysis against. Only GCP Project are supported as of today. Hence, this can only be Project ID (such as "projects/my-project-id") or a Project Number (such as "projects/12345"). + * `v1_id` (*type:* `String.t`) - Part of `resource`. Required. Name of the resource to perform the analysis against. Only Google Cloud projects are supported as of today. Hence, this can only be a project ID (such as "projects/my-project-id") or a project number (such as "projects/12345"). * `v1_id1` (*type:* `String.t`) - Part of `resource`. See documentation of `v1Id`. * `optional_params` (*type:* `keyword()`) - Optional parameters * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. @@ -217,7 +217,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). - * `:destinationParent` (*type:* `String.t`) - Required. Name of the GCP Folder or Organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a Folder number (such as "folders/123") or an Organization number (such as "organizations/123"). + * `:destinationParent` (*type:* `String.t`) - Required. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123"). * `:view` (*type:* `String.t`) - Analysis view indicating what information should be included in the analysis response. If unspecified, the default view is FULL. * `opts` (*type:* `keyword()`) - Call options @@ -284,7 +284,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:constraint` (*type:* `String.t`) - Required. The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint. - * `:filter` (*type:* `String.t`) - The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is `consolidated_policy.attached_resource`, and the only supported operator is `=`. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001". + * `:filter` (*type:* `String.t`) - The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. Filtering is currently available for bare literal values and the following fields: * consolidated_policy.attached_resource * consolidated_policy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return all the Organization Policy results attached to "folders/001". * `:pageSize` (*type:* `integer()`) - The maximum number of items to return per page. If unspecified, AnalyzeOrgPoliciesResponse.org_policy_results will contain 20 items with a maximum of 200. * `:pageToken` (*type:* `String.t`) - The pagination token to retrieve the next page. * `opts` (*type:* `keyword()`) - Call options @@ -348,7 +348,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do end @doc """ - Analyzes organization policies governed assets (GCP resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either: * resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types), or * IAM policies. + Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following canned constraints: * constraints/ainotebooks.accessMode * constraints/ainotebooks.disableFileDownloads * constraints/ainotebooks.disableRootAccess * constraints/ainotebooks.disableTerminal * constraints/ainotebooks.environmentOptions * constraints/ainotebooks.requireAutoUpgradeSchedule * constraints/ainotebooks.restrictVpcNetworks * constraints/compute.disableGuestAttributesAccess * constraints/compute.disableInstanceDataAccessApis * constraints/compute.disableNestedVirtualization * constraints/compute.disableSerialPortAccess * constraints/compute.disableSerialPortLogging * constraints/compute.disableVpcExternalIpv6 * constraints/compute.requireOsLogin * constraints/compute.requireShieldedVm * constraints/compute.restrictLoadBalancerCreationForTypes * constraints/compute.restrictProtocolForwardingCreationForTypes * constraints/compute.restrictXpnProjectLienRemoval * constraints/compute.setNewProjectDefaultToZonalDNSOnly * constraints/compute.skipDefaultNetworkCreation * constraints/compute.trustedImageProjects * constraints/compute.vmCanIpForward * constraints/compute.vmExternalIpAccess * constraints/gcp.detailedAuditLoggingMode * constraints/gcp.resourceLocations * constraints/iam.allowedPolicyMemberDomains * constraints/iam.automaticIamGrantsForDefaultServiceAccounts * constraints/iam.disableServiceAccountCreation * constraints/iam.disableServiceAccountKeyCreation * constraints/iam.disableServiceAccountKeyUpload * constraints/iam.restrictCrossProjectServiceAccountLienRemoval * constraints/iam.serviceAccountKeyExpiryHours * constraints/resourcemanager.accessBoundaries * constraints/resourcemanager.allowedExportDestinations * constraints/sql.restrictAuthorizedNetworks * constraints/sql.restrictNoncompliantDiagnosticDataAccess * constraints/sql.restrictNoncompliantResourceCreation * constraints/sql.restrictPublicIp * constraints/storage.publicAccessPrevention * constraints/storage.restrictAuthTypes * constraints/storage.uniformBucketLevelAccess This RPC only returns either resources of types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) or IAM policies. ## Parameters @@ -368,7 +368,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:constraint` (*type:* `String.t`) - Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint. - * `:filter` (*type:* `String.t`) - The expression to filter the governed assets in result. The only supported fields for governed resources are `governed_resource.project` and `governed_resource.folders`. The only supported fields for governed iam policies are `governed_iam_policy.project` and `governed_iam_policy.folders`. The only supported operator is `=`. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable. + * `:filter` (*type:* `String.t`) - The expression to filter AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets. For governed resources, filtering is currently available for bare literal values and the following fields: * governed_resource.project * governed_resource.folders * consolidated_policy.rules.enforce When filtering by `governed_resource.project` or `consolidated_policy.rules.enforce`, the only supported operator is `=`. When filtering by `governed_resource.folders`, the supported operators are `=` and `:`. For example, filtering by `governed_resource.project="projects/12345678"` will return all the governed resources under "projects/12345678", including the project itself if applicable. For governed IAM policies, filtering is currently available for bare literal values and the following fields: * governed_iam_policy.project * governed_iam_policy.folders * consolidated_policy.rules.enforce When filtering by `governed_iam_policy.project` or `consolidated_policy.rules.enforce`, the only supported operator is `=`. When filtering by `governed_iam_policy.folders`, the supported operators are `=` and `:`. For example, filtering by `governed_iam_policy.folders:"folders/12345678"` will return all the governed IAM policies under "folders/001". * `:pageSize` (*type:* `integer()`) - The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will contain 100 items with a maximum of 200. * `:pageToken` (*type:* `String.t`) - The pagination token to retrieve the next page. * `opts` (*type:* `keyword()`) - Call options @@ -452,7 +452,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:constraint` (*type:* `String.t`) - Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint. - * `:filter` (*type:* `String.t`) - The expression to filter the governed containers in result. The only supported field is `parent`, and the only supported operator is `=`. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001". + * `:filter` (*type:* `String.t`) - The expression to filter AnalyzeOrgPolicyGovernedContainersResponse.governed_containers. Filtering is currently available for bare literal values and the following fields: * parent * consolidated_policy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" will return all the containers under "folders/001". * `:pageSize` (*type:* `integer()`) - The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedContainersResponse.governed_containers will contain 100 items with a maximum of 200. * `:pageToken` (*type:* `String.t`) - The pagination token to retrieve the next page. * `opts` (*type:* `keyword()`) - Call options @@ -667,7 +667,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do end @doc """ - Issue a job that queries assets using a SQL statement compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors. + Issue a job that queries assets using a SQL statement compatible with [BigQuery SQL](https://cloud.google.com/bigquery/docs/introduction-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by [BigQuery](https://cloud.google.com/bigquery/docs/best-practices-performance-output). Queries return larger results will result in errors. ## Parameters @@ -750,11 +750,11 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). - * `:assetTypes` (*type:* `list(String.t)`) - Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies attached to asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. + * `:assetTypes` (*type:* `list(String.t)`) - Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies attached to asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. * `:orderBy` (*type:* `String.t`) - Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * resource * assetType * project All the other fields such as repeated fields (e.g., `folders`) and non-primitive fields (e.g., `policy`) are not supported. - * `:pageSize` (*type:* `integer()`) - Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. + * `:pageSize` (*type:* `integer()`) - Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. * `:pageToken` (*type:* `String.t`) - Optional. If present, retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters must be identical to those in the previous call. - * `:query` (*type:* `String.t`) - Optional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) for more information. If not specified or empty, it will search all the IAM policies within the specified `scope`. Note that the query string is compared against each Cloud IAM policy binding, including its principals, roles, and Cloud IAM conditions. The returned Cloud IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the [IAM policy documentation](https://cloud.google.com/iam/help/allow-policies/structure). Examples: * `policy:amy@gmail.com` to find IAM policy bindings that specify user "amy@gmail.com". * `policy:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role. * `policy:comp*` to find IAM policy bindings that contain "comp" as a prefix of any word in the binding. * `policy.role.permissions:storage.buckets.update` to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * `policy.role.permissions:upd*` to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * `resource:organizations/123456` to find IAM policy bindings that are set on "organizations/123456". * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to find IAM policy bindings that are set on the project named "myproject". * `Important` to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions). * `resource:(instance1 OR instance2) policy:amy` to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy". * `roles:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role. * `memberTypes:user` to find IAM policy bindings that contain the principal type "user". + * `:query` (*type:* `String.t`) - Optional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query) for more information. If not specified or empty, it will search all the IAM policies within the specified `scope`. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the [IAM policy documentation](https://cloud.google.com/iam/help/allow-policies/structure). Examples: * `policy:amy@gmail.com` to find IAM policy bindings that specify user "amy@gmail.com". * `policy:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role. * `policy:comp*` to find IAM policy bindings that contain "comp" as a prefix of any word in the binding. * `policy.role.permissions:storage.buckets.update` to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * `policy.role.permissions:upd*` to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * `resource:organizations/123456` to find IAM policy bindings that are set on "organizations/123456". * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to find IAM policy bindings that are set on the project named "myproject". * `Important` to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions). * `resource:(instance1 OR instance2) policy:amy` to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy". * `roles:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role. * `memberTypes:user` to find IAM policy bindings that contain the principal type "user". * `opts` (*type:* `keyword()`) - Call options ## Returns @@ -817,7 +817,7 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do end @doc """ - Searches all Cloud resources within the specified scope, such as a project, folder, or organization. The caller must be granted the `cloudasset.assets.searchAllResources` permission on the desired scope, otherwise the request will be rejected. + Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. The caller must be granted the `cloudasset.assets.searchAllResources` permission on the desired scope, otherwise the request will be rejected. ## Parameters @@ -836,12 +836,12 @@ defmodule GoogleApi.CloudAsset.V1.Api.V1 do * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). - * `:assetTypes` (*type:* `list(String.t)`) - Optional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. - * `:orderBy` (*type:* `String.t`) - Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., `networkTags`, `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) are not supported. - * `:pageSize` (*type:* `integer()`) - Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. + * `:assetTypes` (*type:* `list(String.t)`) - Optional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. + * `:orderBy` (*type:* `String.t`) - Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only the following fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType + * `:pageSize` (*type:* `integer()`) - Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned. * `:pageToken` (*type:* `String.t`) - Optional. If present, then retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters, must be identical to those in the previous call. - * `:query` (*type:* `String.t`) - Optional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Cloud resources whose name contains "Important" as a word. * `name=Important` to find the Cloud resource whose name is exactly "Important". * `displayName:Impor*` to find Cloud resources whose display name contains "Impor" as a prefix of any word in the field. * `location:us-west*` to find Cloud resources whose location contains both "us" and "west" as prefixes. * `labels:prod` to find Cloud resources whose labels contain "prod" as a key or value. * `labels.env:prod` to find Cloud resources that have a label "env" and its value is "prod". * `labels.env:*` to find Cloud resources that have a label "env". * `kmsKey:key` to find Cloud resources encrypted with a customer-managed encryption key whose name contains "key" as a word. This field is deprecated. Please use the `kmsKeys` field to retrieve KMS key information. * `kmsKeys:key` to find Cloud resources encrypted with customer-managed encryption keys whose name contains the word "key". * `relationships:instance-group-1` to find Cloud resources that have relationships with "instance-group-1" in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find compute instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find compute instances that have relationships with "instance-group-1" in the compute instance group resource name, for relationship type "INSTANCE_TO_INSTANCEGROUP". * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain "ACTIVE" as a word. * `createTime<1609459200` to find Cloud resources that were created before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `updateTime>1609459200` to find Cloud resources that were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `Important` to find Cloud resources that contain "Important" as a word in any of the searchable fields. * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any word in any of the searchable fields. * `Important location:(us-west1 OR global)` to find Cloud resources that contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location. - * `:readMask` (*type:* `String.t`) - Optional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only '*' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `"*"`, `"name,location"`, `"name,versionedResources"`. The read_mask paths must be valid field paths listed but not limited to (both snake_case and camelCase are supported): * name * assetType * project * displayName * description * location * tagKeys * tagValues * tagValueIds * labels * networkTags * kmsKey (This field is deprecated. Please use the `kmsKeys` field to retrieve KMS key information.) * kmsKeys * createTime * updateTime * state * additionalAttributes * versionedResources If read_mask is not specified, all fields except versionedResources will be returned. If only '*' is specified, all fields including versionedResources will be returned. Any invalid field path will trigger INVALID_ARGUMENT error. + * `:query` (*type:* `String.t`) - Optional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Google Cloud resources whose name contains `Important` as a word. * `name=Important` to find the Google Cloud resource whose name is exactly `Important`. * `displayName:Impor*` to find Google Cloud resources whose display name contains `Impor` as a prefix of any word in the field. * `location:us-west*` to find Google Cloud resources whose location contains both `us` and `west` as prefixes. * `labels:prod` to find Google Cloud resources whose labels contain `prod` as a key or value. * `labels.env:prod` to find Google Cloud resources that have a label `env` and its value is `prod`. * `labels.env:*` to find Google Cloud resources that have a label `env`. * `tagKeys:env` to find Google Cloud resources that have directly attached tags where the [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey) contains `env`. * `tagValues:prod*` to find Google Cloud resources that have directly attached tags where the [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) contains a word prefixed by `prod`. * `tagValueIds=tagValues/123` to find Google Cloud resources that have directly attached tags where the [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) is exactly `tagValues/123`. * `effectiveTagKeys:env` to find Google Cloud resources that have directly attached or inherited tags where the [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey) contains `env`. * `effectiveTagValues:prod*` to find Google Cloud resources that have directly attached or inherited tags where the [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) contains a word prefixed by `prod`. * `effectiveTagValueIds=tagValues/123` to find Google Cloud resources that have directly attached or inherited tags where the [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) is exactly `tagValues/123`. * `kmsKey:key` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains `key` as a word. This field is deprecated. Use the `kmsKeys` field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word `key`. * `relationships:instance-group-1` to find Google Cloud resources that have relationships with `instance-group-1` in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine instances that have relationships of type `INSTANCE_TO_INSTANCEGROUP`. * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine instances that have relationships with `instance-group-1` in the Compute Engine instance group resource name, for relationship type `INSTANCE_TO_INSTANCEGROUP`. * `sccSecurityMarks.key=value` to find Cloud resources that are attached with security marks whose key is `key` and value is `value`. * `sccSecurityMarks.key:*` to find Cloud resources that are attached with security marks whose key is `key`. * `state:ACTIVE` to find Google Cloud resources whose state contains `ACTIVE` as a word. * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain `ACTIVE` as a word. * `createTime<1609459200` to find Google Cloud resources that were created before `2021-01-01 00:00:00 UTC`. `1609459200` is the epoch timestamp of `2021-01-01 00:00:00 UTC` in seconds. * `updateTime>1609459200` to find Google Cloud resources that were updated after `2021-01-01 00:00:00 UTC`. `1609459200` is the epoch timestamp of `2021-01-01 00:00:00 UTC` in seconds. * `Important` to find Google Cloud resources that contain `Important` as a word in any of the searchable fields. * `Impor*` to find Google Cloud resources that contain `Impor` as a prefix of any word in any of the searchable fields. * `Important location:(us-west1 OR global)` to find Google Cloud resources that contain `Important` as a word in any of the searchable fields and are also located in the `us-west1` region or the `global` location. + * `:readMask` (*type:* `String.t`) - Optional. A comma-separated list of fields that you want returned in the results. The following fields are returned by default if not specified: * `name` * `assetType` * `project` * `folders` * `organization` * `displayName` * `description` * `location` * `labels` * `tags` * `effectiveTags` * `networkTags` * `kmsKeys` * `createTime` * `updateTime` * `state` * `additionalAttributes` * `parentFullResourceName` * `parentAssetType` Some fields of large size, such as `versionedResources`, `attachedResources`, `effectiveTags` etc., are not returned by default, but you can specify them in the `read_mask` parameter if you want to include them. If `"*"` is specified, all [available fields](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/searchAllResources#resourcesearchresult) are returned. Examples: `"name,location"`, `"name,versionedResources"`, `"*"`. Any invalid field path will trigger INVALID_ARGUMENT error. * `opts` (*type:* `keyword()`) - Call options ## Returns diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/metadata.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/metadata.ex index 798ad2b56b..c315f8a98d 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/metadata.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/metadata.ex @@ -20,7 +20,7 @@ defmodule GoogleApi.CloudAsset.V1 do API client metadata for GoogleApi.CloudAsset.V1. """ - @discovery_revision "20221114" + @discovery_revision "20240302" def discovery_revision(), do: @discovery_revision end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_metadata.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_metadata.ex index 599d09ca25..19bb980888 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_metadata.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_metadata.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.AnalyzeIamPolicyLongrunningMetadata do @moduledoc """ - Represents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning rpc. + Represents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning RPC. ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_request.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_request.ex index 7346cba6f9..e46d5243ff 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_request.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_iam_policy_longrunning_request.ex @@ -23,7 +23,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.AnalyzeIamPolicyLongrunningRequest do * `analysisQuery` (*type:* `GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisQuery.t`, *default:* `nil`) - Required. The request query. * `outputConfig` (*type:* `GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisOutputConfig.t`, *default:* `nil`) - Required. Output configuration indicating where the results will be output to. - * `savedAnalysisQuery` (*type:* `String.t`, *default:* `nil`) - Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet. + * `savedAnalysisQuery` (*type:* `String.t`, *default:* `nil`) - Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_move_response.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_move_response.ex index ab146e53a4..5d618da659 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_move_response.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyze_move_response.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.AnalyzeMoveResponse do ## Attributes - * `moveAnalysis` (*type:* `list(GoogleApi.CloudAsset.V1.Model.MoveAnalysis.t)`, *default:* `nil`) - The list of analyses returned from performing the intended resource move analysis. The analysis is grouped by different Cloud services. + * `moveAnalysis` (*type:* `list(GoogleApi.CloudAsset.V1.Model.MoveAnalysis.t)`, *default:* `nil`) - The list of analyses returned from performing the intended resource move analysis. The analysis is grouped by different Google Cloud services. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyzer_org_policy.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyzer_org_policy.ex index e7ebff3f3a..e4dbc53402 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyzer_org_policy.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/analyzer_org_policy.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy do @moduledoc """ - This organization policy message is a modified version of the one defined in the OrgPolicy system. This message contains several fields defined in the original organization policy with some new fields for analysis purpose. + This organization policy message is a modified version of the one defined in the Organization Policy system. This message contains several fields defined in the original organization policy with some new fields for analysis purpose. ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/asset.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/asset.ex index 24b4f68986..dee0366ebb 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/asset.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/asset.ex @@ -17,22 +17,22 @@ defmodule GoogleApi.CloudAsset.V1.Model.Asset do @moduledoc """ - An asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. + An asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. ## Attributes - * `accessLevel` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1AccessLevel.t`, *default:* `nil`) - Please also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). - * `accessPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1AccessPolicy.t`, *default:* `nil`) - Please also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). + * `accessLevel` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1AccessLevel.t`, *default:* `nil`) - Also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). + * `accessPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1AccessPolicy.t`, *default:* `nil`) - Also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). * `ancestors` (*type:* `list(String.t)`, *default:* `nil`) - The ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]` * `assetType` (*type:* `String.t`, *default:* `nil`) - The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. - * `iamPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.Policy.t`, *default:* `nil`) - A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information. + * `iamPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.Policy.t`, *default:* `nil`) - A representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information. * `name` (*type:* `String.t`, *default:* `nil`) - The full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. * `orgPolicy` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleCloudOrgpolicyV1Policy.t)`, *default:* `nil`) - A representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource. * `osInventory` (*type:* `GoogleApi.CloudAsset.V1.Model.Inventory.t`, *default:* `nil`) - A representation of runtime OS Inventory information. See [this topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) for more information. * `relatedAsset` (*type:* `GoogleApi.CloudAsset.V1.Model.RelatedAsset.t`, *default:* `nil`) - One related asset of the current asset. * `relatedAssets` (*type:* `GoogleApi.CloudAsset.V1.Model.RelatedAssets.t`, *default:* `nil`) - DEPRECATED. This field only presents for the purpose of backward-compatibility. The server will never generate responses with this field. The related assets of the asset of one relationship type. One asset only represents one type of relationship. * `resource` (*type:* `GoogleApi.CloudAsset.V1.Model.Resource.t`, *default:* `nil`) - A representation of the resource. - * `servicePerimeter` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeter.t`, *default:* `nil`) - Please also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview). + * `servicePerimeter` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeter.t`, *default:* `nil`) - Also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview). * `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - The last update timestamp of an asset. update_time is updated when create/update/delete operation is performed. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/attached_resource.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/attached_resource.ex index 14d060eebc..08d3ba385b 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/attached_resource.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/attached_resource.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.AttachedResource do ## Attributes - * `assetType` (*type:* `String.t`, *default:* `nil`) - The type of this attached resource. Example: `osconfig.googleapis.com/Inventory` You can find the supported attached asset types of each resource in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types` + * `assetType` (*type:* `String.t`, *default:* `nil`) - The type of this attached resource. Example: `osconfig.googleapis.com/Inventory` You can find the supported attached asset types of each resource in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types` * `versionedResources` (*type:* `list(GoogleApi.CloudAsset.V1.Model.VersionedResource.t)`, *default:* `nil`) - Versioned resource representations of this attached resource. This is repeated because there could be multiple versions of the attached resource representations during version migration. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/binding.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/binding.ex index 95fe705fc5..4f6951a252 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/binding.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/binding.ex @@ -22,8 +22,8 @@ defmodule GoogleApi.CloudAsset.V1.Model.Binding do ## Attributes * `condition` (*type:* `GoogleApi.CloudAsset.V1.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). - * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. - * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. + * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/condition_evaluation.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/condition_evaluation.ex index 3529b499d0..58e23f14d3 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/condition_evaluation.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/condition_evaluation.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.ConditionEvaluation do @moduledoc """ - The Condition evaluation. + The condition evaluation. ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/effective_tag_details.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/effective_tag_details.ex new file mode 100644 index 0000000000..e61696ce5a --- /dev/null +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/effective_tag_details.ex @@ -0,0 +1,49 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails do + @moduledoc """ + The effective tags and the ancestor resources from which they were inherited. + + ## Attributes + + * `attachedResource` (*type:* `String.t`, *default:* `nil`) - The [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which an effective_tag is inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). + * `effectiveTags` (*type:* `list(GoogleApi.CloudAsset.V1.Model.Tag.t)`, *default:* `nil`) - The effective tags inherited from the attached_resource. Note that tags with the same key but different values may attach to resources at a different hierarchy levels. The lower hierarchy tag value will overwrite the higher hierarchy tag value of the same tag key. In this case, the tag value at the higher hierarchy level will be removed. For more information, see [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :attachedResource => String.t() | nil, + :effectiveTags => list(GoogleApi.CloudAsset.V1.Model.Tag.t()) | nil + } + + field(:attachedResource) + field(:effectiveTags, as: GoogleApi.CloudAsset.V1.Model.Tag, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails do + def decode(value, options) do + GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/gcs_destination.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/gcs_destination.ex index c9c6c6b8cc..f6b480a468 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/gcs_destination.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/gcs_destination.ex @@ -21,8 +21,8 @@ defmodule GoogleApi.CloudAsset.V1.Model.GcsDestination do ## Attributes - * `uri` (*type:* `String.t`, *default:* `nil`) - The uri of the Cloud Storage object. It's the same uri that is used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information. If the specified Cloud Storage object already exists and there is no [hold](https://cloud.google.com/storage/docs/object-holds), it will be overwritten with the exported result. - * `uriPrefix` (*type:* `String.t`, *default:* `nil`) - The uri prefix of all generated Cloud Storage objects. Example: "gs://bucket_name/object_name_prefix". Each object uri is in format: "gs://bucket_name/object_name_prefix// and only contains assets for that type. starts from 0. Example: "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is the first shard of output objects containing all compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be returned if file with the same name "gs://bucket_name/object_name_prefix" already exists. + * `uri` (*type:* `String.t`, *default:* `nil`) - The URI of the Cloud Storage object. It's the same URI that is used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information. If the specified Cloud Storage object already exists and there is no [hold](https://cloud.google.com/storage/docs/object-holds), it will be overwritten with the exported result. + * `uriPrefix` (*type:* `String.t`, *default:* `nil`) - The URI prefix of all generated Cloud Storage objects. Example: "gs://bucket_name/object_name_prefix". Each object URI is in format: "gs://bucket_name/object_name_prefix// and only contains assets for that type. starts from 0. Example: "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is the first shard of output objects containing all compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be returned if file with the same name "gs://bucket_name/object_name_prefix" already exists. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_asset.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_asset.ex index ac250d13f9..624ffb05a0 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_asset.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_asset.ex @@ -17,13 +17,13 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset do @moduledoc """ - Represents a GCP asset(resource or IAM policy) governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. + Represents a Google Cloud asset(resource or IAM policy) governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. ## Attributes * `consolidatedPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t`, *default:* `nil`) - The consolidated policy for the analyzed asset. The consolidated policy is computed by merging and evaluating AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy). * `governedIamPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy.t`, *default:* `nil`) - An IAM policy governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. - * `governedResource` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource.t`, *default:* `nil`) - A GCP resource governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. + * `governedResource` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource.t`, *default:* `nil`) - A Google Cloud resource governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. * `policyBundle` (*type:* `list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t)`, *default:* `nil`) - The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_iam_policy.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_iam_policy.ex index ebb5db6248..74cd1bfb1c 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_iam_policy.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_iam_policy.ex @@ -21,16 +21,18 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovern ## Attributes - * `attachedResource` (*type:* `String.t`, *default:* `nil`) - The full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information. - * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs(directly or cascadingly) to one or more folders. - * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs(directly or cascadingly) to an organization. + * `assetType` (*type:* `String.t`, *default:* `nil`) - The asset type of the AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource. Example: `cloudresourcemanager.googleapis.com/Project` See [Cloud Asset Inventory Supported Asset Types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for all supported asset types. + * `attachedResource` (*type:* `String.t`, *default:* `nil`) - The full resource name of the resource on which this IAM policy is set. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information. + * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this IAM policy belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to one or more folders. + * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this IAM policy belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to an organization. * `policy` (*type:* `GoogleApi.CloudAsset.V1.Model.Policy.t`, *default:* `nil`) - The IAM policy directly set on the given resource. - * `project` (*type:* `String.t`, *default:* `nil`) - The project that this IAM policy belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the IAM policy belongs to a project. + * `project` (*type:* `String.t`, *default:* `nil`) - The project that this IAM policy belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the IAM policy belongs to a project. """ use GoogleApi.Gax.ModelBase @type t :: %__MODULE__{ + :assetType => String.t() | nil, :attachedResource => String.t() | nil, :folders => list(String.t()) | nil, :organization => String.t() | nil, @@ -38,6 +40,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovern :project => String.t() | nil } + field(:assetType) field(:attachedResource) field(:folders, type: :list) field(:organization) diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_resource.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_resource.ex index 7dbb6236f6..1b7bfdcda6 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_resource.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_analyze_org_policy_governed_assets_response_governed_resource.ex @@ -17,20 +17,24 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource do @moduledoc """ - The GCP resources governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. + The Google Cloud resources governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint. ## Attributes - * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this resource belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the resource belongs(directly or cascadingly) to one or more folders. - * `fullResourceName` (*type:* `String.t`, *default:* `nil`) - The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the GCP resource. - * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this resource belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs(directly or cascadingly) to an organization. + * `assetType` (*type:* `String.t`, *default:* `nil`) - The asset type of the AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name Example: `cloudresourcemanager.googleapis.com/Project` See [Cloud Asset Inventory Supported Asset Types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for all supported asset types. + * `effectiveTags` (*type:* `list(GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.t)`, *default:* `nil`) - The effective tags on this resource. + * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this resource belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to one or more folders. + * `fullResourceName` (*type:* `String.t`, *default:* `nil`) - The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the Google Cloud resource. + * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this resource belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization. * `parent` (*type:* `String.t`, *default:* `nil`) - The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the parent of AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name. - * `project` (*type:* `String.t`, *default:* `nil`) - The project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project. + * `project` (*type:* `String.t`, *default:* `nil`) - The project that this resource belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project. """ use GoogleApi.Gax.ModelBase @type t :: %__MODULE__{ + :assetType => String.t() | nil, + :effectiveTags => list(GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.t()) | nil, :folders => list(String.t()) | nil, :fullResourceName => String.t() | nil, :organization => String.t() | nil, @@ -38,6 +42,8 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AnalyzeOrgPolicyGovern :project => String.t() | nil } + field(:assetType) + field(:effectiveTags, as: GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails, type: :list) field(:folders, type: :list) field(:fullResourceName) field(:organization) diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_custom_constraint.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_custom_constraint.ex index df8aa293bf..35a0f0a123 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_custom_constraint.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_custom_constraint.ex @@ -22,7 +22,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1CustomConstraint do ## Attributes * `actionType` (*type:* `String.t`, *default:* `nil`) - Allow or deny type. - * `condition` (*type:* `String.t`, *default:* `nil`) - Organization policy condition/expression. For example: `resource.instanceName.matches("[production|test]_.*_(\\d)+")'` or, `resource.management.auto_upgrade == true` + * `condition` (*type:* `String.t`, *default:* `nil`) - Organization Policy condition/expression. For example: `resource.instanceName.matches("[production|test]_.*_(\\d)+")'` or, `resource.management.auto_upgrade == true` * `description` (*type:* `String.t`, *default:* `nil`) - Detailed information about this custom policy constraint. * `displayName` (*type:* `String.t`, *default:* `nil`) - One line display name for the UI. * `methodTypes` (*type:* `list(String.t)`, *default:* `nil`) - All the operations being applied for this constraint. diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_gcs_destination.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_gcs_destination.ex index ff39a6b8e9..0a80c9efd3 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_gcs_destination.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_gcs_destination.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1GcsDestination do ## Attributes - * `uri` (*type:* `String.t`, *default:* `nil`) - Required. The uri of the Cloud Storage object. It's the same uri that is used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information. If the specified Cloud Storage object already exists and there is no [hold](https://cloud.google.com/storage/docs/object-holds), it will be overwritten with the analysis result. + * `uri` (*type:* `String.t`, *default:* `nil`) - Required. The URI of the Cloud Storage object. It's the same URI that is used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information. If the specified Cloud Storage object already exists and there is no [hold](https://cloud.google.com/storage/docs/object-holds), it will be overwritten with the analysis result. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_governed_container.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_governed_container.ex index 0d0cb0a8ae..8d17768844 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_governed_container.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_governed_container.ex @@ -22,24 +22,36 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1GovernedContainer do ## Attributes * `consolidatedPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t`, *default:* `nil`) - The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy). + * `effectiveTags` (*type:* `list(GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.t)`, *default:* `nil`) - The effective tags on this resource. + * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this resource belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to one or more folders. * `fullResourceName` (*type:* `String.t`, *default:* `nil`) - The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of an organization/folder/project resource. + * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this resource belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization. * `parent` (*type:* `String.t`, *default:* `nil`) - The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the parent of AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.full_resource_name. * `policyBundle` (*type:* `list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t)`, *default:* `nil`) - The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. + * `project` (*type:* `String.t`, *default:* `nil`) - The project that this resource belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project. """ use GoogleApi.Gax.ModelBase @type t :: %__MODULE__{ :consolidatedPolicy => GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t() | nil, + :effectiveTags => list(GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.t()) | nil, + :folders => list(String.t()) | nil, :fullResourceName => String.t() | nil, + :organization => String.t() | nil, :parent => String.t() | nil, - :policyBundle => list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t()) | nil + :policyBundle => list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t()) | nil, + :project => String.t() | nil } field(:consolidatedPolicy, as: GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy) + field(:effectiveTags, as: GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails, type: :list) + field(:folders, type: :list) field(:fullResourceName) + field(:organization) field(:parent) field(:policyBundle, as: GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy, type: :list) + field(:project) end defimpl Poison.Decoder, for: GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1GovernedContainer do diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_identity.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_identity.ex index 49204fc9f2..5da02f9e97 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_identity.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_identity.ex @@ -22,7 +22,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1Identity do ## Attributes * `analysisState` (*type:* `GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisState.t`, *default:* `nil`) - The analysis state of this identity. - * `name` (*type:* `String.t`, *default:* `nil`) - The identity name in any form of members appear in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such as: - user:foo@google.com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id - domain:google.com - allUsers - etc. + * `name` (*type:* `String.t`, *default:* `nil`) - The identity of members, formatted as appear in an [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For example, they might be formatted like the following: - user:foo@google.com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id - domain:google.com - allUsers """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_list_constraint.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_list_constraint.ex index 30bab4548d..fff84fa7ed 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_list_constraint.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_list_constraint.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1ListConstraint do @moduledoc """ - A `Constraint` that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a `Policy`. + A `Constraint` that allows or disallows a list of string values, which are configured by an organization's policy administrator with a `Policy`. ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_rule.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_rule.ex index c648a2b765..aab83ebac3 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_rule.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1_rule.ex @@ -17,15 +17,16 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1Rule do @moduledoc """ - Represents a rule defined in an organization policy + This rule message is a customized version of the one defined in the Organization Policy system. In addition to the fields defined in the original organization policy, it contains additional field(s) under specific circumstances to support analysis results. ## Attributes * `allowAll` (*type:* `boolean()`, *default:* `nil`) - Setting this to true means that all values are allowed. This field can be set only in Policies for list constraints. * `condition` (*type:* `GoogleApi.CloudAsset.V1.Model.Expr.t`, *default:* `nil`) - The evaluating condition for this rule. + * `conditionEvaluation` (*type:* `GoogleApi.CloudAsset.V1.Model.ConditionEvaluation.t`, *default:* `nil`) - The condition evaluation result for this rule. Only populated if it meets all the following criteria: * There is a condition defined for this rule. * This rule is within AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy, or AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy when the AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset has AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource. * `denyAll` (*type:* `boolean()`, *default:* `nil`) - Setting this to true means that all values are denied. This field can be set only in Policies for list constraints. * `enforce` (*type:* `boolean()`, *default:* `nil`) - If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. - * `values` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1StringValues.t`, *default:* `nil`) - List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. + * `values` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1StringValues.t`, *default:* `nil`) - List of values to be used for this policy rule. This field can be set only in policies for list constraints. """ use GoogleApi.Gax.ModelBase @@ -33,6 +34,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1Rule do @type t :: %__MODULE__{ :allowAll => boolean() | nil, :condition => GoogleApi.CloudAsset.V1.Model.Expr.t() | nil, + :conditionEvaluation => GoogleApi.CloudAsset.V1.Model.ConditionEvaluation.t() | nil, :denyAll => boolean() | nil, :enforce => boolean() | nil, :values => GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1StringValues.t() | nil @@ -40,6 +42,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1Rule do field(:allowAll) field(:condition, as: GoogleApi.CloudAsset.V1.Model.Expr) + field(:conditionEvaluation, as: GoogleApi.CloudAsset.V1.Model.ConditionEvaluation) field(:denyAll) field(:enforce) field(:values, as: GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1StringValues) diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_asset.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_asset.ex index 1ae0428125..155ff77a97 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_asset.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_asset.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1p7beta1Asset do @moduledoc """ - An asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. + An asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. ## Attributes @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1p7beta1Asset do * `accessPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1AccessPolicy.t`, *default:* `nil`) - Please also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). * `ancestors` (*type:* `list(String.t)`, *default:* `nil`) - The ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]` * `assetType` (*type:* `String.t`, *default:* `nil`) - The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. - * `iamPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.Policy.t`, *default:* `nil`) - A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information. + * `iamPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.Policy.t`, *default:* `nil`) - A representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information. * `name` (*type:* `String.t`, *default:* `nil`) - The full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. * `orgPolicy` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleCloudOrgpolicyV1Policy.t)`, *default:* `nil`) - A representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource. * `relatedAssets` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1p7beta1RelatedAssets.t`, *default:* `nil`) - The related assets of the asset of one relationship type. One asset only represents one type of relationship. diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_related_asset.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_related_asset.ex index 2ca9e8b11e..29e3553dba 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_related_asset.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_related_asset.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1p7beta1RelatedAsset do @moduledoc """ - An asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. + An asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_resource.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_resource.ex index 200894d9cd..103bf0996d 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_resource.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_cloud_asset_v1p7beta1_resource.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1p7beta1Resource do * `discoveryDocumentUri` (*type:* `String.t`, *default:* `nil`) - The URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable. * `discoveryName` (*type:* `String.t`, *default:* `nil`) - The JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable. * `location` (*type:* `String.t`, *default:* `nil`) - The location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/. - * `parent` (*type:* `String.t`, *default:* `nil`) - The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently. + * `parent` (*type:* `String.t`, *default:* `nil`) - The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently. * `resourceUrl` (*type:* `String.t`, *default:* `nil`) - The REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API. * `version` (*type:* `String.t`, *default:* `nil`) - The API version. Example: `v1` """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_access_policy.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_access_policy.ex index 8605b37f0e..08f05a01ff 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_access_policy.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_access_policy.ex @@ -24,7 +24,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Acce * `etag` (*type:* `String.t`, *default:* `nil`) - Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format. * `name` (*type:* `String.t`, *default:* `nil`) - Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}` * `parent` (*type:* `String.t`, *default:* `nil`) - Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}` - * `scopes` (*type:* `list(String.t)`, *default:* `nil`) - The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}` + * `scopes` (*type:* `list(String.t)`, *default:* `nil`) - The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}` * `title` (*type:* `String.t`, *default:* `nil`) - Required. Human readable title. Does not affect behavior. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_condition.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_condition.ex index 095ca69b11..98205cec8e 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_condition.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_condition.ex @@ -24,9 +24,10 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Cond * `devicePolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1DevicePolicy.t`, *default:* `nil`) - Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed. * `ipSubnetworks` (*type:* `list(String.t)`, *default:* `nil`) - CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. * `members` (*type:* `list(String.t)`, *default:* `nil`) - The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may come from any user. - * `negate` (*type:* `boolean()`, *default:* `nil`) - Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. + * `negate` (*type:* `boolean()`, *default:* `nil`) - Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false. * `regions` (*type:* `list(String.t)`, *default:* `nil`) - The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes. * `requiredAccessLevels` (*type:* `list(String.t)`, *default:* `nil`) - A list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` + * `vpcNetworkSources` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource.t)`, *default:* `nil`) - The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`. """ use GoogleApi.Gax.ModelBase @@ -39,7 +40,12 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Cond :members => list(String.t()) | nil, :negate => boolean() | nil, :regions => list(String.t()) | nil, - :requiredAccessLevels => list(String.t()) | nil + :requiredAccessLevels => list(String.t()) | nil, + :vpcNetworkSources => + list( + GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource.t() + ) + | nil } field(:devicePolicy, @@ -51,6 +57,11 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Cond field(:negate) field(:regions, type: :list) field(:requiredAccessLevels, type: :list) + + field(:vpcNetworkSources, + as: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource, + type: :list + ) end defimpl Poison.Decoder, diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_from.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_from.ex index f9685817f2..a3d530478e 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_from.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_from.ex @@ -21,19 +21,33 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Egre ## Attributes - * `identities` (*type:* `list(String.t)`, *default:* `nil`) - A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only. + * `identities` (*type:* `list(String.t)`, *default:* `nil`) - A list of identities that are allowed access through this [EgressPolicy], in the format of `user:{email_id}` or `serviceAccount:{email_id}`. * `identityType` (*type:* `String.t`, *default:* `nil`) - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access. + * `sourceRestriction` (*type:* `String.t`, *default:* `nil`) - Whether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * `sources` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource.t)`, *default:* `nil`) - Sources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`. """ use GoogleApi.Gax.ModelBase @type t :: %__MODULE__{ :identities => list(String.t()) | nil, - :identityType => String.t() | nil + :identityType => String.t() | nil, + :sourceRestriction => String.t() | nil, + :sources => + list( + GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource.t() + ) + | nil } field(:identities, type: :list) field(:identityType) + field(:sourceRestriction) + + field(:sources, + as: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource, + type: :list + ) end defimpl Poison.Decoder, diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_source.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_source.ex new file mode 100644 index 0000000000..da61ddcdc6 --- /dev/null +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_egress_source.ex @@ -0,0 +1,51 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource do + @moduledoc """ + The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries. + + ## Attributes + + * `accessLevel` (*type:* `String.t`, *default:* `nil`) - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :accessLevel => String.t() | nil + } + + field(:accessLevel) +end + +defimpl Poison.Decoder, + for: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource do + def decode(value, options) do + GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource.decode( + value, + options + ) + end +end + +defimpl Poison.Encoder, + for: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_from.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_from.ex index 1a97001822..c488b2df01 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_from.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_from.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Ingr ## Attributes - * `identities` (*type:* `list(String.t)`, *default:* `nil`) - A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only. + * `identities` (*type:* `list(String.t)`, *default:* `nil`) - A list of identities that are allowed access through this ingress policy, in the format of `user:{email_id}` or `serviceAccount:{email_id}`. * `identityType` (*type:* `String.t`, *default:* `nil`) - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access. * `sources` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1IngressSource.t)`, *default:* `nil`) - Sources that this IngressPolicy authorizes access from. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_source.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_source.ex index d34555bbd6..7d45d29e70 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_source.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_ingress_source.ex @@ -22,7 +22,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Ingr ## Attributes * `accessLevel` (*type:* `String.t`, *default:* `nil`) - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed. - * `resource` (*type:* `String.t`, *default:* `nil`) - A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed. Format: `projects/{project_number}` The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported. + * `resource` (*type:* `String.t`, *default:* `nil`) - A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_method_selector.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_method_selector.ex index 5198f5a720..497d6b46e6 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_method_selector.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_method_selector.ex @@ -21,8 +21,8 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Meth ## Attributes - * `method` (*type:* `String.t`, *default:* `nil`) - Value for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed. - * `permission` (*type:* `String.t`, *default:* `nil`) - Value for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation. + * `method` (*type:* `String.t`, *default:* `nil`) - A valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed. + * `permission` (*type:* `String.t`, *default:* `nil`) - A valid Cloud IAM permission for the corresponding `service_name` in ApiOperation. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter.ex index cb2c44403a..3fbd24c48e 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter.ex @@ -17,13 +17,13 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeter do @moduledoc """ - `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges. + `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges. ## Attributes * `description` (*type:* `String.t`, *default:* `nil`) - Description of the `ServicePerimeter` and its use. Does not affect behavior. * `name` (*type:* `String.t`, *default:* `nil`) - Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. - * `perimeterType` (*type:* `String.t`, *default:* `nil`) - Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. + * `perimeterType` (*type:* `String.t`, *default:* `nil`) - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. * `spec` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig.t`, *default:* `nil`) - Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set. * `status` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig.t`, *default:* `nil`) - Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries. * `title` (*type:* `String.t`, *default:* `nil`) - Human readable title. Must be unique within the Policy. diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter_config.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter_config.ex index d88817f1ed..b230678b43 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter_config.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_service_perimeter_config.ex @@ -24,7 +24,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1Serv * `accessLevels` (*type:* `list(String.t)`, *default:* `nil`) - A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty. * `egressPolicies` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressPolicy.t)`, *default:* `nil`) - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge. * `ingressPolicies` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1IngressPolicy.t)`, *default:* `nil`) - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge. - * `resources` (*type:* `list(String.t)`, *default:* `nil`) - A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}` + * `resources` (*type:* `list(String.t)`, *default:* `nil`) - A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. * `restrictedServices` (*type:* `list(String.t)`, *default:* `nil`) - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. * `vpcAccessibleServices` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices.t`, *default:* `nil`) - Configuration for APIs allowed within Perimeter. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_vpc_network_source.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_vpc_network_source.ex new file mode 100644 index 0000000000..a007c2a157 --- /dev/null +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_vpc_network_source.ex @@ -0,0 +1,55 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource do + @moduledoc """ + The originating network source in Google Cloud. + + ## Attributes + + * `vpcSubnetwork` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork.t`, *default:* `nil`) - Sub-segment ranges of a VPC network. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :vpcSubnetwork => + GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork.t() + | nil + } + + field(:vpcSubnetwork, + as: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork + ) +end + +defimpl Poison.Decoder, + for: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource do + def decode(value, options) do + GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource.decode( + value, + options + ) + end +end + +defimpl Poison.Encoder, + for: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcNetworkSource do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_vpc_sub_network.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_vpc_sub_network.ex new file mode 100644 index 0000000000..97abf37e1e --- /dev/null +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/google_identity_accesscontextmanager_v1_vpc_sub_network.ex @@ -0,0 +1,54 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork do + @moduledoc """ + Sub-segment ranges inside of a VPC Network. + + ## Attributes + + * `network` (*type:* `String.t`, *default:* `nil`) - Required. Network name. If the network is not part of the organization, the `compute.network.get` permission must be granted to the caller. Format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME}` Example: `//compute.googleapis.com/projects/my-project/global/networks/network-1` + * `vpcIpSubnetworks` (*type:* `list(String.t)`, *default:* `nil`) - CIDR block IP subnetwork specification. The IP address must be an IPv4 address and can be a public or private IP address. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. If empty, all IP addresses are allowed. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :network => String.t() | nil, + :vpcIpSubnetworks => list(String.t()) | nil + } + + field(:network) + field(:vpcIpSubnetworks, type: :list) +end + +defimpl Poison.Decoder, + for: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork do + def decode(value, options) do + GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork.decode( + value, + options + ) + end +end + +defimpl Poison.Encoder, + for: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcSubNetwork do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_query.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_query.ex index 603338874d..14c28e1677 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_query.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_query.ex @@ -26,7 +26,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisQuery do * `identitySelector` (*type:* `GoogleApi.CloudAsset.V1.Model.IdentitySelector.t`, *default:* `nil`) - Optional. Specifies an identity for analysis. * `options` (*type:* `GoogleApi.CloudAsset.V1.Model.Options.t`, *default:* `nil`) - Optional. The query options. * `resourceSelector` (*type:* `GoogleApi.CloudAsset.V1.Model.ResourceSelector.t`, *default:* `nil`) - Optional. Specifies a resource for analysis. - * `scope` (*type:* `String.t`, *default:* `nil`) - Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). + * `scope` (*type:* `String.t`, *default:* `nil`) - Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_result.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_result.ex index 470452f70e..a537673077 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_result.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_analysis_result.ex @@ -24,7 +24,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisResult do * `accessControlLists` (*type:* `list(GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1AccessControlList.t)`, *default:* `nil`) - The access control lists derived from the iam_binding that match or potentially match resource and access selectors specified in the request. * `attachedResourceFullName` (*type:* `String.t`, *default:* `nil`) - The [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the resource to which the iam_binding policy attaches. * `fullyExplored` (*type:* `boolean()`, *default:* `nil`) - Represents whether all analyses on the iam_binding have successfully finished. - * `iamBinding` (*type:* `GoogleApi.CloudAsset.V1.Model.Binding.t`, *default:* `nil`) - The Cloud IAM policy binding under analysis. + * `iamBinding` (*type:* `GoogleApi.CloudAsset.V1.Model.Binding.t`, *default:* `nil`) - The IAM policy binding under analysis. * `identityList` (*type:* `GoogleApi.CloudAsset.V1.Model.GoogleCloudAssetV1IdentityList.t`, *default:* `nil`) - The identity list derived from members of the iam_binding that match or potentially match identity selector specified in the request. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_search_result.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_search_result.ex index 74b451c1d7..4d8141b6f5 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_search_result.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/iam_policy_search_result.ex @@ -26,7 +26,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.IamPolicySearchResult do * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that the IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs to one or more folders. To search against `folders`: * use a field query. Example: `folders:(123 OR 456)` * use a free text query. Example: `123` * specify the `scope` field as this folder in your search request. * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that the IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs to an organization. To search against `organization`: * use a field query. Example: `organization:123` * use a free text query. Example: `123` * specify the `scope` field as this organization in your search request. * `policy` (*type:* `GoogleApi.CloudAsset.V1.Model.Policy.t`, *default:* `nil`) - The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g., an empty query), this contains all the bindings. To search against the `policy` bindings: * use a field query: - query by the policy contained members. Example: `policy:amy@gmail.com` - query by the policy contained roles. Example: `policy:roles/compute.admin` - query by the policy contained roles' included permissions. Example: `policy.role.permissions:compute.instances.create` - * `project` (*type:* `String.t`, *default:* `nil`) - The project that the associated GCP resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request. + * `project` (*type:* `String.t`, *default:* `nil`) - The project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request. * `resource` (*type:* `String.t`, *default:* `nil`) - The full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information. To search against the `resource`: * use a field query. Example: `resource:organizations/123` """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/move_analysis.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/move_analysis.ex index d0dd0f066a..ac514cefc9 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/move_analysis.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/move_analysis.ex @@ -22,7 +22,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.MoveAnalysis do ## Attributes * `analysis` (*type:* `GoogleApi.CloudAsset.V1.Model.MoveAnalysisResult.t`, *default:* `nil`) - Analysis result of moving the target resource. - * `displayName` (*type:* `String.t`, *default:* `nil`) - The user friendly display name of the analysis. E.g. IAM, Organization Policy etc. + * `displayName` (*type:* `String.t`, *default:* `nil`) - The user friendly display name of the analysis. E.g. IAM, organization policy etc. * `error` (*type:* `GoogleApi.CloudAsset.V1.Model.Status.t`, *default:* `nil`) - Description of error encountered when performing the analysis. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/operation.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/operation.ex index 9c39d1654d..602f5cfc18 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/operation.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/operation.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.Operation do * `error` (*type:* `GoogleApi.CloudAsset.V1.Model.Status.t`, *default:* `nil`) - The error result of the operation in case of failure or cancellation. * `metadata` (*type:* `map()`, *default:* `nil`) - Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. * `name` (*type:* `String.t`, *default:* `nil`) - The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. - * `response` (*type:* `map()`, *default:* `nil`) - The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. + * `response` (*type:* `map()`, *default:* `nil`) - The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/options.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/options.ex index 4e9cfadec1..59a62dce96 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/options.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/options.ex @@ -21,9 +21,9 @@ defmodule GoogleApi.CloudAsset.V1.Model.Options do ## Attributes - * `analyzeServiceAccountImpersonation` (*type:* `boolean()`, *default:* `nil`) - Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.serviceAccounts.getAccessToken` * `iam.serviceAccounts.getOpenIdToken` * `iam.serviceAccounts.implicitDelegation` Default is false. + * `analyzeServiceAccountImpersonation` (*type:* `boolean()`, *default:* `nil`) - Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * `iam.serviceAccounts.actAs` * `iam.serviceAccounts.signBlob` * `iam.serviceAccounts.signJwt` * `iam.serviceAccounts.getAccessToken` * `iam.serviceAccounts.getOpenIdToken` * `iam.serviceAccounts.implicitDelegation` Default is false. * `expandGroups` (*type:* `boolean()`, *default:* `nil`) - Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false. - * `expandResources` (*type:* `boolean()`, *default:* `nil`) - Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false. + * `expandResources` (*type:* `boolean()`, *default:* `nil`) - Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false. * `expandRoles` (*type:* `boolean()`, *default:* `nil`) - Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false. * `outputGroupEdges` (*type:* `boolean()`, *default:* `nil`) - Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false. * `outputResourceEdges` (*type:* `boolean()`, *default:* `nil`) - Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false. diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/org_policy_result.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/org_policy_result.ex index dfa8bdc6ef..b6904b1a42 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/org_policy_result.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/org_policy_result.ex @@ -22,18 +22,27 @@ defmodule GoogleApi.CloudAsset.V1.Model.OrgPolicyResult do ## Attributes * `consolidatedPolicy` (*type:* `GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t`, *default:* `nil`) - The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating AnalyzeOrgPoliciesResponse.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy). + * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this consolidated policy belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the consolidated policy belongs (directly or cascadingly) to one or more folders. + * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this consolidated policy belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the consolidated policy belongs (directly or cascadingly) to an organization. * `policyBundle` (*type:* `list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t)`, *default:* `nil`) - The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. + * `project` (*type:* `String.t`, *default:* `nil`) - The project that this consolidated policy belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the consolidated policy belongs to a project. """ use GoogleApi.Gax.ModelBase @type t :: %__MODULE__{ :consolidatedPolicy => GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t() | nil, - :policyBundle => list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t()) | nil + :folders => list(String.t()) | nil, + :organization => String.t() | nil, + :policyBundle => list(GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy.t()) | nil, + :project => String.t() | nil } field(:consolidatedPolicy, as: GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy) + field(:folders, type: :list) + field(:organization) field(:policyBundle, as: GoogleApi.CloudAsset.V1.Model.AnalyzerOrgPolicy, type: :list) + field(:project) end defimpl Poison.Decoder, for: GoogleApi.CloudAsset.V1.Model.OrgPolicyResult do diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/policy.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/policy.ex index f51529c059..4e31f43f13 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/policy.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/policy.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.Policy do @moduledoc """ - An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_assets_request.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_assets_request.ex index 83bef8108b..92fa2d79da 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_assets_request.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_assets_request.ex @@ -27,7 +27,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.QueryAssetsRequest do * `pageToken` (*type:* `String.t`, *default:* `nil`) - Optional. A page token received from previous `QueryAssets`. The field will be ignored when [output_config] is specified. * `readTime` (*type:* `DateTime.t`, *default:* `nil`) - Optional. Queries cloud assets as they appeared at the specified point in time. * `readTimeWindow` (*type:* `GoogleApi.CloudAsset.V1.Model.TimeWindow.t`, *default:* `nil`) - Optional. [start_time] is required. [start_time] must be less than [end_time] Defaults [end_time] to now if [start_time] is set and [end_time] isn't. Maximum permitted time range is 7 days. - * `statement` (*type:* `String.t`, *default:* `nil`) - Optional. A SQL statement that's compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). + * `statement` (*type:* `String.t`, *default:* `nil`) - Optional. A SQL statement that's compatible with [BigQuery SQL](https://cloud.google.com/bigquery/docs/introduction-sql). * `timeout` (*type:* `String.t`, *default:* `nil`) - Optional. Specifies the maximum amount of time that the client is willing to wait for the query to complete. By default, this limit is 5 min for the first query, and 1 minute for the following queries. If the query is complete, the `done` field in the `QueryAssetsResponse` is true, otherwise false. Like BigQuery [jobs.query API](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs/query#queryrequest) The call is not guaranteed to wait for the specified timeout; it typically returns after around 200 seconds (200,000 milliseconds), even if the query is not complete. The field will be ignored when [output_config] is specified. """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_content.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_content.ex index a3f0847bef..5732708f9d 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_content.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/query_content.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.QueryContent do ## Attributes - * `iamPolicyAnalysisQuery` (*type:* `GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisQuery.t`, *default:* `nil`) - An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc. + * `iamPolicyAnalysisQuery` (*type:* `GoogleApi.CloudAsset.V1.Model.IamPolicyAnalysisQuery.t`, *default:* `nil`) - An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/related_asset.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/related_asset.ex index 580ffaef46..ad4c4834fc 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/related_asset.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/related_asset.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.RelatedAsset do @moduledoc """ - An asset identifier in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. + An asset identifier in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. ## Attributes diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource.ex index f4293108ab..fbabe5c6a6 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.Resource do * `discoveryDocumentUri` (*type:* `String.t`, *default:* `nil`) - The URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable. * `discoveryName` (*type:* `String.t`, *default:* `nil`) - The JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable. * `location` (*type:* `String.t`, *default:* `nil`) - The location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/. - * `parent` (*type:* `String.t`, *default:* `nil`) - The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently. + * `parent` (*type:* `String.t`, *default:* `nil`) - The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` * `resourceUrl` (*type:* `String.t`, *default:* `nil`) - The REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API. * `version` (*type:* `String.t`, *default:* `nil`) - The API version. Example: `v1` """ diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource_search_result.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource_search_result.ex index 939ba8a47f..45e516c17b 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource_search_result.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/resource_search_result.ex @@ -17,32 +17,35 @@ defmodule GoogleApi.CloudAsset.V1.Model.ResourceSearchResult do @moduledoc """ - A result of Resource Search, containing information of a cloud resource. Next ID: 31 + A result of Resource Search, containing information of a cloud resource. Next ID: 34 ## Attributes - * `additionalAttributes` (*type:* `map()`, *default:* `nil`) - The additional searchable attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding GCP service (e.g., Compute Engine). see [API references and supported searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types) to see which fields are included. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the GCP service updates to a new incompatible API version. To search against the `additional_attributes`: * Use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `foobar`. + * `additionalAttributes` (*type:* `map()`, *default:* `nil`) - The additional searchable attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding Google Cloud service (e.g., Compute Engine). see [API references and supported searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types) to see which fields are included. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the Google Cloud service updates to a new incompatible API version. To search against the `additional_attributes`: * Use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `foobar`. * `assetType` (*type:* `String.t`, *default:* `nil`) - The type of this resource. Example: `compute.googleapis.com/Disk`. To search against the `asset_type`: * Specify the `asset_type` field in your search request. * `attachedResources` (*type:* `list(GoogleApi.CloudAsset.V1.Model.AttachedResource.t)`, *default:* `nil`) - Attached resources of this resource. For example, an OSConfig Inventory is an attached resource of a Compute Instance. This field is repeated because a resource could have multiple attached resources. This `attached_resources` field is not searchable. Some attributes of the attached resources are exposed in `additional_attributes` field, so as to allow users to search on them. * `createTime` (*type:* `DateTime.t`, *default:* `nil`) - The create timestamp of this resource, at which the resource was created. The granularity is in seconds. Timestamp.nanos will always be 0. This field is available only when the resource's Protobuf contains it. To search against `create_time`: * Use a field query. - value in seconds since unix epoch. Example: `createTime > 1609459200` - value in date string. Example: `createTime > 2021-01-01` - value in date-time string (must be quoted). Example: `createTime > "2021-01-01T00:00:00"` * `description` (*type:* `String.t`, *default:* `nil`) - One or more paragraphs of text description of this resource. Maximum length could be up to 1M bytes. This field is available only when the resource's Protobuf contains it. To search against the `description`: * Use a field query. Example: `description:"important instance"` * Use a free text query. Example: `"important instance"` * `displayName` (*type:* `String.t`, *default:* `nil`) - The display name of this resource. This field is available only when the resource's Protobuf contains it. To search against the `display_name`: * Use a field query. Example: `displayName:"My Instance"` * Use a free text query. Example: `"My Instance"` + * `effectiveTags` (*type:* `list(GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.t)`, *default:* `nil`) - The effective tags on this resource. All of the tags that are both attached to and inherited by a resource are collectively called the effective tags. For more information, see [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). To search against the `effective_tags`: * Use a field query. Example: - `effectiveTagKeys:"123456789/env*"` - `effectiveTagKeys="123456789/env"` - `effectiveTagKeys:"env"` - `effectiveTagValues:"env"` - `effectiveTagValues:"env/prod"` - `effectiveTagValues:"123456789/env/prod*"` - `effectiveTagValues="123456789/env/prod"` - `effectiveTagValueIds="tagValues/456"` * `folders` (*type:* `list(String.t)`, *default:* `nil`) - The folder(s) that this resource belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the resource belongs to one or more folders. To search against `folders`: * Use a field query. Example: `folders:(123 OR 456)` * Use a free text query. Example: `123` * Specify the `scope` field as this folder in your search request. - * `kmsKey` (*type:* `String.t`, *default:* `nil`) - The Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose of backward compatibility. Please use the `kms_keys` field to retrieve KMS key information. This field is available only when the resource's Protobuf contains it and will only be populated for [these resource types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible purposes. To search against the `kms_key`: * Use a field query. Example: `kmsKey:key` * Use a free text query. Example: `key` + * `kmsKey` (*type:* `String.t`, *default:* `nil`) - The Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose of backward compatibility. Use the `kms_keys` field to retrieve Cloud KMS key information. This field is available only when the resource's Protobuf contains it and will only be populated for [these resource types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible purposes. To search against the `kms_key`: * Use a field query. Example: `kmsKey:key` * Use a free text query. Example: `key` * `kmsKeys` (*type:* `list(String.t)`, *default:* `nil`) - The Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) names or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) names. This field is available only when the resource's Protobuf contains it. To search against the `kms_keys`: * Use a field query. Example: `kmsKeys:key` * Use a free text query. Example: `key` - * `labels` (*type:* `map()`, *default:* `nil`) - Labels associated with this resource. See [Labelling and grouping GCP resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `labels`: * Use a field query: - query on any label's key or value. Example: `labels:prod` - query by a given label. Example: `labels.env:prod` - query by a given label's existence. Example: `labels.env:*` * Use a free text query. Example: `prod` + * `labels` (*type:* `map()`, *default:* `nil`) - Labels associated with this resource. See [Labelling and grouping Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `labels`: * Use a field query: - query on any label's key or value. Example: `labels:prod` - query by a given label. Example: `labels.env:prod` - query by a given label's existence. Example: `labels.env:*` * Use a free text query. Example: `prod` * `location` (*type:* `String.t`, *default:* `nil`) - Location can be `global`, regional like `us-east1`, or zonal like `us-west1-b`. This field is available only when the resource's Protobuf contains it. To search against the `location`: * Use a field query. Example: `location:us-west*` * Use a free text query. Example: `us-west*` * `name` (*type:* `String.t`, *default:* `nil`) - The full resource name of this resource. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information. To search against the `name`: * Use a field query. Example: `name:instance1` * Use a free text query. Example: `instance1` - * `networkTags` (*type:* `list(String.t)`, *default:* `nil`) - Network tags associated with this resource. Like labels, network tags are a type of annotations used to group GCP resources. See [Labelling GCP resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `network_tags`: * Use a field query. Example: `networkTags:internal` * Use a free text query. Example: `internal` + * `networkTags` (*type:* `list(String.t)`, *default:* `nil`) - Network tags associated with this resource. Like labels, network tags are a type of annotations used to group Google Cloud resources. See [Labelling Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `network_tags`: * Use a field query. Example: `networkTags:internal` * Use a free text query. Example: `internal` * `organization` (*type:* `String.t`, *default:* `nil`) - The organization that this resource belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs to an organization. To search against `organization`: * Use a field query. Example: `organization:123` * Use a free text query. Example: `123` * Specify the `scope` field as this organization in your search request. * `parentAssetType` (*type:* `String.t`, *default:* `nil`) - The type of this resource's immediate parent, if there is one. To search against the `parent_asset_type`: * Use a field query. Example: `parentAssetType:"cloudresourcemanager.googleapis.com/Project"` * Use a free text query. Example: `cloudresourcemanager.googleapis.com/Project` * `parentFullResourceName` (*type:* `String.t`, *default:* `nil`) - The full resource name of this resource's parent, if it has one. To search against the `parent_full_resource_name`: * Use a field query. Example: `parentFullResourceName:"project-name"` * Use a free text query. Example: `project-name` * `project` (*type:* `String.t`, *default:* `nil`) - The project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project. To search against `project`: * Use a field query. Example: `project:12345` * Use a free text query. Example: `12345` * Specify the `scope` field as this project in your search request. * `relationships` (*type:* `%{optional(String.t) => GoogleApi.CloudAsset.V1.Model.RelatedResources.t}`, *default:* `nil`) - A map of related resources of this resource, keyed by the relationship type. A relationship type is in the format of {SourceType}_{ACTION}_{DestType}. Example: `DISK_TO_INSTANCE`, `DISK_TO_NETWORK`, `INSTANCE_TO_INSTANCEGROUP`. See [supported relationship types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_relationship_types). - * `state` (*type:* `String.t`, *default:* `nil`) - The state of this resource. Different resources types have different state definitions that are mapped from various fields of different resource types. This field is available only when the resource's Protobuf contains it. Example: If the resource is an instance provided by Compute Engine, its state will include PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition in [API Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances). If the resource is a project provided by Cloud Resource Manager, its state will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and DELETE_IN_PROGRESS. See `lifecycleState` definition in [API Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects). To search against the `state`: * Use a field query. Example: `state:RUNNING` * Use a free text query. Example: `RUNNING` - * `tagKeys` (*type:* `list(String.t)`, *default:* `nil`) - TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the `tagKeys`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` * Use a free text query. Example: - `env` - * `tagValueIds` (*type:* `list(String.t)`, *default:* `nil`) - TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the `tagValueIds`: * Use a field query. Example: - `tagValueIds:"456"` - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `456` - * `tagValues` (*type:* `list(String.t)`, *default:* `nil`) - TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the `tagValues`: * Use a field query. Example: - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` * Use a free text query. Example: - `prod` + * `sccSecurityMarks` (*type:* `map()`, *default:* `nil`) - The actual content of Security Command Center security marks associated with the asset. To search against SCC SecurityMarks field: * Use a field query: - query by a given key value pair. Example: `sccSecurityMarks.foo=bar` - query by a given key's existence. Example: `sccSecurityMarks.foo:*` + * `state` (*type:* `String.t`, *default:* `nil`) - The state of this resource. Different resources types have different state definitions that are mapped from various fields of different resource types. This field is available only when the resource's Protobuf contains it. Example: If the resource is an instance provided by Compute Engine, its state will include PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition in [API Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances). If the resource is a project provided by Resource Manager, its state will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and DELETE_IN_PROGRESS. See `lifecycleState` definition in [API Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects). To search against the `state`: * Use a field query. Example: `state:RUNNING` * Use a free text query. Example: `RUNNING` + * `tagKeys` (*type:* `list(String.t)`, *default:* `nil`) - This field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the `tagKeys`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` * Use a free text query. Example: - `env` + * `tagValueIds` (*type:* `list(String.t)`, *default:* `nil`) - This field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the `tagValueIds`: * Use a field query. Example: - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `456` + * `tagValues` (*type:* `list(String.t)`, *default:* `nil`) - This field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the `tagValues`: * Use a field query. Example: - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` * Use a free text query. Example: - `prod` + * `tags` (*type:* `list(GoogleApi.CloudAsset.V1.Model.Tag.t)`, *default:* `nil`) - The tags directly attached to this resource. To search against the `tags`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `env/prod` * `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - The last update timestamp of this resource, at which the resource was last modified or deleted. The granularity is in seconds. Timestamp.nanos will always be 0. This field is available only when the resource's Protobuf contains it. To search against `update_time`: * Use a field query. - value in seconds since unix epoch. Example: `updateTime < 1609459200` - value in date string. Example: `updateTime < 2021-01-01` - value in date-time string (must be quoted). Example: `updateTime < "2021-01-01T00:00:00"` * `versionedResources` (*type:* `list(GoogleApi.CloudAsset.V1.Model.VersionedResource.t)`, *default:* `nil`) - Versioned resource representations of this resource. This is repeated because there could be multiple versions of resource representations during version migration. This `versioned_resources` field is not searchable. Some attributes of the resource representations are exposed in `additional_attributes` field, so as to allow users to search on them. """ @@ -56,6 +59,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.ResourceSearchResult do :createTime => DateTime.t() | nil, :description => String.t() | nil, :displayName => String.t() | nil, + :effectiveTags => list(GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails.t()) | nil, :folders => list(String.t()) | nil, :kmsKey => String.t() | nil, :kmsKeys => list(String.t()) | nil, @@ -69,10 +73,12 @@ defmodule GoogleApi.CloudAsset.V1.Model.ResourceSearchResult do :project => String.t() | nil, :relationships => %{optional(String.t()) => GoogleApi.CloudAsset.V1.Model.RelatedResources.t()} | nil, + :sccSecurityMarks => map() | nil, :state => String.t() | nil, :tagKeys => list(String.t()) | nil, :tagValueIds => list(String.t()) | nil, :tagValues => list(String.t()) | nil, + :tags => list(GoogleApi.CloudAsset.V1.Model.Tag.t()) | nil, :updateTime => DateTime.t() | nil, :versionedResources => list(GoogleApi.CloudAsset.V1.Model.VersionedResource.t()) | nil } @@ -83,6 +89,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.ResourceSearchResult do field(:createTime, as: DateTime) field(:description) field(:displayName) + field(:effectiveTags, as: GoogleApi.CloudAsset.V1.Model.EffectiveTagDetails, type: :list) field(:folders, type: :list) field(:kmsKey) field(:kmsKeys, type: :list) @@ -95,10 +102,12 @@ defmodule GoogleApi.CloudAsset.V1.Model.ResourceSearchResult do field(:parentFullResourceName) field(:project) field(:relationships, as: GoogleApi.CloudAsset.V1.Model.RelatedResources, type: :map) + field(:sccSecurityMarks, type: :map) field(:state) field(:tagKeys, type: :list) field(:tagValueIds, type: :list) field(:tagValues, type: :list) + field(:tags, as: GoogleApi.CloudAsset.V1.Model.Tag, type: :list) field(:updateTime, as: DateTime) field(:versionedResources, as: GoogleApi.CloudAsset.V1.Model.VersionedResource, type: :list) end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/search_all_iam_policies_response.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/search_all_iam_policies_response.ex index 59c96f6c55..7d4a7798d2 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/search_all_iam_policies_response.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/search_all_iam_policies_response.ex @@ -22,7 +22,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.SearchAllIamPoliciesResponse do ## Attributes * `nextPageToken` (*type:* `String.t`, *default:* `nil`) - Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the `page_token`. - * `results` (*type:* `list(GoogleApi.CloudAsset.V1.Model.IamPolicySearchResult.t)`, *default:* `nil`) - A list of IamPolicy that match the search query. Related information such as the associated resource is returned along with the policy. + * `results` (*type:* `list(GoogleApi.CloudAsset.V1.Model.IamPolicySearchResult.t)`, *default:* `nil`) - A list of IAM policies that match the search query. Related information such as the associated resource is returned along with the policy. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/tag.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/tag.ex new file mode 100644 index 0000000000..1725fa4f9d --- /dev/null +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/tag.ex @@ -0,0 +1,52 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.CloudAsset.V1.Model.Tag do + @moduledoc """ + The key and value for a [tag](https://cloud.google.com/resource-manager/docs/tags/tags-overview). + + ## Attributes + + * `tagKey` (*type:* `String.t`, *default:* `nil`) - TagKey namespaced name, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. + * `tagValue` (*type:* `String.t`, *default:* `nil`) - TagValue namespaced name, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. + * `tagValueId` (*type:* `String.t`, *default:* `nil`) - TagValue ID, in the format of tagValues/{TAG_VALUE_ID}. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :tagKey => String.t() | nil, + :tagValue => String.t() | nil, + :tagValueId => String.t() | nil + } + + field(:tagKey) + field(:tagValue) + field(:tagValueId) +end + +defimpl Poison.Decoder, for: GoogleApi.CloudAsset.V1.Model.Tag do + def decode(value, options) do + GoogleApi.CloudAsset.V1.Model.Tag.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.CloudAsset.V1.Model.Tag do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/versioned_resource.ex b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/versioned_resource.ex index a90530be52..9e1e0166ff 100644 --- a/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/versioned_resource.ex +++ b/clients/cloud_asset/lib/google_api/cloud_asset/v1/model/versioned_resource.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.CloudAsset.V1.Model.VersionedResource do ## Attributes - * `resource` (*type:* `map()`, *default:* `nil`) - JSON representation of the resource as defined by the corresponding service providing this resource. Example: If the resource is an instance provided by Compute Engine, this field will contain the JSON representation of the instance as defined by Compute Engine: `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. You can find the resource definition for each supported resource type in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types` + * `resource` (*type:* `map()`, *default:* `nil`) - JSON representation of the resource as defined by the corresponding service providing this resource. Example: If the resource is an instance provided by Compute Engine, this field will contain the JSON representation of the instance as defined by Compute Engine: `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. You can find the resource definition for each supported resource type in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types` * `version` (*type:* `String.t`, *default:* `nil`) - API version of the resource. Example: If the resource is an instance provided by Compute Engine v1 API as defined in `https://cloud.google.com/compute/docs/reference/rest/v1/instances`, version will be "v1". """ diff --git a/clients/cloud_asset/mix.exs b/clients/cloud_asset/mix.exs index 96960849fc..da694e38ab 100644 --- a/clients/cloud_asset/mix.exs +++ b/clients/cloud_asset/mix.exs @@ -48,7 +48,7 @@ defmodule GoogleApi.CloudAsset.Mixfile do defp description() do """ - Cloud Asset API client library. The cloud asset API manages the history and inventory of cloud resources. + Cloud Asset API client library. The Cloud Asset API manages the history and inventory of Google Cloud resources. """ end