// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.asset.v1p5beta1; import "google/api/resource.proto"; import "google/cloud/orgpolicy/v1/orgpolicy.proto"; import "google/iam/v1/policy.proto"; import "google/identity/accesscontextmanager/v1/access_level.proto"; import "google/identity/accesscontextmanager/v1/access_policy.proto"; import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; import "google/protobuf/struct.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.Asset.V1p5Beta1"; option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1;asset"; option java_multiple_files = true; option java_outer_classname = "AssetProto"; option java_package = "com.google.cloud.asset.v1p5beta1"; option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1"; // Cloud asset. This includes all Google Cloud Platform resources, // Cloud IAM policies, and other non-GCP assets. message Asset { option (google.api.resource) = { type: "cloudasset.googleapis.com/Asset" pattern: "*" }; // The full name of the asset. For example: // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. // See [Resource // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) // for more information. string name = 1; // Type of the asset. Example: "compute.googleapis.com/Disk". string asset_type = 2; // Representation of the resource. Resource resource = 3; // Representation of the actual Cloud IAM policy set on a cloud resource. For // each resource, there must be at most one Cloud IAM policy set on it. google.iam.v1.Policy iam_policy = 4; // Representation of the Cloud Organization Policy set on an asset. For each // asset, there could be multiple Organization policies with different // constraints. repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; // Representation of the Cloud Organization access policy. oneof access_context_policy { google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 9; } // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, // represented as a list of relative resource names. Ancestry path starts with // the closest CRM ancestor and ends at root. If the asset is a CRM // project/folder/organization, this starts from the asset itself. // // Example: ["projects/123456789", "folders/5432", "organizations/1234"] repeated string ancestors = 10; } // Representation of a cloud resource. message Resource { // The API version. Example: "v1". string version = 1; // The URL of the discovery document containing the resource's JSON schema. // For example: // `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. // It will be left unspecified for resources without a discovery-based API, // such as Cloud Bigtable. string discovery_document_uri = 2; // The JSON schema name listed in the discovery document. // Example: "Project". It will be left unspecified for resources (such as // Cloud Bigtable) without a discovery-based API. string discovery_name = 3; // The REST URL for accessing the resource. An HTTP GET operation using this // URL returns the resource itself. // Example: // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. // It will be left unspecified for resources without a REST API. string resource_url = 4; // The full name of the immediate parent of this resource. See // [Resource // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) // for more information. // // For GCP assets, it is the parent resource defined in the [Cloud IAM policy // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). // For example: // `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. // // For third-party assets, it is up to the users to define. string parent = 5; // The content of the resource, in which some sensitive fields are scrubbed // away and may not be present. google.protobuf.Struct data = 6; }