// Copyright 2019 Google LLC. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // syntax = "proto3"; package google.cloud.asset.v1; import "google/api/annotations.proto"; import "google/api/client.proto"; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/asset/v1/assets.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/field_mask.proto"; import "google/protobuf/timestamp.proto"; option csharp_namespace = "Google.Cloud.Asset.V1"; option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1;asset"; option java_multiple_files = true; option java_outer_classname = "AssetServiceProto"; option java_package = "com.google.cloud.asset.v1"; option php_namespace = "Google\\Cloud\\Asset\\V1"; // Asset service definition. service AssetService { option (google.api.default_host) = "cloudasset.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Exports assets with time and resource types to a given Cloud Storage // location. The output format is newline-delimited JSON. // This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you // to keep track of the export. rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v1/{parent=*/*}:exportAssets" body: "*" }; option (google.longrunning.operation_info) = { response_type: "google.cloud.asset.v1.ExportAssetsResponse" metadata_type: "google.cloud.asset.v1.ExportAssetsRequest" }; } // Batch gets the update history of assets that overlap a time window. // For RESOURCE content, this API outputs history with asset in both // non-delete or deleted status. // For IAM_POLICY content, this API outputs history when the asset and its // attached IAM POLICY both exist. This can create gaps in the output history. // If a specified asset does not exist, this API returns an INVALID_ARGUMENT // error. rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) { option (google.api.http) = { get: "/v1/{parent=*/*}:batchGetAssetsHistory" }; } } // Export asset request. message ExportAssetsRequest { // Required. The relative name of the root asset. This can only be an // organization number (such as "organizations/123"), a project ID (such as // "projects/my-project-id"), or a project number (such as "projects/12345"), // or a folder number (such as "folders/123"). string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { child_type: "cloudasset.googleapis.com/Asset" } ]; // Timestamp to take an asset snapshot. This can only be set to a timestamp // between 2018-10-02 UTC (inclusive) and the current time. If not specified, // the current time will be used. Due to delays in resource data collection // and indexing, there is a volatile window during which running the same // query may get different results. google.protobuf.Timestamp read_time = 2; // A list of asset types of which to take a snapshot for. For example: // "compute.googleapis.com/Disk". If specified, only matching assets will be // returned. See [Introduction to Cloud Asset // Inventory](https://cloud.google.com/asset-inventory/docs/overview) // for all supported asset types. repeated string asset_types = 3; // Asset content type. If not specified, no content but the asset name will be // returned. ContentType content_type = 4; // Required. Output configuration indicating where the results will be output // to. All results will be in newline delimited JSON format. OutputConfig output_config = 5 [(google.api.field_behavior) = REQUIRED]; } // The export asset response. This message is returned by the // [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned // [google.longrunning.Operation.response][google.longrunning.Operation.response] field. message ExportAssetsResponse { // Time the snapshot was taken. google.protobuf.Timestamp read_time = 1; // Output configuration indicating where the results were output to. // All results are in JSON format. OutputConfig output_config = 2; } // Batch get assets history request. message BatchGetAssetsHistoryRequest { // Required. The relative name of the root asset. It can only be an // organization number (such as "organizations/123"), a project ID (such as // "projects/my-project-id")", or a project number (such as "projects/12345"). string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { child_type: "cloudasset.googleapis.com/Asset" } ]; // A list of the full names of the assets. For example: // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. // See [Resource // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) // and [Resource Name // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) // for more info. // // The request becomes a no-op if the asset name list is empty, and the max // size of the asset name list is 100 in one request. repeated string asset_names = 2; // Optional. The content type. ContentType content_type = 3 [(google.api.field_behavior) = OPTIONAL]; // Optional. The time window for the asset history. Both start_time and // end_time are optional and if set, it must be after 2018-10-02 UTC. If // end_time is not set, it is default to current timestamp. If start_time is // not set, the snapshot of the assets at end_time will be returned. The // returned results contain all temporal assets whose time window overlap with // read_time_window. TimeWindow read_time_window = 4 [(google.api.field_behavior) = OPTIONAL]; } // Batch get assets history response. message BatchGetAssetsHistoryResponse { // A list of assets with valid time windows. repeated TemporalAsset assets = 1; } // Output configuration for export assets destination. message OutputConfig { // Asset export destination. oneof destination { // Destination on Cloud Storage. GcsDestination gcs_destination = 1; // Destination on BigQuery. The output table stores the fields in asset // proto as columns in BigQuery. The resource/iam_policy field is converted // to a record with each field to a column, except metadata to a single JSON // string. BigQueryDestination bigquery_destination = 2; } } // A Cloud Storage location. message GcsDestination { // Required. oneof object_uri { // The uri of the Cloud Storage object. It's the same uri that is used by // gsutil. For example: "gs://bucket_name/object_name". See [Viewing and // Editing Object // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) // for more information. string uri = 1; // The uri prefix of all generated Cloud Storage objects. For example: // "gs://bucket_name/object_name_prefix". Each object uri is in format: // "gs://bucket_name/object_name_prefix// and only // contains assets for that type. starts from 0. For example: // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is // the first shard of output objects containing all // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be // returned if file with the same name "gs://bucket_name/object_name_prefix" // already exists. string uri_prefix = 2; } } // A BigQuery destination. message BigQueryDestination { // Required. The BigQuery dataset in format // "projects/projectId/datasets/datasetId", to which the snapshot result // should be exported. If this dataset does not exist, the export call returns // an error. string dataset = 1 [(google.api.field_behavior) = REQUIRED]; // Required. The BigQuery table to which the snapshot result should be // written. If this table does not exist, a new table with the given name // will be created. string table = 2 [(google.api.field_behavior) = REQUIRED]; // If the destination table already exists and this flag is `TRUE`, the // table will be overwritten by the contents of assets snapshot. If the flag // is not set and the destination table already exists, the export call // returns an error. bool force = 3; } // Asset content type. enum ContentType { // Unspecified content type. CONTENT_TYPE_UNSPECIFIED = 0; // Resource metadata. RESOURCE = 1; // The actual IAM policy set on a resource. IAM_POLICY = 2; // The Cloud Organization Policy set on an asset. ORG_POLICY = 4; // The Cloud Access context mananger Policy set on an asset. ACCESS_POLICY = 5; }