1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudasset_v1.html">Cloud Asset API</a> . <a href="cloudasset_v1.v1.html">v1</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, assetNames=None, readTimeWindow_startTime=None, readTimeWindow_endTime=None, x__xgafv=None)</a></code></p> 79<p class="firstline">Batch gets the update history of assets that overlap a time window.</p> 80<p class="toc_element"> 81 <code><a href="#exportAssets">exportAssets(parent, body, x__xgafv=None)</a></code></p> 82<p class="firstline">Exports assets with time and resource types to a given Cloud Storage</p> 83<h3>Method Details</h3> 84<div class="method"> 85 <code class="details" id="batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, assetNames=None, readTimeWindow_startTime=None, readTimeWindow_endTime=None, x__xgafv=None)</code> 86 <pre>Batch gets the update history of assets that overlap a time window. 87For RESOURCE content, this API outputs history with asset in both 88non-delete or deleted status. 89For IAM_POLICY content, this API outputs history when the asset and its 90attached IAM POLICY both exist. This can create gaps in the output history. 91If a specified asset does not exist, this API returns an INVALID_ARGUMENT 92error. 93 94Args: 95 parent: string, Required. The relative name of the root asset. It can only be an 96organization number (such as "organizations/123"), a project ID (such as 97"projects/my-project-id")", or a project number (such as "projects/12345"). (required) 98 contentType: string, Required. The content type. 99 assetNames: string, A list of the full names of the assets. For example: 100`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. 101See [Resource 102Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 103and [Resource Name 104Format](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format) 105for more info. 106 107The request becomes a no-op if the asset name list is empty, and the max 108size of the asset name list is 100 in one request. (repeated) 109 readTimeWindow_startTime: string, Start time of the time window (exclusive). 110 readTimeWindow_endTime: string, End time of the time window (inclusive). 111Current timestamp if not specified. 112 x__xgafv: string, V1 error format. 113 Allowed values 114 1 - v1 error format 115 2 - v2 error format 116 117Returns: 118 An object of the form: 119 120 { # Batch get assets history response. 121 "assets": [ # A list of assets with valid time windows. 122 { # Temporal asset. In addition to the asset, the temporal asset includes the 123 # status of the asset and valid from and to time of it. 124 "deleted": True or False, # If the asset is deleted or not. 125 "window": { # A time window of (start_time, end_time]. # The time window when the asset data and state was observed. 126 "endTime": "A String", # End time of the time window (inclusive). 127 # Current timestamp if not specified. 128 "startTime": "A String", # Start time of the time window (exclusive). 129 }, 130 "asset": { # Cloud asset. This includes all Google Cloud Platform resources, # Asset. 131 # Cloud IAM policies, and other non-GCP assets. 132 "iamPolicy": { # Defines an Identity and Access Management (IAM) policy. It is used to # Representation of the actual Cloud IAM policy set on a cloud resource. For 133 # each resource, there must be at most one Cloud IAM policy set on it. 134 # specify access control policies for Cloud Platform resources. 135 # 136 # 137 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 138 # `members` to a `role`, where the members can be user accounts, Google groups, 139 # Google domains, and service accounts. A `role` is a named list of permissions 140 # defined by IAM. 141 # 142 # **JSON Example** 143 # 144 # { 145 # "bindings": [ 146 # { 147 # "role": "roles/owner", 148 # "members": [ 149 # "user:mike@example.com", 150 # "group:admins@example.com", 151 # "domain:google.com", 152 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 153 # ] 154 # }, 155 # { 156 # "role": "roles/viewer", 157 # "members": ["user:sean@example.com"] 158 # } 159 # ] 160 # } 161 # 162 # **YAML Example** 163 # 164 # bindings: 165 # - members: 166 # - user:mike@example.com 167 # - group:admins@example.com 168 # - domain:google.com 169 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 170 # role: roles/owner 171 # - members: 172 # - user:sean@example.com 173 # role: roles/viewer 174 # 175 # 176 # For a description of IAM and its features, see the 177 # [IAM developer's guide](https://cloud.google.com/iam/docs). 178 "bindings": [ # Associates a list of `members` to a `role`. 179 # `bindings` with no members will result in an error. 180 { # Associates `members` with a `role`. 181 "role": "A String", # Role that is assigned to `members`. 182 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 183 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 184 # `members` can have the following values: 185 # 186 # * `allUsers`: A special identifier that represents anyone who is 187 # on the internet; with or without a Google account. 188 # 189 # * `allAuthenticatedUsers`: A special identifier that represents anyone 190 # who is authenticated with a Google account or a service account. 191 # 192 # * `user:{emailid}`: An email address that represents a specific Google 193 # account. For example, `alice@gmail.com` . 194 # 195 # 196 # * `serviceAccount:{emailid}`: An email address that represents a service 197 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 198 # 199 # * `group:{emailid}`: An email address that represents a Google group. 200 # For example, `admins@example.com`. 201 # 202 # 203 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 204 # users of that domain. For example, `google.com` or `example.com`. 205 # 206 "A String", 207 ], 208 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 209 # NOTE: An unsatisfied condition will not allow user access via current 210 # binding. Different bindings, including their conditions, are examined 211 # independently. 212 # 213 # title: "User account presence" 214 # description: "Determines whether the request has a user account" 215 # expression: "size(request.user) > 0" 216 "description": "A String", # An optional description of the expression. This is a longer text which 217 # describes the expression, e.g. when hovered over it in a UI. 218 "expression": "A String", # Textual representation of an expression in 219 # Common Expression Language syntax. 220 # 221 # The application context of the containing message determines which 222 # well-known feature set of CEL is supported. 223 "location": "A String", # An optional string indicating the location of the expression for error 224 # reporting, e.g. a file name and a position in the file. 225 "title": "A String", # An optional title for the expression, i.e. a short string describing 226 # its purpose. This can be used e.g. in UIs which allow to enter the 227 # expression. 228 }, 229 }, 230 ], 231 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 232 { # Specifies the audit configuration for a service. 233 # The configuration determines which permission types are logged, and what 234 # identities, if any, are exempted from logging. 235 # An AuditConfig must have one or more AuditLogConfigs. 236 # 237 # If there are AuditConfigs for both `allServices` and a specific service, 238 # the union of the two AuditConfigs is used for that service: the log_types 239 # specified in each AuditConfig are enabled, and the exempted_members in each 240 # AuditLogConfig are exempted. 241 # 242 # Example Policy with multiple AuditConfigs: 243 # 244 # { 245 # "audit_configs": [ 246 # { 247 # "service": "allServices" 248 # "audit_log_configs": [ 249 # { 250 # "log_type": "DATA_READ", 251 # "exempted_members": [ 252 # "user:foo@gmail.com" 253 # ] 254 # }, 255 # { 256 # "log_type": "DATA_WRITE", 257 # }, 258 # { 259 # "log_type": "ADMIN_READ", 260 # } 261 # ] 262 # }, 263 # { 264 # "service": "fooservice.googleapis.com" 265 # "audit_log_configs": [ 266 # { 267 # "log_type": "DATA_READ", 268 # }, 269 # { 270 # "log_type": "DATA_WRITE", 271 # "exempted_members": [ 272 # "user:bar@gmail.com" 273 # ] 274 # } 275 # ] 276 # } 277 # ] 278 # } 279 # 280 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 281 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 282 # bar@gmail.com from DATA_WRITE logging. 283 "auditLogConfigs": [ # The configuration for logging of each type of permission. 284 { # Provides the configuration for logging a type of permissions. 285 # Example: 286 # 287 # { 288 # "audit_log_configs": [ 289 # { 290 # "log_type": "DATA_READ", 291 # "exempted_members": [ 292 # "user:foo@gmail.com" 293 # ] 294 # }, 295 # { 296 # "log_type": "DATA_WRITE", 297 # } 298 # ] 299 # } 300 # 301 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 302 # foo@gmail.com from DATA_READ logging. 303 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 304 # permission. 305 # Follows the same format of Binding.members. 306 "A String", 307 ], 308 "logType": "A String", # The log type that this config enables. 309 }, 310 ], 311 "service": "A String", # Specifies a service that will be enabled for audit logging. 312 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 313 # `allServices` is a special value that covers all services. 314 }, 315 ], 316 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 317 # prevent simultaneous updates of a policy from overwriting each other. 318 # It is strongly suggested that systems make use of the `etag` in the 319 # read-modify-write cycle to perform policy updates in order to avoid race 320 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 321 # systems are expected to put that etag in the request to `setIamPolicy` to 322 # ensure that their change will be applied to the same version of the policy. 323 # 324 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 325 # policy is overwritten blindly. 326 "version": 42, # Deprecated. 327 }, 328 "assetType": "A String", # Type of the asset. Example: "compute.googleapis.com/Disk". 329 "resource": { # Representation of a cloud resource. # Representation of the resource. 330 "resourceUrl": "A String", # The REST URL for accessing the resource. An HTTP GET operation using this 331 # URL returns the resource itself. 332 # Example: 333 # `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. 334 # It will be left unspecified for resources without a REST API. 335 "parent": "A String", # The full name of the immediate parent of this resource. See 336 # [Resource 337 # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 338 # for more information. 339 # 340 # For GCP assets, it is the parent resource defined in the [Cloud IAM policy 341 # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). 342 # For example: 343 # `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. 344 # 345 # For third-party assets, it is up to the users to define. 346 "discoveryDocumentUri": "A String", # The URL of the discovery document containing the resource's JSON schema. 347 # For example: 348 # `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. 349 # It will be left unspecified for resources without a discovery-based API, 350 # such as Cloud Bigtable. 351 "discoveryName": "A String", # The JSON schema name listed in the discovery document. 352 # Example: "Project". It will be left unspecified for resources (such as 353 # Cloud Bigtable) without a discovery-based API. 354 "version": "A String", # The API version. Example: "v1". 355 "data": { # The content of the resource, in which some sensitive fields are scrubbed 356 # away and may not be present. 357 "a_key": "", # Properties of the object. 358 }, 359 }, 360 "name": "A String", # The full name of the asset. For example: 361 # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. 362 # See [Resource 363 # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 364 # for more information. 365 }, 366 }, 367 ], 368 }</pre> 369</div> 370 371<div class="method"> 372 <code class="details" id="exportAssets">exportAssets(parent, body, x__xgafv=None)</code> 373 <pre>Exports assets with time and resource types to a given Cloud Storage 374location. The output format is newline-delimited JSON. 375This API implements the google.longrunning.Operation API allowing you 376to keep track of the export. 377 378Args: 379 parent: string, Required. The relative name of the root asset. This can only be an 380organization number (such as "organizations/123"), a project ID (such as 381"projects/my-project-id"), or a project number (such as "projects/12345"), 382or a folder number (such as "folders/123"). (required) 383 body: object, The request body. (required) 384 The object takes the form of: 385 386{ # Export asset request. 387 "assetTypes": [ # A list of asset types of which to take a snapshot for. For example: 388 # "compute.googleapis.com/Disk". If specified, only matching assets will be 389 # returned. See [Introduction to Cloud Asset 390 # Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) 391 # for all supported asset types. 392 "A String", 393 ], 394 "contentType": "A String", # Asset content type. If not specified, no content but the asset name will be 395 # returned. 396 "outputConfig": { # Output configuration for export assets destination. # Required. Output configuration indicating where the results will be output 397 # to. All results will be in newline delimited JSON format. 398 "gcsDestination": { # A Cloud Storage location. # Destination on Cloud Storage. 399 "uriPrefix": "A String", # The uri prefix of all generated Cloud Storage objects. For example: 400 # "gs://bucket_name/object_name_prefix". Each object uri is in format: 401 # "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only 402 # contains assets for that type. <shard number> starts from 0. For example: 403 # "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is 404 # the first shard of output objects containing all 405 # compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be 406 # returned if file with the same name "gs://bucket_name/object_name_prefix" 407 # already exists. 408 "uri": "A String", # The uri of the Cloud Storage object. It's the same uri that is used by 409 # gsutil. For example: "gs://bucket_name/object_name". See [Viewing and 410 # Editing Object 411 # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) 412 # for more information. 413 }, 414 }, 415 "readTime": "A String", # Timestamp to take an asset snapshot. This can only be set to a timestamp 416 # between 2018-10-02 UTC (inclusive) and the current time. If not specified, 417 # the current time will be used. Due to delays in resource data collection 418 # and indexing, there is a volatile window during which running the same 419 # query may get different results. 420 } 421 422 x__xgafv: string, V1 error format. 423 Allowed values 424 1 - v1 error format 425 2 - v2 error format 426 427Returns: 428 An object of the form: 429 430 { # This resource represents a long-running operation that is the result of a 431 # network API call. 432 "metadata": { # Service-specific metadata associated with the operation. It typically 433 # contains progress information and common metadata such as create time. 434 # Some services might not provide such metadata. Any method that returns a 435 # long-running operation should document the metadata type, if any. 436 "a_key": "", # Properties of the object. Contains field @type with type URL. 437 }, 438 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 439 # different programming environments, including REST APIs and RPC APIs. It is 440 # used by [gRPC](https://github.com/grpc). The error model is designed to be: 441 # 442 # - Simple to use and understand for most users 443 # - Flexible enough to meet unexpected needs 444 # 445 # # Overview 446 # 447 # The `Status` message contains three pieces of data: error code, error 448 # message, and error details. The error code should be an enum value of 449 # google.rpc.Code, but it may accept additional error codes if needed. The 450 # error message should be a developer-facing English message that helps 451 # developers *understand* and *resolve* the error. If a localized user-facing 452 # error message is needed, put the localized message in the error details or 453 # localize it in the client. The optional error details may contain arbitrary 454 # information about the error. There is a predefined set of error detail types 455 # in the package `google.rpc` that can be used for common error conditions. 456 # 457 # # Language mapping 458 # 459 # The `Status` message is the logical representation of the error model, but it 460 # is not necessarily the actual wire format. When the `Status` message is 461 # exposed in different client libraries and different wire protocols, it can be 462 # mapped differently. For example, it will likely be mapped to some exceptions 463 # in Java, but more likely mapped to some error codes in C. 464 # 465 # # Other uses 466 # 467 # The error model and the `Status` message can be used in a variety of 468 # environments, either with or without APIs, to provide a 469 # consistent developer experience across different environments. 470 # 471 # Example uses of this error model include: 472 # 473 # - Partial errors. If a service needs to return partial errors to the client, 474 # it may embed the `Status` in the normal response to indicate the partial 475 # errors. 476 # 477 # - Workflow errors. A typical workflow has multiple steps. Each step may 478 # have a `Status` message for error reporting. 479 # 480 # - Batch operations. If a client uses batch request and batch response, the 481 # `Status` message should be used directly inside batch response, one for 482 # each error sub-response. 483 # 484 # - Asynchronous operations. If an API call embeds asynchronous operation 485 # results in its response, the status of those operations should be 486 # represented directly using the `Status` message. 487 # 488 # - Logging. If some API errors are stored in logs, the message `Status` could 489 # be used directly after any stripping needed for security/privacy reasons. 490 "message": "A String", # A developer-facing error message, which should be in English. Any 491 # user-facing error message should be localized and sent in the 492 # google.rpc.Status.details field, or localized by the client. 493 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 494 "details": [ # A list of messages that carry the error details. There is a common set of 495 # message types for APIs to use. 496 { 497 "a_key": "", # Properties of the object. Contains field @type with type URL. 498 }, 499 ], 500 }, 501 "done": True or False, # If the value is `false`, it means the operation is still in progress. 502 # If `true`, the operation is completed, and either `error` or `response` is 503 # available. 504 "response": { # The normal response of the operation in case of success. If the original 505 # method returns no data on success, such as `Delete`, the response is 506 # `google.protobuf.Empty`. If the original method is standard 507 # `Get`/`Create`/`Update`, the response should be the resource. For other 508 # methods, the response should have the type `XxxResponse`, where `Xxx` 509 # is the original method name. For example, if the original method name 510 # is `TakeSnapshot()`, the inferred response type is 511 # `TakeSnapshotResponse`. 512 "a_key": "", # Properties of the object. Contains field @type with type URL. 513 }, 514 "name": "A String", # The server-assigned name, which is only unique within the same service that 515 # originally returns it. If you use the default HTTP mapping, the 516 # `name` should have the format of `operations/some/unique/name`. 517 }</pre> 518</div> 519 520</body></html>