1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudasset_v1beta1.html">Cloud Asset API</a> . <a href="cloudasset_v1beta1.projects.html">projects</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="cloudasset_v1beta1.projects.operations.html">operations()</a></code> 79</p> 80<p class="firstline">Returns the operations Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, assetNames=None, readTimeWindow_startTime=None, readTimeWindow_endTime=None, x__xgafv=None)</a></code></p> 84<p class="firstline">Batch gets the update history of assets that overlap a time window.</p> 85<p class="toc_element"> 86 <code><a href="#exportAssets">exportAssets(parent, body, x__xgafv=None)</a></code></p> 87<p class="firstline">Exports assets with time and resource types to a given Cloud Storage</p> 88<h3>Method Details</h3> 89<div class="method"> 90 <code class="details" id="batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, assetNames=None, readTimeWindow_startTime=None, readTimeWindow_endTime=None, x__xgafv=None)</code> 91 <pre>Batch gets the update history of assets that overlap a time window. 92For RESOURCE content, this API outputs history with asset in both 93non-delete or deleted status. 94For IAM_POLICY content, this API outputs history when the asset and its 95attached IAM POLICY both exist. This can create gaps in the output history. 96If a specified asset does not exist, this API returns an INVALID_ARGUMENT 97error. 98 99Args: 100 parent: string, Required. The relative name of the root asset. It can only be an 101organization number (such as "organizations/123"), a project ID (such as 102"projects/my-project-id")", or a project number (such as "projects/12345"). (required) 103 contentType: string, Required. The content type. 104 assetNames: string, A list of the full names of the assets. For example: 105`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. 106See [Resource 107Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 108for more info. 109 110The request becomes a no-op if the asset name list is empty, and the max 111size of the asset name list is 100 in one request. (repeated) 112 readTimeWindow_startTime: string, Start time of the time window (exclusive). 113 readTimeWindow_endTime: string, End time of the time window (inclusive). 114Current timestamp if not specified. 115 x__xgafv: string, V1 error format. 116 Allowed values 117 1 - v1 error format 118 2 - v2 error format 119 120Returns: 121 An object of the form: 122 123 { # Batch get assets history response. 124 "assets": [ # A list of assets with valid time windows. 125 { # Temporal asset. In addition to the asset, the temporal asset includes the 126 # status of the asset and valid from and to time of it. 127 "deleted": True or False, # If the asset is deleted or not. 128 "window": { # A time window of (start_time, end_time]. # The time window when the asset data and state was observed. 129 "endTime": "A String", # End time of the time window (inclusive). 130 # Current timestamp if not specified. 131 "startTime": "A String", # Start time of the time window (exclusive). 132 }, 133 "asset": { # Cloud asset. This includes all Google Cloud Platform resources, # Asset. 134 # Cloud IAM policies, and other non-GCP assets. 135 "iamPolicy": { # Defines an Identity and Access Management (IAM) policy. It is used to # Representation of the actual Cloud IAM policy set on a cloud resource. For 136 # each resource, there must be at most one Cloud IAM policy set on it. 137 # specify access control policies for Cloud Platform resources. 138 # 139 # 140 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 141 # `members` to a `role`, where the members can be user accounts, Google groups, 142 # Google domains, and service accounts. A `role` is a named list of permissions 143 # defined by IAM. 144 # 145 # **JSON Example** 146 # 147 # { 148 # "bindings": [ 149 # { 150 # "role": "roles/owner", 151 # "members": [ 152 # "user:mike@example.com", 153 # "group:admins@example.com", 154 # "domain:google.com", 155 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 156 # ] 157 # }, 158 # { 159 # "role": "roles/viewer", 160 # "members": ["user:sean@example.com"] 161 # } 162 # ] 163 # } 164 # 165 # **YAML Example** 166 # 167 # bindings: 168 # - members: 169 # - user:mike@example.com 170 # - group:admins@example.com 171 # - domain:google.com 172 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 173 # role: roles/owner 174 # - members: 175 # - user:sean@example.com 176 # role: roles/viewer 177 # 178 # 179 # For a description of IAM and its features, see the 180 # [IAM developer's guide](https://cloud.google.com/iam/docs). 181 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 182 { # Specifies the audit configuration for a service. 183 # The configuration determines which permission types are logged, and what 184 # identities, if any, are exempted from logging. 185 # An AuditConfig must have one or more AuditLogConfigs. 186 # 187 # If there are AuditConfigs for both `allServices` and a specific service, 188 # the union of the two AuditConfigs is used for that service: the log_types 189 # specified in each AuditConfig are enabled, and the exempted_members in each 190 # AuditLogConfig are exempted. 191 # 192 # Example Policy with multiple AuditConfigs: 193 # 194 # { 195 # "audit_configs": [ 196 # { 197 # "service": "allServices" 198 # "audit_log_configs": [ 199 # { 200 # "log_type": "DATA_READ", 201 # "exempted_members": [ 202 # "user:foo@gmail.com" 203 # ] 204 # }, 205 # { 206 # "log_type": "DATA_WRITE", 207 # }, 208 # { 209 # "log_type": "ADMIN_READ", 210 # } 211 # ] 212 # }, 213 # { 214 # "service": "fooservice.googleapis.com" 215 # "audit_log_configs": [ 216 # { 217 # "log_type": "DATA_READ", 218 # }, 219 # { 220 # "log_type": "DATA_WRITE", 221 # "exempted_members": [ 222 # "user:bar@gmail.com" 223 # ] 224 # } 225 # ] 226 # } 227 # ] 228 # } 229 # 230 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 231 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 232 # bar@gmail.com from DATA_WRITE logging. 233 "auditLogConfigs": [ # The configuration for logging of each type of permission. 234 { # Provides the configuration for logging a type of permissions. 235 # Example: 236 # 237 # { 238 # "audit_log_configs": [ 239 # { 240 # "log_type": "DATA_READ", 241 # "exempted_members": [ 242 # "user:foo@gmail.com" 243 # ] 244 # }, 245 # { 246 # "log_type": "DATA_WRITE", 247 # } 248 # ] 249 # } 250 # 251 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 252 # foo@gmail.com from DATA_READ logging. 253 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 254 # permission. 255 # Follows the same format of Binding.members. 256 "A String", 257 ], 258 "logType": "A String", # The log type that this config enables. 259 }, 260 ], 261 "service": "A String", # Specifies a service that will be enabled for audit logging. 262 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 263 # `allServices` is a special value that covers all services. 264 }, 265 ], 266 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 267 # prevent simultaneous updates of a policy from overwriting each other. 268 # It is strongly suggested that systems make use of the `etag` in the 269 # read-modify-write cycle to perform policy updates in order to avoid race 270 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 271 # systems are expected to put that etag in the request to `setIamPolicy` to 272 # ensure that their change will be applied to the same version of the policy. 273 # 274 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 275 # policy is overwritten blindly. 276 "bindings": [ # Associates a list of `members` to a `role`. 277 # `bindings` with no members will result in an error. 278 { # Associates `members` with a `role`. 279 "role": "A String", # Role that is assigned to `members`. 280 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 281 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 282 # `members` can have the following values: 283 # 284 # * `allUsers`: A special identifier that represents anyone who is 285 # on the internet; with or without a Google account. 286 # 287 # * `allAuthenticatedUsers`: A special identifier that represents anyone 288 # who is authenticated with a Google account or a service account. 289 # 290 # * `user:{emailid}`: An email address that represents a specific Google 291 # account. For example, `alice@gmail.com` . 292 # 293 # 294 # * `serviceAccount:{emailid}`: An email address that represents a service 295 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 296 # 297 # * `group:{emailid}`: An email address that represents a Google group. 298 # For example, `admins@example.com`. 299 # 300 # 301 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 302 # users of that domain. For example, `google.com` or `example.com`. 303 # 304 "A String", 305 ], 306 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 307 # NOTE: An unsatisfied condition will not allow user access via current 308 # binding. Different bindings, including their conditions, are examined 309 # independently. 310 # 311 # title: "User account presence" 312 # description: "Determines whether the request has a user account" 313 # expression: "size(request.user) > 0" 314 "description": "A String", # An optional description of the expression. This is a longer text which 315 # describes the expression, e.g. when hovered over it in a UI. 316 "expression": "A String", # Textual representation of an expression in 317 # Common Expression Language syntax. 318 # 319 # The application context of the containing message determines which 320 # well-known feature set of CEL is supported. 321 "location": "A String", # An optional string indicating the location of the expression for error 322 # reporting, e.g. a file name and a position in the file. 323 "title": "A String", # An optional title for the expression, i.e. a short string describing 324 # its purpose. This can be used e.g. in UIs which allow to enter the 325 # expression. 326 }, 327 }, 328 ], 329 "version": 42, # Deprecated. 330 }, 331 "assetType": "A String", # Type of the asset. Example: "google.compute.Disk". 332 "resource": { # Representation of a cloud resource. # Representation of the resource. 333 "resourceUrl": "A String", # The REST URL for accessing the resource. An HTTP GET operation using this 334 # URL returns the resource itself. 335 # Example: 336 # `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`. 337 # It will be left unspecified for resources without a REST API. 338 "parent": "A String", # The full name of the immediate parent of this resource. See 339 # [Resource 340 # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 341 # for more information. 342 # 343 # For GCP assets, it is the parent resource defined in the [Cloud IAM policy 344 # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). 345 # For example: 346 # `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`. 347 # 348 # For third-party assets, it is up to the users to define. 349 "discoveryDocumentUri": "A String", # The URL of the discovery document containing the resource's JSON schema. 350 # For example: 351 # `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`. 352 # It will be left unspecified for resources without a discovery-based API, 353 # such as Cloud Bigtable. 354 "discoveryName": "A String", # The JSON schema name listed in the discovery document. 355 # Example: "Project". It will be left unspecified for resources (such as 356 # Cloud Bigtable) without a discovery-based API. 357 "version": "A String", # The API version. Example: "v1". 358 "data": { # The content of the resource, in which some sensitive fields are scrubbed 359 # away and may not be present. 360 "a_key": "", # Properties of the object. 361 }, 362 }, 363 "name": "A String", # The full name of the asset. For example: 364 # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. 365 # See [Resource 366 # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 367 # for more information. 368 }, 369 }, 370 ], 371 }</pre> 372</div> 373 374<div class="method"> 375 <code class="details" id="exportAssets">exportAssets(parent, body, x__xgafv=None)</code> 376 <pre>Exports assets with time and resource types to a given Cloud Storage 377location. The output format is newline-delimited JSON. 378This API implements the google.longrunning.Operation API allowing you 379to keep track of the export. 380 381Args: 382 parent: string, Required. The relative name of the root asset. This can only be an 383organization number (such as "organizations/123"), a project ID (such as 384"projects/my-project-id"), a project number (such as "projects/12345"), or 385a folder number (such as "folders/123"). (required) 386 body: object, The request body. (required) 387 The object takes the form of: 388 389{ # Export asset request. 390 "assetTypes": [ # A list of asset types of which to take a snapshot for. For example: 391 # "google.compute.Disk". If specified, only matching assets will be returned. 392 # See [Introduction to Cloud Asset 393 # Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) 394 # for all supported asset types. 395 "A String", 396 ], 397 "outputConfig": { # Output configuration for export assets destination. # Required. Output configuration indicating where the results will be output 398 # to. All results will be in newline delimited JSON format. 399 "gcsDestination": { # A Cloud Storage location. # Destination on Cloud Storage. 400 "uriPrefix": "A String", # The uri prefix of all generated Cloud Storage objects. For example: 401 # "gs://bucket_name/object_name_prefix". Each object uri is in format: 402 # "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only 403 # contains assets for that type. <shard number> starts from 0. For example: 404 # "gs://bucket_name/object_name_prefix/google.compute.disk/0" is the first 405 # shard of output objects containing all google.compute.disk assets. 406 # An INVALID_ARGUMENT error will be returned if file with the same name 407 # "gs://bucket_name/object_name_prefix" already exists. 408 "uri": "A String", # The uri of the Cloud Storage object. It's the same uri that is used by 409 # gsutil. For example: "gs://bucket_name/object_name". See [Viewing and 410 # Editing Object 411 # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) 412 # for more information. 413 }, 414 }, 415 "contentType": "A String", # Asset content type. If not specified, no content but the asset name will be 416 # returned. 417 "readTime": "A String", # Timestamp to take an asset snapshot. This can only be set to a timestamp 418 # between 2018-10-02 UTC (inclusive) and the current time. If not specified, 419 # the current time will be used. Due to delays in resource data collection 420 # and indexing, there is a volatile window during which running the same 421 # query may get different results. 422 } 423 424 x__xgafv: string, V1 error format. 425 Allowed values 426 1 - v1 error format 427 2 - v2 error format 428 429Returns: 430 An object of the form: 431 432 { # This resource represents a long-running operation that is the result of a 433 # network API call. 434 "metadata": { # Service-specific metadata associated with the operation. It typically 435 # contains progress information and common metadata such as create time. 436 # Some services might not provide such metadata. Any method that returns a 437 # long-running operation should document the metadata type, if any. 438 "a_key": "", # Properties of the object. Contains field @type with type URL. 439 }, 440 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 441 # different programming environments, including REST APIs and RPC APIs. It is 442 # used by [gRPC](https://github.com/grpc). The error model is designed to be: 443 # 444 # - Simple to use and understand for most users 445 # - Flexible enough to meet unexpected needs 446 # 447 # # Overview 448 # 449 # The `Status` message contains three pieces of data: error code, error 450 # message, and error details. The error code should be an enum value of 451 # google.rpc.Code, but it may accept additional error codes if needed. The 452 # error message should be a developer-facing English message that helps 453 # developers *understand* and *resolve* the error. If a localized user-facing 454 # error message is needed, put the localized message in the error details or 455 # localize it in the client. The optional error details may contain arbitrary 456 # information about the error. There is a predefined set of error detail types 457 # in the package `google.rpc` that can be used for common error conditions. 458 # 459 # # Language mapping 460 # 461 # The `Status` message is the logical representation of the error model, but it 462 # is not necessarily the actual wire format. When the `Status` message is 463 # exposed in different client libraries and different wire protocols, it can be 464 # mapped differently. For example, it will likely be mapped to some exceptions 465 # in Java, but more likely mapped to some error codes in C. 466 # 467 # # Other uses 468 # 469 # The error model and the `Status` message can be used in a variety of 470 # environments, either with or without APIs, to provide a 471 # consistent developer experience across different environments. 472 # 473 # Example uses of this error model include: 474 # 475 # - Partial errors. If a service needs to return partial errors to the client, 476 # it may embed the `Status` in the normal response to indicate the partial 477 # errors. 478 # 479 # - Workflow errors. A typical workflow has multiple steps. Each step may 480 # have a `Status` message for error reporting. 481 # 482 # - Batch operations. If a client uses batch request and batch response, the 483 # `Status` message should be used directly inside batch response, one for 484 # each error sub-response. 485 # 486 # - Asynchronous operations. If an API call embeds asynchronous operation 487 # results in its response, the status of those operations should be 488 # represented directly using the `Status` message. 489 # 490 # - Logging. If some API errors are stored in logs, the message `Status` could 491 # be used directly after any stripping needed for security/privacy reasons. 492 "message": "A String", # A developer-facing error message, which should be in English. Any 493 # user-facing error message should be localized and sent in the 494 # google.rpc.Status.details field, or localized by the client. 495 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 496 "details": [ # A list of messages that carry the error details. There is a common set of 497 # message types for APIs to use. 498 { 499 "a_key": "", # Properties of the object. Contains field @type with type URL. 500 }, 501 ], 502 }, 503 "done": True or False, # If the value is `false`, it means the operation is still in progress. 504 # If `true`, the operation is completed, and either `error` or `response` is 505 # available. 506 "response": { # The normal response of the operation in case of success. If the original 507 # method returns no data on success, such as `Delete`, the response is 508 # `google.protobuf.Empty`. If the original method is standard 509 # `Get`/`Create`/`Update`, the response should be the resource. For other 510 # methods, the response should have the type `XxxResponse`, where `Xxx` 511 # is the original method name. For example, if the original method name 512 # is `TakeSnapshot()`, the inferred response type is 513 # `TakeSnapshotResponse`. 514 "a_key": "", # Properties of the object. Contains field @type with type URL. 515 }, 516 "name": "A String", # The server-assigned name, which is only unique within the same service that 517 # originally returns it. If you use the default HTTP mapping, the 518 # `name` should have the format of `operations/some/unique/name`. 519 }</pre> 520</div> 521 522</body></html>