Cloud Asset API (cloudasset:v1)

2022-11-16

4 new methods

Additions

    Methods

  • cloudasset.analyzeOrgPolicyGovernedContainers

      Flat Path: v1/{v1Id}/{v1Id1}:analyzeOrgPolicyGovernedContainers

      HTTP Method: GET

      Parameters:

        constraint

          Type: string

          Location: query

          Description: Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint.

        filter

          Type: string

          Description: The expression to filter the governed containers in result. The only supported field is `parent`, and the only supported operator is `=`. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001".

          Location: query

        scope

          Description: Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

          Required: Yes

          Type: string

          Location: path

          Pattern: ^[^/]+/[^/]+$

        pageToken

          Type: string

          Description: The pagination token to retrieve the next page.

          Location: query

        pageSize

          Location: query

          Description: The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedContainersResponse.governed_containers will contain 100 items with a maximum of 200.

          Type: integer

          Format: int32

      Parameter Order: scope

      Scopes: https://www.googleapis.com/auth/cloud-platform

      Path: v1/{+scope}:analyzeOrgPolicyGovernedContainers

      Description: Analyzes organization policies governed containers (projects, folders or organization) under a scope.

  • cloudasset.queryAssets

      Parameters:

        parent

          Required: Yes

          Description: Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). Only assets belonging to the `parent` will be returned.

          Type: string

          Location: path

          Pattern: ^[^/]+/[^/]+$

      Flat Path: v1/{v1Id}/{v1Id1}:queryAssets

      Scopes: https://www.googleapis.com/auth/cloud-platform

      Description: Issue a job that queries assets using a SQL statement compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.

      Path: v1/{+parent}:queryAssets

      Parameter Order: parent

      HTTP Method: POST

  • cloudasset.analyzeOrgPolicies

      Flat Path: v1/{v1Id}/{v1Id1}:analyzeOrgPolicies

      Parameters:

        pageSize

          Description: The maximum number of items to return per page. If unspecified, AnalyzeOrgPoliciesResponse.org_policy_results will contain 20 items with a maximum of 200.

          Location: query

          Type: integer

          Format: int32

        filter

          Location: query

          Type: string

          Description: The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is `consolidated_policy.attached_resource`, and the only supported operator is `=`. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001".

        pageToken

          Type: string

          Description: The pagination token to retrieve the next page.

          Location: query

        scope

          Type: string

          Pattern: ^[^/]+/[^/]+$

          Description: Required. The organization to scope the request. Only organization policies within the scope will be analyzed. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

          Required: Yes

          Location: path

        constraint

          Description: Required. The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint.

          Type: string

          Location: query

      Path: v1/{+scope}:analyzeOrgPolicies

      Description: Analyzes organization policies under a scope.

      Scopes: https://www.googleapis.com/auth/cloud-platform

      Parameter Order: scope

      HTTP Method: GET

  • cloudasset.analyzeOrgPolicyGovernedAssets

      Parameters:

        scope

          Required: Yes

          Type: string

          Description: Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output assets will also be limited to the ones governed by those in-scope organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

          Pattern: ^[^/]+/[^/]+$

          Location: path

        filter

          Description: The expression to filter the governed assets in result. The only supported fields for governed resources are `governed_resource.project` and `governed_resource.folders`. The only supported fields for governed iam policies are `governed_iam_policy.project` and `governed_iam_policy.folders`. The only supported operator is `=`. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable.

          Location: query

          Type: string

        constraint

          Location: query

          Description: Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint.

          Type: string

        pageSize

          Type: integer

          Description: The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will contain 100 items with a maximum of 200.

          Location: query

          Format: int32

        pageToken

          Type: string

          Location: query

          Description: The pagination token to retrieve the next page.

      Scopes: https://www.googleapis.com/auth/cloud-platform

      Parameter Order: scope

      Description: Analyzes organization policies governed assets (GCP resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either: * resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types), or * IAM policies.

      Path: v1/{+scope}:analyzeOrgPolicyGovernedAssets

      Flat Path: v1/{v1Id}/{v1Id1}:analyzeOrgPolicyGovernedAssets

      HTTP Method: GET