Cloud Asset API (cloudasset:v1)

2022-11-16

4 new methods

Additions

    Methods

  • cloudasset.analyzeOrgPolicyGovernedContainers

      Flat Path : v1/{v1Id}/{v1Id1}:analyzeOrgPolicyGovernedContainers

      HTTP Method : GET

      Parameters :

        constraint

          Type : string

          Location : query

          Description : Required. The name of the constraint to analyze governed containers for. The analysis only contains organization policies for the provided constraint.

        filter

          Type : string

          Description : The expression to filter the governed containers in result. The only supported field is `parent`, and the only supported operator is `=`. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001".

          Location : query

        scope

          Description : Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output containers will also be limited to the ones governed by those in-scope organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

          Required : Yes

          Type : string

          Location : path

          Pattern : ^[^/]+/[^/]+$

        pageToken

          Type : string

          Description : The pagination token to retrieve the next page.

          Location : query

        pageSize

          Location : query

          Description : The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedContainersResponse.governed_containers will contain 100 items with a maximum of 200.

          Type : integer

          Format : int32

      Parameter Order : scope

      Scopes : https://www.googleapis.com/auth/cloud-platform

      Path : v1/{+scope}:analyzeOrgPolicyGovernedContainers

      Description : Analyzes organization policies governed containers (projects, folders or organization) under a scope.

  • cloudasset.queryAssets

      Parameters :

        parent

          Required : Yes

          Description : Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). Only assets belonging to the `parent` will be returned.

          Type : string

          Location : path

          Pattern : ^[^/]+/[^/]+$

      Flat Path : v1/{v1Id}/{v1Id1}:queryAssets

      Scopes : https://www.googleapis.com/auth/cloud-platform

      Description : Issue a job that queries assets using a SQL statement compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.

      Path : v1/{+parent}:queryAssets

      Parameter Order : parent

      HTTP Method : POST

  • cloudasset.analyzeOrgPolicies

      Flat Path : v1/{v1Id}/{v1Id1}:analyzeOrgPolicies

      Parameters :

        pageSize

          Description : The maximum number of items to return per page. If unspecified, AnalyzeOrgPoliciesResponse.org_policy_results will contain 20 items with a maximum of 200.

          Location : query

          Type : integer

          Format : int32

        filter

          Location : query

          Type : string

          Description : The expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is `consolidated_policy.attached_resource`, and the only supported operator is `=`. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001".

        pageToken

          Type : string

          Description : The pagination token to retrieve the next page.

          Location : query

        scope

          Type : string

          Pattern : ^[^/]+/[^/]+$

          Description : Required. The organization to scope the request. Only organization policies within the scope will be analyzed. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

          Required : Yes

          Location : path

        constraint

          Description : Required. The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint.

          Type : string

          Location : query

      Path : v1/{+scope}:analyzeOrgPolicies

      Description : Analyzes organization policies under a scope.

      Scopes : https://www.googleapis.com/auth/cloud-platform

      Parameter Order : scope

      HTTP Method : GET

  • cloudasset.analyzeOrgPolicyGovernedAssets

      Parameters :

        scope

          Required : Yes

          Type : string

          Description : Required. The organization to scope the request. Only organization policies within the scope will be analyzed. The output assets will also be limited to the ones governed by those in-scope organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

          Pattern : ^[^/]+/[^/]+$

          Location : path

        filter

          Description : The expression to filter the governed assets in result. The only supported fields for governed resources are `governed_resource.project` and `governed_resource.folders`. The only supported fields for governed iam policies are `governed_iam_policy.project` and `governed_iam_policy.folders`. The only supported operator is `=`. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable.

          Location : query

          Type : string

        constraint

          Location : query

          Description : Required. The name of the constraint to analyze governed assets for. The analysis only contains analyzed organization policies for the provided constraint.

          Type : string

        pageSize

          Type : integer

          Description : The maximum number of items to return per page. If unspecified, AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets will contain 100 items with a maximum of 200.

          Location : query

          Format : int32

        pageToken

          Type : string

          Location : query

          Description : The pagination token to retrieve the next page.

      Scopes : https://www.googleapis.com/auth/cloud-platform

      Parameter Order : scope

      Description : Analyzes organization policies governed assets (GCP resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either: * resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types), or * IAM policies.

      Path : v1/{+scope}:analyzeOrgPolicyGovernedAssets

      Flat Path : v1/{v1Id}/{v1Id1}:analyzeOrgPolicyGovernedAssets

      HTTP Method : GET