suguo
/
googleapis
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

asset: v1p2beta1 add client config annotations 

* remove unintentionally exposed RPCs
* remove messages relevant to removed RPCs

PiperOrigin-RevId: 292369593
This commit is contained in:
Google APIs 2020-01-30 10:00:27 -08:00 committed by Copybara-Service
parent c1246a29e2
commit b835ab9d2f
6 changed files with 97 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
google/cloud/asset/v1p2beta1/BUILD.bazel
View File

@ -18,6 +18,8 @@ proto_library(
deps = [
"//google/api:annotations_proto",
"//google/api:client_proto",
"//google/api:field_behavior_proto",
"//google/api:resource_proto",
"//google/iam/v1:policy_proto",
"//google/longrunning:operations_proto",
"@com_google_protobuf//:any_proto",
@ -171,6 +173,8 @@ moved_proto_library(
deps = [
"//google/api:annotations_proto",
"//google/api:client_proto",
"//google/api:field_behavior_proto",
"//google/api:resource_proto",
"//google/iam/v1:policy_proto",
"//google/longrunning:operations_proto",
"@com_google_protobuf//:any_proto",

229
google/cloud/asset/v1p2beta1/asset_service.proto
View File

@ -18,12 +18,14 @@ syntax = "proto3";
package google.cloud.asset.v1p2beta1;
import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/asset/v1p2beta1/assets.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
import "google/api/client.proto";
option csharp_namespace = "Google.Cloud.Asset.V1p2Beta1";
option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1;asset";
@ -37,28 +39,6 @@ service AssetService {
option (google.api.default_host) = "cloudasset.googleapis.com";
option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
// Exports assets with time and resource types to a given Cloud Storage
// location. The output format is newline-delimited JSON.
// This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
// to keep track of the export.
rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) {
option (google.api.http) = {
post: "/v1p2beta1/{parent=*/*}:exportAssets"
body: "*"
};
}
// Batch gets the update history of assets that overlap a time window.
// For RESOURCE content, this API outputs history with asset in both
// non-delete or deleted status.
// For IAM_POLICY content, this API outputs history when the asset and its
// attached IAM POLICY both exist. This can create gaps in the output history.
rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) {
option (google.api.http) = {
get: "/v1p2beta1/{parent=*/*}:batchGetAssetsHistory"
};
}
// Creates a feed in a parent project/folder/organization to listen to its
// asset updates.
rpc CreateFeed(CreateFeedRequest) returns (Feed) {
@ -66,6 +46,7 @@ service AssetService {
post: "/v1p2beta1/{parent=*/*}/feeds"
body: "*"
};
option (google.api.method_signature) = "parent";
}
// Gets details about an asset feed.
@ -73,6 +54,7 @@ service AssetService {
option (google.api.http) = {
get: "/v1p2beta1/{name=*/*/feeds/*}"
};
option (google.api.method_signature) = "name";
}
// Lists all asset feeds in a parent project/folder/organization.
@ -80,6 +62,7 @@ service AssetService {
option (google.api.http) = {
get: "/v1p2beta1/{parent=*/*}/feeds"
};
option (google.api.method_signature) = "parent";
}
// Updates an asset feed configuration.
@ -88,6 +71,7 @@ service AssetService {
patch: "/v1p2beta1/{feed.name=*/*/feeds/*}"
body: "*"
};
option (google.api.method_signature) = "feed";
}
// Deletes an asset feed.
@ -95,88 +79,10 @@ service AssetService {
option (google.api.http) = {
delete: "/v1p2beta1/{name=*/*/feeds/*}"
};
option (google.api.method_signature) = "name";
}
}
// Export asset request.
message ExportAssetsRequest {
// Required. The relative name of the root asset. This can only be an
// organization number (such as "organizations/123"), a project ID (such as
// "projects/my-project-id"), or a project number (such as "projects/12345").
string parent = 1;
// Timestamp to take an asset snapshot. This can only be set to a timestamp
// between 2018-10-02 UTC (inclusive) and the current time. If not specified,
// the current time will be used. Due to delays in resource data collection
// and indexing, there is a volatile window during which running the same
// query may get different results.
google.protobuf.Timestamp read_time = 2;
// A list of asset types of which to take a snapshot for. For example:
// "compute.googleapis.com/Disk". If specified, only matching assets will be
// returned. See [Introduction to Cloud Asset
// Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview)
// for all supported asset types.
repeated string asset_types = 3;
// Asset content type. If not specified, no content but the asset name will be
// returned.
ContentType content_type = 4;
// Required. Output configuration indicating where the results will be output
// to. All results will be in newline delimited JSON format.
OutputConfig output_config = 5;
}
// The export asset response. This message is returned by the
// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned
// [google.longrunning.Operation.response][google.longrunning.Operation.response] field.
message ExportAssetsResponse {
// Time the snapshot was taken.
google.protobuf.Timestamp read_time = 1;
// Output configuration indicating where the results were output to.
// All results are in JSON format.
OutputConfig output_config = 2;
}
// Batch get assets history request.
message BatchGetAssetsHistoryRequest {
// Required. The relative name of the root asset. It can only be an
// organization number (such as "organizations/123"), a project ID (such as
// "projects/my-project-id")", or a project number (such as "projects/12345").
string parent = 1;
// A list of the full names of the assets. For example:
// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
// See [Resource
// Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
// and [Resource Name
// Format](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format)
// for more info.
//
// The request becomes a no-op if the asset name list is empty, and the max
// size of the asset name list is 100 in one request.
repeated string asset_names = 2;
// Required. The content type.
ContentType content_type = 3;
// Optional. The time window for the asset history. Both start_time and
// end_time are optional and if set, it must be after 2018-10-02 UTC. If
// end_time is not set, it is default to current timestamp. If start_time is
// not set, the snapshot of the assets at end_time will be returned. The
// returned results contain all temporal assets whose time window overlap with
// read_time_window.
TimeWindow read_time_window = 4;
}
// Batch get assets history response.
message BatchGetAssetsHistoryResponse {
// A list of assets with valid time windows.
repeated TemporalAsset assets = 1;
}
// Create asset feed request.
message CreateFeedRequest {
// Required. The name of the project/folder/organization where this feed
@ -184,27 +90,32 @@ message CreateFeedRequest {
// "organizations/123"), a folder number (such as "folders/123"), a project ID
// (such as "projects/my-project-id")", or a project number (such as
// "projects/12345").
string parent = 1;
string parent = 1 [(google.api.field_behavior) = REQUIRED];
// Required. This is the client-assigned asset feed identifier and it needs to
// be unique under a specific parent project/folder/organization.
string feed_id = 2;
string feed_id = 2 [(google.api.field_behavior) = REQUIRED];
// The feed details. The field `name` must be empty and it will be generated
// Required. The feed details. The field `name` must be empty and it will be generated
// in the format of:
// projects/project_number/feeds/feed_id
// folders/folder_number/feeds/feed_id
// organizations/organization_number/feeds/feed_id
Feed feed = 3;
Feed feed = 3 [(google.api.field_behavior) = REQUIRED];
}
// Get asset feed request.
message GetFeedRequest {
// The name of the Feed and it must be in the format of:
// Required. The name of the Feed and it must be in the format of:
// projects/project_number/feeds/feed_id
// folders/folder_number/feeds/feed_id
// organizations/organization_number/feeds/feed_id
string name = 1;
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudasset.googleapis.com/Feed"
}
];
}
// List asset feeds request.
@ -212,10 +123,9 @@ message ListFeedsRequest {
// Required. The parent project/folder/organization whose feeds are to be
// listed. It can only be using project/folder/organization number (such as
// "folders/12345")", or a project ID (such as "projects/my-project-id").
string parent = 1;
string parent = 1 [(google.api.field_behavior) = REQUIRED];
}
// List asset feeds response.
message ListFeedsResponse {
// A list of feeds.
repeated Feed feeds = 1;
@ -223,26 +133,30 @@ message ListFeedsResponse {
// Update asset feed request.
message UpdateFeedRequest {
// The new values of feed details. It must match an existing feed and the
// Required. The new values of feed details. It must match an existing feed and the
// field `name` must be in the format of:
// projects/project_number/feeds/feed_id or
// folders/folder_number/feeds/feed_id or
// organizations/organization_number/feeds/feed_id.
Feed feed = 1;
Feed feed = 1 [(google.api.field_behavior) = REQUIRED];
// Only updates the `feed` fields indicated by this mask.
// Required. Only updates the `feed` fields indicated by this mask.
// The field mask must not be empty, and it must not contain fields that
// are immutable or only set by the server.
google.protobuf.FieldMask update_mask = 2;
google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
}
// Delete asset feed request.
message DeleteFeedRequest {
// The name of the feed and it must be in the format of:
// Required. The name of the feed and it must be in the format of:
// projects/project_number/feeds/feed_id
// folders/folder_number/feeds/feed_id
// organizations/organization_number/feeds/feed_id
string name = 1;
string name = 1 [
(google.api.field_behavior) = REQUIRED,
(google.api.resource_reference) = {
type: "cloudasset.googleapis.com/Feed"
}
];
}
// Output configuration for export assets destination.
@ -251,12 +165,6 @@ message OutputConfig {
oneof destination {
// Destination on Cloud Storage.
GcsDestination gcs_destination = 1;
// Destination on Bigquery. The output table stores the fields in asset
// proto as columns in BigQuery. The resource/iam_policy field is converted
// to a record with each field to a column, except metadata to a single JSON
// string.
BigQueryDestination bigquery_destination = 2;
}
}
@ -270,40 +178,9 @@ message GcsDestination {
// Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
// for more information.
string uri = 1;
// The uri prefix of all generated Cloud Storage objects. For example:
// "gs://bucket_name/object_name_prefix". Each object uri is in format:
// "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only
// contains assets for that type. <shard number> starts from 0. For example:
// "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is
// the first shard of output objects containing all
// compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be
// returned if file with the same name "gs://bucket_name/object_name_prefix"
// already exists.
string uri_prefix = 2;
}
}
// A Bigquery destination.
message BigQueryDestination {
// Required. The BigQuery dataset in format
// "projects/projectId/datasets/datasetId", to which the snapshot result
// should be exported. If this dataset does not exist, the export call returns
// an error.
string dataset = 1;
// Required. The BigQuery table to which the snapshot result should be
// written. If this table does not exist, a new table with the given name
// will be created.
string table = 2;
// If the destination table already exists and this flag is `TRUE`, the
// table will be overwritten by the contents of assets snapshot. If the flag
// is not set and the destination table already exists, the export call
// returns an error.
bool force = 3;
}
// A Cloud Pubsub destination.
message PubsubDestination {
// The name of the Cloud Pub/Sub topic to publish to.
@ -311,26 +188,6 @@ message PubsubDestination {
string topic = 1;
}
// Asset content type.
enum ContentType {
// Unspecified content type.
CONTENT_TYPE_UNSPECIFIED = 0;
// Resource metadata.
RESOURCE = 1;
// The actual IAM policy set on a resource.
IAM_POLICY = 2;
// The IAM policy name for the IAM policy set on a resource.
IAM_POLICY_NAME = 3;
ORG_POLICY = 4;
// The Cloud Access context mananger Policy set on an asset.
ACCESS_POLICY = 5;
}
// Output configuration for asset feed destination.
message FeedOutputConfig {
// Asset feed destination.
@ -346,6 +203,14 @@ message FeedOutputConfig {
// folder. Supported destinations are:
// Cloud Pub/Sub topics.
message Feed {
option (google.api.resource) = {
type: "cloudasset.googleapis.com/Feed"
pattern: "projects/{project}/feeds/{feed}"
pattern: "folders/{folder}/feeds/{feed}"
pattern: "organizations/{organization}/feeds/{feed}"
history: ORIGINALLY_SINGLE_PATTERN
};
// Required. The format will be
// projects/{project_number}/feeds/{client-assigned_feed_identifier} or
// folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
@ -353,7 +218,7 @@ message Feed {
//
// The client-assigned feed identifier must be unique within the parent
// project/folder/organization.
string name = 1;
string name = 1 [(google.api.field_behavior) = REQUIRED];
// A list of the full names of the assets to receive updates. You must specify
// either or both of asset_names and asset_types. Only asset updates matching
@ -380,5 +245,17 @@ message Feed {
// Required. Feed output configuration defining where the asset updates are
// published to.
FeedOutputConfig feed_output_config = 5;
FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED];
}
// Asset content type.
enum ContentType {
// Unspecified content type.
CONTENT_TYPE_UNSPECIFIED = 0;
// Resource metadata.
RESOURCE = 1;
// The actual IAM policy set on a resource.
IAM_POLICY = 2;
}

13
google/cloud/asset/v1p2beta1/assets.proto
View File

@ -74,15 +74,10 @@ message Asset {
// each resource, there must be at most one Cloud IAM policy set on it.
google.iam.v1.Policy iam_policy = 4;
// Cloud IAM policy name of the Cloud IAM policy set on a cloud resource. For
// each resource, there must be at most one Cloud IAM policy name associated
// with it.
bytes iam_policy_name = 5;
// Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy,
// represented as a list of relative resource names. Ancestry path starts with
// the closest CRM ancestor and ending at a visible root. If the asset is a
// CRM project/ folder/organization, this starts from the asset itself.
// the closest CRM ancestor and ends at root. If the asset is a CRM
// project/folder/organization, this starts from the asset itself.
//
// Example: ["projects/123456789", "folders/5432", "organizations/1234"]
repeated string ancestors = 6;
@ -128,8 +123,4 @@ message Resource {
// The content of the resource, in which some sensitive fields are scrubbed
// away and may not be present.
google.protobuf.Struct data = 6;
// The actual metadata content for the resource, only visible for internal
// users.
google.protobuf.Any internal_data = 7;
}

26
google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml
View File

@ -97,32 +97,6 @@ interfaces:
# timeout_millis - Specifies the default timeout for a non-retrying call. If
# the call is retrying, refer to retry_params_name instead.
methods:
- name: ExportAssets
required_fields:
- parent
- output_config
retry_codes_name: non_idempotent
retry_params_name: default
long_running:
return_type: google.cloud.asset.v1p2beta1.ExportAssetsResponse
metadata_type: google.cloud.asset.v1p2beta1.ExportAssetsRequest
initial_poll_delay_millis: 500
poll_delay_multiplier: 1.5
max_poll_delay_millis: 5000
total_poll_timeout_millis: 300000
timeout_millis: 600000
- name: BatchGetAssetsHistory
flattening:
groups:
- parameters:
- parent
required_fields:
- parent
- asset_names
- content_type
retry_codes_name: idempotent
retry_params_name: default
timeout_millis: 600000
- name: CreateFeed
flattening:
groups:

8
google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json
View File

@ -2,10 +2,6 @@
"methodConfig": [
{
"name": [
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "ExportAssets"
},
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "CreateFeed"
@ -19,10 +15,6 @@
},
{
"name": [
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "BatchGetAssetsHistory"
},
{
"service": "google.cloud.asset.v1p2beta1.AssetService",
"method": "GetFeed"

38
google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml Normal file
View File

@ -0,0 +1,38 @@
type: google.api.Service
config_version: 3
name: cloudasset.googleapis.com
title: Cloud Asset API
apis:
- name: google.cloud.asset.v1p2beta1.AssetService
documentation:
summary: The cloud asset API manages the history and inventory of cloud resources.
overview: |-
# Cloud Asset API
The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset
metadata, and allows GCP users to download a dump of all asset metadata
for the resource types listed below within an organization or a project at
a given timestamp.
Read more documents here:
https://cloud.google.com/asset-inventory/docs
backend:
rules:
- selector: 'google.cloud.asset.v1p2beta1.AssetService.*'
deadline: 600.0
- selector: google.longrunning.Operations.GetOperation
deadline: 60.0
authentication:
rules:
- selector: 'google.cloud.asset.v1p2beta1.AssetService.*'
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform
- selector: google.longrunning.Operations.GetOperation
oauth:
canonical_scopes: |-
https://www.googleapis.com/auth/cloud-platform