From b835ab9d2f62c88561392aa26074c0b849fb0bd3 Mon Sep 17 00:00:00 2001 From: Google APIs Date: Thu, 30 Jan 2020 10:00:27 -0800 Subject: [PATCH] asset: v1p2beta1 add client config annotations * remove unintentionally exposed RPCs * remove messages relevant to removed RPCs PiperOrigin-RevId: 292369593 --- google/cloud/asset/v1p2beta1/BUILD.bazel | 4 + .../cloud/asset/v1p2beta1/asset_service.proto | 229 ++++-------------- google/cloud/asset/v1p2beta1/assets.proto | 13 +- .../asset/v1p2beta1/cloudasset_gapic.yaml | 26 -- .../cloudasset_grpc_service_config.json | 8 - .../asset/v1p2beta1/cloudasset_v1p2beta1.yaml | 38 +++ 6 files changed, 97 insertions(+), 221 deletions(-) create mode 100644 google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml diff --git a/google/cloud/asset/v1p2beta1/BUILD.bazel b/google/cloud/asset/v1p2beta1/BUILD.bazel index 9b574737..e46878b6 100644 --- a/google/cloud/asset/v1p2beta1/BUILD.bazel +++ b/google/cloud/asset/v1p2beta1/BUILD.bazel @@ -18,6 +18,8 @@ proto_library( deps = [ "//google/api:annotations_proto", "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", "//google/iam/v1:policy_proto", "//google/longrunning:operations_proto", "@com_google_protobuf//:any_proto", @@ -171,6 +173,8 @@ moved_proto_library( deps = [ "//google/api:annotations_proto", "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", "//google/iam/v1:policy_proto", "//google/longrunning:operations_proto", "@com_google_protobuf//:any_proto", diff --git a/google/cloud/asset/v1p2beta1/asset_service.proto b/google/cloud/asset/v1p2beta1/asset_service.proto index 0d461d0f..7925bba6 100644 --- a/google/cloud/asset/v1p2beta1/asset_service.proto +++ b/google/cloud/asset/v1p2beta1/asset_service.proto @@ -18,12 +18,14 @@ syntax = "proto3"; package google.cloud.asset.v1p2beta1; import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; import "google/cloud/asset/v1p2beta1/assets.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/field_mask.proto"; import "google/protobuf/timestamp.proto"; -import "google/api/client.proto"; option csharp_namespace = "Google.Cloud.Asset.V1p2Beta1"; option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p2beta1;asset"; @@ -37,28 +39,6 @@ service AssetService { option (google.api.default_host) = "cloudasset.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; - // Exports assets with time and resource types to a given Cloud Storage - // location. The output format is newline-delimited JSON. - // This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you - // to keep track of the export. - rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) { - option (google.api.http) = { - post: "/v1p2beta1/{parent=*/*}:exportAssets" - body: "*" - }; - } - - // Batch gets the update history of assets that overlap a time window. - // For RESOURCE content, this API outputs history with asset in both - // non-delete or deleted status. - // For IAM_POLICY content, this API outputs history when the asset and its - // attached IAM POLICY both exist. This can create gaps in the output history. - rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) { - option (google.api.http) = { - get: "/v1p2beta1/{parent=*/*}:batchGetAssetsHistory" - }; - } - // Creates a feed in a parent project/folder/organization to listen to its // asset updates. rpc CreateFeed(CreateFeedRequest) returns (Feed) { @@ -66,6 +46,7 @@ service AssetService { post: "/v1p2beta1/{parent=*/*}/feeds" body: "*" }; + option (google.api.method_signature) = "parent"; } // Gets details about an asset feed. @@ -73,6 +54,7 @@ service AssetService { option (google.api.http) = { get: "/v1p2beta1/{name=*/*/feeds/*}" }; + option (google.api.method_signature) = "name"; } // Lists all asset feeds in a parent project/folder/organization. @@ -80,6 +62,7 @@ service AssetService { option (google.api.http) = { get: "/v1p2beta1/{parent=*/*}/feeds" }; + option (google.api.method_signature) = "parent"; } // Updates an asset feed configuration. @@ -88,6 +71,7 @@ service AssetService { patch: "/v1p2beta1/{feed.name=*/*/feeds/*}" body: "*" }; + option (google.api.method_signature) = "feed"; } // Deletes an asset feed. @@ -95,88 +79,10 @@ service AssetService { option (google.api.http) = { delete: "/v1p2beta1/{name=*/*/feeds/*}" }; + option (google.api.method_signature) = "name"; } } -// Export asset request. -message ExportAssetsRequest { - // Required. The relative name of the root asset. This can only be an - // organization number (such as "organizations/123"), a project ID (such as - // "projects/my-project-id"), or a project number (such as "projects/12345"). - string parent = 1; - - // Timestamp to take an asset snapshot. This can only be set to a timestamp - // between 2018-10-02 UTC (inclusive) and the current time. If not specified, - // the current time will be used. Due to delays in resource data collection - // and indexing, there is a volatile window during which running the same - // query may get different results. - google.protobuf.Timestamp read_time = 2; - - // A list of asset types of which to take a snapshot for. For example: - // "compute.googleapis.com/Disk". If specified, only matching assets will be - // returned. See [Introduction to Cloud Asset - // Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) - // for all supported asset types. - repeated string asset_types = 3; - - // Asset content type. If not specified, no content but the asset name will be - // returned. - ContentType content_type = 4; - - // Required. Output configuration indicating where the results will be output - // to. All results will be in newline delimited JSON format. - OutputConfig output_config = 5; -} - -// The export asset response. This message is returned by the -// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned -// [google.longrunning.Operation.response][google.longrunning.Operation.response] field. -message ExportAssetsResponse { - // Time the snapshot was taken. - google.protobuf.Timestamp read_time = 1; - - // Output configuration indicating where the results were output to. - // All results are in JSON format. - OutputConfig output_config = 2; -} - -// Batch get assets history request. -message BatchGetAssetsHistoryRequest { - // Required. The relative name of the root asset. It can only be an - // organization number (such as "organizations/123"), a project ID (such as - // "projects/my-project-id")", or a project number (such as "projects/12345"). - string parent = 1; - - // A list of the full names of the assets. For example: - // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. - // See [Resource - // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) - // and [Resource Name - // Format](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/resource-name-format) - // for more info. - // - // The request becomes a no-op if the asset name list is empty, and the max - // size of the asset name list is 100 in one request. - repeated string asset_names = 2; - - // Required. The content type. - ContentType content_type = 3; - - // Optional. The time window for the asset history. Both start_time and - // end_time are optional and if set, it must be after 2018-10-02 UTC. If - // end_time is not set, it is default to current timestamp. If start_time is - // not set, the snapshot of the assets at end_time will be returned. The - // returned results contain all temporal assets whose time window overlap with - // read_time_window. - TimeWindow read_time_window = 4; -} - -// Batch get assets history response. -message BatchGetAssetsHistoryResponse { - // A list of assets with valid time windows. - repeated TemporalAsset assets = 1; -} - // Create asset feed request. message CreateFeedRequest { // Required. The name of the project/folder/organization where this feed @@ -184,27 +90,32 @@ message CreateFeedRequest { // "organizations/123"), a folder number (such as "folders/123"), a project ID // (such as "projects/my-project-id")", or a project number (such as // "projects/12345"). - string parent = 1; + string parent = 1 [(google.api.field_behavior) = REQUIRED]; // Required. This is the client-assigned asset feed identifier and it needs to // be unique under a specific parent project/folder/organization. - string feed_id = 2; + string feed_id = 2 [(google.api.field_behavior) = REQUIRED]; - // The feed details. The field `name` must be empty and it will be generated + // Required. The feed details. The field `name` must be empty and it will be generated // in the format of: // projects/project_number/feeds/feed_id // folders/folder_number/feeds/feed_id // organizations/organization_number/feeds/feed_id - Feed feed = 3; + Feed feed = 3 [(google.api.field_behavior) = REQUIRED]; } // Get asset feed request. message GetFeedRequest { - // The name of the Feed and it must be in the format of: + // Required. The name of the Feed and it must be in the format of: // projects/project_number/feeds/feed_id // folders/folder_number/feeds/feed_id // organizations/organization_number/feeds/feed_id - string name = 1; + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Feed" + } + ]; } // List asset feeds request. @@ -212,10 +123,9 @@ message ListFeedsRequest { // Required. The parent project/folder/organization whose feeds are to be // listed. It can only be using project/folder/organization number (such as // "folders/12345")", or a project ID (such as "projects/my-project-id"). - string parent = 1; + string parent = 1 [(google.api.field_behavior) = REQUIRED]; } -// List asset feeds response. message ListFeedsResponse { // A list of feeds. repeated Feed feeds = 1; @@ -223,26 +133,30 @@ message ListFeedsResponse { // Update asset feed request. message UpdateFeedRequest { - // The new values of feed details. It must match an existing feed and the + // Required. The new values of feed details. It must match an existing feed and the // field `name` must be in the format of: // projects/project_number/feeds/feed_id or // folders/folder_number/feeds/feed_id or // organizations/organization_number/feeds/feed_id. - Feed feed = 1; + Feed feed = 1 [(google.api.field_behavior) = REQUIRED]; - // Only updates the `feed` fields indicated by this mask. + // Required. Only updates the `feed` fields indicated by this mask. // The field mask must not be empty, and it must not contain fields that // are immutable or only set by the server. - google.protobuf.FieldMask update_mask = 2; + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; } -// Delete asset feed request. message DeleteFeedRequest { - // The name of the feed and it must be in the format of: + // Required. The name of the feed and it must be in the format of: // projects/project_number/feeds/feed_id // folders/folder_number/feeds/feed_id // organizations/organization_number/feeds/feed_id - string name = 1; + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudasset.googleapis.com/Feed" + } + ]; } // Output configuration for export assets destination. @@ -251,12 +165,6 @@ message OutputConfig { oneof destination { // Destination on Cloud Storage. GcsDestination gcs_destination = 1; - - // Destination on Bigquery. The output table stores the fields in asset - // proto as columns in BigQuery. The resource/iam_policy field is converted - // to a record with each field to a column, except metadata to a single JSON - // string. - BigQueryDestination bigquery_destination = 2; } } @@ -270,40 +178,9 @@ message GcsDestination { // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) // for more information. string uri = 1; - - // The uri prefix of all generated Cloud Storage objects. For example: - // "gs://bucket_name/object_name_prefix". Each object uri is in format: - // "gs://bucket_name/object_name_prefix// and only - // contains assets for that type. starts from 0. For example: - // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is - // the first shard of output objects containing all - // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be - // returned if file with the same name "gs://bucket_name/object_name_prefix" - // already exists. - string uri_prefix = 2; } } -// A Bigquery destination. -message BigQueryDestination { - // Required. The BigQuery dataset in format - // "projects/projectId/datasets/datasetId", to which the snapshot result - // should be exported. If this dataset does not exist, the export call returns - // an error. - string dataset = 1; - - // Required. The BigQuery table to which the snapshot result should be - // written. If this table does not exist, a new table with the given name - // will be created. - string table = 2; - - // If the destination table already exists and this flag is `TRUE`, the - // table will be overwritten by the contents of assets snapshot. If the flag - // is not set and the destination table already exists, the export call - // returns an error. - bool force = 3; -} - // A Cloud Pubsub destination. message PubsubDestination { // The name of the Cloud Pub/Sub topic to publish to. @@ -311,26 +188,6 @@ message PubsubDestination { string topic = 1; } -// Asset content type. -enum ContentType { - // Unspecified content type. - CONTENT_TYPE_UNSPECIFIED = 0; - - // Resource metadata. - RESOURCE = 1; - - // The actual IAM policy set on a resource. - IAM_POLICY = 2; - - // The IAM policy name for the IAM policy set on a resource. - IAM_POLICY_NAME = 3; - - ORG_POLICY = 4; - - // The Cloud Access context mananger Policy set on an asset. - ACCESS_POLICY = 5; -} - // Output configuration for asset feed destination. message FeedOutputConfig { // Asset feed destination. @@ -346,6 +203,14 @@ message FeedOutputConfig { // folder. Supported destinations are: // Cloud Pub/Sub topics. message Feed { + option (google.api.resource) = { + type: "cloudasset.googleapis.com/Feed" + pattern: "projects/{project}/feeds/{feed}" + pattern: "folders/{folder}/feeds/{feed}" + pattern: "organizations/{organization}/feeds/{feed}" + history: ORIGINALLY_SINGLE_PATTERN + }; + // Required. The format will be // projects/{project_number}/feeds/{client-assigned_feed_identifier} or // folders/{folder_number}/feeds/{client-assigned_feed_identifier} or @@ -353,7 +218,7 @@ message Feed { // // The client-assigned feed identifier must be unique within the parent // project/folder/organization. - string name = 1; + string name = 1 [(google.api.field_behavior) = REQUIRED]; // A list of the full names of the assets to receive updates. You must specify // either or both of asset_names and asset_types. Only asset updates matching @@ -380,5 +245,17 @@ message Feed { // Required. Feed output configuration defining where the asset updates are // published to. - FeedOutputConfig feed_output_config = 5; + FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED]; +} + +// Asset content type. +enum ContentType { + // Unspecified content type. + CONTENT_TYPE_UNSPECIFIED = 0; + + // Resource metadata. + RESOURCE = 1; + + // The actual IAM policy set on a resource. + IAM_POLICY = 2; } diff --git a/google/cloud/asset/v1p2beta1/assets.proto b/google/cloud/asset/v1p2beta1/assets.proto index a9cda898..8fee229b 100644 --- a/google/cloud/asset/v1p2beta1/assets.proto +++ b/google/cloud/asset/v1p2beta1/assets.proto @@ -74,15 +74,10 @@ message Asset { // each resource, there must be at most one Cloud IAM policy set on it. google.iam.v1.Policy iam_policy = 4; - // Cloud IAM policy name of the Cloud IAM policy set on a cloud resource. For - // each resource, there must be at most one Cloud IAM policy name associated - // with it. - bytes iam_policy_name = 5; - // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, // represented as a list of relative resource names. Ancestry path starts with - // the closest CRM ancestor and ending at a visible root. If the asset is a - // CRM project/ folder/organization, this starts from the asset itself. + // the closest CRM ancestor and ends at root. If the asset is a CRM + // project/folder/organization, this starts from the asset itself. // // Example: ["projects/123456789", "folders/5432", "organizations/1234"] repeated string ancestors = 6; @@ -128,8 +123,4 @@ message Resource { // The content of the resource, in which some sensitive fields are scrubbed // away and may not be present. google.protobuf.Struct data = 6; - - // The actual metadata content for the resource, only visible for internal - // users. - google.protobuf.Any internal_data = 7; } diff --git a/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml b/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml index 9be2224c..f26588ff 100644 --- a/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml +++ b/google/cloud/asset/v1p2beta1/cloudasset_gapic.yaml @@ -97,32 +97,6 @@ interfaces: # timeout_millis - Specifies the default timeout for a non-retrying call. If # the call is retrying, refer to retry_params_name instead. methods: - - name: ExportAssets - required_fields: - - parent - - output_config - retry_codes_name: non_idempotent - retry_params_name: default - long_running: - return_type: google.cloud.asset.v1p2beta1.ExportAssetsResponse - metadata_type: google.cloud.asset.v1p2beta1.ExportAssetsRequest - initial_poll_delay_millis: 500 - poll_delay_multiplier: 1.5 - max_poll_delay_millis: 5000 - total_poll_timeout_millis: 300000 - timeout_millis: 600000 - - name: BatchGetAssetsHistory - flattening: - groups: - - parameters: - - parent - required_fields: - - parent - - asset_names - - content_type - retry_codes_name: idempotent - retry_params_name: default - timeout_millis: 600000 - name: CreateFeed flattening: groups: diff --git a/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json b/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json index 57947892..7e714709 100755 --- a/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json +++ b/google/cloud/asset/v1p2beta1/cloudasset_grpc_service_config.json @@ -2,10 +2,6 @@ "methodConfig": [ { "name": [ - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "ExportAssets" - }, { "service": "google.cloud.asset.v1p2beta1.AssetService", "method": "CreateFeed" @@ -19,10 +15,6 @@ }, { "name": [ - { - "service": "google.cloud.asset.v1p2beta1.AssetService", - "method": "BatchGetAssetsHistory" - }, { "service": "google.cloud.asset.v1p2beta1.AssetService", "method": "GetFeed" diff --git a/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml b/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml new file mode 100644 index 00000000..19bc8819 --- /dev/null +++ b/google/cloud/asset/v1p2beta1/cloudasset_v1p2beta1.yaml @@ -0,0 +1,38 @@ +type: google.api.Service +config_version: 3 +name: cloudasset.googleapis.com +title: Cloud Asset API + +apis: +- name: google.cloud.asset.v1p2beta1.AssetService + +documentation: + summary: The cloud asset API manages the history and inventory of cloud resources. + overview: |- + # Cloud Asset API + + The Cloud Asset API keeps a history of Google Cloud Platform (GCP) asset + metadata, and allows GCP users to download a dump of all asset metadata + for the resource types listed below within an organization or a project at + a given timestamp. + + Read more documents here: + https://cloud.google.com/asset-inventory/docs + +backend: + rules: + - selector: 'google.cloud.asset.v1p2beta1.AssetService.*' + deadline: 600.0 + - selector: google.longrunning.Operations.GetOperation + deadline: 60.0 + +authentication: + rules: + - selector: 'google.cloud.asset.v1p2beta1.AssetService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.GetOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform