Skip to content

Commit 194c317

Browse files
feat: add Cloud Asset List API, add access time as condition context in request and evaluation value in response for Cloud Asset AnalyzeIamPolicy API, add more info (folders, organizations, kms_key, create_time, update_time, state, parent_full_resource_name, parent_asset_type) in response for Cloud Asset SearchAllResources API (#196)
* feat: add Cloud Asset List API, add access time as condition context in request and evaluation value in response for Cloud Asset AnalyzeIamPolicy API, add more info (folders, organizations, kms_key, create_time, update_time, state, parent_full_resource_name, parent_asset_type) in response for Cloud Asset SearchAllResources API Committer: @peter-zheng-g PiperOrigin-RevId: 375731640 Source-Link: googleapis/googleapis@de04592 Source-Link: googleapis/googleapis-gen@7b343f4 * 🦉 Updates from OwlBot Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
1 parent 6e9fe44 commit 194c317

14 files changed

Lines changed: 1208 additions & 88 deletions

File tree

packages/google-cloud-asset/google/cloud/asset/__init__.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@
3939
from google.cloud.asset_v1.types.asset_service import GetFeedRequest
4040
from google.cloud.asset_v1.types.asset_service import IamPolicyAnalysisOutputConfig
4141
from google.cloud.asset_v1.types.asset_service import IamPolicyAnalysisQuery
42+
from google.cloud.asset_v1.types.asset_service import ListAssetsRequest
43+
from google.cloud.asset_v1.types.asset_service import ListAssetsResponse
4244
from google.cloud.asset_v1.types.asset_service import ListFeedsRequest
4345
from google.cloud.asset_v1.types.asset_service import ListFeedsResponse
4446
from google.cloud.asset_v1.types.asset_service import OutputConfig
@@ -52,6 +54,7 @@
5254
from google.cloud.asset_v1.types.asset_service import UpdateFeedRequest
5355
from google.cloud.asset_v1.types.asset_service import ContentType
5456
from google.cloud.asset_v1.types.assets import Asset
57+
from google.cloud.asset_v1.types.assets import ConditionEvaluation
5558
from google.cloud.asset_v1.types.assets import IamPolicyAnalysisResult
5659
from google.cloud.asset_v1.types.assets import IamPolicyAnalysisState
5760
from google.cloud.asset_v1.types.assets import IamPolicySearchResult
@@ -81,6 +84,8 @@
8184
"GetFeedRequest",
8285
"IamPolicyAnalysisOutputConfig",
8386
"IamPolicyAnalysisQuery",
87+
"ListAssetsRequest",
88+
"ListAssetsResponse",
8489
"ListFeedsRequest",
8590
"ListFeedsResponse",
8691
"OutputConfig",
@@ -94,6 +99,7 @@
9499
"UpdateFeedRequest",
95100
"ContentType",
96101
"Asset",
102+
"ConditionEvaluation",
97103
"IamPolicyAnalysisResult",
98104
"IamPolicyAnalysisState",
99105
"IamPolicySearchResult",

packages/google-cloud-asset/google/cloud/asset_v1/__init__.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@
3535
from .types.asset_service import GetFeedRequest
3636
from .types.asset_service import IamPolicyAnalysisOutputConfig
3737
from .types.asset_service import IamPolicyAnalysisQuery
38+
from .types.asset_service import ListAssetsRequest
39+
from .types.asset_service import ListAssetsResponse
3840
from .types.asset_service import ListFeedsRequest
3941
from .types.asset_service import ListFeedsResponse
4042
from .types.asset_service import OutputConfig
@@ -48,6 +50,7 @@
4850
from .types.asset_service import UpdateFeedRequest
4951
from .types.asset_service import ContentType
5052
from .types.assets import Asset
53+
from .types.assets import ConditionEvaluation
5154
from .types.assets import IamPolicyAnalysisResult
5255
from .types.assets import IamPolicyAnalysisState
5356
from .types.assets import IamPolicySearchResult
@@ -67,6 +70,7 @@
6770
"BatchGetAssetsHistoryRequest",
6871
"BatchGetAssetsHistoryResponse",
6972
"BigQueryDestination",
73+
"ConditionEvaluation",
7074
"ContentType",
7175
"CreateFeedRequest",
7276
"DeleteFeedRequest",
@@ -82,6 +86,8 @@
8286
"IamPolicyAnalysisResult",
8387
"IamPolicyAnalysisState",
8488
"IamPolicySearchResult",
89+
"ListAssetsRequest",
90+
"ListAssetsResponse",
8591
"ListFeedsRequest",
8692
"ListFeedsResponse",
8793
"OutputConfig",

packages/google-cloud-asset/google/cloud/asset_v1/gapic_metadata.json

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,11 @@
4545
"get_feed"
4646
]
4747
},
48+
"ListAssets": {
49+
"methods": [
50+
"list_assets"
51+
]
52+
},
4853
"ListFeeds": {
4954
"methods": [
5055
"list_feeds"
@@ -105,6 +110,11 @@
105110
"get_feed"
106111
]
107112
},
113+
"ListAssets": {
114+
"methods": [
115+
"list_assets"
116+
]
117+
},
108118
"ListFeeds": {
109119
"methods": [
110120
"list_feeds"

packages/google-cloud-asset/google/cloud/asset_v1/services/asset_service/async_client.py

Lines changed: 151 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -236,6 +236,98 @@ async def export_assets(
236236
# Done; return the response.
237237
return response
238238

239+
async def list_assets(
240+
self,
241+
request: asset_service.ListAssetsRequest = None,
242+
*,
243+
parent: str = None,
244+
retry: retries.Retry = gapic_v1.method.DEFAULT,
245+
timeout: float = None,
246+
metadata: Sequence[Tuple[str, str]] = (),
247+
) -> pagers.ListAssetsAsyncPager:
248+
r"""Lists assets with time and resource types and returns
249+
paged results in response.
250+
251+
Args:
252+
request (:class:`google.cloud.asset_v1.types.ListAssetsRequest`):
253+
The request object. ListAssets request.
254+
parent (:class:`str`):
255+
Required. Name of the organization or project the assets
256+
belong to. Format: "organizations/[organization-number]"
257+
(such as "organizations/123"), "projects/[project-id]"
258+
(such as "projects/my-project-id"), or
259+
"projects/[project-number]" (such as "projects/12345").
260+
261+
This corresponds to the ``parent`` field
262+
on the ``request`` instance; if ``request`` is provided, this
263+
should not be set.
264+
retry (google.api_core.retry.Retry): Designation of what errors, if any,
265+
should be retried.
266+
timeout (float): The timeout for this request.
267+
metadata (Sequence[Tuple[str, str]]): Strings which should be
268+
sent along with the request as metadata.
269+
270+
Returns:
271+
google.cloud.asset_v1.services.asset_service.pagers.ListAssetsAsyncPager:
272+
ListAssets response.
273+
Iterating over this object will yield
274+
results and resolve additional pages
275+
automatically.
276+
277+
"""
278+
# Create or coerce a protobuf request object.
279+
# Sanity check: If we got a request object, we should *not* have
280+
# gotten any keyword arguments that map to the request.
281+
has_flattened_params = any([parent])
282+
if request is not None and has_flattened_params:
283+
raise ValueError(
284+
"If the `request` argument is set, then none of "
285+
"the individual field arguments should be set."
286+
)
287+
288+
request = asset_service.ListAssetsRequest(request)
289+
290+
# If we have keyword arguments corresponding to fields on the
291+
# request, apply these.
292+
if parent is not None:
293+
request.parent = parent
294+
295+
# Wrap the RPC method; this adds retry and timeout information,
296+
# and friendly error handling.
297+
rpc = gapic_v1.method_async.wrap_method(
298+
self._client._transport.list_assets,
299+
default_retry=retries.Retry(
300+
initial=0.1,
301+
maximum=60.0,
302+
multiplier=1.3,
303+
predicate=retries.if_exception_type(
304+
core_exceptions.DeadlineExceeded,
305+
core_exceptions.ServiceUnavailable,
306+
),
307+
deadline=60.0,
308+
),
309+
default_timeout=60.0,
310+
client_info=DEFAULT_CLIENT_INFO,
311+
)
312+
313+
# Certain fields should be provided within the metadata header;
314+
# add these here.
315+
metadata = tuple(metadata) + (
316+
gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
317+
)
318+
319+
# Send the request.
320+
response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
321+
322+
# This method is paged; wrap the response in a pager, which provides
323+
# an `__aiter__` convenience method.
324+
response = pagers.ListAssetsAsyncPager(
325+
method=rpc, request=request, response=response, metadata=metadata,
326+
)
327+
328+
# Done; return the response.
329+
return response
330+
239331
async def batch_get_assets_history(
240332
self,
241333
request: asset_service.BatchGetAssetsHistoryRequest = None,
@@ -730,7 +822,7 @@ async def search_all_resources(
730822
Required. A scope can be a project, a folder, or an
731823
organization. The search is limited to the resources
732824
within the ``scope``. The caller must be granted the
733-
```cloudasset.assets.searchAllResources`` <http://cloud.google.com/asset-inventory/docs/access-control#required_permissions>`__
825+
```cloudasset.assets.searchAllResources`` <https://cloud.google.com/asset-inventory/docs/access-control#required_permissions>`__
734826
permission on the desired scope.
735827
736828
The allowed values are:
@@ -746,40 +838,48 @@ async def search_all_resources(
746838
should not be set.
747839
query (:class:`str`):
748840
Optional. The query statement. See `how to construct a
749-
query <http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query>`__
841+
query <https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query>`__
750842
for more information. If not specified or empty, it will
751843
search all the resources within the specified ``scope``.
752-
Note that the query string is compared against each
753-
Cloud IAM policy binding, including its members, roles,
754-
and Cloud IAM conditions. The returned Cloud IAM
755-
policies will only contain the bindings that match your
756-
query. To learn more about the IAM policy structure, see
757-
`IAM policy
758-
doc <https://cloud.google.com/iam/docs/policies#structure>`__.
759844
760845
Examples:
761846
762847
- ``name:Important`` to find Cloud resources whose name
763848
contains "Important" as a word.
849+
- ``name=Important`` to find the Cloud resource whose
850+
name is exactly "Important".
764851
- ``displayName:Impor*`` to find Cloud resources whose
765-
display name contains "Impor" as a prefix.
766-
- ``description:*por*`` to find Cloud resources whose
767-
description contains "por" as a substring.
852+
display name contains "Impor" as a prefix of any word
853+
in the field.
768854
- ``location:us-west*`` to find Cloud resources whose
769-
location is prefixed with "us-west".
855+
location contains both "us" and "west" as prefixes.
770856
- ``labels:prod`` to find Cloud resources whose labels
771857
contain "prod" as a key or value.
772858
- ``labels.env:prod`` to find Cloud resources that have
773859
a label "env" and its value is "prod".
774860
- ``labels.env:*`` to find Cloud resources that have a
775861
label "env".
862+
- ``kmsKey:key`` to find Cloud resources encrypted with
863+
a customer-managed encryption key whose name contains
864+
the word "key".
865+
- ``state:ACTIVE`` to find Cloud resources whose state
866+
contains "ACTIVE" as a word.
867+
- ``NOT state:ACTIVE`` to find {{gcp_name}} resources
868+
whose state doesn't contain "ACTIVE" as a word.
869+
- ``createTime<1609459200`` to find Cloud resources
870+
that were created before "2021-01-01 00:00:00 UTC".
871+
1609459200 is the epoch timestamp of "2021-01-01
872+
00:00:00 UTC" in seconds.
873+
- ``updateTime>1609459200`` to find Cloud resources
874+
that were updated after "2021-01-01 00:00:00 UTC".
875+
1609459200 is the epoch timestamp of "2021-01-01
876+
00:00:00 UTC" in seconds.
776877
- ``Important`` to find Cloud resources that contain
777878
"Important" as a word in any of the searchable
778879
fields.
779880
- ``Impor*`` to find Cloud resources that contain
780-
"Impor" as a prefix in any of the searchable fields.
781-
- ``*por*`` to find Cloud resources that contain "por"
782-
as a substring in any of the searchable fields.
881+
"Impor" as a prefix of any word in any of the
882+
searchable fields.
783883
- ``Important location:(us-west1 OR global)`` to find
784884
Cloud resources that contain "Important" as a word in
785885
any of the searchable fields and are also located in
@@ -794,6 +894,20 @@ async def search_all_resources(
794894
`searchable asset
795895
types <https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types>`__.
796896
897+
Regular expressions are also supported. For example:
898+
899+
- "compute.googleapis.com.*" snapshots resources whose
900+
asset type starts with "compute.googleapis.com".
901+
- ".*Instance" snapshots resources whose asset type
902+
ends with "Instance".
903+
- ".*Instance.*" snapshots resources whose asset type
904+
contains "Instance".
905+
906+
See `RE2 <https://github.com/google/re2/wiki/Syntax>`__
907+
for all supported regular expression syntax. If the
908+
regular expression does not match any supported asset
909+
type, an INVALID_ARGUMENT error will be returned.
910+
797911
This corresponds to the ``asset_types`` field
798912
on the ``request`` instance; if ``request`` is provided, this
799913
should not be set.
@@ -890,7 +1004,7 @@ async def search_all_iam_policies(
8901004
Required. A scope can be a project, a folder, or an
8911005
organization. The search is limited to the IAM policies
8921006
within the ``scope``. The caller must be granted the
893-
```cloudasset.assets.searchAllIamPolicies`` <http://cloud.google.com/asset-inventory/docs/access-control#required_permissions>`__
1007+
```cloudasset.assets.searchAllIamPolicies`` <https://cloud.google.com/asset-inventory/docs/access-control#required_permissions>`__
8941008
permission on the desired scope.
8951009
8961010
The allowed values are:
@@ -909,30 +1023,46 @@ async def search_all_iam_policies(
9091023
query <https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query>`__
9101024
for more information. If not specified or empty, it will
9111025
search all the IAM policies within the specified
912-
``scope``.
1026+
``scope``. Note that the query string is compared
1027+
against each Cloud IAM policy binding, including its
1028+
members, roles, and Cloud IAM conditions. The returned
1029+
Cloud IAM policies will only contain the bindings that
1030+
match your query. To learn more about the IAM policy
1031+
structure, see `IAM policy
1032+
doc <https://cloud.google.com/iam/docs/policies#structure>`__.
9131033
9141034
Examples:
9151035
9161036
- ``policy:amy@gmail.com`` to find IAM policy bindings
9171037
that specify user "amy@gmail.com".
9181038
- ``policy:roles/compute.admin`` to find IAM policy
9191039
bindings that specify the Compute Admin role.
1040+
- ``policy:comp*`` to find IAM policy bindings that
1041+
contain "comp" as a prefix of any word in the
1042+
binding.
9201043
- ``policy.role.permissions:storage.buckets.update`` to
9211044
find IAM policy bindings that specify a role
9221045
containing "storage.buckets.update" permission. Note
9231046
that if callers don't have ``iam.roles.get`` access
9241047
to a role's included permissions, policy bindings
9251048
that specify this role will be dropped from the
9261049
search results.
1050+
- ``policy.role.permissions:upd*`` to find IAM policy
1051+
bindings that specify a role containing "upd" as a
1052+
prefix of any word in the role permission. Note that
1053+
if callers don't have ``iam.roles.get`` access to a
1054+
role's included permissions, policy bindings that
1055+
specify this role will be dropped from the search
1056+
results.
9271057
- ``resource:organizations/123456`` to find IAM policy
9281058
bindings that are set on "organizations/123456".
1059+
- ``resource=//cloudresourcemanager.googleapis.com/projects/myproject``
1060+
to find IAM policy bindings that are set on the
1061+
project named "myproject".
9291062
- ``Important`` to find IAM policy bindings that
9301063
contain "Important" as a word in any of the
9311064
searchable fields (except for the included
9321065
permissions).
933-
- ``*por*`` to find IAM policy bindings that contain
934-
"por" as a substring in any of the searchable fields
935-
(except for the included permissions).
9361066
- ``resource:(instance1 OR instance2) policy:amy`` to
9371067
find IAM policy bindings that are set on resources
9381068
"instance1" or "instance2" and also specify user

0 commit comments

Comments
 (0)