1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.asset.v1p5beta1; 18 19import "google/api/resource.proto"; 20import "google/cloud/orgpolicy/v1/orgpolicy.proto"; 21import "google/iam/v1/policy.proto"; 22import "google/identity/accesscontextmanager/v1/access_level.proto"; 23import "google/identity/accesscontextmanager/v1/access_policy.proto"; 24import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; 25import "google/protobuf/struct.proto"; 26 27option cc_enable_arenas = true; 28option csharp_namespace = "Google.Cloud.Asset.V1p5Beta1"; 29option go_package = "cloud.google.com/go/asset/apiv1p5beta1/assetpb;assetpb"; 30option java_multiple_files = true; 31option java_outer_classname = "AssetProto"; 32option java_package = "com.google.cloud.asset.v1p5beta1"; 33option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1"; 34 35// An asset in Google Cloud. An asset can be any resource in the Google Cloud 36// [resource 37// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 38// a resource outside the Google Cloud resource hierarchy (such as Google 39// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). 40// See [Supported asset 41// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 42// for more information. 43message Asset { 44 option (google.api.resource) = { 45 type: "cloudasset.googleapis.com/Asset" 46 pattern: "*" 47 }; 48 49 // The full name of the asset. Example: 50 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` 51 // 52 // See [Resource 53 // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 54 // for more information. 55 string name = 1; 56 57 // The type of the asset. Example: `compute.googleapis.com/Disk` 58 // 59 // See [Supported asset 60 // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 61 // for more information. 62 string asset_type = 2; 63 64 // A representation of the resource. 65 Resource resource = 3; 66 67 // A representation of the IAM policy set on a Google Cloud resource. 68 // There can be a maximum of one IAM policy set on any given resource. 69 // In addition, IAM policies inherit their granted access scope from any 70 // policies set on parent resources in the resource hierarchy. Therefore, the 71 // effectively policy is the union of both the policy set on this resource 72 // and each policy set on all of the resource's ancestry resource levels in 73 // the hierarchy. See 74 // [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) 75 // for more information. 76 google.iam.v1.Policy iam_policy = 4; 77 78 // A representation of an [organization 79 // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 80 // There can be more than one organization policy with different constraints 81 // set on a given resource. 82 repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; 83 84 // A representation of an [access 85 // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). 86 oneof access_context_policy { 87 // Please also refer to the [access policy user 88 // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). 89 google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; 90 91 // Please also refer to the [access level user 92 // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). 93 google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; 94 95 // Please also refer to the [service perimeter user 96 // guide](https://cloud.google.com/vpc-service-controls/docs/overview). 97 google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 98 9; 99 } 100 101 // The ancestry path of an asset in Google Cloud [resource 102 // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 103 // represented as a list of relative resource names. An ancestry path starts 104 // with the closest ancestor in the hierarchy and ends at root. If the asset 105 // is a project, folder, or organization, the ancestry path starts from the 106 // asset itself. 107 // 108 // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` 109 repeated string ancestors = 10; 110} 111 112// A representation of a Google Cloud resource. 113message Resource { 114 // The API version. Example: "v1". 115 string version = 1; 116 117 // The URL of the discovery document containing the resource's JSON schema. 118 // Example: 119 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` 120 // 121 // This value is unspecified for resources that do not have an API based on a 122 // discovery document, such as Cloud Bigtable. 123 string discovery_document_uri = 2; 124 125 // The JSON schema name listed in the discovery document. Example: 126 // `Project` 127 // 128 // This value is unspecified for resources that do not have an API based on a 129 // discovery document, such as Cloud Bigtable. 130 string discovery_name = 3; 131 132 // The REST URL for accessing the resource. An HTTP `GET` request using this 133 // URL returns the resource itself. Example: 134 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 135 // 136 // This value is unspecified for resources without a REST API. 137 string resource_url = 4; 138 139 // The full name of the immediate parent of this resource. See 140 // [Resource 141 // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 142 // for more information. 143 // 144 // For Google Cloud assets, this value is the parent resource defined in the 145 // [IAM policy 146 // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). 147 // Example: 148 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` 149 // 150 // For third-party assets, this field may be set differently. 151 string parent = 5; 152 153 // The content of the resource, in which some sensitive fields are removed 154 // and may not be present. 155 google.protobuf.Struct data = 6; 156} 157