1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.asset.v1p7beta1; 18 19import "google/api/resource.proto"; 20import "google/cloud/orgpolicy/v1/orgpolicy.proto"; 21import "google/iam/v1/policy.proto"; 22import "google/identity/accesscontextmanager/v1/access_level.proto"; 23import "google/identity/accesscontextmanager/v1/access_policy.proto"; 24import "google/identity/accesscontextmanager/v1/service_perimeter.proto"; 25import "google/protobuf/struct.proto"; 26import "google/protobuf/timestamp.proto"; 27 28option cc_enable_arenas = true; 29option csharp_namespace = "Google.Cloud.Asset.V1P7Beta1"; 30option go_package = "cloud.google.com/go/asset/apiv1p7beta1/assetpb;assetpb"; 31option java_multiple_files = true; 32option java_outer_classname = "AssetProto"; 33option java_package = "com.google.cloud.asset.v1p7beta1"; 34option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1"; 35 36// The Cloud Asset API. 37 38// An asset in Google Cloud. An asset can be any resource in the Google Cloud 39// [resource 40// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 41// a resource outside the Google Cloud resource hierarchy (such as Google 42// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). 43// See [Supported asset 44// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 45// for more information. 46message Asset { 47 option (google.api.resource) = { 48 type: "cloudasset.googleapis.com/Asset" 49 pattern: "*" 50 }; 51 52 // The last update timestamp of an asset. update_time is updated when 53 // create/update/delete operation is performed. 54 google.protobuf.Timestamp update_time = 11; 55 56 // The full name of the asset. Example: 57 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` 58 // 59 // See [Resource 60 // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 61 // for more information. 62 string name = 1; 63 64 // The type of the asset. Example: `compute.googleapis.com/Disk` 65 // 66 // See [Supported asset 67 // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 68 // for more information. 69 string asset_type = 2; 70 71 // A representation of the resource. 72 Resource resource = 3; 73 74 // A representation of the IAM policy set on a Google Cloud resource. 75 // There can be a maximum of one IAM policy set on any given resource. 76 // In addition, IAM policies inherit their granted access scope from any 77 // policies set on parent resources in the resource hierarchy. Therefore, the 78 // effectively policy is the union of both the policy set on this resource 79 // and each policy set on all of the resource's ancestry resource levels in 80 // the hierarchy. See 81 // [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) 82 // for more information. 83 google.iam.v1.Policy iam_policy = 4; 84 85 // A representation of an [organization 86 // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 87 // There can be more than one organization policy with different constraints 88 // set on a given resource. 89 repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; 90 91 // A representation of an [access 92 // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). 93 oneof access_context_policy { 94 // Please also refer to the [access policy user 95 // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). 96 google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; 97 98 // Please also refer to the [access level user 99 // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). 100 google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; 101 102 // Please also refer to the [service perimeter user 103 // guide](https://cloud.google.com/vpc-service-controls/docs/overview). 104 google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 105 9; 106 } 107 108 // The related assets of the asset of one relationship type. 109 // One asset only represents one type of relationship. 110 RelatedAssets related_assets = 13; 111 112 // The ancestry path of an asset in Google Cloud [resource 113 // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 114 // represented as a list of relative resource names. An ancestry path starts 115 // with the closest ancestor in the hierarchy and ends at root. If the asset 116 // is a project, folder, or organization, the ancestry path starts from the 117 // asset itself. 118 // 119 // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` 120 repeated string ancestors = 10; 121} 122 123// A representation of a Google Cloud resource. 124message Resource { 125 // The API version. Example: `v1` 126 string version = 1; 127 128 // The URL of the discovery document containing the resource's JSON schema. 129 // Example: 130 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` 131 // 132 // This value is unspecified for resources that do not have an API based on a 133 // discovery document, such as Cloud Bigtable. 134 string discovery_document_uri = 2; 135 136 // The JSON schema name listed in the discovery document. Example: 137 // `Project` 138 // 139 // This value is unspecified for resources that do not have an API based on a 140 // discovery document, such as Cloud Bigtable. 141 string discovery_name = 3; 142 143 // The REST URL for accessing the resource. An HTTP `GET` request using this 144 // URL returns the resource itself. Example: 145 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 146 // 147 // This value is unspecified for resources without a REST API. 148 string resource_url = 4; 149 150 // The full name of the immediate parent of this resource. See 151 // [Resource 152 // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 153 // for more information. 154 // 155 // For Google Cloud assets, this value is the parent resource defined in the 156 // [IAM policy 157 // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). 158 // Example: 159 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` 160 // 161 // For third-party assets, this field may be set differently. 162 string parent = 5; 163 164 // The content of the resource, in which some sensitive fields are removed 165 // and may not be present. 166 google.protobuf.Struct data = 6; 167 168 // The location of the resource in Google Cloud, such as its zone and region. 169 // For more information, see https://cloud.google.com/about/locations/. 170 string location = 8; 171} 172 173// The detailed related assets with the `relationship_type`. 174message RelatedAssets { 175 // The detailed relation attributes. 176 RelationshipAttributes relationship_attributes = 1; 177 178 // The peer resources of the relationship. 179 repeated RelatedAsset assets = 2; 180} 181 182// The relationship attributes which include `type`, `source_resource_type`, 183// `target_resource_type` and `action`. 184message RelationshipAttributes { 185 // The unique identifier of the relationship type. Example: 186 // `INSTANCE_TO_INSTANCEGROUP` 187 string type = 4; 188 189 // The source asset type. Example: `compute.googleapis.com/Instance` 190 string source_resource_type = 1; 191 192 // The target asset type. Example: `compute.googleapis.com/Disk` 193 string target_resource_type = 2; 194 195 // The detail of the relationship, e.g. `contains`, `attaches` 196 string action = 3; 197} 198 199// An asset identify in Google Cloud which contains its name, type and 200// ancestors. An asset can be any resource in the Google Cloud [resource 201// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 202// a resource outside the Google Cloud resource hierarchy (such as Google 203// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). 204// See [Supported asset 205// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 206// for more information. 207message RelatedAsset { 208 // The full name of the asset. Example: 209 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` 210 // 211 // See [Resource 212 // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 213 // for more information. 214 string asset = 1 [(google.api.resource_reference) = { 215 type: "cloudasset.googleapis.com/Asset" 216 }]; 217 218 // The type of the asset. Example: `compute.googleapis.com/Disk` 219 // 220 // See [Supported asset 221 // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 222 // for more information. 223 string asset_type = 2; 224 225 // The ancestors of an asset in Google Cloud [resource 226 // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 227 // represented as a list of relative resource names. An ancestry path starts 228 // with the closest ancestor in the hierarchy and ends at root. 229 // 230 // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` 231 repeated string ancestors = 3; 232} 233