1*d5c09012SAndroid Build Coastguard Worker// Copyright 2023 Google LLC 2*d5c09012SAndroid Build Coastguard Worker// 3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License"); 4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License. 5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at 6*d5c09012SAndroid Build Coastguard Worker// 7*d5c09012SAndroid Build Coastguard Worker// http://www.apache.org/licenses/LICENSE-2.0 8*d5c09012SAndroid Build Coastguard Worker// 9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software 10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS, 11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and 13*d5c09012SAndroid Build Coastguard Worker// limitations under the License. 14*d5c09012SAndroid Build Coastguard Worker 15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3"; 16*d5c09012SAndroid Build Coastguard Worker 17*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.asset.v1; 18*d5c09012SAndroid Build Coastguard Worker 19*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto"; 20*d5c09012SAndroid Build Coastguard Workerimport "google/cloud/orgpolicy/v1/orgpolicy.proto"; 21*d5c09012SAndroid Build Coastguard Workerimport "google/cloud/osconfig/v1/inventory.proto"; 22*d5c09012SAndroid Build Coastguard Workerimport "google/iam/v1/policy.proto"; 23*d5c09012SAndroid Build Coastguard Workerimport "google/identity/accesscontextmanager/v1/access_level.proto"; 24*d5c09012SAndroid Build Coastguard Workerimport "google/identity/accesscontextmanager/v1/access_policy.proto"; 25*d5c09012SAndroid Build Coastguard Workerimport "google/identity/accesscontextmanager/v1/service_perimeter.proto"; 26*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/struct.proto"; 27*d5c09012SAndroid Build Coastguard Workerimport "google/protobuf/timestamp.proto"; 28*d5c09012SAndroid Build Coastguard Workerimport "google/rpc/code.proto"; 29*d5c09012SAndroid Build Coastguard Worker 30*d5c09012SAndroid Build Coastguard Workeroption cc_enable_arenas = true; 31*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.Asset.V1"; 32*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/asset/apiv1/assetpb;assetpb"; 33*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true; 34*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "AssetProto"; 35*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.asset.v1"; 36*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\Asset\\V1"; 37*d5c09012SAndroid Build Coastguard Worker 38*d5c09012SAndroid Build Coastguard Worker// An asset in Google Cloud and its temporal metadata, including the time window 39*d5c09012SAndroid Build Coastguard Worker// when it was observed and its status during that window. 40*d5c09012SAndroid Build Coastguard Workermessage TemporalAsset { 41*d5c09012SAndroid Build Coastguard Worker // State of prior asset. 42*d5c09012SAndroid Build Coastguard Worker enum PriorAssetState { 43*d5c09012SAndroid Build Coastguard Worker // prior_asset is not applicable for the current asset. 44*d5c09012SAndroid Build Coastguard Worker PRIOR_ASSET_STATE_UNSPECIFIED = 0; 45*d5c09012SAndroid Build Coastguard Worker 46*d5c09012SAndroid Build Coastguard Worker // prior_asset is populated correctly. 47*d5c09012SAndroid Build Coastguard Worker PRESENT = 1; 48*d5c09012SAndroid Build Coastguard Worker 49*d5c09012SAndroid Build Coastguard Worker // Failed to set prior_asset. 50*d5c09012SAndroid Build Coastguard Worker INVALID = 2; 51*d5c09012SAndroid Build Coastguard Worker 52*d5c09012SAndroid Build Coastguard Worker // Current asset is the first known state. 53*d5c09012SAndroid Build Coastguard Worker DOES_NOT_EXIST = 3; 54*d5c09012SAndroid Build Coastguard Worker 55*d5c09012SAndroid Build Coastguard Worker // prior_asset is a deletion. 56*d5c09012SAndroid Build Coastguard Worker DELETED = 4; 57*d5c09012SAndroid Build Coastguard Worker } 58*d5c09012SAndroid Build Coastguard Worker 59*d5c09012SAndroid Build Coastguard Worker // The time window when the asset data and state was observed. 60*d5c09012SAndroid Build Coastguard Worker TimeWindow window = 1; 61*d5c09012SAndroid Build Coastguard Worker 62*d5c09012SAndroid Build Coastguard Worker // Whether the asset has been deleted or not. 63*d5c09012SAndroid Build Coastguard Worker bool deleted = 2; 64*d5c09012SAndroid Build Coastguard Worker 65*d5c09012SAndroid Build Coastguard Worker // An asset in Google Cloud. 66*d5c09012SAndroid Build Coastguard Worker Asset asset = 3; 67*d5c09012SAndroid Build Coastguard Worker 68*d5c09012SAndroid Build Coastguard Worker // State of prior_asset. 69*d5c09012SAndroid Build Coastguard Worker PriorAssetState prior_asset_state = 4; 70*d5c09012SAndroid Build Coastguard Worker 71*d5c09012SAndroid Build Coastguard Worker // Prior copy of the asset. Populated if prior_asset_state is PRESENT. 72*d5c09012SAndroid Build Coastguard Worker // Currently this is only set for responses in Real-Time Feed. 73*d5c09012SAndroid Build Coastguard Worker Asset prior_asset = 5; 74*d5c09012SAndroid Build Coastguard Worker} 75*d5c09012SAndroid Build Coastguard Worker 76*d5c09012SAndroid Build Coastguard Worker// A time window specified by its `start_time` and `end_time`. 77*d5c09012SAndroid Build Coastguard Workermessage TimeWindow { 78*d5c09012SAndroid Build Coastguard Worker // Start time of the time window (exclusive). 79*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp start_time = 1; 80*d5c09012SAndroid Build Coastguard Worker 81*d5c09012SAndroid Build Coastguard Worker // End time of the time window (inclusive). If not specified, the current 82*d5c09012SAndroid Build Coastguard Worker // timestamp is used instead. 83*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp end_time = 2; 84*d5c09012SAndroid Build Coastguard Worker} 85*d5c09012SAndroid Build Coastguard Worker 86*d5c09012SAndroid Build Coastguard Worker// An asset in Google Cloud. An asset can be any resource in the Google Cloud 87*d5c09012SAndroid Build Coastguard Worker// [resource 88*d5c09012SAndroid Build Coastguard Worker// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 89*d5c09012SAndroid Build Coastguard Worker// a resource outside the Google Cloud resource hierarchy (such as Google 90*d5c09012SAndroid Build Coastguard Worker// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy), 91*d5c09012SAndroid Build Coastguard Worker// or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship). 92*d5c09012SAndroid Build Coastguard Worker// See [Supported asset 93*d5c09012SAndroid Build Coastguard Worker// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 94*d5c09012SAndroid Build Coastguard Worker// for more information. 95*d5c09012SAndroid Build Coastguard Workermessage Asset { 96*d5c09012SAndroid Build Coastguard Worker option (google.api.resource) = { 97*d5c09012SAndroid Build Coastguard Worker type: "cloudasset.googleapis.com/Asset" 98*d5c09012SAndroid Build Coastguard Worker pattern: "*" 99*d5c09012SAndroid Build Coastguard Worker }; 100*d5c09012SAndroid Build Coastguard Worker 101*d5c09012SAndroid Build Coastguard Worker // The last update timestamp of an asset. update_time is updated when 102*d5c09012SAndroid Build Coastguard Worker // create/update/delete operation is performed. 103*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp update_time = 11; 104*d5c09012SAndroid Build Coastguard Worker 105*d5c09012SAndroid Build Coastguard Worker // The full name of the asset. Example: 106*d5c09012SAndroid Build Coastguard Worker // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` 107*d5c09012SAndroid Build Coastguard Worker // 108*d5c09012SAndroid Build Coastguard Worker // See [Resource 109*d5c09012SAndroid Build Coastguard Worker // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 110*d5c09012SAndroid Build Coastguard Worker // for more information. 111*d5c09012SAndroid Build Coastguard Worker string name = 1; 112*d5c09012SAndroid Build Coastguard Worker 113*d5c09012SAndroid Build Coastguard Worker // The type of the asset. Example: `compute.googleapis.com/Disk` 114*d5c09012SAndroid Build Coastguard Worker // 115*d5c09012SAndroid Build Coastguard Worker // See [Supported asset 116*d5c09012SAndroid Build Coastguard Worker // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 117*d5c09012SAndroid Build Coastguard Worker // for more information. 118*d5c09012SAndroid Build Coastguard Worker string asset_type = 2; 119*d5c09012SAndroid Build Coastguard Worker 120*d5c09012SAndroid Build Coastguard Worker // A representation of the resource. 121*d5c09012SAndroid Build Coastguard Worker Resource resource = 3; 122*d5c09012SAndroid Build Coastguard Worker 123*d5c09012SAndroid Build Coastguard Worker // A representation of the IAM policy set on a Google Cloud resource. 124*d5c09012SAndroid Build Coastguard Worker // There can be a maximum of one IAM policy set on any given resource. 125*d5c09012SAndroid Build Coastguard Worker // In addition, IAM policies inherit their granted access scope from any 126*d5c09012SAndroid Build Coastguard Worker // policies set on parent resources in the resource hierarchy. Therefore, the 127*d5c09012SAndroid Build Coastguard Worker // effectively policy is the union of both the policy set on this resource 128*d5c09012SAndroid Build Coastguard Worker // and each policy set on all of the resource's ancestry resource levels in 129*d5c09012SAndroid Build Coastguard Worker // the hierarchy. See 130*d5c09012SAndroid Build Coastguard Worker // [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) 131*d5c09012SAndroid Build Coastguard Worker // for more information. 132*d5c09012SAndroid Build Coastguard Worker google.iam.v1.Policy iam_policy = 4; 133*d5c09012SAndroid Build Coastguard Worker 134*d5c09012SAndroid Build Coastguard Worker // A representation of an [organization 135*d5c09012SAndroid Build Coastguard Worker // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 136*d5c09012SAndroid Build Coastguard Worker // There can be more than one organization policy with different constraints 137*d5c09012SAndroid Build Coastguard Worker // set on a given resource. 138*d5c09012SAndroid Build Coastguard Worker repeated google.cloud.orgpolicy.v1.Policy org_policy = 6; 139*d5c09012SAndroid Build Coastguard Worker 140*d5c09012SAndroid Build Coastguard Worker // A representation of an [access 141*d5c09012SAndroid Build Coastguard Worker // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies). 142*d5c09012SAndroid Build Coastguard Worker oneof access_context_policy { 143*d5c09012SAndroid Build Coastguard Worker // Also refer to the [access policy user 144*d5c09012SAndroid Build Coastguard Worker // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). 145*d5c09012SAndroid Build Coastguard Worker google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7; 146*d5c09012SAndroid Build Coastguard Worker 147*d5c09012SAndroid Build Coastguard Worker // Also refer to the [access level user 148*d5c09012SAndroid Build Coastguard Worker // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). 149*d5c09012SAndroid Build Coastguard Worker google.identity.accesscontextmanager.v1.AccessLevel access_level = 8; 150*d5c09012SAndroid Build Coastguard Worker 151*d5c09012SAndroid Build Coastguard Worker // Also refer to the [service perimeter user 152*d5c09012SAndroid Build Coastguard Worker // guide](https://cloud.google.com/vpc-service-controls/docs/overview). 153*d5c09012SAndroid Build Coastguard Worker google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter = 154*d5c09012SAndroid Build Coastguard Worker 9; 155*d5c09012SAndroid Build Coastguard Worker } 156*d5c09012SAndroid Build Coastguard Worker 157*d5c09012SAndroid Build Coastguard Worker // A representation of runtime OS Inventory information. See [this 158*d5c09012SAndroid Build Coastguard Worker // topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) 159*d5c09012SAndroid Build Coastguard Worker // for more information. 160*d5c09012SAndroid Build Coastguard Worker google.cloud.osconfig.v1.Inventory os_inventory = 12; 161*d5c09012SAndroid Build Coastguard Worker 162*d5c09012SAndroid Build Coastguard Worker // DEPRECATED. This field only presents for the purpose of 163*d5c09012SAndroid Build Coastguard Worker // backward-compatibility. The server will never generate responses with this 164*d5c09012SAndroid Build Coastguard Worker // field. 165*d5c09012SAndroid Build Coastguard Worker // The related assets of the asset of one relationship type. One asset 166*d5c09012SAndroid Build Coastguard Worker // only represents one type of relationship. 167*d5c09012SAndroid Build Coastguard Worker RelatedAssets related_assets = 13 [deprecated = true]; 168*d5c09012SAndroid Build Coastguard Worker 169*d5c09012SAndroid Build Coastguard Worker // One related asset of the current asset. 170*d5c09012SAndroid Build Coastguard Worker RelatedAsset related_asset = 15; 171*d5c09012SAndroid Build Coastguard Worker 172*d5c09012SAndroid Build Coastguard Worker // The ancestry path of an asset in Google Cloud [resource 173*d5c09012SAndroid Build Coastguard Worker // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 174*d5c09012SAndroid Build Coastguard Worker // represented as a list of relative resource names. An ancestry path starts 175*d5c09012SAndroid Build Coastguard Worker // with the closest ancestor in the hierarchy and ends at root. If the asset 176*d5c09012SAndroid Build Coastguard Worker // is a project, folder, or organization, the ancestry path starts from the 177*d5c09012SAndroid Build Coastguard Worker // asset itself. 178*d5c09012SAndroid Build Coastguard Worker // 179*d5c09012SAndroid Build Coastguard Worker // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` 180*d5c09012SAndroid Build Coastguard Worker repeated string ancestors = 10; 181*d5c09012SAndroid Build Coastguard Worker} 182*d5c09012SAndroid Build Coastguard Worker 183*d5c09012SAndroid Build Coastguard Worker// A representation of a Google Cloud resource. 184*d5c09012SAndroid Build Coastguard Workermessage Resource { 185*d5c09012SAndroid Build Coastguard Worker // The API version. Example: `v1` 186*d5c09012SAndroid Build Coastguard Worker string version = 1; 187*d5c09012SAndroid Build Coastguard Worker 188*d5c09012SAndroid Build Coastguard Worker // The URL of the discovery document containing the resource's JSON schema. 189*d5c09012SAndroid Build Coastguard Worker // Example: 190*d5c09012SAndroid Build Coastguard Worker // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` 191*d5c09012SAndroid Build Coastguard Worker // 192*d5c09012SAndroid Build Coastguard Worker // This value is unspecified for resources that do not have an API based on a 193*d5c09012SAndroid Build Coastguard Worker // discovery document, such as Cloud Bigtable. 194*d5c09012SAndroid Build Coastguard Worker string discovery_document_uri = 2; 195*d5c09012SAndroid Build Coastguard Worker 196*d5c09012SAndroid Build Coastguard Worker // The JSON schema name listed in the discovery document. Example: 197*d5c09012SAndroid Build Coastguard Worker // `Project` 198*d5c09012SAndroid Build Coastguard Worker // 199*d5c09012SAndroid Build Coastguard Worker // This value is unspecified for resources that do not have an API based on a 200*d5c09012SAndroid Build Coastguard Worker // discovery document, such as Cloud Bigtable. 201*d5c09012SAndroid Build Coastguard Worker string discovery_name = 3; 202*d5c09012SAndroid Build Coastguard Worker 203*d5c09012SAndroid Build Coastguard Worker // The REST URL for accessing the resource. An HTTP `GET` request using this 204*d5c09012SAndroid Build Coastguard Worker // URL returns the resource itself. Example: 205*d5c09012SAndroid Build Coastguard Worker // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 206*d5c09012SAndroid Build Coastguard Worker // 207*d5c09012SAndroid Build Coastguard Worker // This value is unspecified for resources without a REST API. 208*d5c09012SAndroid Build Coastguard Worker string resource_url = 4; 209*d5c09012SAndroid Build Coastguard Worker 210*d5c09012SAndroid Build Coastguard Worker // The full name of the immediate parent of this resource. See 211*d5c09012SAndroid Build Coastguard Worker // [Resource 212*d5c09012SAndroid Build Coastguard Worker // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 213*d5c09012SAndroid Build Coastguard Worker // for more information. 214*d5c09012SAndroid Build Coastguard Worker // 215*d5c09012SAndroid Build Coastguard Worker // For Google Cloud assets, this value is the parent resource defined in the 216*d5c09012SAndroid Build Coastguard Worker // [IAM policy 217*d5c09012SAndroid Build Coastguard Worker // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). 218*d5c09012SAndroid Build Coastguard Worker // Example: 219*d5c09012SAndroid Build Coastguard Worker // `//cloudresourcemanager.googleapis.com/projects/my_project_123` 220*d5c09012SAndroid Build Coastguard Worker string parent = 5; 221*d5c09012SAndroid Build Coastguard Worker 222*d5c09012SAndroid Build Coastguard Worker // The content of the resource, in which some sensitive fields are removed 223*d5c09012SAndroid Build Coastguard Worker // and may not be present. 224*d5c09012SAndroid Build Coastguard Worker google.protobuf.Struct data = 6; 225*d5c09012SAndroid Build Coastguard Worker 226*d5c09012SAndroid Build Coastguard Worker // The location of the resource in Google Cloud, such as its zone and region. 227*d5c09012SAndroid Build Coastguard Worker // For more information, see https://cloud.google.com/about/locations/. 228*d5c09012SAndroid Build Coastguard Worker string location = 8; 229*d5c09012SAndroid Build Coastguard Worker} 230*d5c09012SAndroid Build Coastguard Worker 231*d5c09012SAndroid Build Coastguard Worker// DEPRECATED. This message only presents for the purpose of 232*d5c09012SAndroid Build Coastguard Worker// backward-compatibility. The server will never populate this message in 233*d5c09012SAndroid Build Coastguard Worker// responses. 234*d5c09012SAndroid Build Coastguard Worker// The detailed related assets with the `relationship_type`. 235*d5c09012SAndroid Build Coastguard Workermessage RelatedAssets { 236*d5c09012SAndroid Build Coastguard Worker option deprecated = true; 237*d5c09012SAndroid Build Coastguard Worker 238*d5c09012SAndroid Build Coastguard Worker // The detailed relationship attributes. 239*d5c09012SAndroid Build Coastguard Worker RelationshipAttributes relationship_attributes = 1; 240*d5c09012SAndroid Build Coastguard Worker 241*d5c09012SAndroid Build Coastguard Worker // The peer resources of the relationship. 242*d5c09012SAndroid Build Coastguard Worker repeated RelatedAsset assets = 2; 243*d5c09012SAndroid Build Coastguard Worker} 244*d5c09012SAndroid Build Coastguard Worker 245*d5c09012SAndroid Build Coastguard Worker// DEPRECATED. This message only presents for the purpose of 246*d5c09012SAndroid Build Coastguard Worker// backward-compatibility. The server will never populate this message in 247*d5c09012SAndroid Build Coastguard Worker// responses. 248*d5c09012SAndroid Build Coastguard Worker// The relationship attributes which include `type`, `source_resource_type`, 249*d5c09012SAndroid Build Coastguard Worker// `target_resource_type` and `action`. 250*d5c09012SAndroid Build Coastguard Workermessage RelationshipAttributes { 251*d5c09012SAndroid Build Coastguard Worker option deprecated = true; 252*d5c09012SAndroid Build Coastguard Worker 253*d5c09012SAndroid Build Coastguard Worker // The unique identifier of the relationship type. Example: 254*d5c09012SAndroid Build Coastguard Worker // `INSTANCE_TO_INSTANCEGROUP` 255*d5c09012SAndroid Build Coastguard Worker string type = 4; 256*d5c09012SAndroid Build Coastguard Worker 257*d5c09012SAndroid Build Coastguard Worker // The source asset type. Example: `compute.googleapis.com/Instance` 258*d5c09012SAndroid Build Coastguard Worker string source_resource_type = 1; 259*d5c09012SAndroid Build Coastguard Worker 260*d5c09012SAndroid Build Coastguard Worker // The target asset type. Example: `compute.googleapis.com/Disk` 261*d5c09012SAndroid Build Coastguard Worker string target_resource_type = 2; 262*d5c09012SAndroid Build Coastguard Worker 263*d5c09012SAndroid Build Coastguard Worker // The detail of the relationship, e.g. `contains`, `attaches` 264*d5c09012SAndroid Build Coastguard Worker string action = 3; 265*d5c09012SAndroid Build Coastguard Worker} 266*d5c09012SAndroid Build Coastguard Worker 267*d5c09012SAndroid Build Coastguard Worker// An asset identifier in Google Cloud which contains its name, type and 268*d5c09012SAndroid Build Coastguard Worker// ancestors. An asset can be any resource in the Google Cloud [resource 269*d5c09012SAndroid Build Coastguard Worker// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 270*d5c09012SAndroid Build Coastguard Worker// a resource outside the Google Cloud resource hierarchy (such as Google 271*d5c09012SAndroid Build Coastguard Worker// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). 272*d5c09012SAndroid Build Coastguard Worker// See [Supported asset 273*d5c09012SAndroid Build Coastguard Worker// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 274*d5c09012SAndroid Build Coastguard Worker// for more information. 275*d5c09012SAndroid Build Coastguard Workermessage RelatedAsset { 276*d5c09012SAndroid Build Coastguard Worker // The full name of the asset. Example: 277*d5c09012SAndroid Build Coastguard Worker // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` 278*d5c09012SAndroid Build Coastguard Worker // 279*d5c09012SAndroid Build Coastguard Worker // See [Resource 280*d5c09012SAndroid Build Coastguard Worker // names](https://cloud.google.com/apis/design/resource_names#full_resource_name) 281*d5c09012SAndroid Build Coastguard Worker // for more information. 282*d5c09012SAndroid Build Coastguard Worker string asset = 1 [(google.api.resource_reference) = { 283*d5c09012SAndroid Build Coastguard Worker type: "cloudasset.googleapis.com/Asset" 284*d5c09012SAndroid Build Coastguard Worker }]; 285*d5c09012SAndroid Build Coastguard Worker 286*d5c09012SAndroid Build Coastguard Worker // The type of the asset. Example: `compute.googleapis.com/Disk` 287*d5c09012SAndroid Build Coastguard Worker // 288*d5c09012SAndroid Build Coastguard Worker // See [Supported asset 289*d5c09012SAndroid Build Coastguard Worker // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 290*d5c09012SAndroid Build Coastguard Worker // for more information. 291*d5c09012SAndroid Build Coastguard Worker string asset_type = 2; 292*d5c09012SAndroid Build Coastguard Worker 293*d5c09012SAndroid Build Coastguard Worker // The ancestors of an asset in Google Cloud [resource 294*d5c09012SAndroid Build Coastguard Worker // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 295*d5c09012SAndroid Build Coastguard Worker // represented as a list of relative resource names. An ancestry path starts 296*d5c09012SAndroid Build Coastguard Worker // with the closest ancestor in the hierarchy and ends at root. 297*d5c09012SAndroid Build Coastguard Worker // 298*d5c09012SAndroid Build Coastguard Worker // Example: `["projects/123456789", "folders/5432", "organizations/1234"]` 299*d5c09012SAndroid Build Coastguard Worker repeated string ancestors = 3; 300*d5c09012SAndroid Build Coastguard Worker 301*d5c09012SAndroid Build Coastguard Worker // The unique identifier of the relationship type. Example: 302*d5c09012SAndroid Build Coastguard Worker // `INSTANCE_TO_INSTANCEGROUP` 303*d5c09012SAndroid Build Coastguard Worker string relationship_type = 4; 304*d5c09012SAndroid Build Coastguard Worker} 305*d5c09012SAndroid Build Coastguard Worker 306*d5c09012SAndroid Build Coastguard Worker// The key and value for a 307*d5c09012SAndroid Build Coastguard Worker// [tag](https://cloud.google.com/resource-manager/docs/tags/tags-overview). 308*d5c09012SAndroid Build Coastguard Workermessage Tag { 309*d5c09012SAndroid Build Coastguard Worker // TagKey namespaced name, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. 310*d5c09012SAndroid Build Coastguard Worker optional string tag_key = 1; 311*d5c09012SAndroid Build Coastguard Worker 312*d5c09012SAndroid Build Coastguard Worker // TagKey ID, in the format of tagKeys/{TAG_KEY_ID}. 313*d5c09012SAndroid Build Coastguard Worker optional string tag_key_id = 2; 314*d5c09012SAndroid Build Coastguard Worker 315*d5c09012SAndroid Build Coastguard Worker // TagValue namespaced name, in the format of 316*d5c09012SAndroid Build Coastguard Worker // {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. 317*d5c09012SAndroid Build Coastguard Worker optional string tag_value = 3; 318*d5c09012SAndroid Build Coastguard Worker 319*d5c09012SAndroid Build Coastguard Worker // TagValue ID, in the format of tagValues/{TAG_VALUE_ID}. 320*d5c09012SAndroid Build Coastguard Worker optional string tag_value_id = 4; 321*d5c09012SAndroid Build Coastguard Worker} 322*d5c09012SAndroid Build Coastguard Worker 323*d5c09012SAndroid Build Coastguard Worker// The effective tags and the ancestor resources from which they were inherited. 324*d5c09012SAndroid Build Coastguard Workermessage EffectiveTagDetails { 325*d5c09012SAndroid Build Coastguard Worker // The [full resource 326*d5c09012SAndroid Build Coastguard Worker // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) 327*d5c09012SAndroid Build Coastguard Worker // of the ancestor from which an [effective_tag][] is inherited, according to 328*d5c09012SAndroid Build Coastguard Worker // [tag 329*d5c09012SAndroid Build Coastguard Worker // inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). 330*d5c09012SAndroid Build Coastguard Worker optional string attached_resource = 1; 331*d5c09012SAndroid Build Coastguard Worker 332*d5c09012SAndroid Build Coastguard Worker // The effective tags inherited from the 333*d5c09012SAndroid Build Coastguard Worker // [attached_resource][google.cloud.asset.v1.EffectiveTagDetails.attached_resource]. 334*d5c09012SAndroid Build Coastguard Worker // Note that tags with the same key but different values may attach to 335*d5c09012SAndroid Build Coastguard Worker // resources at a different hierarchy levels. The lower hierarchy tag value 336*d5c09012SAndroid Build Coastguard Worker // will overwrite the higher hierarchy tag value of the same tag key. In this 337*d5c09012SAndroid Build Coastguard Worker // case, the tag value at the higher hierarchy level will be removed. For more 338*d5c09012SAndroid Build Coastguard Worker // information, see [tag 339*d5c09012SAndroid Build Coastguard Worker // inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). 340*d5c09012SAndroid Build Coastguard Worker repeated Tag effective_tags = 2; 341*d5c09012SAndroid Build Coastguard Worker} 342*d5c09012SAndroid Build Coastguard Worker 343*d5c09012SAndroid Build Coastguard Worker// A result of Resource Search, containing information of a cloud resource. 344*d5c09012SAndroid Build Coastguard Worker// Next ID: 34 345*d5c09012SAndroid Build Coastguard Workermessage ResourceSearchResult { 346*d5c09012SAndroid Build Coastguard Worker // The full resource name of this resource. Example: 347*d5c09012SAndroid Build Coastguard Worker // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. 348*d5c09012SAndroid Build Coastguard Worker // See [Cloud Asset Inventory Resource Name 349*d5c09012SAndroid Build Coastguard Worker // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) 350*d5c09012SAndroid Build Coastguard Worker // for more information. 351*d5c09012SAndroid Build Coastguard Worker // 352*d5c09012SAndroid Build Coastguard Worker // To search against the `name`: 353*d5c09012SAndroid Build Coastguard Worker // 354*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `name:instance1` 355*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `instance1` 356*d5c09012SAndroid Build Coastguard Worker string name = 1; 357*d5c09012SAndroid Build Coastguard Worker 358*d5c09012SAndroid Build Coastguard Worker // The type of this resource. Example: `compute.googleapis.com/Disk`. 359*d5c09012SAndroid Build Coastguard Worker // 360*d5c09012SAndroid Build Coastguard Worker // To search against the `asset_type`: 361*d5c09012SAndroid Build Coastguard Worker // 362*d5c09012SAndroid Build Coastguard Worker // * Specify the `asset_type` field in your search request. 363*d5c09012SAndroid Build Coastguard Worker string asset_type = 2; 364*d5c09012SAndroid Build Coastguard Worker 365*d5c09012SAndroid Build Coastguard Worker // The project that this resource belongs to, in the form of 366*d5c09012SAndroid Build Coastguard Worker // projects/{PROJECT_NUMBER}. This field is available when the resource 367*d5c09012SAndroid Build Coastguard Worker // belongs to a project. 368*d5c09012SAndroid Build Coastguard Worker // 369*d5c09012SAndroid Build Coastguard Worker // To search against `project`: 370*d5c09012SAndroid Build Coastguard Worker // 371*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `project:12345` 372*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `12345` 373*d5c09012SAndroid Build Coastguard Worker // * Specify the `scope` field as this project in your search request. 374*d5c09012SAndroid Build Coastguard Worker string project = 3; 375*d5c09012SAndroid Build Coastguard Worker 376*d5c09012SAndroid Build Coastguard Worker // The folder(s) that this resource belongs to, in the form of 377*d5c09012SAndroid Build Coastguard Worker // folders/{FOLDER_NUMBER}. This field is available when the resource 378*d5c09012SAndroid Build Coastguard Worker // belongs to one or more folders. 379*d5c09012SAndroid Build Coastguard Worker // 380*d5c09012SAndroid Build Coastguard Worker // To search against `folders`: 381*d5c09012SAndroid Build Coastguard Worker // 382*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `folders:(123 OR 456)` 383*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `123` 384*d5c09012SAndroid Build Coastguard Worker // * Specify the `scope` field as this folder in your search request. 385*d5c09012SAndroid Build Coastguard Worker repeated string folders = 17; 386*d5c09012SAndroid Build Coastguard Worker 387*d5c09012SAndroid Build Coastguard Worker // The organization that this resource belongs to, in the form of 388*d5c09012SAndroid Build Coastguard Worker // organizations/{ORGANIZATION_NUMBER}. This field is available when the 389*d5c09012SAndroid Build Coastguard Worker // resource belongs to an organization. 390*d5c09012SAndroid Build Coastguard Worker // 391*d5c09012SAndroid Build Coastguard Worker // To search against `organization`: 392*d5c09012SAndroid Build Coastguard Worker // 393*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `organization:123` 394*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `123` 395*d5c09012SAndroid Build Coastguard Worker // * Specify the `scope` field as this organization in your search request. 396*d5c09012SAndroid Build Coastguard Worker string organization = 18; 397*d5c09012SAndroid Build Coastguard Worker 398*d5c09012SAndroid Build Coastguard Worker // The display name of this resource. This field is available only when the 399*d5c09012SAndroid Build Coastguard Worker // resource's Protobuf contains it. 400*d5c09012SAndroid Build Coastguard Worker // 401*d5c09012SAndroid Build Coastguard Worker // To search against the `display_name`: 402*d5c09012SAndroid Build Coastguard Worker // 403*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `displayName:"My Instance"` 404*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `"My Instance"` 405*d5c09012SAndroid Build Coastguard Worker string display_name = 4; 406*d5c09012SAndroid Build Coastguard Worker 407*d5c09012SAndroid Build Coastguard Worker // One or more paragraphs of text description of this resource. Maximum length 408*d5c09012SAndroid Build Coastguard Worker // could be up to 1M bytes. This field is available only when the resource's 409*d5c09012SAndroid Build Coastguard Worker // Protobuf contains it. 410*d5c09012SAndroid Build Coastguard Worker // 411*d5c09012SAndroid Build Coastguard Worker // To search against the `description`: 412*d5c09012SAndroid Build Coastguard Worker // 413*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `description:"important instance"` 414*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `"important instance"` 415*d5c09012SAndroid Build Coastguard Worker string description = 5; 416*d5c09012SAndroid Build Coastguard Worker 417*d5c09012SAndroid Build Coastguard Worker // Location can be `global`, regional like `us-east1`, or zonal like 418*d5c09012SAndroid Build Coastguard Worker // `us-west1-b`. This field is available only when the resource's Protobuf 419*d5c09012SAndroid Build Coastguard Worker // contains it. 420*d5c09012SAndroid Build Coastguard Worker // 421*d5c09012SAndroid Build Coastguard Worker // To search against the `location`: 422*d5c09012SAndroid Build Coastguard Worker // 423*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `location:us-west*` 424*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `us-west*` 425*d5c09012SAndroid Build Coastguard Worker string location = 6; 426*d5c09012SAndroid Build Coastguard Worker 427*d5c09012SAndroid Build Coastguard Worker // Labels associated with this resource. See [Labelling and grouping Google 428*d5c09012SAndroid Build Coastguard Worker // Cloud 429*d5c09012SAndroid Build Coastguard Worker // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) 430*d5c09012SAndroid Build Coastguard Worker // for more information. This field is available only when the resource's 431*d5c09012SAndroid Build Coastguard Worker // Protobuf contains it. 432*d5c09012SAndroid Build Coastguard Worker // 433*d5c09012SAndroid Build Coastguard Worker // To search against the `labels`: 434*d5c09012SAndroid Build Coastguard Worker // 435*d5c09012SAndroid Build Coastguard Worker // * Use a field query: 436*d5c09012SAndroid Build Coastguard Worker // - query on any label's key or value. Example: `labels:prod` 437*d5c09012SAndroid Build Coastguard Worker // - query by a given label. Example: `labels.env:prod` 438*d5c09012SAndroid Build Coastguard Worker // - query by a given label's existence. Example: `labels.env:*` 439*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `prod` 440*d5c09012SAndroid Build Coastguard Worker map<string, string> labels = 7; 441*d5c09012SAndroid Build Coastguard Worker 442*d5c09012SAndroid Build Coastguard Worker // Network tags associated with this resource. Like labels, network tags are a 443*d5c09012SAndroid Build Coastguard Worker // type of annotations used to group Google Cloud resources. See [Labelling 444*d5c09012SAndroid Build Coastguard Worker // Google Cloud 445*d5c09012SAndroid Build Coastguard Worker // resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) 446*d5c09012SAndroid Build Coastguard Worker // for more information. This field is available only when the resource's 447*d5c09012SAndroid Build Coastguard Worker // Protobuf contains it. 448*d5c09012SAndroid Build Coastguard Worker // 449*d5c09012SAndroid Build Coastguard Worker // To search against the `network_tags`: 450*d5c09012SAndroid Build Coastguard Worker // 451*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `networkTags:internal` 452*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `internal` 453*d5c09012SAndroid Build Coastguard Worker repeated string network_tags = 8; 454*d5c09012SAndroid Build Coastguard Worker 455*d5c09012SAndroid Build Coastguard Worker // The Cloud KMS 456*d5c09012SAndroid Build Coastguard Worker // [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) 457*d5c09012SAndroid Build Coastguard Worker // name or 458*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) 459*d5c09012SAndroid Build Coastguard Worker // name. 460*d5c09012SAndroid Build Coastguard Worker // 461*d5c09012SAndroid Build Coastguard Worker // This field only presents for the purpose of backward compatibility. 462*d5c09012SAndroid Build Coastguard Worker // Use the `kms_keys` field to retrieve Cloud KMS key information. This field 463*d5c09012SAndroid Build Coastguard Worker // is available only when the resource's Protobuf contains it and will only be 464*d5c09012SAndroid Build Coastguard Worker // populated for [these resource 465*d5c09012SAndroid Build Coastguard Worker // types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) 466*d5c09012SAndroid Build Coastguard Worker // for backward compatible purposes. 467*d5c09012SAndroid Build Coastguard Worker // 468*d5c09012SAndroid Build Coastguard Worker // To search against the `kms_key`: 469*d5c09012SAndroid Build Coastguard Worker // 470*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `kmsKey:key` 471*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `key` 472*d5c09012SAndroid Build Coastguard Worker string kms_key = 10 [deprecated = true]; 473*d5c09012SAndroid Build Coastguard Worker 474*d5c09012SAndroid Build Coastguard Worker // The Cloud KMS 475*d5c09012SAndroid Build Coastguard Worker // [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) 476*d5c09012SAndroid Build Coastguard Worker // names or 477*d5c09012SAndroid Build Coastguard Worker // [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) 478*d5c09012SAndroid Build Coastguard Worker // names. This field is available only when the resource's Protobuf contains 479*d5c09012SAndroid Build Coastguard Worker // it. 480*d5c09012SAndroid Build Coastguard Worker // 481*d5c09012SAndroid Build Coastguard Worker // To search against the `kms_keys`: 482*d5c09012SAndroid Build Coastguard Worker // 483*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `kmsKeys:key` 484*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `key` 485*d5c09012SAndroid Build Coastguard Worker repeated string kms_keys = 28; 486*d5c09012SAndroid Build Coastguard Worker 487*d5c09012SAndroid Build Coastguard Worker // The create timestamp of this resource, at which the resource was created. 488*d5c09012SAndroid Build Coastguard Worker // The granularity is in seconds. Timestamp.nanos will always be 0. This field 489*d5c09012SAndroid Build Coastguard Worker // is available only when the resource's Protobuf contains it. 490*d5c09012SAndroid Build Coastguard Worker // 491*d5c09012SAndroid Build Coastguard Worker // To search against `create_time`: 492*d5c09012SAndroid Build Coastguard Worker // 493*d5c09012SAndroid Build Coastguard Worker // * Use a field query. 494*d5c09012SAndroid Build Coastguard Worker // - value in seconds since unix epoch. Example: `createTime > 1609459200` 495*d5c09012SAndroid Build Coastguard Worker // - value in date string. Example: `createTime > 2021-01-01` 496*d5c09012SAndroid Build Coastguard Worker // - value in date-time string (must be quoted). Example: `createTime > 497*d5c09012SAndroid Build Coastguard Worker // "2021-01-01T00:00:00"` 498*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp create_time = 11; 499*d5c09012SAndroid Build Coastguard Worker 500*d5c09012SAndroid Build Coastguard Worker // The last update timestamp of this resource, at which the resource was last 501*d5c09012SAndroid Build Coastguard Worker // modified or deleted. The granularity is in seconds. Timestamp.nanos will 502*d5c09012SAndroid Build Coastguard Worker // always be 0. This field is available only when the resource's Protobuf 503*d5c09012SAndroid Build Coastguard Worker // contains it. 504*d5c09012SAndroid Build Coastguard Worker // 505*d5c09012SAndroid Build Coastguard Worker // To search against `update_time`: 506*d5c09012SAndroid Build Coastguard Worker // 507*d5c09012SAndroid Build Coastguard Worker // * Use a field query. 508*d5c09012SAndroid Build Coastguard Worker // - value in seconds since unix epoch. Example: `updateTime < 1609459200` 509*d5c09012SAndroid Build Coastguard Worker // - value in date string. Example: `updateTime < 2021-01-01` 510*d5c09012SAndroid Build Coastguard Worker // - value in date-time string (must be quoted). Example: `updateTime < 511*d5c09012SAndroid Build Coastguard Worker // "2021-01-01T00:00:00"` 512*d5c09012SAndroid Build Coastguard Worker google.protobuf.Timestamp update_time = 12; 513*d5c09012SAndroid Build Coastguard Worker 514*d5c09012SAndroid Build Coastguard Worker // The state of this resource. Different resources types have different state 515*d5c09012SAndroid Build Coastguard Worker // definitions that are mapped from various fields of different resource 516*d5c09012SAndroid Build Coastguard Worker // types. This field is available only when the resource's Protobuf contains 517*d5c09012SAndroid Build Coastguard Worker // it. 518*d5c09012SAndroid Build Coastguard Worker // 519*d5c09012SAndroid Build Coastguard Worker // Example: 520*d5c09012SAndroid Build Coastguard Worker // If the resource is an instance provided by Compute Engine, 521*d5c09012SAndroid Build Coastguard Worker // its state will include PROVISIONING, STAGING, RUNNING, STOPPING, 522*d5c09012SAndroid Build Coastguard Worker // SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition 523*d5c09012SAndroid Build Coastguard Worker // in [API 524*d5c09012SAndroid Build Coastguard Worker // Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances). 525*d5c09012SAndroid Build Coastguard Worker // If the resource is a project provided by Resource Manager, its state 526*d5c09012SAndroid Build Coastguard Worker // will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and 527*d5c09012SAndroid Build Coastguard Worker // DELETE_IN_PROGRESS. See `lifecycleState` definition in [API 528*d5c09012SAndroid Build Coastguard Worker // Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects). 529*d5c09012SAndroid Build Coastguard Worker // 530*d5c09012SAndroid Build Coastguard Worker // To search against the `state`: 531*d5c09012SAndroid Build Coastguard Worker // 532*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: `state:RUNNING` 533*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: `RUNNING` 534*d5c09012SAndroid Build Coastguard Worker string state = 13; 535*d5c09012SAndroid Build Coastguard Worker 536*d5c09012SAndroid Build Coastguard Worker // The additional searchable attributes of this resource. The attributes may 537*d5c09012SAndroid Build Coastguard Worker // vary from one resource type to another. Examples: `projectId` for Project, 538*d5c09012SAndroid Build Coastguard Worker // `dnsName` for DNS ManagedZone. This field contains a subset of the resource 539*d5c09012SAndroid Build Coastguard Worker // metadata fields that are returned by the List or Get APIs provided by the 540*d5c09012SAndroid Build Coastguard Worker // corresponding Google Cloud service (e.g., Compute Engine). see [API 541*d5c09012SAndroid Build Coastguard Worker // references and supported searchable 542*d5c09012SAndroid Build Coastguard Worker // attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types) 543*d5c09012SAndroid Build Coastguard Worker // to see which fields are included. 544*d5c09012SAndroid Build Coastguard Worker // 545*d5c09012SAndroid Build Coastguard Worker // You can search values of these fields through free text search. However, 546*d5c09012SAndroid Build Coastguard Worker // you should not consume the field programically as the field names and 547*d5c09012SAndroid Build Coastguard Worker // values may change as the Google Cloud service updates to a new incompatible 548*d5c09012SAndroid Build Coastguard Worker // API version. 549*d5c09012SAndroid Build Coastguard Worker // 550*d5c09012SAndroid Build Coastguard Worker // To search against the `additional_attributes`: 551*d5c09012SAndroid Build Coastguard Worker // 552*d5c09012SAndroid Build Coastguard Worker // * Use a free text query to match the attributes values. Example: to search 553*d5c09012SAndroid Build Coastguard Worker // `additional_attributes = { dnsName: "foobar" }`, you can issue a query 554*d5c09012SAndroid Build Coastguard Worker // `foobar`. 555*d5c09012SAndroid Build Coastguard Worker google.protobuf.Struct additional_attributes = 9; 556*d5c09012SAndroid Build Coastguard Worker 557*d5c09012SAndroid Build Coastguard Worker // The full resource name of this resource's parent, if it has one. 558*d5c09012SAndroid Build Coastguard Worker // To search against the `parent_full_resource_name`: 559*d5c09012SAndroid Build Coastguard Worker // 560*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 561*d5c09012SAndroid Build Coastguard Worker // `parentFullResourceName:"project-name"` 562*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: 563*d5c09012SAndroid Build Coastguard Worker // `project-name` 564*d5c09012SAndroid Build Coastguard Worker string parent_full_resource_name = 19; 565*d5c09012SAndroid Build Coastguard Worker 566*d5c09012SAndroid Build Coastguard Worker // Versioned resource representations of this resource. This is repeated 567*d5c09012SAndroid Build Coastguard Worker // because there could be multiple versions of resource representations during 568*d5c09012SAndroid Build Coastguard Worker // version migration. 569*d5c09012SAndroid Build Coastguard Worker // 570*d5c09012SAndroid Build Coastguard Worker // This `versioned_resources` field is not searchable. Some attributes of the 571*d5c09012SAndroid Build Coastguard Worker // resource representations are exposed in `additional_attributes` field, so 572*d5c09012SAndroid Build Coastguard Worker // as to allow users to search on them. 573*d5c09012SAndroid Build Coastguard Worker repeated VersionedResource versioned_resources = 16; 574*d5c09012SAndroid Build Coastguard Worker 575*d5c09012SAndroid Build Coastguard Worker // Attached resources of this resource. For example, an OSConfig 576*d5c09012SAndroid Build Coastguard Worker // Inventory is an attached resource of a Compute Instance. This field is 577*d5c09012SAndroid Build Coastguard Worker // repeated because a resource could have multiple attached resources. 578*d5c09012SAndroid Build Coastguard Worker // 579*d5c09012SAndroid Build Coastguard Worker // This `attached_resources` field is not searchable. Some attributes 580*d5c09012SAndroid Build Coastguard Worker // of the attached resources are exposed in `additional_attributes` field, so 581*d5c09012SAndroid Build Coastguard Worker // as to allow users to search on them. 582*d5c09012SAndroid Build Coastguard Worker repeated AttachedResource attached_resources = 20; 583*d5c09012SAndroid Build Coastguard Worker 584*d5c09012SAndroid Build Coastguard Worker // A map of related resources of this resource, keyed by the 585*d5c09012SAndroid Build Coastguard Worker // relationship type. A relationship type is in the format of 586*d5c09012SAndroid Build Coastguard Worker // {SourceType}_{ACTION}_{DestType}. Example: `DISK_TO_INSTANCE`, 587*d5c09012SAndroid Build Coastguard Worker // `DISK_TO_NETWORK`, `INSTANCE_TO_INSTANCEGROUP`. 588*d5c09012SAndroid Build Coastguard Worker // See [supported relationship 589*d5c09012SAndroid Build Coastguard Worker // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#supported_relationship_types). 590*d5c09012SAndroid Build Coastguard Worker map<string, RelatedResources> relationships = 21; 591*d5c09012SAndroid Build Coastguard Worker 592*d5c09012SAndroid Build Coastguard Worker // This field is only present for the purpose of backward compatibility. 593*d5c09012SAndroid Build Coastguard Worker // Use the `tags` field instead. 594*d5c09012SAndroid Build Coastguard Worker // 595*d5c09012SAndroid Build Coastguard Worker // TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. 596*d5c09012SAndroid Build Coastguard Worker // To search against the `tagKeys`: 597*d5c09012SAndroid Build Coastguard Worker // 598*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 599*d5c09012SAndroid Build Coastguard Worker // - `tagKeys:"123456789/env*"` 600*d5c09012SAndroid Build Coastguard Worker // - `tagKeys="123456789/env"` 601*d5c09012SAndroid Build Coastguard Worker // - `tagKeys:"env"` 602*d5c09012SAndroid Build Coastguard Worker // 603*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: 604*d5c09012SAndroid Build Coastguard Worker // - `env` 605*d5c09012SAndroid Build Coastguard Worker repeated string tag_keys = 23 [deprecated = true]; 606*d5c09012SAndroid Build Coastguard Worker 607*d5c09012SAndroid Build Coastguard Worker // This field is only present for the purpose of backward compatibility. 608*d5c09012SAndroid Build Coastguard Worker // Use the `tags` field instead. 609*d5c09012SAndroid Build Coastguard Worker // 610*d5c09012SAndroid Build Coastguard Worker // TagValue namespaced names, in the format of 611*d5c09012SAndroid Build Coastguard Worker // {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. 612*d5c09012SAndroid Build Coastguard Worker // To search against the `tagValues`: 613*d5c09012SAndroid Build Coastguard Worker // 614*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 615*d5c09012SAndroid Build Coastguard Worker // - `tagValues:"env"` 616*d5c09012SAndroid Build Coastguard Worker // - `tagValues:"env/prod"` 617*d5c09012SAndroid Build Coastguard Worker // - `tagValues:"123456789/env/prod*"` 618*d5c09012SAndroid Build Coastguard Worker // - `tagValues="123456789/env/prod"` 619*d5c09012SAndroid Build Coastguard Worker // 620*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: 621*d5c09012SAndroid Build Coastguard Worker // - `prod` 622*d5c09012SAndroid Build Coastguard Worker repeated string tag_values = 25 [deprecated = true]; 623*d5c09012SAndroid Build Coastguard Worker 624*d5c09012SAndroid Build Coastguard Worker // This field is only present for the purpose of backward compatibility. 625*d5c09012SAndroid Build Coastguard Worker // Use the `tags` field instead. 626*d5c09012SAndroid Build Coastguard Worker // 627*d5c09012SAndroid Build Coastguard Worker // TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. 628*d5c09012SAndroid Build Coastguard Worker // To search against the `tagValueIds`: 629*d5c09012SAndroid Build Coastguard Worker // 630*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 631*d5c09012SAndroid Build Coastguard Worker // - `tagValueIds="tagValues/456"` 632*d5c09012SAndroid Build Coastguard Worker // 633*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: 634*d5c09012SAndroid Build Coastguard Worker // - `456` 635*d5c09012SAndroid Build Coastguard Worker repeated string tag_value_ids = 26 [deprecated = true]; 636*d5c09012SAndroid Build Coastguard Worker 637*d5c09012SAndroid Build Coastguard Worker // The tags directly attached to this resource. 638*d5c09012SAndroid Build Coastguard Worker // 639*d5c09012SAndroid Build Coastguard Worker // To search against the `tags`: 640*d5c09012SAndroid Build Coastguard Worker // 641*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 642*d5c09012SAndroid Build Coastguard Worker // - `tagKeys:"123456789/env*"` 643*d5c09012SAndroid Build Coastguard Worker // - `tagKeys="123456789/env"` 644*d5c09012SAndroid Build Coastguard Worker // - `tagKeys:"env"` 645*d5c09012SAndroid Build Coastguard Worker // - `tagKeyIds="tagKeys/123"` 646*d5c09012SAndroid Build Coastguard Worker // - `tagValues:"env"` 647*d5c09012SAndroid Build Coastguard Worker // - `tagValues:"env/prod"` 648*d5c09012SAndroid Build Coastguard Worker // - `tagValues:"123456789/env/prod*"` 649*d5c09012SAndroid Build Coastguard Worker // - `tagValues="123456789/env/prod"` 650*d5c09012SAndroid Build Coastguard Worker // - `tagValueIds="tagValues/456"` 651*d5c09012SAndroid Build Coastguard Worker // 652*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: 653*d5c09012SAndroid Build Coastguard Worker // - `env/prod` 654*d5c09012SAndroid Build Coastguard Worker repeated Tag tags = 29; 655*d5c09012SAndroid Build Coastguard Worker 656*d5c09012SAndroid Build Coastguard Worker // The effective tags on this resource. All of the tags that are both attached 657*d5c09012SAndroid Build Coastguard Worker // to and inherited by a resource are collectively called the effective 658*d5c09012SAndroid Build Coastguard Worker // tags. For more information, see [tag 659*d5c09012SAndroid Build Coastguard Worker // inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). 660*d5c09012SAndroid Build Coastguard Worker // 661*d5c09012SAndroid Build Coastguard Worker // To search against the `effective_tags`: 662*d5c09012SAndroid Build Coastguard Worker // 663*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 664*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagKeys:"123456789/env*"` 665*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagKeys="123456789/env"` 666*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagKeys:"env"` 667*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagKeyIds="tagKeys/123"` 668*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagValues:"env"` 669*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagValues:"env/prod"` 670*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagValues:"123456789/env/prod*"` 671*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagValues="123456789/env/prod"` 672*d5c09012SAndroid Build Coastguard Worker // - `effectiveTagValueIds="tagValues/456"` 673*d5c09012SAndroid Build Coastguard Worker repeated EffectiveTagDetails effective_tags = 30; 674*d5c09012SAndroid Build Coastguard Worker 675*d5c09012SAndroid Build Coastguard Worker // The type of this resource's immediate parent, if there is one. 676*d5c09012SAndroid Build Coastguard Worker // 677*d5c09012SAndroid Build Coastguard Worker // To search against the `parent_asset_type`: 678*d5c09012SAndroid Build Coastguard Worker // 679*d5c09012SAndroid Build Coastguard Worker // * Use a field query. Example: 680*d5c09012SAndroid Build Coastguard Worker // `parentAssetType:"cloudresourcemanager.googleapis.com/Project"` 681*d5c09012SAndroid Build Coastguard Worker // * Use a free text query. Example: 682*d5c09012SAndroid Build Coastguard Worker // `cloudresourcemanager.googleapis.com/Project` 683*d5c09012SAndroid Build Coastguard Worker string parent_asset_type = 103; 684*d5c09012SAndroid Build Coastguard Worker 685*d5c09012SAndroid Build Coastguard Worker // The actual content of Security Command Center security marks associated 686*d5c09012SAndroid Build Coastguard Worker // with the asset. 687*d5c09012SAndroid Build Coastguard Worker // 688*d5c09012SAndroid Build Coastguard Worker // 689*d5c09012SAndroid Build Coastguard Worker // To search against SCC SecurityMarks field: 690*d5c09012SAndroid Build Coastguard Worker // 691*d5c09012SAndroid Build Coastguard Worker // * Use a field query: 692*d5c09012SAndroid Build Coastguard Worker // - query by a given key value pair. Example: `sccSecurityMarks.foo=bar` 693*d5c09012SAndroid Build Coastguard Worker // - query by a given key's existence. Example: `sccSecurityMarks.foo:*` 694*d5c09012SAndroid Build Coastguard Worker map<string, string> scc_security_marks = 32; 695*d5c09012SAndroid Build Coastguard Worker} 696*d5c09012SAndroid Build Coastguard Worker 697*d5c09012SAndroid Build Coastguard Worker// Resource representation as defined by the corresponding service providing the 698*d5c09012SAndroid Build Coastguard Worker// resource for a given API version. 699*d5c09012SAndroid Build Coastguard Workermessage VersionedResource { 700*d5c09012SAndroid Build Coastguard Worker // API version of the resource. 701*d5c09012SAndroid Build Coastguard Worker // 702*d5c09012SAndroid Build Coastguard Worker // Example: 703*d5c09012SAndroid Build Coastguard Worker // If the resource is an instance provided by Compute Engine v1 API as defined 704*d5c09012SAndroid Build Coastguard Worker // in `https://cloud.google.com/compute/docs/reference/rest/v1/instances`, 705*d5c09012SAndroid Build Coastguard Worker // version will be "v1". 706*d5c09012SAndroid Build Coastguard Worker string version = 1; 707*d5c09012SAndroid Build Coastguard Worker 708*d5c09012SAndroid Build Coastguard Worker // JSON representation of the resource as defined by the corresponding 709*d5c09012SAndroid Build Coastguard Worker // service providing this resource. 710*d5c09012SAndroid Build Coastguard Worker // 711*d5c09012SAndroid Build Coastguard Worker // Example: 712*d5c09012SAndroid Build Coastguard Worker // If the resource is an instance provided by Compute Engine, this field will 713*d5c09012SAndroid Build Coastguard Worker // contain the JSON representation of the instance as defined by Compute 714*d5c09012SAndroid Build Coastguard Worker // Engine: 715*d5c09012SAndroid Build Coastguard Worker // `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. 716*d5c09012SAndroid Build Coastguard Worker // 717*d5c09012SAndroid Build Coastguard Worker // You can find the resource definition for each supported resource type in 718*d5c09012SAndroid Build Coastguard Worker // this table: 719*d5c09012SAndroid Build Coastguard Worker // `https://cloud.google.com/asset-inventory/docs/supported-asset-types` 720*d5c09012SAndroid Build Coastguard Worker google.protobuf.Struct resource = 2; 721*d5c09012SAndroid Build Coastguard Worker} 722*d5c09012SAndroid Build Coastguard Worker 723*d5c09012SAndroid Build Coastguard Worker// Attached resource representation, which is defined by the corresponding 724*d5c09012SAndroid Build Coastguard Worker// service provider. It represents an attached resource's payload. 725*d5c09012SAndroid Build Coastguard Workermessage AttachedResource { 726*d5c09012SAndroid Build Coastguard Worker // The type of this attached resource. 727*d5c09012SAndroid Build Coastguard Worker // 728*d5c09012SAndroid Build Coastguard Worker // Example: `osconfig.googleapis.com/Inventory` 729*d5c09012SAndroid Build Coastguard Worker // 730*d5c09012SAndroid Build Coastguard Worker // You can find the supported attached asset types of each resource in this 731*d5c09012SAndroid Build Coastguard Worker // table: 732*d5c09012SAndroid Build Coastguard Worker // `https://cloud.google.com/asset-inventory/docs/supported-asset-types` 733*d5c09012SAndroid Build Coastguard Worker string asset_type = 1; 734*d5c09012SAndroid Build Coastguard Worker 735*d5c09012SAndroid Build Coastguard Worker // Versioned resource representations of this attached resource. This is 736*d5c09012SAndroid Build Coastguard Worker // repeated because there could be multiple versions of the attached resource 737*d5c09012SAndroid Build Coastguard Worker // representations during version migration. 738*d5c09012SAndroid Build Coastguard Worker repeated VersionedResource versioned_resources = 3; 739*d5c09012SAndroid Build Coastguard Worker} 740*d5c09012SAndroid Build Coastguard Worker 741*d5c09012SAndroid Build Coastguard Worker// The related resources of the primary resource. 742*d5c09012SAndroid Build Coastguard Workermessage RelatedResources { 743*d5c09012SAndroid Build Coastguard Worker // The detailed related resources of the primary resource. 744*d5c09012SAndroid Build Coastguard Worker repeated RelatedResource related_resources = 1; 745*d5c09012SAndroid Build Coastguard Worker} 746*d5c09012SAndroid Build Coastguard Worker 747*d5c09012SAndroid Build Coastguard Worker// The detailed related resource. 748*d5c09012SAndroid Build Coastguard Workermessage RelatedResource { 749*d5c09012SAndroid Build Coastguard Worker // The type of the asset. Example: `compute.googleapis.com/Instance` 750*d5c09012SAndroid Build Coastguard Worker string asset_type = 1; 751*d5c09012SAndroid Build Coastguard Worker 752*d5c09012SAndroid Build Coastguard Worker // The full resource name of the related resource. Example: 753*d5c09012SAndroid Build Coastguard Worker // `//compute.googleapis.com/projects/my_proj_123/zones/instance/instance123` 754*d5c09012SAndroid Build Coastguard Worker string full_resource_name = 2; 755*d5c09012SAndroid Build Coastguard Worker} 756*d5c09012SAndroid Build Coastguard Worker 757*d5c09012SAndroid Build Coastguard Worker// A result of IAM Policy search, containing information of an IAM policy. 758*d5c09012SAndroid Build Coastguard Workermessage IamPolicySearchResult { 759*d5c09012SAndroid Build Coastguard Worker // Explanation about the IAM policy search result. 760*d5c09012SAndroid Build Coastguard Worker message Explanation { 761*d5c09012SAndroid Build Coastguard Worker // IAM permissions 762*d5c09012SAndroid Build Coastguard Worker message Permissions { 763*d5c09012SAndroid Build Coastguard Worker // A list of permissions. A sample permission string: `compute.disk.get`. 764*d5c09012SAndroid Build Coastguard Worker repeated string permissions = 1; 765*d5c09012SAndroid Build Coastguard Worker } 766*d5c09012SAndroid Build Coastguard Worker 767*d5c09012SAndroid Build Coastguard Worker // The map from roles to their included permissions that match the 768*d5c09012SAndroid Build Coastguard Worker // permission query (i.e., a query containing `policy.role.permissions:`). 769*d5c09012SAndroid Build Coastguard Worker // Example: if query `policy.role.permissions:compute.disk.get` 770*d5c09012SAndroid Build Coastguard Worker // matches a policy binding that contains owner role, the 771*d5c09012SAndroid Build Coastguard Worker // matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The 772*d5c09012SAndroid Build Coastguard Worker // roles can also be found in the returned `policy` bindings. Note that the 773*d5c09012SAndroid Build Coastguard Worker // map is populated only for requests with permission queries. 774*d5c09012SAndroid Build Coastguard Worker map<string, Permissions> matched_permissions = 1; 775*d5c09012SAndroid Build Coastguard Worker } 776*d5c09012SAndroid Build Coastguard Worker 777*d5c09012SAndroid Build Coastguard Worker // The full resource name of the resource associated with this IAM policy. 778*d5c09012SAndroid Build Coastguard Worker // Example: 779*d5c09012SAndroid Build Coastguard Worker // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. 780*d5c09012SAndroid Build Coastguard Worker // See [Cloud Asset Inventory Resource Name 781*d5c09012SAndroid Build Coastguard Worker // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) 782*d5c09012SAndroid Build Coastguard Worker // for more information. 783*d5c09012SAndroid Build Coastguard Worker // 784*d5c09012SAndroid Build Coastguard Worker // To search against the `resource`: 785*d5c09012SAndroid Build Coastguard Worker // 786*d5c09012SAndroid Build Coastguard Worker // * use a field query. Example: `resource:organizations/123` 787*d5c09012SAndroid Build Coastguard Worker string resource = 1; 788*d5c09012SAndroid Build Coastguard Worker 789*d5c09012SAndroid Build Coastguard Worker // The type of the resource associated with this IAM policy. Example: 790*d5c09012SAndroid Build Coastguard Worker // `compute.googleapis.com/Disk`. 791*d5c09012SAndroid Build Coastguard Worker // 792*d5c09012SAndroid Build Coastguard Worker // To search against the `asset_type`: 793*d5c09012SAndroid Build Coastguard Worker // 794*d5c09012SAndroid Build Coastguard Worker // * specify the `asset_types` field in your search request. 795*d5c09012SAndroid Build Coastguard Worker string asset_type = 5; 796*d5c09012SAndroid Build Coastguard Worker 797*d5c09012SAndroid Build Coastguard Worker // The project that the associated Google Cloud resource belongs to, in the 798*d5c09012SAndroid Build Coastguard Worker // form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource 799*d5c09012SAndroid Build Coastguard Worker // (like VM instance, Cloud Storage bucket), the project field will indicate 800*d5c09012SAndroid Build Coastguard Worker // the project that contains the resource. If an IAM policy is set on a folder 801*d5c09012SAndroid Build Coastguard Worker // or orgnization, this field will be empty. 802*d5c09012SAndroid Build Coastguard Worker // 803*d5c09012SAndroid Build Coastguard Worker // To search against the `project`: 804*d5c09012SAndroid Build Coastguard Worker // 805*d5c09012SAndroid Build Coastguard Worker // * specify the `scope` field as this project in your search request. 806*d5c09012SAndroid Build Coastguard Worker string project = 2; 807*d5c09012SAndroid Build Coastguard Worker 808*d5c09012SAndroid Build Coastguard Worker // The folder(s) that the IAM policy belongs to, in the form of 809*d5c09012SAndroid Build Coastguard Worker // folders/{FOLDER_NUMBER}. This field is available when the IAM policy 810*d5c09012SAndroid Build Coastguard Worker // belongs to one or more folders. 811*d5c09012SAndroid Build Coastguard Worker // 812*d5c09012SAndroid Build Coastguard Worker // To search against `folders`: 813*d5c09012SAndroid Build Coastguard Worker // 814*d5c09012SAndroid Build Coastguard Worker // * use a field query. Example: `folders:(123 OR 456)` 815*d5c09012SAndroid Build Coastguard Worker // * use a free text query. Example: `123` 816*d5c09012SAndroid Build Coastguard Worker // * specify the `scope` field as this folder in your search request. 817*d5c09012SAndroid Build Coastguard Worker repeated string folders = 6; 818*d5c09012SAndroid Build Coastguard Worker 819*d5c09012SAndroid Build Coastguard Worker // The organization that the IAM policy belongs to, in the form 820*d5c09012SAndroid Build Coastguard Worker // of organizations/{ORGANIZATION_NUMBER}. This field is available when the 821*d5c09012SAndroid Build Coastguard Worker // IAM policy belongs to an organization. 822*d5c09012SAndroid Build Coastguard Worker // 823*d5c09012SAndroid Build Coastguard Worker // To search against `organization`: 824*d5c09012SAndroid Build Coastguard Worker // 825*d5c09012SAndroid Build Coastguard Worker // * use a field query. Example: `organization:123` 826*d5c09012SAndroid Build Coastguard Worker // * use a free text query. Example: `123` 827*d5c09012SAndroid Build Coastguard Worker // * specify the `scope` field as this organization in your search request. 828*d5c09012SAndroid Build Coastguard Worker string organization = 7; 829*d5c09012SAndroid Build Coastguard Worker 830*d5c09012SAndroid Build Coastguard Worker // The IAM policy directly set on the given resource. Note that the original 831*d5c09012SAndroid Build Coastguard Worker // IAM policy can contain multiple bindings. This only contains the bindings 832*d5c09012SAndroid Build Coastguard Worker // that match the given query. For queries that don't contain a constrain on 833*d5c09012SAndroid Build Coastguard Worker // policies (e.g., an empty query), this contains all the bindings. 834*d5c09012SAndroid Build Coastguard Worker // 835*d5c09012SAndroid Build Coastguard Worker // To search against the `policy` bindings: 836*d5c09012SAndroid Build Coastguard Worker // 837*d5c09012SAndroid Build Coastguard Worker // * use a field query: 838*d5c09012SAndroid Build Coastguard Worker // - query by the policy contained members. Example: 839*d5c09012SAndroid Build Coastguard Worker // `policy:[email protected]` 840*d5c09012SAndroid Build Coastguard Worker // - query by the policy contained roles. Example: 841*d5c09012SAndroid Build Coastguard Worker // `policy:roles/compute.admin` 842*d5c09012SAndroid Build Coastguard Worker // - query by the policy contained roles' included permissions. Example: 843*d5c09012SAndroid Build Coastguard Worker // `policy.role.permissions:compute.instances.create` 844*d5c09012SAndroid Build Coastguard Worker google.iam.v1.Policy policy = 3; 845*d5c09012SAndroid Build Coastguard Worker 846*d5c09012SAndroid Build Coastguard Worker // Explanation about the IAM policy search result. It contains additional 847*d5c09012SAndroid Build Coastguard Worker // information to explain why the search result matches the query. 848*d5c09012SAndroid Build Coastguard Worker Explanation explanation = 4; 849*d5c09012SAndroid Build Coastguard Worker} 850*d5c09012SAndroid Build Coastguard Worker 851*d5c09012SAndroid Build Coastguard Worker// Represents the detailed state of an entity under analysis, such as a 852*d5c09012SAndroid Build Coastguard Worker// resource, an identity or an access. 853*d5c09012SAndroid Build Coastguard Workermessage IamPolicyAnalysisState { 854*d5c09012SAndroid Build Coastguard Worker // The Google standard error code that best describes the state. 855*d5c09012SAndroid Build Coastguard Worker // For example: 856*d5c09012SAndroid Build Coastguard Worker // - OK means the analysis on this entity has been successfully finished; 857*d5c09012SAndroid Build Coastguard Worker // - PERMISSION_DENIED means an access denied error is encountered; 858*d5c09012SAndroid Build Coastguard Worker // - DEADLINE_EXCEEDED means the analysis on this entity hasn't been started 859*d5c09012SAndroid Build Coastguard Worker // in time; 860*d5c09012SAndroid Build Coastguard Worker google.rpc.Code code = 1; 861*d5c09012SAndroid Build Coastguard Worker 862*d5c09012SAndroid Build Coastguard Worker // The human-readable description of the cause of failure. 863*d5c09012SAndroid Build Coastguard Worker string cause = 2; 864*d5c09012SAndroid Build Coastguard Worker} 865*d5c09012SAndroid Build Coastguard Worker 866*d5c09012SAndroid Build Coastguard Worker// The condition evaluation. 867*d5c09012SAndroid Build Coastguard Workermessage ConditionEvaluation { 868*d5c09012SAndroid Build Coastguard Worker // Value of this expression. 869*d5c09012SAndroid Build Coastguard Worker enum EvaluationValue { 870*d5c09012SAndroid Build Coastguard Worker // Reserved for future use. 871*d5c09012SAndroid Build Coastguard Worker EVALUATION_VALUE_UNSPECIFIED = 0; 872*d5c09012SAndroid Build Coastguard Worker 873*d5c09012SAndroid Build Coastguard Worker // The evaluation result is `true`. 874*d5c09012SAndroid Build Coastguard Worker TRUE = 1; 875*d5c09012SAndroid Build Coastguard Worker 876*d5c09012SAndroid Build Coastguard Worker // The evaluation result is `false`. 877*d5c09012SAndroid Build Coastguard Worker FALSE = 2; 878*d5c09012SAndroid Build Coastguard Worker 879*d5c09012SAndroid Build Coastguard Worker // The evaluation result is `conditional` when the condition expression 880*d5c09012SAndroid Build Coastguard Worker // contains variables that are either missing input values or have not been 881*d5c09012SAndroid Build Coastguard Worker // supported by Policy Analyzer yet. 882*d5c09012SAndroid Build Coastguard Worker CONDITIONAL = 3; 883*d5c09012SAndroid Build Coastguard Worker } 884*d5c09012SAndroid Build Coastguard Worker 885*d5c09012SAndroid Build Coastguard Worker // The evaluation result. 886*d5c09012SAndroid Build Coastguard Worker EvaluationValue evaluation_value = 1; 887*d5c09012SAndroid Build Coastguard Worker} 888*d5c09012SAndroid Build Coastguard Worker 889*d5c09012SAndroid Build Coastguard Worker// IAM Policy analysis result, consisting of one IAM policy binding and derived 890*d5c09012SAndroid Build Coastguard Worker// access control lists. 891*d5c09012SAndroid Build Coastguard Workermessage IamPolicyAnalysisResult { 892*d5c09012SAndroid Build Coastguard Worker // A Google Cloud resource under analysis. 893*d5c09012SAndroid Build Coastguard Worker message Resource { 894*d5c09012SAndroid Build Coastguard Worker // The [full resource 895*d5c09012SAndroid Build Coastguard Worker // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) 896*d5c09012SAndroid Build Coastguard Worker string full_resource_name = 1; 897*d5c09012SAndroid Build Coastguard Worker 898*d5c09012SAndroid Build Coastguard Worker // The analysis state of this resource. 899*d5c09012SAndroid Build Coastguard Worker IamPolicyAnalysisState analysis_state = 2; 900*d5c09012SAndroid Build Coastguard Worker } 901*d5c09012SAndroid Build Coastguard Worker 902*d5c09012SAndroid Build Coastguard Worker // An IAM role or permission under analysis. 903*d5c09012SAndroid Build Coastguard Worker message Access { 904*d5c09012SAndroid Build Coastguard Worker oneof oneof_access { 905*d5c09012SAndroid Build Coastguard Worker // The role. 906*d5c09012SAndroid Build Coastguard Worker string role = 1; 907*d5c09012SAndroid Build Coastguard Worker 908*d5c09012SAndroid Build Coastguard Worker // The permission. 909*d5c09012SAndroid Build Coastguard Worker string permission = 2; 910*d5c09012SAndroid Build Coastguard Worker } 911*d5c09012SAndroid Build Coastguard Worker 912*d5c09012SAndroid Build Coastguard Worker // The analysis state of this access. 913*d5c09012SAndroid Build Coastguard Worker IamPolicyAnalysisState analysis_state = 3; 914*d5c09012SAndroid Build Coastguard Worker } 915*d5c09012SAndroid Build Coastguard Worker 916*d5c09012SAndroid Build Coastguard Worker // An identity under analysis. 917*d5c09012SAndroid Build Coastguard Worker message Identity { 918*d5c09012SAndroid Build Coastguard Worker // The identity of members, formatted as appear in an 919*d5c09012SAndroid Build Coastguard Worker // [IAM policy 920*d5c09012SAndroid Build Coastguard Worker // binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For 921*d5c09012SAndroid Build Coastguard Worker // example, they might be formatted like the following: 922*d5c09012SAndroid Build Coastguard Worker // 923*d5c09012SAndroid Build Coastguard Worker // - user:[email protected] 924*d5c09012SAndroid Build Coastguard Worker // - group:[email protected] 925*d5c09012SAndroid Build Coastguard Worker // - serviceAccount:[email protected] 926*d5c09012SAndroid Build Coastguard Worker // - projectOwner:some_project_id 927*d5c09012SAndroid Build Coastguard Worker // - domain:google.com 928*d5c09012SAndroid Build Coastguard Worker // - allUsers 929*d5c09012SAndroid Build Coastguard Worker string name = 1; 930*d5c09012SAndroid Build Coastguard Worker 931*d5c09012SAndroid Build Coastguard Worker // The analysis state of this identity. 932*d5c09012SAndroid Build Coastguard Worker IamPolicyAnalysisState analysis_state = 2; 933*d5c09012SAndroid Build Coastguard Worker } 934*d5c09012SAndroid Build Coastguard Worker 935*d5c09012SAndroid Build Coastguard Worker // A directional edge. 936*d5c09012SAndroid Build Coastguard Worker message Edge { 937*d5c09012SAndroid Build Coastguard Worker // The source node of the edge. For example, it could be a full resource 938*d5c09012SAndroid Build Coastguard Worker // name for a resource node or an email of an identity. 939*d5c09012SAndroid Build Coastguard Worker string source_node = 1; 940*d5c09012SAndroid Build Coastguard Worker 941*d5c09012SAndroid Build Coastguard Worker // The target node of the edge. For example, it could be a full resource 942*d5c09012SAndroid Build Coastguard Worker // name for a resource node or an email of an identity. 943*d5c09012SAndroid Build Coastguard Worker string target_node = 2; 944*d5c09012SAndroid Build Coastguard Worker } 945*d5c09012SAndroid Build Coastguard Worker 946*d5c09012SAndroid Build Coastguard Worker // An access control list, derived from the above IAM policy binding, which 947*d5c09012SAndroid Build Coastguard Worker // contains a set of resources and accesses. May include one 948*d5c09012SAndroid Build Coastguard Worker // item from each set to compose an access control entry. 949*d5c09012SAndroid Build Coastguard Worker // 950*d5c09012SAndroid Build Coastguard Worker // NOTICE that there could be multiple access control lists for one IAM policy 951*d5c09012SAndroid Build Coastguard Worker // binding. The access control lists are created based on resource and access 952*d5c09012SAndroid Build Coastguard Worker // combinations. 953*d5c09012SAndroid Build Coastguard Worker // 954*d5c09012SAndroid Build Coastguard Worker // For example, assume we have the following cases in one IAM policy binding: 955*d5c09012SAndroid Build Coastguard Worker // - Permission P1 and P2 apply to resource R1 and R2; 956*d5c09012SAndroid Build Coastguard Worker // - Permission P3 applies to resource R2 and R3; 957*d5c09012SAndroid Build Coastguard Worker // 958*d5c09012SAndroid Build Coastguard Worker // This will result in the following access control lists: 959*d5c09012SAndroid Build Coastguard Worker // - AccessControlList 1: [R1, R2], [P1, P2] 960*d5c09012SAndroid Build Coastguard Worker // - AccessControlList 2: [R2, R3], [P3] 961*d5c09012SAndroid Build Coastguard Worker message AccessControlList { 962*d5c09012SAndroid Build Coastguard Worker // The resources that match one of the following conditions: 963*d5c09012SAndroid Build Coastguard Worker // - The resource_selector, if it is specified in request; 964*d5c09012SAndroid Build Coastguard Worker // - Otherwise, resources reachable from the policy attached resource. 965*d5c09012SAndroid Build Coastguard Worker repeated Resource resources = 1; 966*d5c09012SAndroid Build Coastguard Worker 967*d5c09012SAndroid Build Coastguard Worker // The accesses that match one of the following conditions: 968*d5c09012SAndroid Build Coastguard Worker // - The access_selector, if it is specified in request; 969*d5c09012SAndroid Build Coastguard Worker // - Otherwise, access specifiers reachable from the policy binding's role. 970*d5c09012SAndroid Build Coastguard Worker repeated Access accesses = 2; 971*d5c09012SAndroid Build Coastguard Worker 972*d5c09012SAndroid Build Coastguard Worker // Resource edges of the graph starting from the policy attached 973*d5c09012SAndroid Build Coastguard Worker // resource to any descendant resources. The 974*d5c09012SAndroid Build Coastguard Worker // [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] 975*d5c09012SAndroid Build Coastguard Worker // contains the full resource name of a parent resource and 976*d5c09012SAndroid Build Coastguard Worker // [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] 977*d5c09012SAndroid Build Coastguard Worker // contains the full resource name of a child resource. This field is 978*d5c09012SAndroid Build Coastguard Worker // present only if the output_resource_edges option is enabled in request. 979*d5c09012SAndroid Build Coastguard Worker repeated Edge resource_edges = 3; 980*d5c09012SAndroid Build Coastguard Worker 981*d5c09012SAndroid Build Coastguard Worker // Condition evaluation for this AccessControlList, if there is a condition 982*d5c09012SAndroid Build Coastguard Worker // defined in the above IAM policy binding. 983*d5c09012SAndroid Build Coastguard Worker ConditionEvaluation condition_evaluation = 4; 984*d5c09012SAndroid Build Coastguard Worker } 985*d5c09012SAndroid Build Coastguard Worker 986*d5c09012SAndroid Build Coastguard Worker // The identities and group edges. 987*d5c09012SAndroid Build Coastguard Worker message IdentityList { 988*d5c09012SAndroid Build Coastguard Worker // Only the identities that match one of the following conditions will be 989*d5c09012SAndroid Build Coastguard Worker // presented: 990*d5c09012SAndroid Build Coastguard Worker // - The identity_selector, if it is specified in request; 991*d5c09012SAndroid Build Coastguard Worker // - Otherwise, identities reachable from the policy binding's members. 992*d5c09012SAndroid Build Coastguard Worker repeated Identity identities = 1; 993*d5c09012SAndroid Build Coastguard Worker 994*d5c09012SAndroid Build Coastguard Worker // Group identity edges of the graph starting from the binding's 995*d5c09012SAndroid Build Coastguard Worker // group members to any node of the 996*d5c09012SAndroid Build Coastguard Worker // [identities][google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList.identities]. 997*d5c09012SAndroid Build Coastguard Worker // The 998*d5c09012SAndroid Build Coastguard Worker // [Edge.source_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.source_node] 999*d5c09012SAndroid Build Coastguard Worker // contains a group, such as `group:[email protected]`. The 1000*d5c09012SAndroid Build Coastguard Worker // [Edge.target_node][google.cloud.asset.v1.IamPolicyAnalysisResult.Edge.target_node] 1001*d5c09012SAndroid Build Coastguard Worker // contains a member of the group, such as `group:[email protected]` or 1002*d5c09012SAndroid Build Coastguard Worker // `user:[email protected]`. This field is present only if the 1003*d5c09012SAndroid Build Coastguard Worker // output_group_edges option is enabled in request. 1004*d5c09012SAndroid Build Coastguard Worker repeated Edge group_edges = 2; 1005*d5c09012SAndroid Build Coastguard Worker } 1006*d5c09012SAndroid Build Coastguard Worker 1007*d5c09012SAndroid Build Coastguard Worker // The [full resource 1008*d5c09012SAndroid Build Coastguard Worker // name](https://cloud.google.com/asset-inventory/docs/resource-name-format) 1009*d5c09012SAndroid Build Coastguard Worker // of the resource to which the 1010*d5c09012SAndroid Build Coastguard Worker // [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] 1011*d5c09012SAndroid Build Coastguard Worker // policy attaches. 1012*d5c09012SAndroid Build Coastguard Worker string attached_resource_full_name = 1; 1013*d5c09012SAndroid Build Coastguard Worker 1014*d5c09012SAndroid Build Coastguard Worker // The IAM policy binding under analysis. 1015*d5c09012SAndroid Build Coastguard Worker google.iam.v1.Binding iam_binding = 2; 1016*d5c09012SAndroid Build Coastguard Worker 1017*d5c09012SAndroid Build Coastguard Worker // The access control lists derived from the 1018*d5c09012SAndroid Build Coastguard Worker // [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] 1019*d5c09012SAndroid Build Coastguard Worker // that match or potentially match resource and access selectors specified in 1020*d5c09012SAndroid Build Coastguard Worker // the request. 1021*d5c09012SAndroid Build Coastguard Worker repeated AccessControlList access_control_lists = 3; 1022*d5c09012SAndroid Build Coastguard Worker 1023*d5c09012SAndroid Build Coastguard Worker // The identity list derived from members of the 1024*d5c09012SAndroid Build Coastguard Worker // [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] 1025*d5c09012SAndroid Build Coastguard Worker // that match or potentially match identity selector specified in the request. 1026*d5c09012SAndroid Build Coastguard Worker IdentityList identity_list = 4; 1027*d5c09012SAndroid Build Coastguard Worker 1028*d5c09012SAndroid Build Coastguard Worker // Represents whether all analyses on the 1029*d5c09012SAndroid Build Coastguard Worker // [iam_binding][google.cloud.asset.v1.IamPolicyAnalysisResult.iam_binding] 1030*d5c09012SAndroid Build Coastguard Worker // have successfully finished. 1031*d5c09012SAndroid Build Coastguard Worker bool fully_explored = 5; 1032*d5c09012SAndroid Build Coastguard Worker} 1033