xref: /aosp_15_r20/external/googleapis/google/cloud/asset/v1p2beta1/assets.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.asset.v1p2beta1;
18
19import "google/api/resource.proto";
20import "google/cloud/orgpolicy/v1/orgpolicy.proto";
21import "google/iam/v1/policy.proto";
22import "google/identity/accesscontextmanager/v1/access_level.proto";
23import "google/identity/accesscontextmanager/v1/access_policy.proto";
24import "google/identity/accesscontextmanager/v1/service_perimeter.proto";
25import "google/protobuf/struct.proto";
26import "google/protobuf/timestamp.proto";
27
28option cc_enable_arenas = true;
29option csharp_namespace = "Google.Cloud.Asset.V1P2Beta1";
30option go_package = "cloud.google.com/go/asset/apiv1p2beta1/assetpb;assetpb";
31option java_multiple_files = true;
32option java_outer_classname = "AssetProto";
33option java_package = "com.google.cloud.asset.v1p2beta1";
34option php_namespace = "Google\\Cloud\\Asset\\V1p2beta1";
35
36// An asset in Google Cloud and its temporal metadata, including the time window
37// when it was observed and its status during that window.
38message TemporalAsset {
39  // The time window when the asset data and state was observed.
40  TimeWindow window = 1;
41
42  // Whether the asset has been deleted or not.
43  bool deleted = 2;
44
45  // An asset in Google Cloud.
46  Asset asset = 3;
47}
48
49// A time window specified by its `start_time` and `end_time`.
50message TimeWindow {
51  // Start time of the time window (exclusive).
52  google.protobuf.Timestamp start_time = 1;
53
54  // End time of the time window (inclusive). If not specified, the current
55  // timestamp is used instead.
56  google.protobuf.Timestamp end_time = 2;
57}
58
59// An asset in Google Cloud. An asset can be any resource in the Google Cloud
60// [resource
61// hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
62// a resource outside the Google Cloud resource hierarchy (such as Google
63// Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy).
64// See [Supported asset
65// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
66// for more information.
67message Asset {
68  option (google.api.resource) = {
69    type: "cloudasset.googleapis.com/Asset"
70    pattern: "*"
71  };
72
73  // The full name of the asset. Example:
74  // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
75  //
76  // See [Resource
77  // names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
78  // for more information.
79  string name = 1;
80
81  // The type of the asset. Example: `compute.googleapis.com/Disk`
82  //
83  // See [Supported asset
84  // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
85  // for more information.
86  string asset_type = 2;
87
88  // A representation of the resource.
89  Resource resource = 3;
90
91  // A representation of the IAM policy set on a Google Cloud resource.
92  // There can be a maximum of one IAM policy set on any given resource.
93  // In addition, IAM policies inherit their granted access scope from any
94  // policies set on parent resources in the resource hierarchy. Therefore, the
95  // effectively policy is the union of both the policy set on this resource
96  // and each policy set on all of the resource's ancestry resource levels in
97  // the hierarchy. See
98  // [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance)
99  // for more information.
100  google.iam.v1.Policy iam_policy = 4;
101
102  // The ancestry path of an asset in Google Cloud [resource
103  // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
104  // represented as a list of relative resource names. An ancestry path starts
105  // with the closest ancestor in the hierarchy and ends at root. If the asset
106  // is a project, folder, or organization, the ancestry path starts from the
107  // asset itself.
108  //
109  // Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
110  repeated string ancestors = 6;
111
112  // A representation of an [access
113  // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
114  oneof access_context_policy {
115    // Please also refer to the [access policy user
116    // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
117    google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7;
118
119    // Please also refer to the [access level user
120    // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
121    google.identity.accesscontextmanager.v1.AccessLevel access_level = 8;
122
123    // Please also refer to the [service perimeter user
124    // guide](https://cloud.google.com/vpc-service-controls/docs/overview).
125    google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter =
126        9;
127  }
128
129  // A representation of an [organization
130  // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).
131  // There can be more than one organization policy with different constraints
132  // set on a given resource.
133  repeated google.cloud.orgpolicy.v1.Policy org_policy = 10;
134}
135
136// A representation of a Google Cloud resource.
137message Resource {
138  // The API version. Example: `v1`
139  string version = 1;
140
141  // The URL of the discovery document containing the resource's JSON schema.
142  // Example:
143  // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
144  //
145  // This value is unspecified for resources that do not have an API based on a
146  // discovery document, such as Cloud Bigtable.
147  string discovery_document_uri = 2;
148
149  // The JSON schema name listed in the discovery document. Example:
150  // `Project`
151  //
152  // This value is unspecified for resources that do not have an API based on a
153  // discovery document, such as Cloud Bigtable.
154  string discovery_name = 3;
155
156  // The REST URL for accessing the resource. An HTTP `GET` request using this
157  // URL returns the resource itself. Example:
158  // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
159  //
160  // This value is unspecified for resources without a REST API.
161  string resource_url = 4;
162
163  // The full name of the immediate parent of this resource. See
164  // [Resource
165  // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
166  // for more information.
167  //
168  // For Google Cloud assets, this value is the parent resource defined in the
169  // [IAM policy
170  // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
171  // Example:
172  // `//cloudresourcemanager.googleapis.com/projects/my_project_123`
173  //
174  // For third-party assets, this field may be set differently.
175  string parent = 5;
176
177  // The content of the resource, in which some sensitive fields are removed
178  // and may not be present.
179  google.protobuf.Struct data = 6;
180}
181