assets.proto 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. // Copyright 2020 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.asset.v1p5beta1;
  16. import "google/api/annotations.proto";
  17. import "google/api/resource.proto";
  18. import "google/cloud/orgpolicy/v1/orgpolicy.proto";
  19. import "google/iam/v1/policy.proto";
  20. import "google/identity/accesscontextmanager/v1/access_level.proto";
  21. import "google/identity/accesscontextmanager/v1/access_policy.proto";
  22. import "google/identity/accesscontextmanager/v1/service_perimeter.proto";
  23. import "google/protobuf/any.proto";
  24. import "google/protobuf/struct.proto";
  25. import "google/protobuf/timestamp.proto";
  26. option cc_enable_arenas = true;
  27. option csharp_namespace = "Google.Cloud.Asset.V1p5Beta1";
  28. option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p5beta1;asset";
  29. option java_multiple_files = true;
  30. option java_outer_classname = "AssetProto";
  31. option java_package = "com.google.cloud.asset.v1p5beta1";
  32. option php_namespace = "Google\\Cloud\\Asset\\V1p5beta1";
  33. // Cloud asset. This includes all Google Cloud Platform resources,
  34. // Cloud IAM policies, and other non-GCP assets.
  35. message Asset {
  36. option (google.api.resource) = {
  37. type: "cloudasset.googleapis.com/Asset"
  38. pattern: "*"
  39. };
  40. // The full name of the asset. For example:
  41. // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
  42. // See [Resource
  43. // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
  44. // for more information.
  45. string name = 1;
  46. // Type of the asset. Example: "compute.googleapis.com/Disk".
  47. string asset_type = 2;
  48. // Representation of the resource.
  49. Resource resource = 3;
  50. // Representation of the actual Cloud IAM policy set on a cloud resource. For
  51. // each resource, there must be at most one Cloud IAM policy set on it.
  52. google.iam.v1.Policy iam_policy = 4;
  53. // Representation of the Cloud Organization Policy set on an asset. For each
  54. // asset, there could be multiple Organization policies with different
  55. // constraints.
  56. repeated google.cloud.orgpolicy.v1.Policy org_policy = 6;
  57. // Representation of the Cloud Organization access policy.
  58. oneof access_context_policy {
  59. google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7;
  60. google.identity.accesscontextmanager.v1.AccessLevel access_level = 8;
  61. google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter =
  62. 9;
  63. }
  64. // Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy,
  65. // represented as a list of relative resource names. Ancestry path starts with
  66. // the closest CRM ancestor and ends at root. If the asset is a CRM
  67. // project/folder/organization, this starts from the asset itself.
  68. //
  69. // Example: ["projects/123456789", "folders/5432", "organizations/1234"]
  70. repeated string ancestors = 10;
  71. }
  72. // Representation of a cloud resource.
  73. message Resource {
  74. // The API version. Example: "v1".
  75. string version = 1;
  76. // The URL of the discovery document containing the resource's JSON schema.
  77. // For example:
  78. // `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
  79. // It will be left unspecified for resources without a discovery-based API,
  80. // such as Cloud Bigtable.
  81. string discovery_document_uri = 2;
  82. // The JSON schema name listed in the discovery document.
  83. // Example: "Project". It will be left unspecified for resources (such as
  84. // Cloud Bigtable) without a discovery-based API.
  85. string discovery_name = 3;
  86. // The REST URL for accessing the resource. An HTTP GET operation using this
  87. // URL returns the resource itself.
  88. // Example:
  89. // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
  90. // It will be left unspecified for resources without a REST API.
  91. string resource_url = 4;
  92. // The full name of the immediate parent of this resource. See
  93. // [Resource
  94. // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
  95. // for more information.
  96. //
  97. // For GCP assets, it is the parent resource defined in the [Cloud IAM policy
  98. // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
  99. // For example:
  100. // `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
  101. //
  102. // For third-party assets, it is up to the users to define.
  103. string parent = 5;
  104. // The content of the resource, in which some sensitive fields are scrubbed
  105. // away and may not be present.
  106. google.protobuf.Struct data = 6;
  107. }