assets.proto 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. // Copyright 2021 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.asset.v1p7beta1;
  16. import "google/api/annotations.proto";
  17. import "google/api/resource.proto";
  18. import "google/cloud/orgpolicy/v1/orgpolicy.proto";
  19. import "google/cloud/osconfig/v1/inventory.proto";
  20. import "google/iam/v1/policy.proto";
  21. import "google/identity/accesscontextmanager/v1/access_level.proto";
  22. import "google/identity/accesscontextmanager/v1/access_policy.proto";
  23. import "google/identity/accesscontextmanager/v1/service_perimeter.proto";
  24. import "google/protobuf/any.proto";
  25. import "google/protobuf/struct.proto";
  26. import "google/protobuf/timestamp.proto";
  27. option cc_enable_arenas = true;
  28. option csharp_namespace = "Google.Cloud.Asset.V1P7Beta1";
  29. option go_package = "google.golang.org/genproto/googleapis/cloud/asset/v1p7beta1;asset";
  30. option java_multiple_files = true;
  31. option java_outer_classname = "AssetProto";
  32. option java_package = "com.google.cloud.asset.v1p7beta1";
  33. option php_namespace = "Google\\Cloud\\Asset\\V1p7beta1";
  34. // The Cloud Asset API.
  35. // An asset in Google Cloud. An asset can be any resource in the Google Cloud
  36. // [resource
  37. // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
  38. // a resource outside the Google Cloud resource hierarchy (such as Google
  39. // Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
  40. // See [Supported asset
  41. // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
  42. // for more information.
  43. message Asset {
  44. option (google.api.resource) = {
  45. type: "cloudasset.googleapis.com/Asset"
  46. pattern: "*"
  47. };
  48. // The last update timestamp of an asset. update_time is updated when
  49. // create/update/delete operation is performed.
  50. google.protobuf.Timestamp update_time = 11;
  51. // The full name of the asset. Example:
  52. // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
  53. //
  54. // See [Resource
  55. // names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
  56. // for more information.
  57. string name = 1;
  58. // The type of the asset. Example: `compute.googleapis.com/Disk`
  59. //
  60. // See [Supported asset
  61. // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
  62. // for more information.
  63. string asset_type = 2;
  64. // A representation of the resource.
  65. Resource resource = 3;
  66. // A representation of the Cloud IAM policy set on a Google Cloud resource.
  67. // There can be a maximum of one Cloud IAM policy set on any given resource.
  68. // In addition, Cloud IAM policies inherit their granted access scope from any
  69. // policies set on parent resources in the resource hierarchy. Therefore, the
  70. // effectively policy is the union of both the policy set on this resource
  71. // and each policy set on all of the resource's ancestry resource levels in
  72. // the hierarchy. See
  73. // [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for
  74. // more information.
  75. google.iam.v1.Policy iam_policy = 4;
  76. // A representation of an [organization
  77. // policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).
  78. // There can be more than one organization policy with different constraints
  79. // set on a given resource.
  80. repeated google.cloud.orgpolicy.v1.Policy org_policy = 6;
  81. // A representation of an [access
  82. // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
  83. oneof access_context_policy {
  84. // Please also refer to the [access policy user
  85. // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
  86. google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7;
  87. // Please also refer to the [access level user
  88. // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
  89. google.identity.accesscontextmanager.v1.AccessLevel access_level = 8;
  90. // Please also refer to the [service perimeter user
  91. // guide](https://cloud.google.com/vpc-service-controls/docs/overview).
  92. google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter =
  93. 9;
  94. }
  95. // The related assets of the asset of one relationship type.
  96. // One asset only represents one type of relationship.
  97. RelatedAssets related_assets = 13;
  98. // The ancestry path of an asset in Google Cloud [resource
  99. // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
  100. // represented as a list of relative resource names. An ancestry path starts
  101. // with the closest ancestor in the hierarchy and ends at root. If the asset
  102. // is a project, folder, or organization, the ancestry path starts from the
  103. // asset itself.
  104. //
  105. // Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
  106. repeated string ancestors = 10;
  107. }
  108. // A representation of a Google Cloud resource.
  109. message Resource {
  110. // The API version. Example: `v1`
  111. string version = 1;
  112. // The URL of the discovery document containing the resource's JSON schema.
  113. // Example:
  114. // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
  115. //
  116. // This value is unspecified for resources that do not have an API based on a
  117. // discovery document, such as Cloud Bigtable.
  118. string discovery_document_uri = 2;
  119. // The JSON schema name listed in the discovery document. Example:
  120. // `Project`
  121. //
  122. // This value is unspecified for resources that do not have an API based on a
  123. // discovery document, such as Cloud Bigtable.
  124. string discovery_name = 3;
  125. // The REST URL for accessing the resource. An HTTP `GET` request using this
  126. // URL returns the resource itself. Example:
  127. // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
  128. //
  129. // This value is unspecified for resources without a REST API.
  130. string resource_url = 4;
  131. // The full name of the immediate parent of this resource. See
  132. // [Resource
  133. // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
  134. // for more information.
  135. //
  136. // For Google Cloud assets, this value is the parent resource defined in the
  137. // [Cloud IAM policy
  138. // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
  139. // Example:
  140. // `//cloudresourcemanager.googleapis.com/projects/my_project_123`
  141. //
  142. // For third-party assets, this field may be set differently.
  143. string parent = 5;
  144. // The content of the resource, in which some sensitive fields are removed
  145. // and may not be present.
  146. google.protobuf.Struct data = 6;
  147. // The location of the resource in Google Cloud, such as its zone and region.
  148. // For more information, see https://cloud.google.com/about/locations/.
  149. string location = 8;
  150. }
  151. // The detailed related assets with the `relationship_type`.
  152. message RelatedAssets {
  153. // The detailed relation attributes.
  154. RelationshipAttributes relationship_attributes = 1;
  155. // The peer resources of the relationship.
  156. repeated RelatedAsset assets = 2;
  157. }
  158. // The relationship attributes which include `type`, `source_resource_type`,
  159. // `target_resource_type` and `action`.
  160. message RelationshipAttributes {
  161. // The unique identifier of the relationship type. Example:
  162. // `INSTANCE_TO_INSTANCEGROUP`
  163. string type = 4;
  164. // The source asset type. Example: `compute.googleapis.com/Instance`
  165. string source_resource_type = 1;
  166. // The target asset type. Example: `compute.googleapis.com/Disk`
  167. string target_resource_type = 2;
  168. // The detail of the relationship, e.g. `contains`, `attaches`
  169. string action = 3;
  170. }
  171. // An asset identify in Google Cloud which contains its name, type and
  172. // ancestors. An asset can be any resource in the Google Cloud [resource
  173. // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
  174. // a resource outside the Google Cloud resource hierarchy (such as Google
  175. // Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
  176. // See [Supported asset
  177. // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
  178. // for more information.
  179. message RelatedAsset {
  180. // The full name of the asset. Example:
  181. // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
  182. //
  183. // See [Resource
  184. // names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
  185. // for more information.
  186. string asset = 1 [(google.api.resource_reference) = {
  187. type: "cloudasset.googleapis.com/Asset"
  188. }];
  189. // The type of the asset. Example: `compute.googleapis.com/Disk`
  190. //
  191. // See [Supported asset
  192. // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
  193. // for more information.
  194. string asset_type = 2;
  195. // The ancestors of an asset in Google Cloud [resource
  196. // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
  197. // represented as a list of relative resource names. An ancestry path starts
  198. // with the closest ancestor in the hierarchy and ends at root.
  199. //
  200. // Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
  201. repeated string ancestors = 3;
  202. }