diff --git a/google/cloud/asset/__init__.py b/google/cloud/asset/__init__.py index f0217c38..33511a4d 100644 --- a/google/cloud/asset/__init__.py +++ b/google/cloud/asset/__init__.py @@ -103,6 +103,7 @@ from google.cloud.asset_v1.types.assets import Asset from google.cloud.asset_v1.types.assets import AttachedResource from google.cloud.asset_v1.types.assets import ConditionEvaluation +from google.cloud.asset_v1.types.assets import EffectiveTagDetails from google.cloud.asset_v1.types.assets import IamPolicyAnalysisResult from google.cloud.asset_v1.types.assets import IamPolicyAnalysisState from google.cloud.asset_v1.types.assets import IamPolicySearchResult @@ -113,6 +114,7 @@ from google.cloud.asset_v1.types.assets import RelationshipAttributes from google.cloud.asset_v1.types.assets import Resource from google.cloud.asset_v1.types.assets import ResourceSearchResult +from google.cloud.asset_v1.types.assets import Tag from google.cloud.asset_v1.types.assets import TemporalAsset from google.cloud.asset_v1.types.assets import TimeWindow from google.cloud.asset_v1.types.assets import VersionedResource @@ -184,6 +186,7 @@ "Asset", "AttachedResource", "ConditionEvaluation", + "EffectiveTagDetails", "IamPolicyAnalysisResult", "IamPolicyAnalysisState", "IamPolicySearchResult", @@ -194,6 +197,7 @@ "RelationshipAttributes", "Resource", "ResourceSearchResult", + "Tag", "TemporalAsset", "TimeWindow", "VersionedResource", diff --git a/google/cloud/asset_v1/__init__.py b/google/cloud/asset_v1/__init__.py index 51f17a58..3788a43d 100644 --- a/google/cloud/asset_v1/__init__.py +++ b/google/cloud/asset_v1/__init__.py @@ -85,6 +85,7 @@ from .types.assets import Asset from .types.assets import AttachedResource from .types.assets import ConditionEvaluation +from .types.assets import EffectiveTagDetails from .types.assets import IamPolicyAnalysisResult from .types.assets import IamPolicyAnalysisState from .types.assets import IamPolicySearchResult @@ -95,6 +96,7 @@ from .types.assets import RelationshipAttributes from .types.assets import Resource from .types.assets import ResourceSearchResult +from .types.assets import Tag from .types.assets import TemporalAsset from .types.assets import TimeWindow from .types.assets import VersionedResource @@ -130,6 +132,7 @@ "CreateSavedQueryRequest", "DeleteFeedRequest", "DeleteSavedQueryRequest", + "EffectiveTagDetails", "ExportAssetsRequest", "ExportAssetsResponse", "Feed", @@ -174,6 +177,7 @@ "SearchAllResourcesResponse", "TableFieldSchema", "TableSchema", + "Tag", "TemporalAsset", "TimeWindow", "UpdateFeedRequest", diff --git a/google/cloud/asset_v1/services/asset_service/async_client.py b/google/cloud/asset_v1/services/asset_service/async_client.py index d440883d..692fb57f 100644 --- a/google/cloud/asset_v1/services/asset_service/async_client.py +++ b/google/cloud/asset_v1/services/asset_service/async_client.py @@ -1211,62 +1211,93 @@ async def sample_search_all_resources(): Examples: - ``name:Important`` to find Google Cloud resources - whose name contains "Important" as a word. + whose name contains ``Important`` as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly "Important". + whose name is exactly ``Important``. - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains "Impor" as a prefix of + whose display name contains ``Impor`` as a prefix of any word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both "us" and "west" as + whose location contains both ``us`` and ``west`` as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain "prod" as a key or value. + labels contain ``prod`` as a key or value. - ``labels.env:prod`` to find Google Cloud resources - that have a label "env" and its value is "prod". + that have a label ``env`` and its value is ``prod``. - ``labels.env:*`` to find Google Cloud resources that - have a label "env". + have a label ``env``. + - ``tagKeys:env`` to find Google Cloud resources that + have directly attached tags where the + ```TagKey`` `__ + .\ ``namespacedName`` contains ``env``. + - ``tagValues:prod*`` to find Google Cloud resources + that have directly attached tags where the + ```TagValue`` `__ + .\ ``namespacedName`` contains a word prefixed by + ``prod``. + - ``tagValueIds=tagValues/123`` to find Google Cloud + resources that have directly attached tags where the + ```TagValue`` `__ + .\ ``name`` is exactly ``tagValues/123``. + - ``effectiveTagKeys:env`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagKey`` `__ + .\ ``namespacedName`` contains ``env``. + - ``effectiveTagValues:prod*`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagValue`` `__ + .\ ``namespacedName`` contains a word prefixed by + ``prod``. + - ``effectiveTagValueIds=tagValues/123`` to find Google + Cloud resources that have directly attached or + inherited tags where the + ```TagValue`` `__ + .\ ``name`` is exactly ``tagValues/123``. - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key - whose name contains "key" as a word. This field is + whose name contains ``key`` as a word. This field is deprecated. Please use the ``kmsKeys`` field to retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose - name contains the word "key". + name contains the word ``key``. - ``relationships:instance-group-1`` to find Google Cloud resources that have relationships with - "instance-group-1" in the related resource name. + ``instance-group-1`` in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of - type "INSTANCE_TO_INSTANCEGROUP". + type ``INSTANCE_TO_INSTANCEGROUP``. - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have - relationships with "instance-group-1" in the Compute - Engine instance group resource name, for relationship - type "INSTANCE_TO_INSTANCEGROUP". + relationships with ``instance-group-1`` in the + Compute Engine instance group resource name, for + relationship type ``INSTANCE_TO_INSTANCEGROUP``. - ``state:ACTIVE`` to find Google Cloud resources whose - state contains "ACTIVE" as a word. + state contains ``ACTIVE`` as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources - whose state doesn't contain "ACTIVE" as a word. + whose state doesn't contain ``ACTIVE`` as a word. - ``createTime<1609459200`` to find Google Cloud - resources that were created before "2021-01-01 - 00:00:00 UTC". 1609459200 is the epoch timestamp of - "2021-01-01 00:00:00 UTC" in seconds. + resources that were created before + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``updateTime>1609459200`` to find Google Cloud - resources that were updated after "2021-01-01 - 00:00:00 UTC". 1609459200 is the epoch timestamp of - "2021-01-01 00:00:00 UTC" in seconds. + resources that were updated after + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``Important`` to find Google Cloud resources that - contain "Important" as a word in any of the + contain ``Important`` as a word in any of the searchable fields. - ``Impor*`` to find Google Cloud resources that - contain "Impor" as a prefix of any word in any of the - searchable fields. + contain ``Impor`` as a prefix of any word in any of + the searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain "Important" as a - word in any of the searchable fields and are also - located in the "us-west1" region or the "global" + Google Cloud resources that contain ``Important`` as + a word in any of the searchable fields and are also + located in the ``us-west1`` region or the ``global`` location. This corresponds to the ``query`` field @@ -1880,8 +1911,8 @@ async def query_assets( metadata: Sequence[Tuple[str, str]] = (), ) -> asset_service.QueryAssetsResponse: r"""Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -1892,9 +1923,9 @@ async def query_assets( ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. .. code-block:: python diff --git a/google/cloud/asset_v1/services/asset_service/client.py b/google/cloud/asset_v1/services/asset_service/client.py index 1c6f3c60..dbacd132 100644 --- a/google/cloud/asset_v1/services/asset_service/client.py +++ b/google/cloud/asset_v1/services/asset_service/client.py @@ -1476,62 +1476,93 @@ def sample_search_all_resources(): Examples: - ``name:Important`` to find Google Cloud resources - whose name contains "Important" as a word. + whose name contains ``Important`` as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly "Important". + whose name is exactly ``Important``. - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains "Impor" as a prefix of + whose display name contains ``Impor`` as a prefix of any word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both "us" and "west" as + whose location contains both ``us`` and ``west`` as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain "prod" as a key or value. + labels contain ``prod`` as a key or value. - ``labels.env:prod`` to find Google Cloud resources - that have a label "env" and its value is "prod". + that have a label ``env`` and its value is ``prod``. - ``labels.env:*`` to find Google Cloud resources that - have a label "env". + have a label ``env``. + - ``tagKeys:env`` to find Google Cloud resources that + have directly attached tags where the + ```TagKey`` `__ + .\ ``namespacedName`` contains ``env``. + - ``tagValues:prod*`` to find Google Cloud resources + that have directly attached tags where the + ```TagValue`` `__ + .\ ``namespacedName`` contains a word prefixed by + ``prod``. + - ``tagValueIds=tagValues/123`` to find Google Cloud + resources that have directly attached tags where the + ```TagValue`` `__ + .\ ``name`` is exactly ``tagValues/123``. + - ``effectiveTagKeys:env`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagKey`` `__ + .\ ``namespacedName`` contains ``env``. + - ``effectiveTagValues:prod*`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagValue`` `__ + .\ ``namespacedName`` contains a word prefixed by + ``prod``. + - ``effectiveTagValueIds=tagValues/123`` to find Google + Cloud resources that have directly attached or + inherited tags where the + ```TagValue`` `__ + .\ ``name`` is exactly ``tagValues/123``. - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key - whose name contains "key" as a word. This field is + whose name contains ``key`` as a word. This field is deprecated. Please use the ``kmsKeys`` field to retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose - name contains the word "key". + name contains the word ``key``. - ``relationships:instance-group-1`` to find Google Cloud resources that have relationships with - "instance-group-1" in the related resource name. + ``instance-group-1`` in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of - type "INSTANCE_TO_INSTANCEGROUP". + type ``INSTANCE_TO_INSTANCEGROUP``. - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have - relationships with "instance-group-1" in the Compute - Engine instance group resource name, for relationship - type "INSTANCE_TO_INSTANCEGROUP". + relationships with ``instance-group-1`` in the + Compute Engine instance group resource name, for + relationship type ``INSTANCE_TO_INSTANCEGROUP``. - ``state:ACTIVE`` to find Google Cloud resources whose - state contains "ACTIVE" as a word. + state contains ``ACTIVE`` as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources - whose state doesn't contain "ACTIVE" as a word. + whose state doesn't contain ``ACTIVE`` as a word. - ``createTime<1609459200`` to find Google Cloud - resources that were created before "2021-01-01 - 00:00:00 UTC". 1609459200 is the epoch timestamp of - "2021-01-01 00:00:00 UTC" in seconds. + resources that were created before + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``updateTime>1609459200`` to find Google Cloud - resources that were updated after "2021-01-01 - 00:00:00 UTC". 1609459200 is the epoch timestamp of - "2021-01-01 00:00:00 UTC" in seconds. + resources that were updated after + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``Important`` to find Google Cloud resources that - contain "Important" as a word in any of the + contain ``Important`` as a word in any of the searchable fields. - ``Impor*`` to find Google Cloud resources that - contain "Impor" as a prefix of any word in any of the - searchable fields. + contain ``Impor`` as a prefix of any word in any of + the searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain "Important" as a - word in any of the searchable fields and are also - located in the "us-west1" region or the "global" + Google Cloud resources that contain ``Important`` as + a word in any of the searchable fields and are also + located in the ``us-west1`` region or the ``global`` location. This corresponds to the ``query`` field @@ -2123,8 +2154,8 @@ def query_assets( metadata: Sequence[Tuple[str, str]] = (), ) -> asset_service.QueryAssetsResponse: r"""Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -2135,9 +2166,9 @@ def query_assets( ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. .. code-block:: python diff --git a/google/cloud/asset_v1/services/asset_service/transports/grpc.py b/google/cloud/asset_v1/services/asset_service/transports/grpc.py index 82660da2..0dfc989e 100644 --- a/google/cloud/asset_v1/services/asset_service/transports/grpc.py +++ b/google/cloud/asset_v1/services/asset_service/transports/grpc.py @@ -655,8 +655,8 @@ def query_assets( r"""Return a callable for the query assets method over gRPC. Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -667,9 +667,9 @@ def query_assets( ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. Returns: Callable[[~.QueryAssetsRequest], diff --git a/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py b/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py index 2fc73171..ee27b0c0 100644 --- a/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py +++ b/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py @@ -670,8 +670,8 @@ def query_assets( r"""Return a callable for the query assets method over gRPC. Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -682,9 +682,9 @@ def query_assets( ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. Returns: Callable[[~.QueryAssetsRequest], diff --git a/google/cloud/asset_v1/types/__init__.py b/google/cloud/asset_v1/types/__init__.py index 6bcb28ef..349fb085 100644 --- a/google/cloud/asset_v1/types/__init__.py +++ b/google/cloud/asset_v1/types/__init__.py @@ -80,6 +80,7 @@ Asset, AttachedResource, ConditionEvaluation, + EffectiveTagDetails, IamPolicyAnalysisResult, IamPolicyAnalysisState, IamPolicySearchResult, @@ -90,6 +91,7 @@ RelationshipAttributes, Resource, ResourceSearchResult, + Tag, TemporalAsset, TimeWindow, VersionedResource, @@ -160,6 +162,7 @@ "Asset", "AttachedResource", "ConditionEvaluation", + "EffectiveTagDetails", "IamPolicyAnalysisResult", "IamPolicyAnalysisState", "IamPolicySearchResult", @@ -170,6 +173,7 @@ "RelationshipAttributes", "Resource", "ResourceSearchResult", + "Tag", "TemporalAsset", "TimeWindow", "VersionedResource", diff --git a/google/cloud/asset_v1/types/asset_service.py b/google/cloud/asset_v1/types/asset_service.py index a6312ce5..087db5d2 100644 --- a/google/cloud/asset_v1/types/asset_service.py +++ b/google/cloud/asset_v1/types/asset_service.py @@ -1098,60 +1098,89 @@ class SearchAllResourcesRequest(proto.Message): Examples: - ``name:Important`` to find Google Cloud resources whose - name contains "Important" as a word. + name contains ``Important`` as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly "Important". + whose name is exactly ``Important``. - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains "Impor" as a prefix of any + whose display name contains ``Impor`` as a prefix of any word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both "us" and "west" as prefixes. + whose location contains both ``us`` and ``west`` as + prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain "prod" as a key or value. + labels contain ``prod`` as a key or value. - ``labels.env:prod`` to find Google Cloud resources that - have a label "env" and its value is "prod". + have a label ``env`` and its value is ``prod``. - ``labels.env:*`` to find Google Cloud resources that have - a label "env". + a label ``env``. + - ``tagKeys:env`` to find Google Cloud resources that have + directly attached tags where the + ```TagKey`` `__ + .\ ``namespacedName`` contains ``env``. + - ``tagValues:prod*`` to find Google Cloud resources that + have directly attached tags where the + ```TagValue`` `__ + .\ ``namespacedName`` contains a word prefixed by + ``prod``. + - ``tagValueIds=tagValues/123`` to find Google Cloud + resources that have directly attached tags where the + ```TagValue`` `__ + .\ ``name`` is exactly ``tagValues/123``. + - ``effectiveTagKeys:env`` to find Google Cloud resources + that have directly attached or inherited tags where the + ```TagKey`` `__ + .\ ``namespacedName`` contains ``env``. + - ``effectiveTagValues:prod*`` to find Google Cloud + resources that have directly attached or inherited tags + where the + ```TagValue`` `__ + .\ ``namespacedName`` contains a word prefixed by + ``prod``. + - ``effectiveTagValueIds=tagValues/123`` to find Google + Cloud resources that have directly attached or inherited + tags where the + ```TagValue`` `__ + .\ ``name`` is exactly ``tagValues/123``. - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose name - contains "key" as a word. This field is deprecated. + contains ``key`` as a word. This field is deprecated. Please use the ``kmsKeys`` field to retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains - the word "key". + the word ``key``. - ``relationships:instance-group-1`` to find Google Cloud - resources that have relationships with "instance-group-1" - in the related resource name. + resources that have relationships with + ``instance-group-1`` in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of type - "INSTANCE_TO_INSTANCEGROUP". + ``INSTANCE_TO_INSTANCEGROUP``. - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have relationships - with "instance-group-1" in the Compute Engine instance + with ``instance-group-1`` in the Compute Engine instance group resource name, for relationship type - "INSTANCE_TO_INSTANCEGROUP". + ``INSTANCE_TO_INSTANCEGROUP``. - ``state:ACTIVE`` to find Google Cloud resources whose - state contains "ACTIVE" as a word. + state contains ``ACTIVE`` as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources whose - state doesn't contain "ACTIVE" as a word. + state doesn't contain ``ACTIVE`` as a word. - ``createTime<1609459200`` to find Google Cloud resources - that were created before "2021-01-01 00:00:00 UTC". - 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 - UTC" in seconds. + that were created before ``2021-01-01 00:00:00 UTC``. + ``1609459200`` is the epoch timestamp of + ``2021-01-01 00:00:00 UTC`` in seconds. - ``updateTime>1609459200`` to find Google Cloud resources - that were updated after "2021-01-01 00:00:00 UTC". - 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 - UTC" in seconds. + that were updated after ``2021-01-01 00:00:00 UTC``. + ``1609459200`` is the epoch timestamp of + ``2021-01-01 00:00:00 UTC`` in seconds. - ``Important`` to find Google Cloud resources that contain - "Important" as a word in any of the searchable fields. + ``Important`` as a word in any of the searchable fields. - ``Impor*`` to find Google Cloud resources that contain - "Impor" as a prefix of any word in any of the searchable - fields. + ``Impor`` as a prefix of any word in any of the + searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain "Important" as a word - in any of the searchable fields and are also located in - the "us-west1" region or the "global" location. + Google Cloud resources that contain ``Important`` as a + word in any of the searchable fields and are also located + in the ``us-west1`` region or the ``global`` location. asset_types (MutableSequence[str]): Optional. A list of asset types that this request searches for. If empty, it will search all the `searchable asset @@ -1173,10 +1202,10 @@ class SearchAllResourcesRequest(proto.Message): page_size (int): Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If - set to zero, server will pick an appropriate default. - Returned results may be fewer than requested. When this - happens, there could be more results as long as - ``next_page_token`` is returned. + set to zero or a negative value, server will pick an + appropriate default. Returned results may be fewer than + requested. When this happens, there could be more results as + long as ``next_page_token`` is returned. page_token (str): Optional. If present, then retrieve the next batch of results from the preceding call to this method. @@ -1188,8 +1217,8 @@ class SearchAllResourcesRequest(proto.Message): sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. - Example: "location DESC, name". Only singular primitive - fields in the response are sortable: + Example: "location DESC, name". Only the following fields in + the response are sortable: - name - assetType @@ -1202,47 +1231,40 @@ class SearchAllResourcesRequest(proto.Message): - state - parentFullResourceName - parentAssetType - - All the other fields such as repeated fields (e.g., - ``networkTags``, ``kmsKeys``), map fields (e.g., ``labels``) - and struct fields (e.g., ``additionalAttributes``) are not - supported. read_mask (google.protobuf.field_mask_pb2.FieldMask): - Optional. A comma-separated list of fields specifying which - fields to be returned in ResourceSearchResult. Only '*' or - combination of top level fields can be specified. Field - names of both snake_case and camelCase are supported. - Examples: ``"*"``, ``"name,location"``, - ``"name,versionedResources"``. - - The read_mask paths must be valid field paths listed but not - limited to (both snake_case and camelCase are supported): - - - name - - assetType - - project - - displayName - - description - - location - - tagKeys - - tagValues - - tagValueIds - - labels - - networkTags - - kmsKey (This field is deprecated. Please use the - ``kmsKeys`` field to retrieve Cloud KMS key information.) - - kmsKeys - - createTime - - updateTime - - state - - additionalAttributes - - versionedResources - - If read_mask is not specified, all fields except - versionedResources will be returned. If only '*' is - specified, all fields including versionedResources will be - returned. Any invalid field path will trigger - INVALID_ARGUMENT error. + Optional. A comma-separated list of fields that you want + returned in the results. The following fields are returned + by default if not specified: + + - ``name`` + - ``assetType`` + - ``project`` + - ``folders`` + - ``organization`` + - ``displayName`` + - ``description`` + - ``location`` + - ``labels`` + - ``tags`` + - ``effectiveTags`` + - ``networkTags`` + - ``kmsKeys`` + - ``createTime`` + - ``updateTime`` + - ``state`` + - ``additionalAttributes`` + - ``parentFullResourceName`` + - ``parentAssetType`` + + Some fields of large size, such as ``versionedResources``, + ``attachedResources``, ``effectiveTags`` etc., are not + returned by default, but you can specify them in the + ``read_mask`` parameter if you want to include them. If + ``"*"`` is specified, all `available + fields `__ + are returned. Examples: ``"name,location"``, + ``"name,versionedResources"``, ``"*"``. Any invalid field + path will trigger INVALID_ARGUMENT error. """ scope: str = proto.Field( @@ -1374,10 +1396,10 @@ class SearchAllIamPoliciesRequest(proto.Message): page_size (int): Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If - set to zero, server will pick an appropriate default. - Returned results may be fewer than requested. When this - happens, there could be more results as long as - ``next_page_token`` is returned. + set to zero or a negative value, server will pick an + appropriate default. Returned results may be fewer than + requested. When this happens, there could be more results as + long as ``next_page_token`` is returned. page_token (str): Optional. If present, retrieve the next batch of results from the preceding call to this method. ``page_token`` must @@ -2630,8 +2652,7 @@ class QueryAssetsRequest(proto.Message): Only assets belonging to the ``parent`` will be returned. statement (str): Optional. A SQL statement that's compatible with `BigQuery - Standard - SQL `__. + SQL `__. This field is a member of `oneof`_ ``query``. job_reference (str): @@ -3087,7 +3108,11 @@ class AnalyzerOrgPolicy(proto.Message): """ class Rule(proto.Message): - r"""Represents a rule defined in an organization policy + r"""This rule message is a customized version of the one defined + in the Organization Policy system. In addition to the fields + defined in the original organization policy, it contains + additional field(s) under specific circumstances to support + analysis results. This message has `oneof`_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. @@ -3897,8 +3922,8 @@ class GovernedIamPolicy(proto.Message): Attributes: attached_resource (str): - The full resource name of the resource associated with this - IAM policy. Example: + The full resource name of the resource on which this IAM + policy is set. Example: ``//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1``. See `Cloud Asset Inventory Resource Name Format `__ diff --git a/google/cloud/asset_v1/types/assets.py b/google/cloud/asset_v1/types/assets.py index c9f032a7..282300f8 100644 --- a/google/cloud/asset_v1/types/assets.py +++ b/google/cloud/asset_v1/types/assets.py @@ -40,6 +40,8 @@ "RelatedAssets", "RelationshipAttributes", "RelatedAsset", + "Tag", + "EffectiveTagDetails", "ResourceSearchResult", "VersionedResource", "AttachedResource", @@ -510,9 +512,90 @@ class RelatedAsset(proto.Message): ) +class Tag(proto.Message): + r"""The key and value for a + `tag `__, + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + tag_key (str): + TagKey namespaced name, in the format of + {ORG_ID}/{TAG_KEY_SHORT_NAME}. + + This field is a member of `oneof`_ ``_tag_key``. + tag_value (str): + TagValue namespaced name, in the format of + {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. + + This field is a member of `oneof`_ ``_tag_value``. + tag_value_id (str): + TagValue ID, in the format of tagValues/{TAG_VALUE_ID}. + + This field is a member of `oneof`_ ``_tag_value_id``. + """ + + tag_key: str = proto.Field( + proto.STRING, + number=1, + optional=True, + ) + tag_value: str = proto.Field( + proto.STRING, + number=3, + optional=True, + ) + tag_value_id: str = proto.Field( + proto.STRING, + number=4, + optional=True, + ) + + +class EffectiveTagDetails(proto.Message): + r"""The effective tags and the ancestor resources from which they + were inherited. + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + attached_resource (str): + The `full resource + name `__ + of the ancestor from which an [effective_tag][] is + inherited, according to `tag + inheritance `__. + + This field is a member of `oneof`_ ``_attached_resource``. + effective_tags (MutableSequence[google.cloud.asset_v1.types.Tag]): + The effective tags inherited from the + [attached_resource][google.cloud.asset.v1.EffectiveTagDetails.attached_resource]. + Note that tags with the same key but different values may + attach to resources at a different hierarchy levels. The + lower hierarchy tag value will overwrite the higher + hierarchy tag value of the same tag key. In this case, the + tag value at the higher hierarchy level will be removed. For + more information, see `tag + inheritance `__. + """ + + attached_resource: str = proto.Field( + proto.STRING, + number=1, + optional=True, + ) + effective_tags: MutableSequence["Tag"] = proto.RepeatedField( + proto.MESSAGE, + number=2, + message="Tag", + ) + + class ResourceSearchResult(proto.Message): r"""A result of Resource Search, containing information of a - cloud resource. Next ID: 32 + cloud resource. Next ID: 34 Attributes: name (str): @@ -765,6 +848,9 @@ class ResourceSearchResult(proto.Message): ``INSTANCE_TO_INSTANCEGROUP``. See `supported relationship types `__. tag_keys (MutableSequence[str]): + This field is only present for the purpose of backward + compatibility. Please use the ``tags`` field instead. + TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the ``tagKeys``: @@ -779,6 +865,9 @@ class ResourceSearchResult(proto.Message): - ``env`` tag_values (MutableSequence[str]): + This field is only present for the purpose of backward + compatibility. Please use the ``tags`` field instead. + TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the ``tagValues``: @@ -794,17 +883,57 @@ class ResourceSearchResult(proto.Message): - ``prod`` tag_value_ids (MutableSequence[str]): + This field is only present for the purpose of backward + compatibility. Please use the ``tags`` field instead. + TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the ``tagValueIds``: - Use a field query. Example: - - ``tagValueIds:"456"`` - ``tagValueIds="tagValues/456"`` - Use a free text query. Example: - ``456`` + tags (MutableSequence[google.cloud.asset_v1.types.Tag]): + The tags directly attached to this resource. + + To search against the ``tags``: + + - Use a field query. Example: + + - ``tagKeys:"123456789/env*"`` + - ``tagKeys="123456789/env"`` + - ``tagKeys:"env"`` + - ``tagValues:"env"`` + - ``tagValues:"env/prod"`` + - ``tagValues:"123456789/env/prod*"`` + - ``tagValues="123456789/env/prod"`` + - ``tagValueIds="tagValues/456"`` + + - Use a free text query. Example: + + - ``env/prod`` + effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): + The effective tags on this resource. All of the tags that + are both attached to and inherited by a resource are + collectively called the effective tags. For more + information, see `tag + inheritance `__. + + To search against the ``effective_tags``: + + - Use a field query. Example: + + - ``effectiveTagKeys:"123456789/env*"`` + - ``effectiveTagKeys="123456789/env"`` + - ``effectiveTagKeys:"env"`` + - ``effectiveTagValues:"env"`` + - ``effectiveTagValues:"env/prod"`` + - ``effectiveTagValues:"123456789/env/prod*"`` + - ``effectiveTagValues="123456789/env/prod"`` + - ``effectiveTagValueIds="tagValues/456"`` parent_asset_type (str): The type of this resource's immediate parent, if there is one. @@ -815,6 +944,23 @@ class ResourceSearchResult(proto.Message): ``parentAssetType:"cloudresourcemanager.googleapis.com/Project"`` - Use a free text query. Example: ``cloudresourcemanager.googleapis.com/Project`` + scc_security_marks (MutableMapping[str, str]): + The actual content of Security Command Center security marks + associated with the asset. + + Note that both staging & prod SecurityMarks are attached on + prod resources. In CAS preprod/prod, both staging & prod + SecurityMarks are ingested and returned in the following + ``security_marks`` map. In that case, the prefix "staging." + will be added to the keys of all the staging marks. To + search against SCC SecurityMarks field: + + - Use a field query: + + - query by a given key value pair. Example: + ``sccSecurityMarks.foo=bar`` + - query by a given key's existence. Example: + ``sccSecurityMarks.foo:*`` """ name: str = proto.Field( @@ -917,10 +1063,25 @@ class ResourceSearchResult(proto.Message): proto.STRING, number=26, ) + tags: MutableSequence["Tag"] = proto.RepeatedField( + proto.MESSAGE, + number=29, + message="Tag", + ) + effective_tags: MutableSequence["EffectiveTagDetails"] = proto.RepeatedField( + proto.MESSAGE, + number=30, + message="EffectiveTagDetails", + ) parent_asset_type: str = proto.Field( proto.STRING, number=103, ) + scc_security_marks: MutableMapping[str, str] = proto.MapField( + proto.STRING, + proto.STRING, + number=32, + ) class VersionedResource(proto.Message): @@ -1345,10 +1506,10 @@ class Identity(proto.Message): Attributes: name (str): - The identity name in any form of members appear in `IAM + The identity of members, formatted as appear in an `IAM policy - binding `__, - such as: + binding `__. + For example, they might be formatted like the following: - user:foo@google.com - group:group1@google.com @@ -1356,7 +1517,6 @@ class Identity(proto.Message): - projectOwner:some_project_id - domain:google.com - allUsers - - etc. analysis_state (google.cloud.asset_v1.types.IamPolicyAnalysisState): The analysis state of this identity. """