The configuration object.
The options accepted by the constructor are described in detail
in this document.
The common options are:
Properties
Name
Type
Attributes
Description
credentials
object
<optional>
Credentials object.
Properties
Name
Type
Attributes
Description
client_email
string
<optional>
private_key
string
<optional>
email
string
<optional>
Account email address. Required when
using a .pem or .p12 keyFilename.
keyFilename
string
<optional>
Full path to the a .json, .pem, or
.p12 key downloaded from the Google Developers Console. If you provide
a path to a JSON file, the projectId option below is not necessary.
NOTE: .pem and .p12 require you to specify options.email as well.
port
number
<optional>
The port on which to connect to
the remote host.
projectId
string
<optional>
The project ID from the Google
Developer's Console, e.g. 'grape-spaceship-123'. We will also check
the environment variable GCLOUD_PROJECT for your project ID. If your
app is running in an environment which supports
Application Default Credentials,
your project ID will be detected automatically.
apiEndpoint
string
<optional>
The domain name of the
API remote host.
clientConfig
gax.ClientConfig
<optional>
Client configuration override.
Follows the structure of gapicConfig.
fallback
boolean
<optional>
Use HTTP fallback mode.
In fallback mode, a special browser-compatible transport implementation is used
instead of gRPC transport. In browser context (if the window object is defined)
the fallback mode is enabled automatically; set options.fallback to false
if you need to override this behavior.
Members
apiEndpoint
The DNS address for this API service - same as servicePath(),
exists for compatibility reasons.
port
The port for this API service.
scopes
The scopes needed to make gRPC calls for every method defined
in this service.
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
The promise which resolves to an array.
The first element of the array is an object representing AnalyzeIamPolicyResponse.
Please see the
documentation
for more details and examples.
Analyzes IAM policies asynchronously to answer which identities have what
accesses on which resources, and writes the analysis results to a Google
Cloud Storage or a BigQuery destination. For Cloud Storage destination, the
output format is the JSON format that represents a
AnalyzeIamPolicyResponse. This method implements the
google.longrunning.Operation, which allows you to track the operation
status. We recommend intervals of at least 2 seconds with exponential
backoff retry to poll the operation result. The metadata contains the
metadata for the long-running operation.
The promise which resolves to an array.
The first element of the array is an object representing
a long running operation. Its promise() method returns a promise
you can await for.
Please see the
documentation
for more details and examples.
Analyze moving a resource to a specified destination without kicking off
the actual move. The analysis is best effort depending on the user's
permissions of viewing different hierarchical policies and configurations.
The policies and configuration are subject to change before the actual
resource migration takes place.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
resource
string
Required. Name of the resource to perform the analysis against.
Only GCP Project are supported as of today. Hence, this can only be Project
ID (such as "projects/my-project-id") or a Project Number (such as
"projects/12345").
destinationParent
string
Required. Name of the GCP Folder or Organization to reparent the target
resource. The analysis will be performed against hypothetically moving the
resource to this specified desitination parent. This can only be a Folder
number (such as "folders/123") or an Organization number (such as
"organizations/123").
The promise which resolves to an array.
The first element of the array is an object representing AnalyzeMoveResponse.
Please see the
documentation
for more details and examples.
Batch gets the update history of assets that overlap a time window.
For IAM_POLICY content, this API outputs history when the asset and its
attached IAM POLICY both exist. This can create gaps in the output history.
Otherwise, this API outputs history with asset in both non-delete or
deleted status.
If a specified asset does not exist, this API returns an INVALID_ARGUMENT
error.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
parent
string
Required. The relative name of the root asset. It can only be an
organization number (such as "organizations/123"), a project ID (such as
"projects/my-project-id")", or a project number (such as "projects/12345").
assetNames
Array.<string>
A list of the full names of the assets.
See: https://cloud.google.com/asset-inventory/docs/resource-name-format
Example:
Optional. The time window for the asset history. Both start_time and
end_time are optional and if set, it must be after the current time minus
35 days. If end_time is not set, it is default to current timestamp.
If start_time is not set, the snapshot of the assets at end_time will be
returned. The returned results contain all temporal assets whose time
window overlap with read_time_window.
relationshipTypes
Array.<string>
<optional>
Optional. A list of relationship types to output, for example:
INSTANCE_TO_INSTANCEGROUP. This field should only be specified if
content_type=RELATIONSHIP.
If specified:
it outputs specified relationships' history on the [asset_names]. It
returns an error if any of the [relationship_types] doesn't belong to the
supported relationship types of the [asset_names] or if any of the
[asset_names]'s types doesn't belong to the source types of the
[relationship_types].
Otherwise:
it outputs the supported relationships' history on the [asset_names] or
returns an error if any of the [asset_names]'s types has no relationship
support.
See Introduction to Cloud Asset
Inventory for all
supported asset types and relationship types.
The promise which resolves to an array.
The first element of the array is an object representing BatchGetAssetsHistoryResponse.
Please see the
documentation
for more details and examples.
Check the status of the long running operation returned by analyzeIamPolicyLongrunning().
Parameters:
Name
Type
Description
name
String
The operation name that will be passed.
Returns:
Type
Description
Promise
The promise which resolves to an object.
The decoded operation object has result and metadata field to get information from.
Please see the
documentation
for more details and examples.
Check the status of the long running operation returned by exportAssets().
Parameters:
Name
Type
Description
name
String
The operation name that will be passed.
Returns:
Type
Description
Promise
The promise which resolves to an object.
The decoded operation object has result and metadata field to get information from.
Please see the
documentation
for more details and examples.
The client will no longer be usable and all future behavior is undefined.
Returns:
Type
Description
Promise
A promise that resolves when the client is closed.
createFeed(request, optionsopt) → {Promise}
Creates a feed in a parent project/folder/organization to listen to its
asset updates.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
parent
string
Required. The name of the project/folder/organization where this feed
should be created in. It can only be an organization number (such as
"organizations/123"), a folder number (such as "folders/123"), a project ID
(such as "projects/my-project-id")", or a project number (such as
"projects/12345").
feedId
string
Required. This is the client-assigned asset feed identifier and it needs to
be unique under a specific parent project/folder/organization.
Required. The feed details. The field name must be empty and it will be generated
in the format of:
projects/project_number/feeds/feed_id
folders/folder_number/feeds/feed_id
organizations/organization_number/feeds/feed_id
The promise which resolves to an array.
The first element of the array is an object representing Feed.
Please see the
documentation
for more details and examples.
Required. The name of the feed and it must be in the format of:
projects/project_number/feeds/feed_id
folders/folder_number/feeds/feed_id
organizations/organization_number/feeds/feed_id
The promise which resolves to an array.
The first element of the array is an object representing Empty.
Please see the
documentation
for more details and examples.
Exports assets with time and resource types to a given Cloud Storage
location/BigQuery table. For Cloud Storage location destinations, the
output format is newline-delimited JSON. Each line represents a
google.cloud.asset.v1.Asset in the JSON format; for BigQuery table
destinations, the output table stores the fields in asset proto as columns.
This API implements the google.longrunning.Operation API
, which allows you to keep track of the export. We recommend intervals of
at least 2 seconds with exponential retry to poll the export operation
result. For regular-size resource parent, the export operation usually
finishes within 5 minutes.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
parent
string
Required. The relative name of the root asset. This can only be an
organization number (such as "organizations/123"), a project ID (such as
"projects/my-project-id"), or a project number (such as "projects/12345"),
or a folder number (such as "folders/123").
Timestamp to take an asset snapshot. This can only be set to a timestamp
between the current time and the current time minus 35 days (inclusive).
If not specified, the current time will be used. Due to delays in resource
data collection and indexing, there is a volatile window during which
running the same query may get different results.
assetTypes
Array.<string>
A list of asset types to take a snapshot for. For example:
"compute.googleapis.com/Disk".
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
If specified, only matching assets will be returned, otherwise, it will
snapshot all asset types. See Introduction to Cloud Asset
Inventory
for all supported asset types.
Required. Output configuration indicating where the results will be output to.
relationshipTypes
Array.<string>
A list of relationship types to export, for example:
INSTANCE_TO_INSTANCEGROUP. This field should only be specified if
content_type=RELATIONSHIP.
If specified:
it snapshots specified relationships. It returns an error if
any of the [relationship_types] doesn't belong to the supported
relationship types of the [asset_types] or if any of the [asset_types]
doesn't belong to the source types of the [relationship_types].
Otherwise:
it snapshots the supported relationships for all [asset_types] or returns
an error if any of the [asset_types] has no relationship support.
An unspecified asset types field means all supported asset_types.
See Introduction to Cloud Asset
Inventory for all
supported asset types and relationship types.
The promise which resolves to an array.
The first element of the array is an object representing
a long running operation. Its promise() method returns a promise
you can await for.
Please see the
documentation
for more details and examples.
Return a fully-qualified folderFeed resource name string.
Parameters:
Name
Type
Description
folder
string
feed
string
Returns:
Type
Description
string
Resource name string.
getFeed(request, optionsopt) → {Promise}
Gets details about an asset feed.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
name
string
Required. The name of the Feed and it must be in the format of:
projects/project_number/feeds/feed_id
folders/folder_number/feeds/feed_id
organizations/organization_number/feeds/feed_id
The promise which resolves to an array.
The first element of the array is an object representing Feed.
Please see the
documentation
for more details and examples.
Example
const [response] = await client.getFeed(request);
getProjectId() → {Promise}
Return the project ID used by this class.
Returns:
Type
Description
Promise
A promise that resolves to string containing the project ID.
initialize() → {Promise}
Initialize the client.
Performs asynchronous operations (such as authentication) and prepares the client.
This function will be called automatically when any class method is called for the
first time, but if you need to initialize it before calling an actual method,
feel free to call initialize() directly.
You can await on this method if you want to make sure the client is initialized.
Returns:
Type
Description
Promise
A promise that resolves to an authenticated service stub.
Return a fully-qualified inventory resource name string.
Parameters:
Name
Type
Description
project
string
location
string
instance
string
Returns:
Type
Description
string
Resource name string.
listAssets(request, optionsopt) → {Promise}
Lists assets with time and resource types and returns paged results in
response.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
parent
string
Required. Name of the organization or project the assets belong to. Format:
"organizations/[organization-number]" (such as "organizations/123"),
"projects/[project-id]" (such as "projects/my-project-id"), or
"projects/[project-number]" (such as "projects/12345").
Timestamp to take an asset snapshot. This can only be set to a timestamp
between the current time and the current time minus 35 days (inclusive).
If not specified, the current time will be used. Due to delays in resource
data collection and indexing, there is a volatile window during which
running the same query may get different results.
assetTypes
Array.<string>
A list of asset types to take a snapshot for. For example:
"compute.googleapis.com/Disk".
Regular expression is also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
If specified, only matching assets will be returned, otherwise, it will
snapshot all asset types. See Introduction to Cloud Asset
Inventory
for all supported asset types.
Asset content type. If not specified, no content but the asset name will
be returned.
pageSize
number
The maximum number of assets to be returned in a single response. Default
is 100, minimum is 1, and maximum is 1000.
pageToken
string
The next_page_token returned from the previous ListAssetsResponse, or
unspecified for the first ListAssetsRequest. It is a continuation of a
prior ListAssets call, and the API should return the next page of assets.
relationshipTypes
Array.<string>
A list of relationship types to output, for example:
INSTANCE_TO_INSTANCEGROUP. This field should only be specified if
content_type=RELATIONSHIP.
If specified:
it snapshots specified relationships. It returns an error if
any of the [relationship_types] doesn't belong to the supported
relationship types of the [asset_types] or if any of the [asset_types]
doesn't belong to the source types of the [relationship_types].
Otherwise:
it snapshots the supported relationships for all [asset_types] or returns
an error if any of the [asset_types] has no relationship support.
An unspecified asset types field means all supported asset_types.
See Introduction to Cloud Asset
Inventory
for all supported asset types and relationship types.
The promise which resolves to an array.
The first element of the array is Array of Asset.
The client library will perform auto-pagination by default: it will call the API as many
times as needed and will merge results from all the pages into this array.
Note that it can affect your quota.
We recommend using listAssetsAsync()
method described below for async iteration which you can stop as needed.
Please see the
documentation
for more details and examples.
listAssetsAsync(request, optionsopt) → {Object}
Equivalent to listAssets, but returns an iterable object.
for-await-of syntax is used with the iterable to get response elements on-demand.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
parent
string
Required. Name of the organization or project the assets belong to. Format:
"organizations/[organization-number]" (such as "organizations/123"),
"projects/[project-id]" (such as "projects/my-project-id"), or
"projects/[project-number]" (such as "projects/12345").
Timestamp to take an asset snapshot. This can only be set to a timestamp
between the current time and the current time minus 35 days (inclusive).
If not specified, the current time will be used. Due to delays in resource
data collection and indexing, there is a volatile window during which
running the same query may get different results.
assetTypes
Array.<string>
A list of asset types to take a snapshot for. For example:
"compute.googleapis.com/Disk".
Regular expression is also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
If specified, only matching assets will be returned, otherwise, it will
snapshot all asset types. See Introduction to Cloud Asset
Inventory
for all supported asset types.
Asset content type. If not specified, no content but the asset name will
be returned.
pageSize
number
The maximum number of assets to be returned in a single response. Default
is 100, minimum is 1, and maximum is 1000.
pageToken
string
The next_page_token returned from the previous ListAssetsResponse, or
unspecified for the first ListAssetsRequest. It is a continuation of a
prior ListAssets call, and the API should return the next page of assets.
relationshipTypes
Array.<string>
A list of relationship types to output, for example:
INSTANCE_TO_INSTANCEGROUP. This field should only be specified if
content_type=RELATIONSHIP.
If specified:
it snapshots specified relationships. It returns an error if
any of the [relationship_types] doesn't belong to the supported
relationship types of the [asset_types] or if any of the [asset_types]
doesn't belong to the source types of the [relationship_types].
Otherwise:
it snapshots the supported relationships for all [asset_types] or returns
an error if any of the [asset_types] has no relationship support.
An unspecified asset types field means all supported asset_types.
See Introduction to Cloud Asset
Inventory
for all supported asset types and relationship types.
An iterable Object that allows async iteration.
When you iterate the returned iterable, each element will be an object representing
Asset. The API will be called under the hood as needed, once per the page,
so you can stop the iteration when you don't need more results.
Please see the
documentation
for more details and examples.
Example
const iterable = client.listAssetsAsync(request);
for await (const response of iterable) {
// process response
}
listAssetsStream(request, optionsopt) → {Stream}
Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
parent
string
Required. Name of the organization or project the assets belong to. Format:
"organizations/[organization-number]" (such as "organizations/123"),
"projects/[project-id]" (such as "projects/my-project-id"), or
"projects/[project-number]" (such as "projects/12345").
Timestamp to take an asset snapshot. This can only be set to a timestamp
between the current time and the current time minus 35 days (inclusive).
If not specified, the current time will be used. Due to delays in resource
data collection and indexing, there is a volatile window during which
running the same query may get different results.
assetTypes
Array.<string>
A list of asset types to take a snapshot for. For example:
"compute.googleapis.com/Disk".
Regular expression is also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
If specified, only matching assets will be returned, otherwise, it will
snapshot all asset types. See Introduction to Cloud Asset
Inventory
for all supported asset types.
Asset content type. If not specified, no content but the asset name will
be returned.
pageSize
number
The maximum number of assets to be returned in a single response. Default
is 100, minimum is 1, and maximum is 1000.
pageToken
string
The next_page_token returned from the previous ListAssetsResponse, or
unspecified for the first ListAssetsRequest. It is a continuation of a
prior ListAssets call, and the API should return the next page of assets.
relationshipTypes
Array.<string>
A list of relationship types to output, for example:
INSTANCE_TO_INSTANCEGROUP. This field should only be specified if
content_type=RELATIONSHIP.
If specified:
it snapshots specified relationships. It returns an error if
any of the [relationship_types] doesn't belong to the supported
relationship types of the [asset_types] or if any of the [asset_types]
doesn't belong to the source types of the [relationship_types].
Otherwise:
it snapshots the supported relationships for all [asset_types] or returns
an error if any of the [asset_types] has no relationship support.
An unspecified asset types field means all supported asset_types.
See Introduction to Cloud Asset
Inventory
for all supported asset types and relationship types.
An object stream which emits an object representing Asset on 'data' event.
The client library will perform auto-pagination by default: it will call the API as many
times as needed. Note that it can affect your quota.
We recommend using listAssetsAsync()
method described below for async iteration which you can stop as needed.
Please see the
documentation
for more details and examples.
listFeeds(request, optionsopt) → {Promise}
Lists all asset feeds in a parent project/folder/organization.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Description
parent
string
Required. The parent project/folder/organization whose feeds are to be
listed. It can only be using project/folder/organization number (such as
"folders/12345")", or a project ID (such as "projects/my-project-id").
The promise which resolves to an array.
The first element of the array is an object representing ListFeedsResponse.
Please see the
documentation
for more details and examples.
Searches all IAM policies within the specified scope, such as a project,
folder, or organization. The caller must be granted the
cloudasset.assets.searchAllIamPolicies permission on the desired scope,
otherwise the request will be rejected.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
scope
string
Required. A scope can be a project, a folder, or an organization. The search is
limited to the IAM policies within the scope. The caller must be granted
the
cloudasset.assets.searchAllIamPolicies
permission on the desired scope.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
IAM policies within the specified scope. Note that the query string is
compared against each Cloud IAM policy binding, including its members,
roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
contain the bindings that match your query. To learn more about the IAM
policy structure, see IAM policy
doc.
Examples:
policy:amy@gmail.com to find IAM policy bindings that specify user
"amy@gmail.com".
policy:roles/compute.admin to find IAM policy bindings that specify
the Compute Admin role.
policy:comp* to find IAM policy bindings that contain "comp" as a
prefix of any word in the binding.
policy.role.permissions:storage.buckets.update to find IAM policy
bindings that specify a role containing "storage.buckets.update"
permission. Note that if callers don't have iam.roles.get access to a
role's included permissions, policy bindings that specify this role will
be dropped from the search results.
policy.role.permissions:upd* to find IAM policy bindings that specify a
role containing "upd" as a prefix of any word in the role permission.
Note that if callers don't have iam.roles.get access to a role's
included permissions, policy bindings that specify this role will be
dropped from the search results.
resource:organizations/123456 to find IAM policy bindings
that are set on "organizations/123456".
resource=//cloudresourcemanager.googleapis.com/projects/myproject to
find IAM policy bindings that are set on the project named "myproject".
Important to find IAM policy bindings that contain "Important" as a
word in any of the searchable fields (except for the included
permissions).
resource:(instance1 OR instance2) policy:amy to find
IAM policy bindings that are set on resources "instance1" or
"instance2" and also specify user "amy".
roles:roles/compute.admin to find IAM policy bindings that specify the
Compute Admin role.
memberTypes:user to find IAM policy bindings that contain the "user"
member type.
pageSize
number
<optional>
Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as next_page_token is returned.
pageToken
string
<optional>
Optional. If present, retrieve the next batch of results from the preceding call to
this method. page_token must be the value of next_page_token from the
previous response. The values of all other method parameters must be
identical to those in the previous call.
assetTypes
Array.<string>
<optional>
Optional. A list of asset types that the IAM policies are attached to. If empty, it
will search the IAM policies that are attached to all the searchable asset
types.
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots IAM policies attached to asset type
starts with "compute.googleapis.com".
".*Instance" snapshots IAM policies attached to asset type ends with
"Instance".
".Instance." snapshots IAM policies attached to asset type contains
"Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
orderBy
string
<optional>
Optional. A comma-separated list of fields specifying the sorting order of the
results. The default order is ascending. Add " DESC" after the field name
to indicate descending order. Redundant space characters are ignored.
Example: "assetType DESC, resource".
Only singular primitive fields in the response are sortable:
* resource
* assetType
* project
All the other fields such as repeated fields (e.g., folders) and
non-primitive fields (e.g., policy) are not supported.
The promise which resolves to an array.
The first element of the array is Array of IamPolicySearchResult.
The client library will perform auto-pagination by default: it will call the API as many
times as needed and will merge results from all the pages into this array.
Note that it can affect your quota.
We recommend using searchAllIamPoliciesAsync()
method described below for async iteration which you can stop as needed.
Please see the
documentation
for more details and examples.
Equivalent to searchAllIamPolicies, but returns an iterable object.
for-await-of syntax is used with the iterable to get response elements on-demand.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
scope
string
Required. A scope can be a project, a folder, or an organization. The search is
limited to the IAM policies within the scope. The caller must be granted
the
cloudasset.assets.searchAllIamPolicies
permission on the desired scope.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
IAM policies within the specified scope. Note that the query string is
compared against each Cloud IAM policy binding, including its members,
roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
contain the bindings that match your query. To learn more about the IAM
policy structure, see IAM policy
doc.
Examples:
policy:amy@gmail.com to find IAM policy bindings that specify user
"amy@gmail.com".
policy:roles/compute.admin to find IAM policy bindings that specify
the Compute Admin role.
policy:comp* to find IAM policy bindings that contain "comp" as a
prefix of any word in the binding.
policy.role.permissions:storage.buckets.update to find IAM policy
bindings that specify a role containing "storage.buckets.update"
permission. Note that if callers don't have iam.roles.get access to a
role's included permissions, policy bindings that specify this role will
be dropped from the search results.
policy.role.permissions:upd* to find IAM policy bindings that specify a
role containing "upd" as a prefix of any word in the role permission.
Note that if callers don't have iam.roles.get access to a role's
included permissions, policy bindings that specify this role will be
dropped from the search results.
resource:organizations/123456 to find IAM policy bindings
that are set on "organizations/123456".
resource=//cloudresourcemanager.googleapis.com/projects/myproject to
find IAM policy bindings that are set on the project named "myproject".
Important to find IAM policy bindings that contain "Important" as a
word in any of the searchable fields (except for the included
permissions).
resource:(instance1 OR instance2) policy:amy to find
IAM policy bindings that are set on resources "instance1" or
"instance2" and also specify user "amy".
roles:roles/compute.admin to find IAM policy bindings that specify the
Compute Admin role.
memberTypes:user to find IAM policy bindings that contain the "user"
member type.
pageSize
number
<optional>
Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as next_page_token is returned.
pageToken
string
<optional>
Optional. If present, retrieve the next batch of results from the preceding call to
this method. page_token must be the value of next_page_token from the
previous response. The values of all other method parameters must be
identical to those in the previous call.
assetTypes
Array.<string>
<optional>
Optional. A list of asset types that the IAM policies are attached to. If empty, it
will search the IAM policies that are attached to all the searchable asset
types.
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots IAM policies attached to asset type
starts with "compute.googleapis.com".
".*Instance" snapshots IAM policies attached to asset type ends with
"Instance".
".Instance." snapshots IAM policies attached to asset type contains
"Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
orderBy
string
<optional>
Optional. A comma-separated list of fields specifying the sorting order of the
results. The default order is ascending. Add " DESC" after the field name
to indicate descending order. Redundant space characters are ignored.
Example: "assetType DESC, resource".
Only singular primitive fields in the response are sortable:
* resource
* assetType
* project
All the other fields such as repeated fields (e.g., folders) and
non-primitive fields (e.g., policy) are not supported.
An iterable Object that allows async iteration.
When you iterate the returned iterable, each element will be an object representing
IamPolicySearchResult. The API will be called under the hood as needed, once per the page,
so you can stop the iteration when you don't need more results.
Please see the
documentation
for more details and examples.
Example
const iterable = client.searchAllIamPoliciesAsync(request);
for await (const response of iterable) {
// process response
}
Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
scope
string
Required. A scope can be a project, a folder, or an organization. The search is
limited to the IAM policies within the scope. The caller must be granted
the
cloudasset.assets.searchAllIamPolicies
permission on the desired scope.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
IAM policies within the specified scope. Note that the query string is
compared against each Cloud IAM policy binding, including its members,
roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
contain the bindings that match your query. To learn more about the IAM
policy structure, see IAM policy
doc.
Examples:
policy:amy@gmail.com to find IAM policy bindings that specify user
"amy@gmail.com".
policy:roles/compute.admin to find IAM policy bindings that specify
the Compute Admin role.
policy:comp* to find IAM policy bindings that contain "comp" as a
prefix of any word in the binding.
policy.role.permissions:storage.buckets.update to find IAM policy
bindings that specify a role containing "storage.buckets.update"
permission. Note that if callers don't have iam.roles.get access to a
role's included permissions, policy bindings that specify this role will
be dropped from the search results.
policy.role.permissions:upd* to find IAM policy bindings that specify a
role containing "upd" as a prefix of any word in the role permission.
Note that if callers don't have iam.roles.get access to a role's
included permissions, policy bindings that specify this role will be
dropped from the search results.
resource:organizations/123456 to find IAM policy bindings
that are set on "organizations/123456".
resource=//cloudresourcemanager.googleapis.com/projects/myproject to
find IAM policy bindings that are set on the project named "myproject".
Important to find IAM policy bindings that contain "Important" as a
word in any of the searchable fields (except for the included
permissions).
resource:(instance1 OR instance2) policy:amy to find
IAM policy bindings that are set on resources "instance1" or
"instance2" and also specify user "amy".
roles:roles/compute.admin to find IAM policy bindings that specify the
Compute Admin role.
memberTypes:user to find IAM policy bindings that contain the "user"
member type.
pageSize
number
<optional>
Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as next_page_token is returned.
pageToken
string
<optional>
Optional. If present, retrieve the next batch of results from the preceding call to
this method. page_token must be the value of next_page_token from the
previous response. The values of all other method parameters must be
identical to those in the previous call.
assetTypes
Array.<string>
<optional>
Optional. A list of asset types that the IAM policies are attached to. If empty, it
will search the IAM policies that are attached to all the searchable asset
types.
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots IAM policies attached to asset type
starts with "compute.googleapis.com".
".*Instance" snapshots IAM policies attached to asset type ends with
"Instance".
".Instance." snapshots IAM policies attached to asset type contains
"Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
orderBy
string
<optional>
Optional. A comma-separated list of fields specifying the sorting order of the
results. The default order is ascending. Add " DESC" after the field name
to indicate descending order. Redundant space characters are ignored.
Example: "assetType DESC, resource".
Only singular primitive fields in the response are sortable:
* resource
* assetType
* project
All the other fields such as repeated fields (e.g., folders) and
non-primitive fields (e.g., policy) are not supported.
An object stream which emits an object representing IamPolicySearchResult on 'data' event.
The client library will perform auto-pagination by default: it will call the API as many
times as needed. Note that it can affect your quota.
We recommend using searchAllIamPoliciesAsync()
method described below for async iteration which you can stop as needed.
Please see the
documentation
for more details and examples.
Searches all Cloud resources within the specified scope, such as a project,
folder, or organization. The caller must be granted the
cloudasset.assets.searchAllResources permission on the desired scope,
otherwise the request will be rejected.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
scope
string
Required. A scope can be a project, a folder, or an organization. The search is
limited to the resources within the scope. The caller must be granted the
cloudasset.assets.searchAllResources
permission on the desired scope.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
resources within the specified scope.
Examples:
name:Important to find Cloud resources whose name contains
"Important" as a word.
name=Important to find the Cloud resource whose name is exactly
"Important".
displayName:Impor* to find Cloud resources whose display name
contains "Impor" as a prefix of any word in the field.
location:us-west* to find Cloud resources whose location contains both
"us" and "west" as prefixes.
labels:prod to find Cloud resources whose labels contain "prod" as
a key or value.
labels.env:prod to find Cloud resources that have a label "env"
and its value is "prod".
labels.env:* to find Cloud resources that have a label "env".
kmsKey:key to find Cloud resources encrypted with a customer-managed
encryption key whose name contains the word "key".
state:ACTIVE to find Cloud resources whose state contains "ACTIVE" as a
word.
NOT state:ACTIVE to find Cloud resources whose state doesn't contain
"ACTIVE" as a word.
createTime<1609459200 to find Cloud resources that were created before
"2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
"2021-01-01 00:00:00 UTC" in seconds.
updateTime>1609459200 to find Cloud resources that were updated after
"2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
"2021-01-01 00:00:00 UTC" in seconds.
Important to find Cloud resources that contain "Important" as a word
in any of the searchable fields.
Impor* to find Cloud resources that contain "Impor" as a prefix of any
word in any of the searchable fields.
Important location:(us-west1 OR global) to find Cloud
resources that contain "Important" as a word in any of the searchable
fields and are also located in the "us-west1" region or the "global"
location.
assetTypes
Array.<string>
<optional>
Optional. A list of asset types that this request searches for. If empty, it will
search all the searchable asset
types.
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
pageSize
number
<optional>
Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as next_page_token is returned.
pageToken
string
<optional>
Optional. If present, then retrieve the next batch of results from the preceding call
to this method. page_token must be the value of next_page_token from
the previous response. The values of all other method parameters, must be
identical to those in the previous call.
orderBy
string
<optional>
Optional. A comma-separated list of fields specifying the sorting order of the
results. The default order is ascending. Add " DESC" after the field name
to indicate descending order. Redundant space characters are ignored.
Example: "location DESC, name".
Only singular primitive fields in the response are sortable:
All the other fields such as repeated fields (e.g., networkTags), map
fields (e.g., labels) and struct fields (e.g., additionalAttributes)
are not supported.
Optional. A comma-separated list of fields specifying which fields to be returned in
ResourceSearchResult. Only '*' or combination of top level fields can be
specified. Field names of both snake_case and camelCase are supported.
Examples: "*", "name,location", "name,versionedResources".
The read_mask paths must be valid field paths listed but not limited to
(both snake_case and camelCase are supported):
If read_mask is not specified, all fields except versionedResources will
be returned.
If only '*' is specified, all fields including versionedResources will be
returned.
Any invalid field path will trigger INVALID_ARGUMENT error.
The promise which resolves to an array.
The first element of the array is Array of ResourceSearchResult.
The client library will perform auto-pagination by default: it will call the API as many
times as needed and will merge results from all the pages into this array.
Note that it can affect your quota.
We recommend using searchAllResourcesAsync()
method described below for async iteration which you can stop as needed.
Please see the
documentation
for more details and examples.
Equivalent to searchAllResources, but returns an iterable object.
for-await-of syntax is used with the iterable to get response elements on-demand.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
scope
string
Required. A scope can be a project, a folder, or an organization. The search is
limited to the resources within the scope. The caller must be granted the
cloudasset.assets.searchAllResources
permission on the desired scope.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
resources within the specified scope.
Examples:
name:Important to find Cloud resources whose name contains
"Important" as a word.
name=Important to find the Cloud resource whose name is exactly
"Important".
displayName:Impor* to find Cloud resources whose display name
contains "Impor" as a prefix of any word in the field.
location:us-west* to find Cloud resources whose location contains both
"us" and "west" as prefixes.
labels:prod to find Cloud resources whose labels contain "prod" as
a key or value.
labels.env:prod to find Cloud resources that have a label "env"
and its value is "prod".
labels.env:* to find Cloud resources that have a label "env".
kmsKey:key to find Cloud resources encrypted with a customer-managed
encryption key whose name contains the word "key".
state:ACTIVE to find Cloud resources whose state contains "ACTIVE" as a
word.
NOT state:ACTIVE to find Cloud resources whose state doesn't contain
"ACTIVE" as a word.
createTime<1609459200 to find Cloud resources that were created before
"2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
"2021-01-01 00:00:00 UTC" in seconds.
updateTime>1609459200 to find Cloud resources that were updated after
"2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
"2021-01-01 00:00:00 UTC" in seconds.
Important to find Cloud resources that contain "Important" as a word
in any of the searchable fields.
Impor* to find Cloud resources that contain "Impor" as a prefix of any
word in any of the searchable fields.
Important location:(us-west1 OR global) to find Cloud
resources that contain "Important" as a word in any of the searchable
fields and are also located in the "us-west1" region or the "global"
location.
assetTypes
Array.<string>
<optional>
Optional. A list of asset types that this request searches for. If empty, it will
search all the searchable asset
types.
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
pageSize
number
<optional>
Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as next_page_token is returned.
pageToken
string
<optional>
Optional. If present, then retrieve the next batch of results from the preceding call
to this method. page_token must be the value of next_page_token from
the previous response. The values of all other method parameters, must be
identical to those in the previous call.
orderBy
string
<optional>
Optional. A comma-separated list of fields specifying the sorting order of the
results. The default order is ascending. Add " DESC" after the field name
to indicate descending order. Redundant space characters are ignored.
Example: "location DESC, name".
Only singular primitive fields in the response are sortable:
All the other fields such as repeated fields (e.g., networkTags), map
fields (e.g., labels) and struct fields (e.g., additionalAttributes)
are not supported.
Optional. A comma-separated list of fields specifying which fields to be returned in
ResourceSearchResult. Only '*' or combination of top level fields can be
specified. Field names of both snake_case and camelCase are supported.
Examples: "*", "name,location", "name,versionedResources".
The read_mask paths must be valid field paths listed but not limited to
(both snake_case and camelCase are supported):
If read_mask is not specified, all fields except versionedResources will
be returned.
If only '*' is specified, all fields including versionedResources will be
returned.
Any invalid field path will trigger INVALID_ARGUMENT error.
An iterable Object that allows async iteration.
When you iterate the returned iterable, each element will be an object representing
ResourceSearchResult. The API will be called under the hood as needed, once per the page,
so you can stop the iteration when you don't need more results.
Please see the
documentation
for more details and examples.
Example
const iterable = client.searchAllResourcesAsync(request);
for await (const response of iterable) {
// process response
}
Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.
Parameters:
Name
Type
Attributes
Description
request
Object
The request object that will be sent.
Properties
Name
Type
Attributes
Description
scope
string
Required. A scope can be a project, a folder, or an organization. The search is
limited to the resources within the scope. The caller must be granted the
cloudasset.assets.searchAllResources
permission on the desired scope.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
resources within the specified scope.
Examples:
name:Important to find Cloud resources whose name contains
"Important" as a word.
name=Important to find the Cloud resource whose name is exactly
"Important".
displayName:Impor* to find Cloud resources whose display name
contains "Impor" as a prefix of any word in the field.
location:us-west* to find Cloud resources whose location contains both
"us" and "west" as prefixes.
labels:prod to find Cloud resources whose labels contain "prod" as
a key or value.
labels.env:prod to find Cloud resources that have a label "env"
and its value is "prod".
labels.env:* to find Cloud resources that have a label "env".
kmsKey:key to find Cloud resources encrypted with a customer-managed
encryption key whose name contains the word "key".
state:ACTIVE to find Cloud resources whose state contains "ACTIVE" as a
word.
NOT state:ACTIVE to find Cloud resources whose state doesn't contain
"ACTIVE" as a word.
createTime<1609459200 to find Cloud resources that were created before
"2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
"2021-01-01 00:00:00 UTC" in seconds.
updateTime>1609459200 to find Cloud resources that were updated after
"2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
"2021-01-01 00:00:00 UTC" in seconds.
Important to find Cloud resources that contain "Important" as a word
in any of the searchable fields.
Impor* to find Cloud resources that contain "Impor" as a prefix of any
word in any of the searchable fields.
Important location:(us-west1 OR global) to find Cloud
resources that contain "Important" as a word in any of the searchable
fields and are also located in the "us-west1" region or the "global"
location.
assetTypes
Array.<string>
<optional>
Optional. A list of asset types that this request searches for. If empty, it will
search all the searchable asset
types.
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots resources whose asset type starts
with "compute.googleapis.com".
".*Instance" snapshots resources whose asset type ends with "Instance".
".Instance." snapshots resources whose asset type contains "Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
pageSize
number
<optional>
Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as next_page_token is returned.
pageToken
string
<optional>
Optional. If present, then retrieve the next batch of results from the preceding call
to this method. page_token must be the value of next_page_token from
the previous response. The values of all other method parameters, must be
identical to those in the previous call.
orderBy
string
<optional>
Optional. A comma-separated list of fields specifying the sorting order of the
results. The default order is ascending. Add " DESC" after the field name
to indicate descending order. Redundant space characters are ignored.
Example: "location DESC, name".
Only singular primitive fields in the response are sortable:
All the other fields such as repeated fields (e.g., networkTags), map
fields (e.g., labels) and struct fields (e.g., additionalAttributes)
are not supported.
Optional. A comma-separated list of fields specifying which fields to be returned in
ResourceSearchResult. Only '*' or combination of top level fields can be
specified. Field names of both snake_case and camelCase are supported.
Examples: "*", "name,location", "name,versionedResources".
The read_mask paths must be valid field paths listed but not limited to
(both snake_case and camelCase are supported):
If read_mask is not specified, all fields except versionedResources will
be returned.
If only '*' is specified, all fields including versionedResources will be
returned.
Any invalid field path will trigger INVALID_ARGUMENT error.
An object stream which emits an object representing ResourceSearchResult on 'data' event.
The client library will perform auto-pagination by default: it will call the API as many
times as needed. Note that it can affect your quota.
We recommend using searchAllResourcesAsync()
method described below for async iteration which you can stop as needed.
Please see the
documentation
for more details and examples.
Required. The new values of feed details. It must match an existing feed and the
field name must be in the format of:
projects/project_number/feeds/feed_id or
folders/folder_number/feeds/feed_id or
organizations/organization_number/feeds/feed_id.
Required. Only updates the feed fields indicated by this mask.
The field mask must not be empty, and it must not contain fields that
are immutable or only set by the server.
The promise which resolves to an array.
The first element of the array is an object representing Feed.
Please see the
documentation
for more details and examples.