As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Google Cloud Asset v1 API

class google.cloud.asset_v1.types.TemporalAsset(mapping=None, **kwargs)[source]

An asset in Google Cloud and its temporal metadata, including the time window when it was observed and its status during that window.

window

The time window when the asset data and state was observed.

Type

TimeWindow

deleted

Whether the asset has been deleted or not.

Type

bool

asset

An asset in Google Cloud.

Type

Asset

prior_asset_state

State of prior_asset.

Type

PriorAssetState

prior_asset

Prior copy of the asset. Populated if prior_asset_state is PRESENT. Currently this is only set for responses in Real-Time Feed.

Type

Asset

class PriorAssetState[source]

State of prior asset.

class google.cloud.asset_v1.types.TimeWindow(mapping=None, **kwargs)[source]

A time window specified by its start_time and end_time.

start_time

Start time of the time window (exclusive).

Type

Timestamp

end_time

End time of the time window (inclusive). If not specified, the current timestamp is used instead.

Type

Timestamp

class google.cloud.asset_v1.types.Asset(mapping=None, **kwargs)[source]

An asset in Google Cloud. An asset can be any resource in the Google Cloud resource hierarchy, a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See Supported asset types for more information.

update_time

The last update timestamp of an asset. update_time is updated when create/update/delete operation is performed.

Type

Timestamp

name

The full name of the asset. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1

See Resource names for more information.

Type

str

asset_type

The type of the asset. Example: compute.googleapis.com/Disk

See Supported asset types for more information.

Type

str

resource

A representation of the resource.

Type

Resource

iam_policy

A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource’s ancestry resource levels in the hierarchy. See this topic for more information.

Type

Policy

org_policy

A representation of an organization policy. There can be more than one organization policy with different constraints set on a given resource.

Type

Sequence[Policy]

access_policy

Please also refer to the access policy user guide.

Type

AccessPolicy

access_level

Please also refer to the access level user guide.

Type

AccessLevel

service_perimeter

Please also refer to the service perimeter user guide.

Type

ServicePerimeter

ancestors

The ancestry path of an asset in Google Cloud resource hierarchy, represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself.

Example: ["projects/123456789", "folders/5432", "organizations/1234"]

Type

Sequence[str]

class google.cloud.asset_v1.types.Resource(mapping=None, **kwargs)[source]

A representation of a Google Cloud resource.

version

The API version. Example: v1

Type

str

discovery_document_uri

The URL of the discovery document containing the resource’s JSON schema. Example: https://www.googleapis.com/discovery/v1/apis/compute/v1/rest

This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.

Type

str

discovery_name

The JSON schema name listed in the discovery document. Example: Project

This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.

Type

str

resource_url

The REST URL for accessing the resource. An HTTP GET request using this URL returns the resource itself. Example: https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123

This value is unspecified for resources without a REST API.

Type

str

parent

The full name of the immediate parent of this resource. See Resource Names for more information.

For Google Cloud assets, this value is the parent resource defined in the Cloud IAM policy hierarchy. Example: //cloudresourcemanager.googleapis.com/projects/my_project_123

For third-party assets, this field may be set differently.

Type

str

data

The content of the resource, in which some sensitive fields are removed and may not be present.

Type

Struct

location

The location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/.

Type

str

class google.cloud.asset_v1.types.ResourceSearchResult(mapping=None, **kwargs)[source]

A result of Resource Search, containing information of a cloud resoure.

name

The full resource name of this resource. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Cloud Asset Inventory Resource Name Format for more information.

To search against the name:

  • use a field query. Example: name : "instance1"

  • use a free text query. Example: "instance1"

Type

str

asset_type

The type of this resource. Example: compute.googleapis.com/Disk.

To search against the asset_type:

  • specify the asset_type field in your search request.

Type

str

project

The project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}.

To search against the project:

  • specify the scope field as this project in your search request.

Type

str

display_name

The display name of this resource.

To search against the display_name:

  • use a field query. Example: displayName : "My Instance"

  • use a free text query. Example: "My Instance"

Type

str

description

One or more paragraphs of text description of this resource. Maximum length could be up to 1M bytes.

To search against the description:

  • use a field query. Example: description : "*important instance*"

  • use a free text query. Example: "*important instance*"

Type

str

location

Location can be global, regional like us-east1, or zonal like us-west1-b.

To search against the location:

  • use a field query. Example: location : "us-west*"

  • use a free text query. Example: "us-west*"

Type

str

labels

Labels associated with this resource. See Labelling and grouping GCP resources for more information.

To search against the labels:

  • use a field query, as following:

    • query on any label’s key or value. Example: labels : "prod"

    • query by a given label. Example: labels.env : "prod"

    • query by a given label’sexistence. Example: labels.env : *

  • use a free text query. Example: "prod"

Type

Sequence[LabelsEntry]

network_tags

Network tags associated with this resource. Like labels, network tags are a type of annotations used to group GCP resources. See Labelling GCP resources for more information.

To search against the network_tags:

  • use a field query. Example: networkTags : "internal"

  • use a free text query. Example: "internal"

Type

Sequence[str]

additional_attributes

The additional attributes of this resource. The attributes may vary from one resource type to another. Examples: projectId for Project, dnsName for DNS ManagedZone.

To search against the additional_attributes:

  • use a free text query to match the attributes values. Example: to search additional_attributes = { dnsName: "foobar" }, you can issue a query "foobar".

Type

Struct

class LabelsEntry(mapping=None, **kwargs)
class google.cloud.asset_v1.types.IamPolicySearchResult(mapping=None, **kwargs)[source]

A result of IAM Policy search, containing information of an IAM policy.

resource

The full resource name of the resource associated with this IAM policy. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Cloud Asset Inventory Resource Name Format for more information.

To search against the resource:

  • use a field query. Example: resource : "organizations/123"

Type

str

project

The project that the associated GCP resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, the project field will be empty.

To search against the project:

  • specify the scope field as this project in your search request.

Type

str

policy

The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don’t contain a constrain on policies (e.g., an empty query), this contains all the bindings.

To search against the policy bindings:

  • use a field query, as following:

    • query by the policy contained members. Example: policy : "amy@gmail.com"

    • query by the policy contained roles. Example: policy : "roles/compute.admin"

    • query by the policy contained roles’ implied permissions. Example: policy.role.permissions : "compute.instances.create"

Type

Policy

explanation

Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query.

Type

Explanation

class Explanation(mapping=None, **kwargs)[source]

Explanation about the IAM policy search result.

matched_permissions

The map from roles to their included permissions that match the permission query (i.e., a query containing policy.role.permissions:). Example: if query policy.role.permissions : "compute.disk.get" matches a policy binding that contains owner role, the matched_permissions will be {"roles/owner": ["compute.disk.get"]}. The roles can also be found in the returned policy bindings. Note that the map is populated only for requests with permission queries.

Type

Sequence[MatchedPermissionsEntry]

class MatchedPermissionsEntry(mapping=None, **kwargs)
class Permissions(mapping=None, **kwargs)[source]

IAM permissions

permissions

A list of permissions. A sample permission string: compute.disk.get.

Type

Sequence[str]

class google.cloud.asset_v1.types.ExportAssetsRequest(mapping=None, **kwargs)[source]

Export asset request.

parent

Required. The relative name of the root asset. This can only be an organization number (such as “organizations/123”), a project ID (such as “projects/my-project-id”), or a project number (such as “projects/12345”), or a folder number (such as “folders/123”).

Type

str

read_time

Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.

Type

Timestamp

asset_types

A list of asset types of which to take a snapshot for. Example: “compute.googleapis.com/Disk”. If specified, only matching assets will be returned. See Introduction to Cloud Asset Inventory for all supported asset types.

Type

Sequence[str]

content_type

Asset content type. If not specified, no content but the asset name will be returned.

Type

ContentType

output_config

Required. Output configuration indicating where the results will be output to.

Type

OutputConfig

class google.cloud.asset_v1.types.ExportAssetsResponse(mapping=None, **kwargs)[source]

The export asset response. This message is returned by the [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned [google.longrunning.Operation.response][google.longrunning.Operation.response] field.

read_time

Time the snapshot was taken.

Type

Timestamp

output_config

Output configuration indicating where the results were output to.

Type

OutputConfig

class google.cloud.asset_v1.types.BatchGetAssetsHistoryRequest(mapping=None, **kwargs)[source]

Batch get assets history request.

parent

Required. The relative name of the root asset. It can only be an organization number (such as “organizations/123”), a project ID (such as “projects/my-project-id”)”, or a project number (such as “projects/12345”).

Type

str

asset_names

A list of the full names of the assets. See: https://cloud.google.com/asset-inventory/docs/resource-name-format Example:

//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.

The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.

Type

Sequence[str]

content_type

Optional. The content type.

Type

ContentType

read_time_window

Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after the current time minus 35 days. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.

Type

TimeWindow

class google.cloud.asset_v1.types.BatchGetAssetsHistoryResponse(mapping=None, **kwargs)[source]

Batch get assets history response.

assets

A list of assets with valid time windows.

Type

Sequence[TemporalAsset]

class google.cloud.asset_v1.types.CreateFeedRequest(mapping=None, **kwargs)[source]

Create asset feed request.

parent

Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as “organizations/123”), a folder number (such as “folders/123”), a project ID (such as “projects/my-project-id”)”, or a project number (such as “projects/12345”).

Type

str

feed_id

Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.

Type

str

feed

Required. The feed details. The field name must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

Type

Feed

class google.cloud.asset_v1.types.GetFeedRequest(mapping=None, **kwargs)[source]

Get asset feed request.

name

Required. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

Type

str

class google.cloud.asset_v1.types.ListFeedsRequest(mapping=None, **kwargs)[source]

List asset feeds request.

parent

Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as “folders/12345”)”, or a project ID (such as “projects/my-project-id”).

Type

str

class google.cloud.asset_v1.types.ListFeedsResponse(mapping=None, **kwargs)[source]
feeds

A list of feeds.

Type

Sequence[Feed]

class google.cloud.asset_v1.types.UpdateFeedRequest(mapping=None, **kwargs)[source]

Update asset feed request.

feed

Required. The new values of feed details. It must match an existing feed and the field name must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.

Type

Feed

update_mask

Required. Only updates the feed fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.

Type

FieldMask

class google.cloud.asset_v1.types.DeleteFeedRequest(mapping=None, **kwargs)[source]
name

Required. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id

Type

str

class google.cloud.asset_v1.types.OutputConfig(mapping=None, **kwargs)[source]

Output configuration for export assets destination.

gcs_destination

Destination on Cloud Storage.

Type

GcsDestination

bigquery_destination

Destination on BigQuery. The output table stores the fields in asset proto as columns in BigQuery.

Type

BigQueryDestination

class google.cloud.asset_v1.types.GcsDestination(mapping=None, **kwargs)[source]

A Cloud Storage location.

uri

The uri of the Cloud Storage object. It’s the same uri that is used by gsutil. Example: “gs://bucket_name/object_name”. See Viewing and Editing Object Metadata for more information.

Type

str

uri_prefix

The uri prefix of all generated Cloud Storage objects. Example: “gs://bucket_name/object_name_prefix”. Each object uri is in format: “gs://bucket_name/object_name_prefix// and only contains assets for that type. starts from 0. Example: “gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0” is the first shard of output objects containing all compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be returned if file with the same name “gs://bucket_name/object_name_prefix” already exists.

Type

str

class google.cloud.asset_v1.types.BigQueryDestination(mapping=None, **kwargs)[source]

A BigQuery destination for exporting assets to.

dataset

Required. The BigQuery dataset in format “projects/projectId/datasets/datasetId”, to which the snapshot result should be exported. If this dataset does not exist, the export call returns an INVALID_ARGUMENT error.

Type

str

table

Required. The BigQuery table to which the snapshot result should be written. If this table does not exist, a new table with the given name will be created.

Type

str

force

If the destination table already exists and this flag is TRUE, the table will be overwritten by the contents of assets snapshot. If the flag is FALSE or unset and the destination table already exists, the export call returns an INVALID_ARGUMEMT error.

Type

bool

class google.cloud.asset_v1.types.PubsubDestination(mapping=None, **kwargs)[source]

A Pub/Sub destination.

topic

The name of the Pub/Sub topic to publish to. Example: projects/PROJECT_ID/topics/TOPIC_ID.

Type

str

class google.cloud.asset_v1.types.FeedOutputConfig(mapping=None, **kwargs)[source]

Output configuration for asset feed destination.

pubsub_destination

Destination on Pub/Sub.

Type

PubsubDestination

class google.cloud.asset_v1.types.Feed(mapping=None, **kwargs)[source]

An asset feed used to export asset updates to a destinations. An asset feed filter controls what updates are exported. The asset feed must be created within a project, organization, or folder. Supported destinations are: Pub/Sub topics.

name

Required. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier}

The client-assigned feed identifier must be unique within the parent project/folder/organization.

Type

str

asset_names

A list of the full names of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See Resource Names for more info.

Type

Sequence[str]

asset_types

A list of types of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. Example: "compute.googleapis.com/Disk"

See this topic for a list of all supported asset types.

Type

Sequence[str]

content_type

Asset content type. If not specified, no content but the asset name and type will be returned.

Type

ContentType

feed_output_config

Required. Feed output configuration defining where the asset updates are published to.

Type

FeedOutputConfig

condition

A condition which determines whether an asset update should be published. If specified, an asset will be returned only when the expression evaluates to true. When set, expression field in the Expr must be a valid [CEL expression] (https://github.com/google/cel-spec) on a TemporalAsset with name temporal_asset. Example: a Feed with expression (“temporal_asset.deleted == true”) will only publish Asset deletions. Other fields in Expr are optional.

Type

Expr

class google.cloud.asset_v1.types.SearchAllResourcesRequest(mapping=None, **kwargs)[source]

Search all resources request.

scope

Required. A scope can be a project, a folder or an organization. The search is limited to the resources within the scope.

The allowed values are:

  • projects/{PROJECT_ID}

  • projects/{PROJECT_NUMBER}

  • folders/{FOLDER_NUMBER}

  • organizations/{ORGANIZATION_NUMBER}

Type

str

query

Optional. The query statement. An empty query can be specified to search all the resources of certain asset_types within the given scope.

Examples:

  • name : "Important" to find Cloud resources whose name contains “Important” as a word.

  • displayName : "Impor*" to find Cloud resources whose display name contains “Impor” as a word prefix.

  • description : "*por*" to find Cloud resources whose description contains “por” as a substring.

  • location : "us-west*" to find Cloud resources whose location is prefixed with “us-west”.

  • labels : "prod" to find Cloud resources whose labels contain “prod” as a key or value.

  • labels.env : "prod" to find Cloud resources which have a label “env” and its value is “prod”.

  • labels.env : * to find Cloud resources which have a label “env”.

  • "Important" to find Cloud resources which contain “Important” as a word in any of the searchable fields.

  • "Impor*" to find Cloud resources which contain “Impor” as a word prefix in any of the searchable fields.

  • "*por*" to find Cloud resources which contain “por” as a substring in any of the searchable fields.

  • ("Important" AND location : ("us-west1" OR "global")) to find Cloud resources which contain “Important” as a word in any of the searchable fields and are also located in the “us-west1” region or the “global” location.

See how to construct a query for more details.

Type

str

asset_types

Optional. A list of asset types that this request searches for. If empty, it will search all the searchable asset types.

Type

Sequence[str]

page_size

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

Type

int

page_token

Optional. If present, then retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters, must be identical to those in the previous call.

Type

str

order_by

Optional. A comma separated list of fields specifying the sorting order of the results. The default order is ascending. Add ” DESC” after the field name to indicate descending order. Redundant space characters are ignored. Example: “location DESC, name”. See supported resource metadata fields for more details.

Type

str

class google.cloud.asset_v1.types.SearchAllResourcesResponse(mapping=None, **kwargs)[source]

Search all resources response.

results

A list of Resources that match the search query. It contains the resource standard metadata information.

Type

Sequence[ResourceSearchResult]

next_page_token

If there are more results than those appearing in this response, then next_page_token is included. To get the next set of results, call this method again using the value of next_page_token as page_token.

Type

str

class google.cloud.asset_v1.types.SearchAllIamPoliciesRequest(mapping=None, **kwargs)[source]

Search all IAM policies request.

scope

Required. A scope can be a project, a folder or an organization. The search is limited to the IAM policies within the scope.

The allowed values are:

  • projects/{PROJECT_ID}

  • projects/{PROJECT_NUMBER}

  • folders/{FOLDER_NUMBER}

  • organizations/{ORGANIZATION_NUMBER}

Type

str

query

Optional. The query statement. An empty query can be specified to search all the IAM policies within the given scope.

Examples:

  • policy : "amy@gmail.com" to find Cloud IAM policy bindings that specify user “amy@gmail.com”.

  • policy : "roles/compute.admin" to find Cloud IAM policy bindings that specify the Compute Admin role.

  • policy.role.permissions : "storage.buckets.update" to find Cloud IAM policy bindings that specify a role containing “storage.buckets.update” permission.

  • resource : "organizations/123" to find Cloud IAM policy bindings that are set on “organizations/123”.

  • (resource : ("organizations/123" OR "folders/1234") AND policy : "amy") to find Cloud IAM policy bindings that are set on “organizations/123” or “folders/1234”, and also specify user “amy”.

See how to construct a query for more details.

Type

str

page_size

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

Type

int

page_token

Optional. If present, retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters must be identical to those in the previous call.

Type

str

class google.cloud.asset_v1.types.SearchAllIamPoliciesResponse(mapping=None, **kwargs)[source]

Search all IAM policies response.

results

A list of IamPolicy that match the search query. Related information such as the associated resource is returned along with the policy.

Type

Sequence[IamPolicySearchResult]

next_page_token

Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the page_token.

Type

str