Class: Google::Apis::CloudassetV1::Asset

Inherits:

Object

• Object
• Google::Apis::CloudassetV1::Asset

Includes:

Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport

Defined in:

generated/google/apis/cloudasset_v1/classes.rb,
generated/google/apis/cloudasset_v1/representations.rb,
generated/google/apis/cloudasset_v1/representations.rb

Overview

Cloud asset. This includes all Google Cloud Platform resources, Cloud IAM policies, and other non-GCP assets.

Instance Attribute Summary

• #access_level ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessLevel

  An AccessLevel is a label that can be applied to requests to GCP services, along with a list of requirements necessary for the label to be applied.

• #access_policy ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessPolicy

  AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter).

• #ancestors ⇒ Array<String>

  Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, represented as a list of relative resource names.

• #asset_type ⇒ String

  Type of the asset.

• #iam_policy ⇒ Google::Apis::CloudassetV1::Policy

  Defines an Identity and Access Management (IAM) policy.

• #name ⇒ String

  The full name of the asset.

• #org_policy ⇒ Array<Google::Apis::CloudassetV1::GoogleCloudOrgpolicyV1Policy>

  Representation of the Cloud Organization Policy set on an asset.

• #resource ⇒ Google::Apis::CloudassetV1::Resource

  Representation of a cloud resource.

• #service_perimeter ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter

  ServicePerimeter describes a set of GCP resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter.

Instance Method Summary

• #initialize(**args) ⇒ Asset constructor

  A new instance of Asset.

• #update!(**args) ⇒ Object

  Update properties of this object.

Methods included from Google::Apis::Core::JsonObjectSupport

#to_json

Methods included from Google::Apis::Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ Asset

Returns a new instance of Asset

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 148

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#access_level ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessLevel

An AccessLevel is a label that can be applied to requests to GCP services, along with a list of requirements necessary for the label to be applied. Corresponds to the JSON property accessLevel

Returns:

• (Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessLevel)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 34

def access_level
  @access_level
end

#access_policy ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessPolicy

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization. Corresponds to the JSON property accessPolicy

Returns:

• (Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessPolicy)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 43

def access_policy
  @access_policy
end

#ancestors ⇒ Array<String>

Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, represented as a list of relative resource names. Ancestry path starts with the closest CRM ancestor and ends at root. If the asset is a CRM project/folder/organization, this starts from the asset itself. Example: ["projects/123456789", "folders/5432", "organizations/1234"] Corresponds to the JSON property ancestors

Returns:

• (Array<String>)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 52

def ancestors
  @ancestors
end

#asset_type ⇒ String

Type of the asset. Example: "compute.googleapis.com/Disk". Corresponds to the JSON property assetType

Returns:

• (String)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 57

def asset_type
  @asset_type
end

#iam_policy ⇒ Google::Apis::CloudassetV1::Policy

Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. JSON Example "bindings": [ "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] , "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", ] YAML Example bindings:

• members:
• user:mike@example.com
• group:admins@example.com
• domain:google.com
• serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
• members:
• user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') For a description of IAM and its features, see the IAM developer's guide. Corresponds to the JSON property iamPolicy

Returns:

• (Google::Apis::CloudassetV1::Policy)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 111

def iam_policy
  @iam_policy
end

#name ⇒ String

The full name of the asset. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/ instance1. See Resource Names for more information. Corresponds to the JSON property name

Returns:

• (String)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 121

def name
  @name
end

#org_policy ⇒ Array<Google::Apis::CloudassetV1::GoogleCloudOrgpolicyV1Policy>

Representation of the Cloud Organization Policy set on an asset. For each asset, there could be multiple Organization policies with different constraints. Corresponds to the JSON property orgPolicy

Returns:

• (Array<Google::Apis::CloudassetV1::GoogleCloudOrgpolicyV1Policy>)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 128

def org_policy
  @org_policy
end

#resource ⇒ Google::Apis::CloudassetV1::Resource

Representation of a cloud resource. Corresponds to the JSON property resource

Returns:

• (Google::Apis::CloudassetV1::Resource)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 133

def resource
  @resource
end

#service_perimeter ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter

ServicePerimeter describes a set of GCP resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter. If a request with a source within this ServicePerimeter has a target outside of the ServicePerimeter, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single GCP project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only GCP projects as members, a single GCP project may belong to multiple Service Perimeter Bridges. Corresponds to the JSON property servicePerimeter

Returns:

• (Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter)

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 146

def service_perimeter
  @service_perimeter
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'generated/google/apis/cloudasset_v1/classes.rb', line 153

def update!(**args)
  @access_level = args[:access_level] if args.key?(:access_level)
  @access_policy = args[:access_policy] if args.key?(:access_policy)
  @ancestors = args[:ancestors] if args.key?(:ancestors)
  @asset_type = args[:asset_type] if args.key?(:asset_type)
  @iam_policy = args[:iam_policy] if args.key?(:iam_policy)
  @name = args[:name] if args.key?(:name)
  @org_policy = args[:org_policy] if args.key?(:org_policy)
  @resource = args[:resource] if args.key?(:resource)
  @service_perimeter = args[:service_perimeter] if args.key?(:service_perimeter)
end