Class: Google::Apis::CloudassetV1::Asset
- Inherits:
-
Object
- Object
- Google::Apis::CloudassetV1::Asset
- Defined in:
- generated/google/apis/cloudasset_v1/classes.rb,
generated/google/apis/cloudasset_v1/representations.rb,
generated/google/apis/cloudasset_v1/representations.rb
Overview
Cloud asset. This includes all Google Cloud Platform resources, Cloud IAM policies, and other non-GCP assets.
Instance Attribute Summary collapse
-
#access_level ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessLevel
An
AccessLevel
is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied. -
#access_policy ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessPolicy
AccessPolicy
is a container forAccessLevels
(which define the necessary attributes to use Google Cloud services) andServicePerimeters
(which define regions of services able to freely pass data within a perimeter). -
#ancestors ⇒ Array<String>
Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy, represented as a list of relative resource names.
-
#asset_type ⇒ String
Type of the asset.
-
#iam_policy ⇒ Google::Apis::CloudassetV1::Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
-
#name ⇒ String
The full name of the asset.
-
#org_policy ⇒ Array<Google::Apis::CloudassetV1::GoogleCloudOrgpolicyV1Policy>
Representation of the Cloud Organization Policy set on an asset.
-
#resource ⇒ Google::Apis::CloudassetV1::Resource
Representation of a cloud resource.
-
#service_perimeter ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter
ServicePerimeter
describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of theServicePerimeter
.
Instance Method Summary collapse
-
#initialize(**args) ⇒ Asset
constructor
A new instance of Asset.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Google::Apis::Core::JsonObjectSupport
Methods included from Google::Apis::Core::Hashable
Constructor Details
#initialize(**args) ⇒ Asset
Returns a new instance of Asset.
156 157 158 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 156 def initialize(**args) update!(**args) end |
Instance Attribute Details
#access_level ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessLevel
An AccessLevel
is a label that can be applied to requests to Google Cloud
services, along with a list of requirements necessary for the label to be
applied.
Corresponds to the JSON property accessLevel
35 36 37 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 35 def access_level @access_level end |
#access_policy ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessPolicy
AccessPolicy
is a container for AccessLevels
(which define the necessary
attributes to use Google Cloud services) and ServicePerimeters
(which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
Corresponds to the JSON property accessPolicy
44 45 46 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 44 def access_policy @access_policy end |
#ancestors ⇒ Array<String>
Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy,
represented as a list of relative resource names. Ancestry path starts with
the closest CRM ancestor and ends at root. If the asset is a CRM
project/folder/organization, this starts from the asset itself.
Example: ["projects/123456789", "folders/5432", "organizations/1234"]
Corresponds to the JSON property ancestors
53 54 55 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 53 def ancestors @ancestors end |
#asset_type ⇒ String
Type of the asset. Example: "compute.googleapis.com/Disk".
Corresponds to the JSON property assetType
58 59 60 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 58 def asset_type @asset_type end |
#iam_policy ⇒ Google::Apis::CloudassetV1::Policy
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy
is a collection of bindings
. A binding
binds one or more
members
to a single role
. Members can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of
permissions; each role
can be an IAM predefined role or a user-created
custom role.
Optionally, a binding
can specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates
to true
. A condition can add constraints based on attributes of the
request, the resource, or both.
JSON example:
"bindings": [
"role": "roles/resourcemanager.organizationAdmin",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com"
]
,
"role": "roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"condition":
"title": "expirable access",
"description": "Does not grant access after Sep 2020",
"expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
",
],
"etag": "BwWWja0YfJA=",
"version": 3
YAML example:
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
- members:
- user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
- etag: BwWWja0YfJA=
- version: 3
For a description of IAM and its features, see the
IAM documentation.
Corresponds to the JSON property
iamPolicy
118 119 120 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 118 def iam_policy @iam_policy end |
#name ⇒ String
The full name of the asset. For example:
//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/
instance1
.
See Resource
Names
for more information.
Corresponds to the JSON property name
128 129 130 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 128 def name @name end |
#org_policy ⇒ Array<Google::Apis::CloudassetV1::GoogleCloudOrgpolicyV1Policy>
Representation of the Cloud Organization Policy set on an asset. For each
asset, there could be multiple Organization policies with different
constraints.
Corresponds to the JSON property orgPolicy
135 136 137 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 135 def org_policy @org_policy end |
#resource ⇒ Google::Apis::CloudassetV1::Resource
Representation of a cloud resource.
Corresponds to the JSON property resource
140 141 142 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 140 def resource @resource end |
#service_perimeter ⇒ Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter
ServicePerimeter
describes a set of Google Cloud resources which can freely
import and export data amongst themselves, but not export outside of the
ServicePerimeter
. If a request with a source within this ServicePerimeter
has a target outside of the ServicePerimeter
, the request will be blocked.
Otherwise the request is allowed. There are two types of Service Perimeter -
Regular and Bridge. Regular Service Perimeters cannot overlap, a single
Google Cloud project can only belong to a single regular Service Perimeter.
Service Perimeter Bridges can contain only Google Cloud projects as members,
a single Google Cloud project may belong to multiple Service Perimeter
Bridges.
Corresponds to the JSON property servicePerimeter
154 155 156 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 154 def service_perimeter @service_perimeter end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
161 162 163 164 165 166 167 168 169 170 171 |
# File 'generated/google/apis/cloudasset_v1/classes.rb', line 161 def update!(**args) @access_level = args[:access_level] if args.key?(:access_level) @access_policy = args[:access_policy] if args.key?(:access_policy) @ancestors = args[:ancestors] if args.key?(:ancestors) @asset_type = args[:asset_type] if args.key?(:asset_type) @iam_policy = args[:iam_policy] if args.key?(:iam_policy) @name = args[:name] if args.key?(:name) @org_policy = args[:org_policy] if args.key?(:org_policy) @resource = args[:resource] if args.key?(:resource) @service_perimeter = args[:service_perimeter] if args.key?(:service_perimeter) end |