-
Notifications
You must be signed in to change notification settings - Fork 592
/
asset_service.search_all_iam_policies.js
158 lines (148 loc) · 7.25 KB
/
asset_service.search_all_iam_policies.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// ** This file is automatically generated by gapic-generator-typescript. **
// ** https://github.com/googleapis/gapic-generator-typescript **
// ** All changes to this file may be overwritten. **
'use strict';
function main(scope) {
// [START cloudasset_v1_generated_AssetService_SearchAllIamPolicies_async]
/**
* This snippet has been automatically generated and should be regarded as a code template only.
* It will require modifications to work.
* It may require correct/in-range values for request initialization.
* TODO(developer): Uncomment these variables before running the sample.
*/
/**
* Required. A scope can be a project, a folder, or an organization. The search is
* limited to the IAM policies within the `scope`. The caller must be granted
* the
* `cloudasset.assets.searchAllIamPolicies` (https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
* permission on the desired scope.
* The allowed values are:
* * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
* * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
* * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
*/
// const scope = 'abc123'
/**
* Optional. The query statement. See how to construct a
* query (https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
* for more information. If not specified or empty, it will search all the
* IAM policies within the specified `scope`. Note that the query string is
* compared against each Cloud IAM policy binding, including its principals,
* roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
* contain the bindings that match your query. To learn more about the IAM
* policy structure, see the IAM policy
* documentation (https://cloud.google.com/iam/help/allow-policies/structure).
* Examples:
* * `policy:amy@gmail.com` to find IAM policy bindings that specify user
* "amy@gmail.com".
* * `policy:roles/compute.admin` to find IAM policy bindings that specify
* the Compute Admin role.
* * `policy:comp*` to find IAM policy bindings that contain "comp" as a
* prefix of any word in the binding.
* * `policy.role.permissions:storage.buckets.update` to find IAM policy
* bindings that specify a role containing "storage.buckets.update"
* permission. Note that if callers don't have `iam.roles.get` access to a
* role's included permissions, policy bindings that specify this role will
* be dropped from the search results.
* * `policy.role.permissions:upd*` to find IAM policy bindings that specify a
* role containing "upd" as a prefix of any word in the role permission.
* Note that if callers don't have `iam.roles.get` access to a role's
* included permissions, policy bindings that specify this role will be
* dropped from the search results.
* * `resource:organizations/123456` to find IAM policy bindings
* that are set on "organizations/123456".
* * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to
* find IAM policy bindings that are set on the project named "myproject".
* * `Important` to find IAM policy bindings that contain "Important" as a
* word in any of the searchable fields (except for the included
* permissions).
* * `resource:(instance1 OR instance2) policy:amy` to find
* IAM policy bindings that are set on resources "instance1" or
* "instance2" and also specify user "amy".
* * `roles:roles/compute.admin` to find IAM policy bindings that specify the
* Compute Admin role.
* * `memberTypes:user` to find IAM policy bindings that contain the
* principal type "user".
*/
// const query = 'abc123'
/**
* Optional. The page size for search result pagination. Page size is capped at 500 even
* if a larger value is given. If set to zero, server will pick an appropriate
* default. Returned results may be fewer than requested. When this happens,
* there could be more results as long as `next_page_token` is returned.
*/
// const pageSize = 1234
/**
* Optional. If present, retrieve the next batch of results from the preceding call to
* this method. `page_token` must be the value of `next_page_token` from the
* previous response. The values of all other method parameters must be
* identical to those in the previous call.
*/
// const pageToken = 'abc123'
/**
* Optional. A list of asset types that the IAM policies are attached to. If empty, it
* will search the IAM policies that are attached to all the searchable asset
* types (https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
* Regular expressions are also supported. For example:
* * "compute.googleapis.com.*" snapshots IAM policies attached to asset type
* starts with "compute.googleapis.com".
* * ".*Instance" snapshots IAM policies attached to asset type ends with
* "Instance".
* * ".*Instance.*" snapshots IAM policies attached to asset type contains
* "Instance".
* See RE2 (https://github.com/google/re2/wiki/Syntax) for all supported
* regular expression syntax. If the regular expression does not match any
* supported asset type, an INVALID_ARGUMENT error will be returned.
*/
// const assetTypes = 'abc123'
/**
* Optional. A comma-separated list of fields specifying the sorting order of the
* results. The default order is ascending. Add " DESC" after the field name
* to indicate descending order. Redundant space characters are ignored.
* Example: "assetType DESC, resource".
* Only singular primitive fields in the response are sortable:
* * resource
* * assetType
* * project
* All the other fields such as repeated fields (e.g., `folders`) and
* non-primitive fields (e.g., `policy`) are not supported.
*/
// const orderBy = 'abc123'
// Imports the Asset library
const {AssetServiceClient} = require('@google-cloud/asset').v1;
// Instantiates a client
const assetClient = new AssetServiceClient();
async function callSearchAllIamPolicies() {
// Construct request
const request = {
scope,
};
// Run request
const iterable = await assetClient.searchAllIamPoliciesAsync(request);
for await (const response of iterable) {
console.log(response);
}
}
callSearchAllIamPolicies();
// [END cloudasset_v1_generated_AssetService_SearchAllIamPolicies_async]
}
process.on('unhandledRejection', err => {
console.error(err.message);
process.exitCode = 1;
});
main(...process.argv.slice(2));