feat: add SearchAllResources and SearchAllIamPolicies rpcs in ass…

…et service proto (#332) * run compile protos * fix from package.json
googleapis · May 20, 2020 · 2f896c4 · 2f896c4
1 parent 238c11a
commit 2f896c4
Show file tree

Hide file tree

Showing 10 changed files with 6,009 additions and 950 deletions.
diff --git a/package.json b/package.json
@@ -37,7 +37,7 @@
     "fix": "gts fix",
     "lint": "gts check",
     "predocs-test": "npm run docs",
-    "prepare": "npm run compile",
+    "prepare": "npm run compile-protos && npm run compile",
     "system-test": "c8 mocha build/system-test",
     "test": "c8 mocha build/test",
     "prelint": "cd samples; npm link ../; npm install",

diff --git a/protos/google/cloud/asset/v1/asset_service.proto b/protos/google/cloud/asset/v1/asset_service.proto
@@ -37,12 +37,14 @@ option php_namespace = "Google\\Cloud\\Asset\\V1";
 // Asset service definition.
 service AssetService {
   option (google.api.default_host) = "cloudasset.googleapis.com";
-  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
 
   // Exports assets with time and resource types to a given Cloud Storage
   // location. The output format is newline-delimited JSON.
-  // This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
-  // to keep track of the export.
+  // This API implements the
+  // [google.longrunning.Operation][google.longrunning.Operation] API allowing
+  // you to keep track of the export.
   rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{parent=*/*}:exportAssets"
@@ -61,7 +63,8 @@ service AssetService {
   // attached IAM POLICY both exist. This can create gaps in the output history.
   // If a specified asset does not exist, this API returns an INVALID_ARGUMENT
   // error.
-  rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest) returns (BatchGetAssetsHistoryResponse) {
+  rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest)
+      returns (BatchGetAssetsHistoryResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=*/*}:batchGetAssetsHistory"
     };
@@ -109,6 +112,30 @@ service AssetService {
     };
     option (google.api.method_signature) = "name";
   }
+
+  // Searches all the resources within the given accessible scope (e.g., a
+  // project, a folder or an organization). Callers should have
+  // cloud.assets.SearchAllResources permission upon the requested scope,
+  // otherwise the request will be rejected.
+  rpc SearchAllResources(SearchAllResourcesRequest)
+      returns (SearchAllResourcesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{scope=*/*}:searchAllResources"
+    };
+    option (google.api.method_signature) = "scope,query,asset_types";
+  }
+
+  // Searches all the IAM policies within the given accessible scope (e.g., a
+  // project, a folder or an organization). Callers should have
+  // cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+  // otherwise the request will be rejected.
+  rpc SearchAllIamPolicies(SearchAllIamPoliciesRequest)
+      returns (SearchAllIamPoliciesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{scope=*/*}:searchAllIamPolicies"
+    };
+    option (google.api.method_signature) = "scope,query";
+  }
 }
 
 // Export asset request.
@@ -148,8 +175,10 @@ message ExportAssetsRequest {
 }
 
 // The export asset response. This message is returned by the
-// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation] method in the returned
-// [google.longrunning.Operation.response][google.longrunning.Operation.response] field.
+// [google.longrunning.Operations.GetOperation][google.longrunning.Operations.GetOperation]
+// method in the returned
+// [google.longrunning.Operation.response][google.longrunning.Operation.response]
+// field.
 message ExportAssetsResponse {
   // Time the snapshot was taken.
   google.protobuf.Timestamp read_time = 1;
@@ -214,9 +243,8 @@ message CreateFeedRequest {
   // be unique under a specific parent project/folder/organization.
   string feed_id = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. The feed details. The field `name` must be empty and it will be generated
-  // in the format of:
-  // projects/project_number/feeds/feed_id
+  // Required. The feed details. The field `name` must be empty and it will be
+  // generated in the format of: projects/project_number/feeds/feed_id
   // folders/folder_number/feeds/feed_id
   // organizations/organization_number/feeds/feed_id
   Feed feed = 3 [(google.api.field_behavior) = REQUIRED];
@@ -230,9 +258,7 @@ message GetFeedRequest {
   // organizations/organization_number/feeds/feed_id
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "cloudasset.googleapis.com/Feed"
-    }
+    (google.api.resource_reference) = { type: "cloudasset.googleapis.com/Feed" }
   ];
 }
 
@@ -251,8 +277,8 @@ message ListFeedsResponse {
 
 // Update asset feed request.
 message UpdateFeedRequest {
-  // Required. The new values of feed details. It must match an existing feed and the
-  // field `name` must be in the format of:
+  // Required. The new values of feed details. It must match an existing feed
+  // and the field `name` must be in the format of:
   // projects/project_number/feeds/feed_id or
   // folders/folder_number/feeds/feed_id or
   // organizations/organization_number/feeds/feed_id.
@@ -261,7 +287,8 @@ message UpdateFeedRequest {
   // Required. Only updates the `feed` fields indicated by this mask.
   // The field mask must not be empty, and it must not contain fields that
   // are immutable or only set by the server.
-  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = REQUIRED];
 }
 
 message DeleteFeedRequest {
@@ -271,9 +298,7 @@ message DeleteFeedRequest {
   // organizations/organization_number/feeds/feed_id
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = {
-      type: "cloudasset.googleapis.com/Feed"
-    }
+    (google.api.resource_reference) = { type: "cloudasset.googleapis.com/Feed" }
   ];
 }
 
@@ -401,7 +426,156 @@ message Feed {
 
   // Required. Feed output configuration defining where the asset updates are
   // published to.
-  FeedOutputConfig feed_output_config = 5 [(google.api.field_behavior) = REQUIRED];
+  FeedOutputConfig feed_output_config = 5
+      [(google.api.field_behavior) = REQUIRED];
+}
+
+// Search all resources request.
+message SearchAllResourcesRequest {
+  // Required. A scope can be a project, a folder or an organization. The search
+  // is limited to the resources within the `scope`.
+  //
+  // The allowed values are:
+  //
+  // * projects/{PROJECT_ID}
+  // * projects/{PROJECT_NUMBER}
+  // * folders/{FOLDER_NUMBER}
+  // * organizations/{ORGANIZATION_NUMBER}
+  string scope = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The query statement. An empty query can be specified to search
+  // all the resources of certain `asset_types` within the given `scope`.
+  //
+  // Examples:
+  //
+  // * `name : "Important"` to find Cloud resources whose name contains
+  //   "Important" as a word.
+  // * `displayName : "Impor*"` to find Cloud resources whose display name
+  //   contains "Impor" as a word prefix.
+  // * `description : "*por*"` to find Cloud resources whose description
+  //   contains "por" as a substring.
+  // * `location : "us-west*"` to find Cloud resources whose location is
+  //   prefixed with "us-west".
+  // * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+  //   a key or value.
+  // * `labels.env : "prod"` to find Cloud resources which have a label "env"
+  //   and its value is "prod".
+  // * `labels.env : *` to find Cloud resources which have a label "env".
+  // * `"Important"` to find Cloud resources which contain "Important" as a word
+  //   in any of the searchable fields.
+  // * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+  //   in any of the searchable fields.
+  // * `"*por*"` to find Cloud resources which contain "por" as a substring in
+  //   any of the searchable fields.
+  // * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
+  //   resources which contain "Important" as a word in any of the searchable
+  //   fields and are also located in the "us-west1" region or the "global"
+  //   location.
+  //
+  // See [how to construct a
+  // query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+  // for more details.
+  string query = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A list of asset types that this request searches for. If empty,
+  // it will search all the [searchable asset
+  // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+  repeated string asset_types = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The page size for search result pagination. Page size is capped
+  // at 500 even if a larger value is given. If set to zero, server will pick an
+  // appropriate default. Returned results may be fewer than requested. When
+  // this happens, there could be more results as long as `next_page_token` is
+  // returned.
+  int32 page_size = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If present, then retrieve the next batch of results from the
+  // preceding call to this method. `page_token` must be the value of
+  // `next_page_token` from the previous response. The values of all other
+  // method parameters, must be identical to those in the previous call.
+  string page_token = 5 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A comma separated list of fields specifying the sorting order of
+  // the results. The default order is ascending. Add " DESC" after the field
+  // name to indicate descending order. Redundant space characters are ignored.
+  // Example: "location DESC, name". See [supported resource metadata
+  // fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
+  // for more details.
+  string order_by = 6 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Search all resources response.
+message SearchAllResourcesResponse {
+  // A list of Resources that match the search query. It contains the resource
+  // standard metadata information.
+  repeated ResourceSearchResult results = 1;
+
+  // If there are more results than those appearing in this response, then
+  // `next_page_token` is included. To get the next set of results, call this
+  // method again using the value of `next_page_token` as `page_token`.
+  string next_page_token = 2;
+}
+
+// Search all IAM policies request.
+message SearchAllIamPoliciesRequest {
+  // Required. A scope can be a project, a folder or an organization. The search
+  // is limited to the IAM policies within the `scope`.
+  //
+  // The allowed values are:
+  //
+  // * projects/{PROJECT_ID}
+  // * projects/{PROJECT_NUMBER}
+  // * folders/{FOLDER_NUMBER}
+  // * organizations/{ORGANIZATION_NUMBER}
+  string scope = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The query statement. An empty query can be specified to search
+  // all the IAM policies within the given `scope`.
+  //
+  // Examples:
+  //
+  // * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
+  //   specify user "amy@gmail.com".
+  // * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
+  //   specify the Compute Admin role.
+  // * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
+  //   policy bindings that specify a role containing "storage.buckets.update"
+  //   permission.
+  // * `resource : "organizations/123"` to find Cloud IAM policy bindings that
+  //   are set on "organizations/123".
+  // * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
+  //   to find Cloud IAM policy bindings that are set on "organizations/123" or
+  //   "folders/1234", and also specify user "amy".
+  //
+  // See [how to construct a
+  // query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+  // for more details.
+  string query = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The page size for search result pagination. Page size is capped
+  // at 500 even if a larger value is given. If set to zero, server will pick an
+  // appropriate default. Returned results may be fewer than requested. When
+  // this happens, there could be more results as long as `next_page_token` is
+  // returned.
+  int32 page_size = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If present, retrieve the next batch of results from the preceding
+  // call to this method. `page_token` must be the value of `next_page_token`
+  // from the previous response. The values of all other method parameters must
+  // be identical to those in the previous call.
+  string page_token = 4 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Search all IAM policies response.
+message SearchAllIamPoliciesResponse {
+  // A list of IamPolicy that match the search query. Related information such
+  // as the associated resource is returned along with the policy.
+  repeated IamPolicySearchResult results = 1;
+
+  // Set if there are more results than those appearing in this response; to get
+  // the next set of results, call this method again, using this value as the
+  // `page_token`.
+  string next_page_token = 2;
 }
 
 // Asset content type.