@@ -26,6 +26,7 @@ import "google/longrunning/operations.proto";
2626import "google/protobuf/duration.proto" ;
2727import "google/protobuf/empty.proto" ;
2828import "google/protobuf/field_mask.proto" ;
29+ import "google/protobuf/struct.proto" ;
2930import "google/protobuf/timestamp.proto" ;
3031import "google/rpc/status.proto" ;
3132import "google/type/expr.proto" ;
@@ -197,6 +198,27 @@ service AssetService {
197198 };
198199 }
199200
201+ // Issue a job that queries assets using a SQL statement compatible with
202+ // [BigQuery Standard
203+ // SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
204+ //
205+ // If the query execution finishes within timeout and there's no pagination,
206+ // the full query results will be returned in the `QueryAssetsResponse`.
207+ //
208+ // Otherwise, full query results can be obtained by issuing extra requests
209+ // with the `job_reference` from the a previous `QueryAssets` call.
210+ //
211+ // Note, the query result has approximately 10 GB limitation enforced by
212+ // BigQuery
213+ // https://cloud.google.com/bigquery/docs/best-practices-performance-output,
214+ // queries return larger results will result in errors.
215+ rpc QueryAssets (QueryAssetsRequest ) returns (QueryAssetsResponse ) {
216+ option (google.api.http ) = {
217+ post : "/v1/{parent=*/*}:queryAssets"
218+ body : "*"
219+ };
220+ }
221+
200222 // Creates a saved query in a parent project/folder/organization.
201223 rpc CreateSavedQuery (CreateSavedQueryRequest ) returns (SavedQuery ) {
202224 option (google.api.http ) = {
@@ -856,6 +878,14 @@ message SearchAllResourcesRequest {
856878 // * `labels.env:*` to find Cloud resources that have a label "env".
857879 // * `kmsKey:key` to find Cloud resources encrypted with a customer-managed
858880 // encryption key whose name contains the word "key".
881+ // * `relationships:instance-group-1` to find Cloud resources that have
882+ // relationships with "instance-group-1" in the related resource name.
883+ // * `relationships:INSTANCE_TO_INSTANCEGROUP` to find compute instances that
884+ // have relationships of type "INSTANCE_TO_INSTANCEGROUP".
885+ // * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find
886+ // compute instances that have relationships with "instance-group-1" in the
887+ // compute instance group resource name, for relationship type
888+ // "INSTANCE_TO_INSTANCEGROUP".
859889 // * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
860890 // word.
861891 // * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain
@@ -999,8 +1029,8 @@ message SearchAllIamPoliciesRequest {
9991029 // compared against each Cloud IAM policy binding, including its principals,
10001030 // roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
10011031 // contain the bindings that match your query. To learn more about the IAM
1002- // policy structure, see [IAM policy
1003- // doc ](https://cloud.google.com/iam/docs/ policies# structure).
1032+ // policy structure, see the [IAM policy
1033+ // documentation ](https://cloud.google.com/iam/help/allow- policies/ structure).
10041034 //
10051035 // Examples:
10061036 //
@@ -1730,28 +1760,203 @@ message MoveImpact {
17301760 string detail = 1 ;
17311761}
17321762
1733- // Asset content type.
1734- enum ContentType {
1735- // Unspecified content type.
1736- CONTENT_TYPE_UNSPECIFIED = 0 ;
1763+ // Output configuration query assets.
1764+ message QueryAssetsOutputConfig {
1765+ // BigQuery destination.
1766+ message BigQueryDestination {
1767+ // Required. The BigQuery dataset where the query results will be saved. It
1768+ // has the format of "projects/{projectId}/datasets/{datasetId}".
1769+ string dataset = 1 [(google.api.field_behavior ) = REQUIRED ];
17371770
1738- // Resource metadata.
1739- RESOURCE = 1 ;
1771+ // Required. The BigQuery table where the query results will be saved. If
1772+ // this table does not exist, a new table with the given name will be
1773+ // created.
1774+ string table = 2 [(google.api.field_behavior ) = REQUIRED ];
17401775
1741- // The actual IAM policy set on a resource.
1742- IAM_POLICY = 2 ;
1776+ // Specifies the action that occurs if the destination table or partition
1777+ // already exists. The following values are supported:
1778+ //
1779+ // * WRITE_TRUNCATE: If the table or partition already exists, BigQuery
1780+ // overwrites the entire table or all the partitions data.
1781+ // * WRITE_APPEND: If the table or partition already exists, BigQuery
1782+ // appends the data to the table or the latest partition.
1783+ // * WRITE_EMPTY: If the table already exists and contains data, an error is
1784+ // returned.
1785+ string write_disposition = 3 ;
1786+ }
17431787
1744- // The Cloud Organization Policy set on an asset.
1745- ORG_POLICY = 4 ;
1788+ // BigQuery destination where the query results will be saved.
1789+ BigQueryDestination bigquery_destination = 1 ;
1790+ }
17461791
1747- // The Cloud Access context manager Policy set on an asset.
1748- ACCESS_POLICY = 5 ;
1792+ // QueryAssets request.
1793+ message QueryAssetsRequest {
1794+ // Required. The relative name of the root asset. This can only be an
1795+ // organization number (such as "organizations/123"), a project ID (such as
1796+ // "projects/my-project-id"), or a project number (such as "projects/12345"),
1797+ // or a folder number (such as "folders/123").
1798+ //
1799+ // Only assets belonging to the `parent` will be returned.
1800+ string parent = 1 [
1801+ (google.api.field_behavior ) = REQUIRED ,
1802+ (google.api.resource_reference ) = {
1803+ child_type : "cloudasset.googleapis.com/Asset"
1804+ }
1805+ ];
17491806
1750- // The runtime OS Inventory information.
1751- OS_INVENTORY = 6 ;
1807+ oneof query {
1808+ // Optional. A SQL statement that's compatible with [BigQuery Standard
1809+ // SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
1810+ string statement = 2 [(google.api.field_behavior ) = OPTIONAL ];
17521811
1753- // The related resources.
1754- RELATIONSHIP = 7 ;
1812+ // Optional. Reference to the query job, which is from the
1813+ // `QueryAssetsResponse` of previous `QueryAssets` call.
1814+ string job_reference = 3 [(google.api.field_behavior ) = OPTIONAL ];
1815+ }
1816+
1817+ // Optional. The maximum number of rows to return in the results. Responses
1818+ // are limited to 10 MB and 1000 rows.
1819+ //
1820+ // By default, the maximum row count is 1000. When the byte or row count limit
1821+ // is reached, the rest of the query results will be paginated.
1822+ //
1823+ // The field will be ignored when [output_config] is specified.
1824+ int32 page_size = 4 [(google.api.field_behavior ) = OPTIONAL ];
1825+
1826+ // Optional. A page token received from previous `QueryAssets`.
1827+ //
1828+ // The field will be ignored when [output_config] is specified.
1829+ string page_token = 5 [(google.api.field_behavior ) = OPTIONAL ];
1830+
1831+ // Optional. Specifies the maximum amount of time that the client is willing
1832+ // to wait for the query to complete. By default, this limit is 5 min for the
1833+ // first query, and 1 minute for the following queries. If the query is
1834+ // complete, the `done` field in the `QueryAssetsResponse` is true, otherwise
1835+ // false.
1836+ //
1837+ // Like BigQuery [jobs.query
1838+ // API](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs/query#queryrequest)
1839+ // The call is not guaranteed to wait for the specified timeout; it typically
1840+ // returns after around 200 seconds (200,000 milliseconds), even if the query
1841+ // is not complete.
1842+ //
1843+ // The field will be ignored when [output_config] is specified.
1844+ google.protobuf.Duration timeout = 6 [(google.api.field_behavior ) = OPTIONAL ];
1845+
1846+ // Specifies what time period or point in time to query asset metadata at.
1847+ // * unset - query asset metadata as it is right now
1848+ // * [read_time_window] - query asset metadata as it was at any point in time
1849+ // between [start_time] and [end_time].
1850+ // * [read_time] - query asset metadata as it was at that point in time.
1851+ // If data for the timestamp/date range selected does not exist,
1852+ // it will simply return a valid response with no rows.
1853+ oneof time {
1854+ // Optional. [start_time] is required. [start_time] must be less than
1855+ // [end_time] Defaults [end_time] to now if [start_time] is set and
1856+ // [end_time] isn't. Maximum permitted time range is 7 days.
1857+ TimeWindow read_time_window = 7 [(google.api.field_behavior ) = OPTIONAL ];
1858+
1859+ // Optional. Queries cloud assets as they appeared at the specified point in
1860+ // time.
1861+ google.protobuf.Timestamp read_time = 8
1862+ [(google.api.field_behavior ) = OPTIONAL ];
1863+ }
1864+
1865+ // Optional. Destination where the query results will be saved.
1866+ //
1867+ // When this field is specified, the query results won't be saved in the
1868+ // [QueryAssetsResponse.query_result]. Instead
1869+ // [QueryAssetsResponse.output_config] will be set.
1870+ //
1871+ // Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used
1872+ // to check the status of the query job when passed to a following
1873+ // [QueryAssets] API call.
1874+ QueryAssetsOutputConfig output_config = 9
1875+ [(google.api.field_behavior ) = OPTIONAL ];
1876+ }
1877+
1878+ // QueryAssets response.
1879+ message QueryAssetsResponse {
1880+ // Reference to a query job.
1881+ string job_reference = 1 ;
1882+
1883+ // The query response, which can be either an `error` or a valid `response`.
1884+ //
1885+ // If `done` == `false` and the query result is being saved in a output, the
1886+ // output_config field will be set.
1887+ // If `done` == `true`, exactly one of
1888+ // `error`, `query_result` or `output_config` will be set.
1889+ bool done = 2 ;
1890+
1891+ oneof response {
1892+ // Error status.
1893+ google.rpc.Status error = 3 ;
1894+
1895+ // Result of the query.
1896+ QueryResult query_result = 4 ;
1897+
1898+ // Output configuration which indicates instead of being returned in API
1899+ // response on the fly, the query result will be saved in a specific output.
1900+ QueryAssetsOutputConfig output_config = 5 ;
1901+ }
1902+ }
1903+
1904+ // Execution results of the query.
1905+ //
1906+ // The result is formatted as rows represented by BigQuery compatible [schema].
1907+ // When pagination is necessary, it will contains the page token to retrieve
1908+ // the results of following pages.
1909+ message QueryResult {
1910+ // Each row hold a query result in the format of `Struct`.
1911+ repeated google.protobuf.Struct rows = 1 ;
1912+
1913+ // Describes the format of the [rows].
1914+ TableSchema schema = 2 ;
1915+
1916+ // Token to retrieve the next page of the results.
1917+ string next_page_token = 3 ;
1918+
1919+ // Total rows of the whole query results.
1920+ int64 total_rows = 4 ;
1921+ }
1922+
1923+ // BigQuery Compatible table schema.
1924+ message TableSchema {
1925+ // Describes the fields in a table.
1926+ repeated TableFieldSchema fields = 1 ;
1927+ }
1928+
1929+ // A field in TableSchema.
1930+ message TableFieldSchema {
1931+ // The field name. The name must contain only letters (a-z, A-Z),
1932+ // numbers (0-9), or underscores (_), and must start with a letter or
1933+ // underscore. The maximum length is 128 characters.
1934+ string field = 1 ;
1935+
1936+ // The field data type. Possible values include
1937+ // * STRING
1938+ // * BYTES
1939+ // * INTEGER
1940+ // * FLOAT
1941+ // * BOOLEAN
1942+ // * TIMESTAMP
1943+ // * DATE
1944+ // * TIME
1945+ // * DATETIME
1946+ // * GEOGRAPHY,
1947+ // * NUMERIC,
1948+ // * BIGNUMERIC,
1949+ // * RECORD
1950+ // (where RECORD indicates that the field contains a nested schema).
1951+ string type = 2 ;
1952+
1953+ // The field mode. Possible values include NULLABLE, REQUIRED and
1954+ // REPEATED. The default value is NULLABLE.
1955+ string mode = 3 ;
1956+
1957+ // Describes the nested schema fields if the type property is set
1958+ // to RECORD.
1959+ repeated TableFieldSchema fields = 4 ;
17551960}
17561961
17571962// A request message for
@@ -1841,3 +2046,27 @@ message BatchGetEffectiveIamPoliciesResponse {
18412046 // [EffectiveIamPolicy.policies][google.cloud.asset.v1.BatchGetEffectiveIamPoliciesResponse.EffectiveIamPolicy.policies].
18422047 repeated EffectiveIamPolicy policy_results = 2 ;
18432048}
2049+
2050+ // Asset content type.
2051+ enum ContentType {
2052+ // Unspecified content type.
2053+ CONTENT_TYPE_UNSPECIFIED = 0 ;
2054+
2055+ // Resource metadata.
2056+ RESOURCE = 1 ;
2057+
2058+ // The actual IAM policy set on a resource.
2059+ IAM_POLICY = 2 ;
2060+
2061+ // The Cloud Organization Policy set on an asset.
2062+ ORG_POLICY = 4 ;
2063+
2064+ // The Cloud Access context manager Policy set on an asset.
2065+ ACCESS_POLICY = 5 ;
2066+
2067+ // The runtime OS Inventory information.
2068+ OS_INVENTORY = 6 ;
2069+
2070+ // The related resources.
2071+ RELATIONSHIP = 7 ;
2072+ }
![gcf-owl-bot[bot]](https://avatars.githubusercontent.com/in/99011?v=4&size=40){kind=avatar}
0 commit comments