You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#### cloudasset:v1
The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1AccessPolicy.properties.scopes (Total Keys: 2)
#### cloudasset:v1beta1
The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1AccessPolicy.properties.scopes (Total Keys: 2)
#### cloudasset:v1p1beta1
The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1AccessPolicy.properties.scopes (Total Keys: 2)
#### cloudasset:v1p4beta1
The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1AccessPolicy.properties.scopes (Total Keys: 2)
#### cloudasset:v1p5beta1
The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1AccessPolicy.properties.scopes (Total Keys: 2)
#### cloudasset:v1p7beta1
The following keys were added:
- schemas.GoogleIdentityAccesscontextmanagerV1AccessPolicy.properties.scopes (Total Keys: 2)
Copy file name to clipboardExpand all lines: docs/dyn/cloudasset_v1.assets.html
+3Lines changed: 3 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -175,6 +175,9 @@ <h3>Method Details</h3>
175
175
"etag": "A String", # Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
176
176
"name": "A String", # Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
177
177
"parent": "A String", # Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
178
+
"scopes": [ # The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
179
+
"A String",
180
+
],
178
181
"title": "A String", # Required. Human readable title. Does not affect behavior.
179
182
},
180
183
"ancestors": [ # The ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
Copy file name to clipboardExpand all lines: docs/dyn/cloudasset_v1.savedQueries.html
+6-6Lines changed: 6 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -112,7 +112,7 @@ <h3>Method Details</h3>
112
112
113
113
{ # A saved query which can be shared with others or used later.
114
114
"content": { # The query content. # The query content.
115
-
"iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
115
+
"iamPolicyAnalysisQuery": { # IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
116
116
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
117
117
"permissions": [ # Optional. The permissions to appear in result.
118
118
"A String",
@@ -163,7 +163,7 @@ <h3>Method Details</h3>
163
163
164
164
{ # A saved query which can be shared with others or used later.
165
165
"content": { # The query content. # The query content.
166
-
"iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
166
+
"iamPolicyAnalysisQuery": { # IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
167
167
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
168
168
"permissions": [ # Optional. The permissions to appear in result.
169
169
"A String",
@@ -238,7 +238,7 @@ <h3>Method Details</h3>
238
238
239
239
{ # A saved query which can be shared with others or used later.
240
240
"content": { # The query content. # The query content.
241
-
"iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
241
+
"iamPolicyAnalysisQuery": { # IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
242
242
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
243
243
"permissions": [ # Optional. The permissions to appear in result.
244
244
"A String",
@@ -301,7 +301,7 @@ <h3>Method Details</h3>
301
301
"savedQueries": [ # A list of savedQueries.
302
302
{ # A saved query which can be shared with others or used later.
303
303
"content": { # The query content. # The query content.
304
-
"iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
304
+
"iamPolicyAnalysisQuery": { # IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
305
305
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
306
306
"permissions": [ # Optional. The permissions to appear in result.
307
307
"A String",
@@ -369,7 +369,7 @@ <h3>Method Details</h3>
369
369
370
370
{ # A saved query which can be shared with others or used later.
371
371
"content": { # The query content. # The query content.
372
-
"iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
372
+
"iamPolicyAnalysisQuery": { # IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
373
373
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
374
374
"permissions": [ # Optional. The permissions to appear in result.
375
375
"A String",
@@ -420,7 +420,7 @@ <h3>Method Details</h3>
420
420
421
421
{ # A saved query which can be shared with others or used later.
422
422
"content": { # The query content. # The query content.
423
-
"iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
423
+
"iamPolicyAnalysisQuery": { # IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
424
424
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
425
425
"permissions": [ # Optional. The permissions to appear in result.
Copy file name to clipboardExpand all lines: docs/dyn/cloudasset_v1.v1.html
+9-3Lines changed: 9 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -135,7 +135,7 @@ <h3>Method Details</h3>
135
135
{ # A response message for AssetService.AnalyzeIamPolicy.
136
136
"fullyExplored": True or False, # Represents whether all entries in the main_analysis and service_account_impersonation_analysis have been fully explored to answer the query in the request.
137
137
"mainAnalysis": { # An analysis message to group the query and results. # The main analysis that matches the original request.
138
-
"analysisQuery": { # ## IAM policy analysis query message. # The analysis query.
138
+
"analysisQuery": { # IAM policy analysis query message. # The analysis query.
139
139
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
140
140
"permissions": [ # Optional. The permissions to appear in result.
141
141
"A String",
@@ -240,7 +240,7 @@ <h3>Method Details</h3>
240
240
},
241
241
"serviceAccountImpersonationAnalysis": [ # The service account impersonation analysis if AnalyzeIamPolicyRequest.analyze_service_account_impersonation is enabled.
242
242
{ # An analysis message to group the query and results.
243
-
"analysisQuery": { # ## IAM policy analysis query message. # The analysis query.
243
+
"analysisQuery": { # IAM policy analysis query message. # The analysis query.
244
244
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
245
245
"permissions": [ # Optional. The permissions to appear in result.
246
246
"A String",
@@ -357,7 +357,7 @@ <h3>Method Details</h3>
357
357
The object takes the form of:
358
358
359
359
{ # A request message for AssetService.AnalyzeIamPolicyLongrunning.
360
-
"analysisQuery": { # ## IAM policy analysis query message. # Required. The request query.
360
+
"analysisQuery": { # IAM policy analysis query message. # Required. The request query.
361
361
"accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
362
362
"permissions": [ # Optional. The permissions to appear in result.
363
363
"A String",
@@ -564,6 +564,9 @@ <h3>Method Details</h3>
564
564
"etag": "A String", # Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
565
565
"name": "A String", # Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
566
566
"parent": "A String", # Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
567
+
"scopes": [ # The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
568
+
"A String",
569
+
],
567
570
"title": "A String", # Required. Human readable title. Does not affect behavior.
568
571
},
569
572
"ancestors": [ # The ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
@@ -1033,6 +1036,9 @@ <h3>Method Details</h3>
1033
1036
"etag": "A String", # Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
1034
1037
"name": "A String", # Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
1035
1038
"parent": "A String", # Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
1039
+
"scopes": [ # The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
1040
+
"A String",
1041
+
],
1036
1042
"title": "A String", # Required. Human readable title. Does not affect behavior.
1037
1043
},
1038
1044
"ancestors": [ # The ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
Copy file name to clipboardExpand all lines: docs/dyn/cloudasset_v1beta1.organizations.html
+3Lines changed: 3 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -170,6 +170,9 @@ <h3>Method Details</h3>
170
170
"etag": "A String", # Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
171
171
"name": "A String", # Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
172
172
"parent": "A String", # Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
173
+
"scopes": [ # The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
174
+
"A String",
175
+
],
173
176
"title": "A String", # Required. Human readable title. Does not affect behavior.
174
177
},
175
178
"assetType": "A String", # The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
0 commit comments