Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
Analyzes IAM policies asynchronously to answer which identities have what accesses on which
resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination.
Analyzes IAM policies to answer which identities have what accesses on which resources.
Create a request for the method "v1.analyzeIamPolicy".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote operation.
Parameters:
scope - Required. The relative name of the root asset. Only resources and IAM policies within the scope will
be analyzed. This can only be an organization number (such as "organizations/123"), a
folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or
a project number (such as "projects/12345"). To know how to get organization ID, visit
[here ](https://cloud.google.com/resource-manager/docs/creating-managing-
organization#retrieving_your_organization_id). To know how to get folder or project ID,
visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-
folders#viewing_or_listing_folders_and_projects).
Analyzes IAM policies asynchronously to answer which identities have what accesses on which
resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination.
For Cloud Storage destination, the output format is the JSON format that represents a
AnalyzeIamPolicyResponse. This method implements the google.longrunning.Operation, which allows
you to track the operation status. We recommend intervals of at least 2 seconds with exponential
backoff retry to poll the operation result. The metadata contains the metadata for the long-
running operation.
Create a request for the method "v1.analyzeIamPolicyLongrunning".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote
operation.
Parameters:
scope - Required. The relative name of the root asset. Only resources and IAM policies within the scope will
be analyzed. This can only be an organization number (such as "organizations/123"), a
folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or
a project number (such as "projects/12345"). To know how to get organization ID, visit
[here ](https://cloud.google.com/resource-manager/docs/creating-managing-
organization#retrieving_your_organization_id). To know how to get folder or project ID,
visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-
folders#viewing_or_listing_folders_and_projects).
Analyze moving a resource to a specified destination without kicking off the actual move. The
analysis is best effort depending on the user's permissions of viewing different hierarchical
policies and configurations. The policies and configuration are subject to change before the
actual resource migration takes place.
Create a request for the method "v1.analyzeMove".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote operation.
Parameters:
resource - Required. Name of the resource to perform the analysis against. Only Google Cloud projects are
supported as of today. Hence, this can only be a project ID (such as "projects/my-project-
id") or a project number (such as "projects/12345").
Analyzes organization policies under a scope.
Create a request for the method "v1.analyzeOrgPolicies".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote operation.
Parameters:
scope - Required. The organization to scope the request. Only organization policies within the scope will be
analyzed. * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
Analyzes organization policies governed assets (Google Cloud resources or policies) under a
scope. This RPC supports custom constraints and the following canned constraints: *
constraints/ainotebooks.accessMode * constraints/ainotebooks.disableFileDownloads *
constraints/ainotebooks.disableRootAccess * constraints/ainotebooks.disableTerminal *
constraints/ainotebooks.environmentOptions * constraints/ainotebooks.requireAutoUpgradeSchedule *
constraints/ainotebooks.restrictVpcNetworks * constraints/compute.disableGuestAttributesAccess *
constraints/compute.disableInstanceDataAccessApis *
constraints/compute.disableNestedVirtualization * constraints/compute.disableSerialPortAccess *
constraints/compute.disableSerialPortLogging * constraints/compute.disableVpcExternalIpv6 *
constraints/compute.requireOsLogin * constraints/compute.requireShieldedVm *
constraints/compute.restrictLoadBalancerCreationForTypes *
constraints/compute.restrictProtocolForwardingCreationForTypes *
constraints/compute.restrictXpnProjectLienRemoval *
constraints/compute.setNewProjectDefaultToZonalDNSOnly *
constraints/compute.skipDefaultNetworkCreation * constraints/compute.trustedImageProjects *
constraints/compute.vmCanIpForward * constraints/compute.vmExternalIpAccess *
constraints/gcp.detailedAuditLoggingMode * constraints/gcp.resourceLocations *
constraints/iam.allowedPolicyMemberDomains *
constraints/iam.automaticIamGrantsForDefaultServiceAccounts *
constraints/iam.disableServiceAccountCreation * constraints/iam.disableServiceAccountKeyCreation
* constraints/iam.disableServiceAccountKeyUpload *
constraints/iam.restrictCrossProjectServiceAccountLienRemoval *
constraints/iam.serviceAccountKeyExpiryHours * constraints/resourcemanager.accessBoundaries *
constraints/resourcemanager.allowedExportDestinations *
constraints/sql.restrictAuthorizedNetworks *
constraints/sql.restrictNoncompliantDiagnosticDataAccess *
constraints/sql.restrictNoncompliantResourceCreation * constraints/sql.restrictPublicIp *
constraints/storage.publicAccessPrevention * constraints/storage.restrictAuthTypes *
constraints/storage.uniformBucketLevelAccess This RPC only returns either resources of types
[supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
or IAM policies.
Create a request for the method "v1.analyzeOrgPolicyGovernedAssets".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote
operation.
Parameters:
scope - Required. The organization to scope the request. Only organization policies within the scope will be
analyzed. The output assets will also be limited to the ones governed by those in-scope
organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g.,
"organizations/123456")
Analyzes organization policies governed containers (projects, folders or organization) under a
scope.
Create a request for the method "v1.analyzeOrgPolicyGovernedContainers".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the
remote operation.
Parameters:
scope - Required. The organization to scope the request. Only organization policies within the scope will be
analyzed. The output containers will also be limited to the ones governed by those in-
scope organization policies. * organizations/{ORGANIZATION_NUMBER} (e.g.,
"organizations/123456")
Batch gets the update history of assets that overlap a time window. For IAM_POLICY content, this
API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps
in the output history. Otherwise, this API outputs history with asset in both non-delete or
deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.
Create a request for the method "v1.batchGetAssetsHistory".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote
operation.
Parameters:
parent - Required. The relative name of the root asset. It can only be an organization number (such as
"organizations/123"), a project ID (such as "projects/my-project-id")", or a project
number (such as "projects/12345").
Exports assets with time and resource types to a given Cloud Storage location/BigQuery table. For
Cloud Storage location destinations, the output format is newline-delimited JSON. Each line
represents a google.cloud.asset.v1.Asset in the JSON format; for BigQuery table destinations, the
output table stores the fields in asset Protobuf as columns. This API implements the
google.longrunning.Operation API, which allows you to keep track of the export. We recommend
intervals of at least 2 seconds with exponential retry to poll the export operation result. For
regular-size resource parent, the export operation usually finishes within 5 minutes.
Create a request for the method "v1.exportAssets".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote operation.
Parameters:
parent - Required. The relative name of the root asset. This can only be an organization number (such as
"organizations/123"), a project ID (such as "projects/my-project-id"), or a project number
(such as "projects/12345"), or a folder number (such as "folders/123").
Issue a job that queries assets using a SQL statement compatible with [BigQuery
SQL](https://cloud.google.com/bigquery/docs/introduction-sql). If the query execution finishes
within timeout and there's no pagination, the full query results will be returned in the
`QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests
with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has
approximately 10 GB limitation enforced by
[BigQuery](https://cloud.google.com/bigquery/docs/best-practices-performance-output). Queries
return larger results will result in errors.
Create a request for the method "v1.queryAssets".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote operation.
Parameters:
parent - Required. The relative name of the root asset. This can only be an organization number (such as
"organizations/123"), a project ID (such as "projects/my-project-id"), or a project number
(such as "projects/12345"), or a folder number (such as "folders/123"). Only assets
belonging to the `parent` will be returned.
Searches all IAM policies within the specified scope, such as a project, folder, or organization.
The caller must be granted the `cloudasset.assets.searchAllIamPolicies` permission on the desired
scope, otherwise the request will be rejected.
Create a request for the method "v1.searchAllIamPolicies".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote
operation.
Parameters:
scope - Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM
policies within the `scope`. The caller must be granted the
[`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-
inventory/docs/access-control#required_permissions) permission on the desired scope. The
allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-bar") *
projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * folders/{FOLDER_NUMBER} (e.g.,
"folders/1234567") * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
Searches all Google Cloud resources within the specified scope, such as a project, folder, or
organization. The caller must be granted the `cloudasset.assets.searchAllResources` permission on
the desired scope, otherwise the request will be rejected.
Create a request for the method "v1.searchAllResources".
This request holds the parameters needed by the cloudasset server. After setting any optional
parameters, call the AbstractGoogleClientRequest.execute() method to invoke the remote operation.
Parameters:
scope - Required. A scope can be a project, a folder, or an organization. The search is limited to the
resources within the `scope`. The caller must be granted the
[`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-
inventory/docs/access-control#required_permissions) permission on the desired scope. The
allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-bar") *
projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * folders/{FOLDER_NUMBER} (e.g.,
"folders/1234567") * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
