Skip to main content

assets

Creates, updates, deletes, gets or lists a assets resource.

Overview

Nameassets
TypeResource
Idgoogle.cloudasset.assets

Fields

NameDatatypeDescription
namestringThe full name of the asset. Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1 See Resource names for more information.
accessLevelobjectAn AccessLevel is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.
accessPolicyobjectAccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
ancestorsarrayThe ancestry path of an asset in Google Cloud resource hierarchy, represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: ["projects/123456789", "folders/5432", "organizations/1234"]
assetTypestringThe type of the asset. Example: compute.googleapis.com/Disk See Supported asset types for more information.
iamPolicyobjectAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the IAM documentation.
orgPolicyarrayA representation of an organization policy. There can be more than one organization policy with different constraints set on a given resource.
osInventoryobjectThis API resource represents the available inventory data for a Compute Engine virtual machine (VM) instance at a given point in time. You can use this API resource to determine the inventory data of your VM. For more information, see Information provided by OS inventory management.
relatedAssetobjectAn asset identifier in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud resource hierarchy, a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See Supported asset types for more information.
relatedAssetsobjectDEPRECATED. This message only presents for the purpose of backward-compatibility. The server will never populate this message in responses. The detailed related assets with the relationship_type.
resourceobjectA representation of a Google Cloud resource.
servicePerimeterobjectServicePerimeter describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter. If a request with a source within this ServicePerimeter has a target outside of the ServicePerimeter, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
updateTimestringThe last update timestamp of an asset. update_time is updated when create/update/delete operation is performed.

Methods

NameAccessible byRequired ParamsDescription
listSELECTparent, parentTypeLists assets with time and resource types and returns paged results in response.

SELECT examples

Lists assets with time and resource types and returns paged results in response.

SELECT
name,
accessLevel,
accessPolicy,
ancestors,
assetType,
iamPolicy,
orgPolicy,
osInventory,
relatedAsset,
relatedAssets,
resource,
servicePerimeter,
updateTime
FROM google.cloudasset.assets
WHERE parent = '{{ parent }}'
AND parentType = '{{ parentType }}';