feat: added support for condition in Feed (#346)

googleapis · Jun 17, 2020 · 19903aa · 19903aa
1 parent 789321f
commit 19903aa
Show file tree

Hide file tree

Showing 9 changed files with 851 additions and 540 deletions.
diff --git a/packages/google-cloud-asset/README.md b/packages/google-cloud-asset/README.md
@@ -100,6 +100,8 @@ has instructions for running the samples.
 | Get Feed | [source code](https://github.com/googleapis/nodejs-asset/blob/master/samples/getFeed.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-asset&page=editor&open_in_editor=samples/getFeed.js,samples/README.md) |
 | List Feeds | [source code](https://github.com/googleapis/nodejs-asset/blob/master/samples/listFeeds.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-asset&page=editor&open_in_editor=samples/listFeeds.js,samples/README.md) |
 | Asset History Quickstart | [source code](https://github.com/googleapis/nodejs-asset/blob/master/samples/quickstart.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-asset&page=editor&open_in_editor=samples/quickstart.js,samples/README.md) |
+| Search All Iam Policies | [source code](https://github.com/googleapis/nodejs-asset/blob/master/samples/searchAllIamPolicies.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-asset&page=editor&open_in_editor=samples/searchAllIamPolicies.js,samples/README.md) |
+| Search All Resources | [source code](https://github.com/googleapis/nodejs-asset/blob/master/samples/searchAllResources.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-asset&page=editor&open_in_editor=samples/searchAllResources.js,samples/README.md) |
 | Update Feed | [source code](https://github.com/googleapis/nodejs-asset/blob/master/samples/updateFeed.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-asset&page=editor&open_in_editor=samples/updateFeed.js,samples/README.md) |
 
 

diff --git a/packages/google-cloud-asset/protos/google/cloud/asset/v1/asset_service.proto b/packages/google-cloud-asset/protos/google/cloud/asset/v1/asset_service.proto
@@ -22,6 +22,7 @@ import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/cloud/asset/v1/assets.proto";
 import "google/longrunning/operations.proto";
+import "google/protobuf/duration.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
@@ -41,10 +42,16 @@ service AssetService {
       "https://www.googleapis.com/auth/cloud-platform";
 
   // Exports assets with time and resource types to a given Cloud Storage
-  // location. The output format is newline-delimited JSON.
-  // This API implements the
-  // [google.longrunning.Operation][google.longrunning.Operation] API allowing
-  // you to keep track of the export.
+  // location/BigQuery table. For Cloud Storage location destinations, the
+  // output format is newline-delimited JSON. Each line represents a
+  // [google.cloud.asset.v1.Asset][google.cloud.asset.v1.Asset] in the JSON
+  // format; for BigQuery table destinations, the output table stores the fields
+  // in asset proto as columns. This API implements the
+  // [google.longrunning.Operation][google.longrunning.Operation] API , which
+  // allows you to keep track of the export. We recommend intervals of at least
+  // 2 seconds with exponential retry to poll the export operation result. For
+  // regular-size resource parent, the export operation usually finishes within
+  // 5 minutes.
   rpc ExportAssets(ExportAssetsRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{parent=*/*}:exportAssets"
@@ -57,10 +64,10 @@ service AssetService {
   }
 
   // Batch gets the update history of assets that overlap a time window.
-  // For RESOURCE content, this API outputs history with asset in both
-  // non-delete or deleted status.
   // For IAM_POLICY content, this API outputs history when the asset and its
   // attached IAM POLICY both exist. This can create gaps in the output history.
+  // Otherwise, this API outputs history with asset in both non-delete or
+  // deleted status.
   // If a specified asset does not exist, this API returns an INVALID_ARGUMENT
   // error.
   rpc BatchGetAssetsHistory(BatchGetAssetsHistoryRequest)
@@ -158,7 +165,7 @@ message ExportAssetsRequest {
   // running the same query may get different results.
   google.protobuf.Timestamp read_time = 2;
 
-  // A list of asset types of which to take a snapshot for. For example:
+  // A list of asset types of which to take a snapshot for. Example:
   // "compute.googleapis.com/Disk". If specified, only matching assets will be
   // returned. See [Introduction to Cloud Asset
   // Inventory](https://cloud.google.com/asset-inventory/docs/overview)
@@ -170,7 +177,7 @@ message ExportAssetsRequest {
   ContentType content_type = 4;
 
   // Required. Output configuration indicating where the results will be output
-  // to. All results will be in newline delimited JSON format.
+  // to.
   OutputConfig output_config = 5 [(google.api.field_behavior) = REQUIRED];
 }
 
@@ -184,7 +191,6 @@ message ExportAssetsResponse {
   google.protobuf.Timestamp read_time = 1;
 
   // Output configuration indicating where the results were output to.
-  // All results are in JSON format.
   OutputConfig output_config = 2;
 }
 
@@ -200,13 +206,11 @@ message BatchGetAssetsHistoryRequest {
     }
   ];
 
-  // A list of the full names of the assets. For example:
+  // A list of the full names of the assets.
+  // See: https://cloud.google.com/asset-inventory/docs/resource-name-format
+  // Example:
+  //
   // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
-  // See [Resource
-  // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
-  // and [Resource Name
-  // Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
-  // for more info.
   //
   // The request becomes a no-op if the asset name list is empty, and the max
   // size of the asset name list is 100 in one request.
@@ -310,9 +314,7 @@ message OutputConfig {
     GcsDestination gcs_destination = 1;
 
     // Destination on BigQuery. The output table stores the fields in asset
-    // proto as columns in BigQuery. The resource/iam_policy field is converted
-    // to a record with each field to a column, except metadata to a single JSON
-    // string.
+    // proto as columns in BigQuery.
     BigQueryDestination bigquery_destination = 2;
   }
 }
@@ -322,16 +324,16 @@ message GcsDestination {
   // Required.
   oneof object_uri {
     // The uri of the Cloud Storage object. It's the same uri that is used by
-    // gsutil. For example: "gs://bucket_name/object_name". See [Viewing and
+    // gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
     // Editing Object
     // Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
     // for more information.
     string uri = 1;
 
-    // The uri prefix of all generated Cloud Storage objects. For example:
+    // The uri prefix of all generated Cloud Storage objects. Example:
     // "gs://bucket_name/object_name_prefix". Each object uri is in format:
     // "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only
-    // contains assets for that type. <shard number> starts from 0. For example:
+    // contains assets for that type. <shard number> starts from 0. Example:
     // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is
     // the first shard of output objects containing all
     // compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be
@@ -341,7 +343,7 @@ message GcsDestination {
   }
 }
 
-// A BigQuery destination.
+// A BigQuery destination for exporting assets to.
 message BigQueryDestination {
   // Required. The BigQuery dataset in format
   // "projects/projectId/datasets/datasetId", to which the snapshot result
@@ -364,7 +366,7 @@ message BigQueryDestination {
 // A Pub/Sub destination.
 message PubsubDestination {
   // The name of the Pub/Sub topic to publish to.
-  // For example: `projects/PROJECT_ID/topics/TOPIC_ID`.
+  // Example: `projects/PROJECT_ID/topics/TOPIC_ID`.
   string topic = 1;
 }
 
@@ -402,8 +404,8 @@ message Feed {
 
   // A list of the full names of the assets to receive updates. You must specify
   // either or both of asset_names and asset_types. Only asset updates matching
-  // specified asset_names and asset_types are exported to the feed. For
-  // example:
+  // specified asset_names or asset_types are exported to the feed.
+  // Example:
   // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
   // See [Resource
   // Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
@@ -412,8 +414,8 @@ message Feed {
 
   // A list of types of the assets to receive updates. You must specify either
   // or both of asset_names and asset_types. Only asset updates matching
-  // specified asset_names and asset_types are exported to the feed.
-  // For example: `"compute.googleapis.com/Disk"`
+  // specified asset_names or asset_types are exported to the feed.
+  // Example: `"compute.googleapis.com/Disk"`
   //
   // See [this
   // topic](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
@@ -428,6 +430,16 @@ message Feed {
   // published to.
   FeedOutputConfig feed_output_config = 5
       [(google.api.field_behavior) = REQUIRED];
+
+  // A condition which determines whether an asset update should be published.
+  // If specified, an asset will be returned only when the expression evaluates
+  // to true.
+  // When set, `expression` field in the `Expr` must be a valid [CEL expression]
+  // (https://github.com/google/cel-spec) on a TemporalAsset with name
+  // `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted
+  // == true") will only publish Asset deletions. Other fields in `Expr` are
+  // optional.
+  google.type.Expr condition = 6;
 }
 
 // Search all resources request.

diff --git a/packages/google-cloud-asset/protos/google/cloud/asset/v1/assets.proto b/packages/google-cloud-asset/protos/google/cloud/asset/v1/assets.proto
@@ -26,6 +26,7 @@ import "google/identity/accesscontextmanager/v1/service_perimeter.proto";
 import "google/protobuf/any.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
+import "google/rpc/code.proto";
 
 option cc_enable_arenas = true;
 option csharp_namespace = "Google.Cloud.Asset.V1";
@@ -38,6 +39,24 @@ option php_namespace = "Google\\Cloud\\Asset\\V1";
 // An asset in Google Cloud and its temporal metadata, including the time window
 // when it was observed and its status during that window.
 message TemporalAsset {
+  // State of prior asset.
+  enum PriorAssetState {
+    // prior_asset is not applicable for the current asset.
+    PRIOR_ASSET_STATE_UNSPECIFIED = 0;
+
+    // prior_asset is populated correctly.
+    PRESENT = 1;
+
+    // Failed to set prior_asset.
+    INVALID = 2;
+
+    // Current asset is the first known state.
+    DOES_NOT_EXIST = 3;
+
+    // prior_asset is a deletion.
+    DELETED = 4;
+  }
+
   // The time window when the asset data and state was observed.
   TimeWindow window = 1;
 
@@ -46,6 +65,13 @@ message TemporalAsset {
 
   // An asset in Google Cloud.
   Asset asset = 3;
+
+  // State of prior_asset.
+  PriorAssetState prior_asset_state = 4;
+
+  // Prior copy of the asset. Populated if prior_asset_state is PRESENT.
+  // Currently this is only set for responses in Real-Time Feed.
+  Asset prior_asset = 5;
 }
 
 // A time window specified by its `start_time` and `end_time`.
@@ -62,22 +88,29 @@ message TimeWindow {
 // [resource
 // hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
 // a resource outside the Google Cloud resource hierarchy (such as Google
-// Kubernetes Engine clusters and objects), or a Cloud IAM policy.
+// Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
+// See [Supported asset
+// types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
+// for more information.
 message Asset {
   option (google.api.resource) = {
     type: "cloudasset.googleapis.com/Asset"
     pattern: "*"
   };
 
-  // The full name of the asset. For example:
+  // The last update timestamp of an asset. update_time is updated when
+  // create/update/delete operation is performed.
+  google.protobuf.Timestamp update_time = 11;
+
+  // The full name of the asset. Example:
   // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
   //
   // See [Resource
   // names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
   // for more information.
   string name = 1;
 
-  // The type of the asset. For example: `compute.googleapis.com/Disk`
+  // The type of the asset. Example: `compute.googleapis.com/Disk`
   //
   // See [Supported asset
   // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
@@ -107,10 +140,16 @@ message Asset {
   // A representation of an [access
   // policy](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
   oneof access_context_policy {
+    // Please also refer to the [access policy user
+    // guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
     google.identity.accesscontextmanager.v1.AccessPolicy access_policy = 7;
 
+    // Please also refer to the [access level user
+    // guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
     google.identity.accesscontextmanager.v1.AccessLevel access_level = 8;
 
+    // Please also refer to the [service perimeter user
+    // guide](https://cloud.google.com/vpc-service-controls/docs/overview).
     google.identity.accesscontextmanager.v1.ServicePerimeter service_perimeter =
         9;
   }
@@ -122,32 +161,32 @@ message Asset {
   // is a project, folder, or organization, the ancestry path starts from the
   // asset itself.
   //
-  // For example: `["projects/123456789", "folders/5432", "organizations/1234"]`
+  // Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
   repeated string ancestors = 10;
 }
 
 // A representation of a Google Cloud resource.
 message Resource {
-  // The API version. For example: `v1`
+  // The API version. Example: `v1`
   string version = 1;
 
   // The URL of the discovery document containing the resource's JSON schema.
-  // For example:
+  // Example:
   // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
   //
   // This value is unspecified for resources that do not have an API based on a
   // discovery document, such as Cloud Bigtable.
   string discovery_document_uri = 2;
 
-  // The JSON schema name listed in the discovery document. For example:
+  // The JSON schema name listed in the discovery document. Example:
   // `Project`
   //
   // This value is unspecified for resources that do not have an API based on a
   // discovery document, such as Cloud Bigtable.
   string discovery_name = 3;
 
   // The REST URL for accessing the resource. An HTTP `GET` request using this
-  // URL returns the resource itself. For example:
+  // URL returns the resource itself. Example:
   // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
   //
   // This value is unspecified for resources without a REST API.
@@ -161,7 +200,7 @@ message Resource {
   // For Google Cloud assets, this value is the parent resource defined in the
   // [Cloud IAM policy
   // hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
-  // For example:
+  // Example:
   // `//cloudresourcemanager.googleapis.com/projects/my_project_123`
   //
   // For third-party assets, this field may be set differently.