Reference documentation and code samples for the Google Cloud Asset V1 Client class AssetServiceClient.
Service Description: Asset service definition.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
$assetServiceClient = new AssetServiceClient();
try {
$analysisQuery = new IamPolicyAnalysisQuery();
$response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
} finally {
$assetServiceClient->close();
}
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.
Methods
feedName
Formats a string containing the fully-qualified path to represent a feed resource.
project
string
feed
string
string
folderName
Formats a string containing the fully-qualified path to represent a folder resource.
folder
string
string
folderFeedName
Formats a string containing the fully-qualified path to represent a folder_feed resource.
folder
string
feed
string
string
folderSavedQueryName
Formats a string containing the fully-qualified path to represent a folder_saved_query resource.
folder
string
savedQuery
string
string
organizationName
Formats a string containing the fully-qualified path to represent a organization resource.
organization
string
string
organizationFeedName
Formats a string containing the fully-qualified path to represent a organization_feed resource.
organization
string
feed
string
string
organizationSavedQueryName
Formats a string containing the fully-qualified path to represent a organization_saved_query resource.
organization
string
savedQuery
string
string
projectName
Formats a string containing the fully-qualified path to represent a project resource.
project
string
string
projectFeedName
Formats a string containing the fully-qualified path to represent a project_feed resource.
project
string
feed
string
string
projectSavedQueryName
Formats a string containing the fully-qualified path to represent a project_saved_query resource.
project
string
savedQuery
string
string
savedQueryName
Formats a string containing the fully-qualified path to represent a saved_query resource.
project
string
savedQuery
string
string
parseName
Parses a formatted name string and returns an associative array of the components in the name.
The following name formats are supported: Template: Pattern
- feed: projects/{project}/feeds/{feed}
- folder: folders/{folder}
- folderFeed: folders/{folder}/feeds/{feed}
- folderSavedQuery: folders/{folder}/savedQueries/{saved_query}
- organization: organizations/{organization}
- organizationFeed: organizations/{organization}/feeds/{feed}
- organizationSavedQuery: organizations/{organization}/savedQueries/{saved_query}
- project: projects/{project}
- projectFeed: projects/{project}/feeds/{feed}
- projectSavedQuery: projects/{project}/savedQueries/{saved_query}
- savedQuery: projects/{project}/savedQueries/{saved_query}
The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.
formattedName
string
The formatted name string
template
string
Optional name of template to match
array
getOperationsClient
Return an OperationsClient object with the same endpoint as $this.
resumeOperation
Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.
operationName
string
The name of the long running operation
methodName
string
The name of the method used to start the operation
__construct
Constructor.
options
array
Optional. Options for configuring the service API wrapper.
↳ apiEndpoint
string
The address of the API remote host. May optionally include the port, formatted as "
↳ credentials
string|array|FetchAuthTokenInterface|CredentialsWrapper
The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage : In addition, this option can also accept a pre-constructed {@see} object or {@see} object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.
↳ credentialsConfig
array
Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see {@see} .
↳ disableRetries
bool
Determines whether or not retries defined by the client configuration should be disabled. Defaults to false
.
↳ clientConfig
string|array
Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.
↳ transport
string|TransportInterface
The transport used for executing network requests. May be either the string rest
or grpc
. Defaults to grpc
if gRPC support is detected on the system. Advanced usage
: Additionally, it is possible to pass in an already instantiated {@see} object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.
↳ transportConfig
array
Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the {@see} and {@see} methods for the supported options.
↳ clientCertSource
callable
A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.
analyzeIamPolicy
Analyzes IAM policies to answer which identities have what accesses on which resources.
analysisQuery
optionalArgs
array
Optional.
↳ savedAnalysisQuery
string
Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both analysis_query
and saved_analysis_query
are provided, they will be merged together with the saved_analysis_query
as base and the analysis_query
as overrides. For more details of the merge behavior, please refer to the MergeFrom
page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
↳ executionTimeout
Duration
Optional. Amount of time executable has to complete. See JSON representation of Duration . If this field is set with a value less than the RPC deadline, and the execution of your query hasn't finished in the specified execution timeout, you will get a response with partial result. Otherwise, your query's execution will continue until the RPC deadline. If it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default is empty.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;
/**
* @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM policies within
* the scope will be analyzed.
*
* This can only be an organization number (such as "organizations/123"), a
* folder number (such as "folders/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345").
*
* To know how to get organization id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
*
* To know how to get folder or project id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
*/
function analyze_iam_policy_sample(string $analysisQueryScope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$analysisQuery = (new IamPolicyAnalysisQuery())
->setScope($analysisQueryScope);
// Call the API and handle any network failures.
try {
/** @var AnalyzeIamPolicyResponse $response */
$response = $assetServiceClient->analyzeIamPolicy($analysisQuery);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$analysisQueryScope = '[SCOPE]';
analyze_iam_policy_sample($analysisQueryScope);
}
analyzeIamPolicyLongrunning
Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse . This method implements the google.longrunning.Operation , which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation.
analysisQuery
outputConfig
Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig
Required. Output configuration indicating where the results will be output to.
optionalArgs
array
Optional.
↳ savedAnalysisQuery
string
Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both analysis_query
and saved_analysis_query
are provided, they will be merged together with the saved_analysis_query
as base and the analysis_query
as overrides. For more details of the merge behavior, please refer to the MergeFrom
doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AnalyzeIamPolicyLongrunningResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicyAnalysisOutputConfig;
use Google\Cloud\Asset\V1\IamPolicyAnalysisQuery;
use Google\Rpc\Status;
/**
* @param string $analysisQueryScope The relative name of the root asset. Only resources and IAM policies within
* the scope will be analyzed.
*
* This can only be an organization number (such as "organizations/123"), a
* folder number (such as "folders/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345").
*
* To know how to get organization id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
*
* To know how to get folder or project id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
*/
function analyze_iam_policy_longrunning_sample(string $analysisQueryScope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$analysisQuery = (new IamPolicyAnalysisQuery())
->setScope($analysisQueryScope);
$outputConfig = new IamPolicyAnalysisOutputConfig();
// Call the API and handle any network failures.
try {
/** @var OperationResponse $response */
$response = $assetServiceClient->analyzeIamPolicyLongrunning($analysisQuery, $outputConfig);
$response->pollUntilComplete();
if ($response->operationSucceeded()) {
/** @var AnalyzeIamPolicyLongrunningResponse $result */
$result = $response->getResult();
printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
} else {
/** @var Status $error */
$error = $response->getError();
printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$analysisQueryScope = '[SCOPE]';
analyze_iam_policy_longrunning_sample($analysisQueryScope);
}
analyzeMove
Analyze moving a resource to a specified destination without kicking off the actual move. The analysis is best effort depending on the user's permissions of viewing different hierarchical policies and configurations.
The policies and configuration are subject to change before the actual resource migration takes place.
resource
string
Required. Name of the resource to perform the analysis against. Only GCP Project are supported as of today. Hence, this can only be Project ID (such as "projects/my-project-id") or a Project Number (such as "projects/12345").
destinationParent
string
Required. Name of the GCP Folder or Organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a Folder number (such as "folders/123") or an Organization number (such as "organizations/123").
optionalArgs
array
Optional.
↳ view
int
Analysis view indicating what information should be included in the analysis response. If unspecified, the default view is FULL. For allowed values, use constants defined on {@see}
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AnalyzeMoveResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $resource Name of the resource to perform the analysis against.
* Only GCP Project are supported as of today. Hence, this can only be Project
* ID (such as "projects/my-project-id") or a Project Number (such as
* "projects/12345").
* @param string $destinationParent Name of the GCP Folder or Organization to reparent the target
* resource. The analysis will be performed against hypothetically moving the
* resource to this specified desitination parent. This can only be a Folder
* number (such as "folders/123") or an Organization number (such as
* "organizations/123").
*/
function analyze_move_sample(string $resource, string $destinationParent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var AnalyzeMoveResponse $response */
$response = $assetServiceClient->analyzeMove($resource, $destinationParent);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
$destinationParent = '[DESTINATION_PARENT]';
analyze_move_sample($resource, $destinationParent);
}
batchGetAssetsHistory
Batch gets the update history of assets that overlap a time window.
For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.
parent
string
Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
contentType
int
Optional. The content type. For allowed values, use constants defined on {@see}
readTimeWindow
Google\Cloud\Asset\V1\TimeWindow
Optional. The time window for the asset history. Both start_time and end_time are optional and if set, it must be after the current time minus 35 days. If end_time is not set, it is default to current timestamp. If start_time is not set, the snapshot of the assets at end_time will be returned. The returned results contain all temporal assets whose time window overlap with read_time_window.
optionalArgs
array
Optional.
↳ assetNames
string[]
A list of the full names of the assets. See: https://cloud.google.com/asset-inventory/docs/resource-name-format
Example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1
. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.
↳ relationshipTypes
string[]
Optional. A list of relationship types to output, for example: INSTANCE_TO_INSTANCEGROUP
. This field should only be specified if content_type=RELATIONSHIP. * If specified: it outputs specified relationships' history on the [asset_names]. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_names] or if any of the [asset_names]'s types doesn't belong to the source types of the [relationship_types]. * Otherwise: it outputs the supported relationships' history on the [asset_names] or returns an error if any of the [asset_names]'s types has no relationship support. See Introduction to Cloud Asset Inventory
for all supported asset types and relationship types.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetAssetsHistoryResponse;
use Google\Cloud\Asset\V1\ContentType;
use Google\Cloud\Asset\V1\TimeWindow;
/**
* @param string $parent The relative name of the root asset. It can only be an
* organization number (such as "organizations/123"), a project ID (such as
* "projects/my-project-id")", or a project number (such as "projects/12345").
* @param int $contentType Optional. The content type.
*/
function batch_get_assets_history_sample(string $parent, int $contentType): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$readTimeWindow = new TimeWindow();
// Call the API and handle any network failures.
try {
/** @var BatchGetAssetsHistoryResponse $response */
$response = $assetServiceClient->batchGetAssetsHistory($parent, $contentType, $readTimeWindow);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
$contentType = ContentType::CONTENT_TYPE_UNSPECIFIED;
batch_get_assets_history_sample($parent, $contentType);
}
batchGetEffectiveIamPolicies
Gets effective IAM policies for a batch of resources.
scope
string
Required. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
names
string[]
Required. The names refer to the full_resource_names of searchable asset types . A maximum of 20 resources' effective policies can be retrieved in a batch.
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\BatchGetEffectiveIamPoliciesResponse;
/**
* @param string $scope Only IAM policies on or below the scope will be returned.
*
* This can only be an organization number (such as "organizations/123"), a
* folder number (such as "folders/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345").
*
* To know how to get organization id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
*
* To know how to get folder or project id, visit [here
* ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
* @param string $namesElement The names refer to the [full_resource_names]
* (https://cloud.google.com/asset-inventory/docs/resource-name-format)
* of [searchable asset
* types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
* A maximum of 20 resources' effective policies can be retrieved in a batch.
*/
function batch_get_effective_iam_policies_sample(string $scope, string $namesElement): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$names = [$namesElement,];
// Call the API and handle any network failures.
try {
/** @var BatchGetEffectiveIamPoliciesResponse $response */
$response = $assetServiceClient->batchGetEffectiveIamPolicies($scope, $names);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
$namesElement = '[NAMES]';
batch_get_effective_iam_policies_sample($scope, $namesElement);
}
createFeed
Creates a feed in a parent project/folder/organization to listen to its asset updates.
parent
string
Required. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
feedId
string
Required. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.
feed
Google\Cloud\Asset\V1\Feed
Required. The feed details. The field name
must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;
/**
* @param string $parent The name of the project/folder/organization where this feed
* should be created in. It can only be an organization number (such as
* "organizations/123"), a folder number (such as "folders/123"), a project ID
* (such as "projects/my-project-id")", or a project number (such as
* "projects/12345").
* @param string $feedId This is the client-assigned asset feed identifier and it needs to
* be unique under a specific parent project/folder/organization.
* @param string $feedName The format will be
* projects/{project_number}/feeds/{client-assigned_feed_identifier} or
* folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
* organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
*
* The client-assigned feed identifier must be unique within the parent
* project/folder/organization.
*/
function create_feed_sample(string $parent, string $feedId, string $feedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$feedFeedOutputConfig = new FeedOutputConfig();
$feed = (new Feed())
->setName($feedName)
->setFeedOutputConfig($feedFeedOutputConfig);
// Call the API and handle any network failures.
try {
/** @var Feed $response */
$response = $assetServiceClient->createFeed($parent, $feedId, $feed);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
$feedId = '[FEED_ID]';
$feedName = '[NAME]';
create_feed_sample($parent, $feedId, $feedName);
}
createSavedQuery
Creates a saved query in a parent project/folder/organization.
parent
string
Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
savedQuery
Google\Cloud\Asset\V1\SavedQuery
Required. The saved_query details. The name
field must be empty as it will be generated based on the parent and saved_query_id.
savedQueryId
string
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are /[a-z][0-9]-/. Notice that this field is required in the saved query creation, and the name
field of the saved_query
will be ignored.
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
/**
* @param string $formattedParent The name of the project/folder/organization where this saved_query
* should be created in. It can only be an organization number (such as
* "organizations/123"), a folder number (such as "folders/123"), a project ID
* (such as "projects/my-project-id")", or a project number (such as
* "projects/12345"). Please see
* {@see AssetServiceClient::projectName()} for help formatting this field.
* @param string $savedQueryId The ID to use for the saved query, which must be unique in the specified
* parent. It will become the final component of the saved query's resource
* name.
*
* This value should be 4-63 characters, and valid characters
* are /[a-z][0-9]-/.
*
* Notice that this field is required in the saved query creation, and the
* `name` field of the `saved_query` will be ignored.
*/
function create_saved_query_sample(string $formattedParent, string $savedQueryId): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$savedQuery = new SavedQuery();
// Call the API and handle any network failures.
try {
/** @var SavedQuery $response */
$response = $assetServiceClient->createSavedQuery($formattedParent, $savedQuery, $savedQueryId);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = AssetServiceClient::projectName('[PROJECT]');
$savedQueryId = '[SAVED_QUERY_ID]';
create_saved_query_sample($formattedParent, $savedQueryId);
}
deleteFeed
Deletes an asset feed.
name
string
Required. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $formattedName The name of the feed and it must be in the format of:
* projects/project_number/feeds/feed_id
* folders/folder_number/feeds/feed_id
* organizations/organization_number/feeds/feed_id
* Please see {@see AssetServiceClient::feedName()} for help formatting this field.
*/
function delete_feed_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
$assetServiceClient->deleteFeed($formattedName);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');
delete_feed_sample($formattedName);
}
deleteSavedQuery
Deletes a saved query.
name
string
Required. The name of the saved query to delete. It must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $formattedName The name of the saved query to delete. It must be in the format of:
*
* * projects/project_number/savedQueries/saved_query_id
* * folders/folder_number/savedQueries/saved_query_id
* * organizations/organization_number/savedQueries/saved_query_id
* Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
*/
function delete_saved_query_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
$assetServiceClient->deleteSavedQuery($formattedName);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');
delete_saved_query_sample($formattedName);
}
exportAssets
Exports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset Protobuf as columns. This API implements the google.longrunning.Operation API, which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result.
For regular-size resource parent, the export operation usually finishes within 5 minutes.
parent
string
Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").
outputConfig
Google\Cloud\Asset\V1\OutputConfig
Required. Output configuration indicating where the results will be output to.
optionalArgs
array
Optional.
↳ readTime
Timestamp
Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
↳ assetTypes
string[]
A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expressions are also supported. For example: * "compute.googleapis.com. " snapshots resources whose asset type starts with "compute.googleapis.com". * ". Instance" snapshots resources whose asset type ends with "Instance". * ". Instance. " snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types.
↳ contentType
int
Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on {@see}
↳ relationshipTypes
string[]
A list of relationship types to export, for example: INSTANCE_TO_INSTANCEGROUP
. This field should only be specified if content_type=RELATIONSHIP. * If specified: it snapshots specified relationships. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_types] or if any of the [asset_types] doesn't belong to the source types of the [relationship_types]. * Otherwise: it snapshots the supported relationships for all [asset_types] or returns an error if any of the [asset_types] has no relationship support. An unspecified asset types field means all supported asset_types. See Introduction to Cloud Asset Inventory
for all supported asset types and relationship types.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ExportAssetsResponse;
use Google\Cloud\Asset\V1\OutputConfig;
use Google\Rpc\Status;
/**
* @param string $parent The relative name of the root asset. This can only be an
* organization number (such as "organizations/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345"),
* or a folder number (such as "folders/123").
*/
function export_assets_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$outputConfig = new OutputConfig();
// Call the API and handle any network failures.
try {
/** @var OperationResponse $response */
$response = $assetServiceClient->exportAssets($parent, $outputConfig);
$response->pollUntilComplete();
if ($response->operationSucceeded()) {
/** @var ExportAssetsResponse $result */
$result = $response->getResult();
printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
} else {
/** @var Status $error */
$error = $response->getError();
printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
export_assets_sample($parent);
}
getFeed
Gets details about an asset feed.
name
string
Required. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
/**
* @param string $formattedName The name of the Feed and it must be in the format of:
* projects/project_number/feeds/feed_id
* folders/folder_number/feeds/feed_id
* organizations/organization_number/feeds/feed_id
* Please see {@see AssetServiceClient::feedName()} for help formatting this field.
*/
function get_feed_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var Feed $response */
$response = $assetServiceClient->getFeed($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::feedName('[PROJECT]', '[FEED]');
get_feed_sample($formattedName);
}
getSavedQuery
Gets details about a saved query.
name
string
Required. The name of the saved query and it must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
/**
* @param string $formattedName The name of the saved query and it must be in the format of:
*
* * projects/project_number/savedQueries/saved_query_id
* * folders/folder_number/savedQueries/saved_query_id
* * organizations/organization_number/savedQueries/saved_query_id
* Please see {@see AssetServiceClient::savedQueryName()} for help formatting this field.
*/
function get_saved_query_sample(string $formattedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var SavedQuery $response */
$response = $assetServiceClient->getSavedQuery($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = AssetServiceClient::savedQueryName('[PROJECT]', '[SAVED_QUERY]');
get_saved_query_sample($formattedName);
}
listAssets
Lists assets with time and resource types and returns paged results in response.
parent
string
Required. Name of the organization, folder, or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), "projects/[project-number]" (such as "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
optionalArgs
array
Optional.
↳ readTime
Timestamp
Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
↳ assetTypes
string[]
A list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com. " snapshots resources whose asset type starts with "compute.googleapis.com". * ". Instance" snapshots resources whose asset type ends with "Instance". * ". Instance. " snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See Introduction to Cloud Asset Inventory for all supported asset types.
↳ contentType
int
Asset content type. If not specified, no content but the asset name will be returned. For allowed values, use constants defined on {@see}
↳ pageSize
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
↳ pageToken
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
↳ relationshipTypes
string[]
A list of relationship types to output, for example: INSTANCE_TO_INSTANCEGROUP
. This field should only be specified if content_type=RELATIONSHIP. * If specified: it snapshots specified relationships. It returns an error if any of the [relationship_types] doesn't belong to the supported relationship types of the [asset_types] or if any of the [asset_types] doesn't belong to the source types of the [relationship_types]. * Otherwise: it snapshots the supported relationships for all [asset_types] or returns an error if any of the [asset_types] has no relationship support. An unspecified asset types field means all supported asset_types. See Introduction to Cloud Asset Inventory
for all supported asset types and relationship types.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\Asset;
use Google\Cloud\Asset\V1\AssetServiceClient;
/**
* @param string $parent Name of the organization, folder, or project the assets belong to. Format:
* "organizations/[organization-number]" (such as "organizations/123"),
* "projects/[project-id]" (such as "projects/my-project-id"),
* "projects/[project-number]" (such as "projects/12345"), or
* "folders/[folder-number]" (such as "folders/12345").
*/
function list_assets_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->listAssets($parent);
/** @var Asset $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
list_assets_sample($parent);
}
listFeeds
Lists all asset feeds in a parent project/folder/organization.
parent
string
Required. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ListFeedsResponse;
/**
* @param string $parent The parent project/folder/organization whose feeds are to be
* listed. It can only be using project/folder/organization number (such as
* "folders/12345")", or a project ID (such as "projects/my-project-id").
*/
function list_feeds_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var ListFeedsResponse $response */
$response = $assetServiceClient->listFeeds($parent);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
list_feeds_sample($parent);
}
listSavedQueries
Lists all saved queries in a parent project/folder/organization.
parent
string
Required. The parent project/folder/organization whose savedQueries are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").
optionalArgs
array
Optional.
↳ filter
string
Optional. The expression to filter resources. The expression is a list of zero or more restrictions combined via logical operators AND
and OR
. When AND
and OR
are both used in the expression, parentheses must be appropriately used to group the combinations. The expression may also contain regular expressions. See https://google.aip.dev/160
for more information on the grammar.
↳ pageSize
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
↳ pageToken
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
/**
* @param string $formattedParent The parent project/folder/organization whose savedQueries are to be
* listed. It can only be using project/folder/organization number (such as
* "folders/12345")", or a project ID (such as "projects/my-project-id"). Please see
* {@see AssetServiceClient::projectName()} for help formatting this field.
*/
function list_saved_queries_sample(string $formattedParent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->listSavedQueries($formattedParent);
/** @var SavedQuery $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = AssetServiceClient::projectName('[PROJECT]');
list_saved_queries_sample($formattedParent);
}
queryAssets
Issue a job that queries assets using a SQL statement compatible with BigQuery Standard SQL .
If the query execution finishes within timeout and there's no pagination,
the full query results will be returned in the QueryAssetsResponse
.
Otherwise, full query results can be obtained by issuing extra requests
with the job_reference
from the a previous QueryAssets
call.
Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output , queries return larger results will result in errors.
parent
string
Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123"). Only assets belonging to the parent
will be returned.
optionalArgs
array
Optional.
↳ statement
↳ jobReference
string
Optional. Reference to the query job, which is from the QueryAssetsResponse
of previous QueryAssets
call.
↳ pageSize
int
Optional. The maximum number of rows to return in the results. Responses are limited to 10 MB and 1000 rows. By default, the maximum row count is 1000. When the byte or row count limit is reached, the rest of the query results will be paginated. The field will be ignored when [output_config] is specified.
↳ pageToken
string
Optional. A page token received from previous QueryAssets
. The field will be ignored when [output_config] is specified.
↳ timeout
Duration
Optional. Specifies the maximum amount of time that the client is willing to wait for the query to complete. By default, this limit is 5 min for the first query, and 1 minute for the following queries. If the query is complete, the done
field in the QueryAssetsResponse
is true, otherwise false. Like BigQuery jobs.query API
The call is not guaranteed to wait for the specified timeout; it typically returns after around 200 seconds (200,000 milliseconds), even if the query is not complete. The field will be ignored when [output_config] is specified.
↳ readTimeWindow
TimeWindow
Optional. [start_time] is required. [start_time] must be less than [end_time] Defaults [end_time] to now if [start_time] is set and [end_time] isn't. Maximum permitted time range is 7 days.
↳ readTime
Timestamp
Optional. Queries cloud assets as they appeared at the specified point in time.
↳ outputConfig
QueryAssetsOutputConfig
Optional. Destination where the query results will be saved. When this field is specified, the query results won't be saved in the [QueryAssetsResponse.query_result]. Instead [QueryAssetsResponse.output_config] will be set. Meanwhile, [QueryAssetsResponse.job_reference] will be set and can be used to check the status of the query job when passed to a following [QueryAssets] API call.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\QueryAssetsResponse;
/**
* @param string $parent The relative name of the root asset. This can only be an
* organization number (such as "organizations/123"), a project ID (such as
* "projects/my-project-id"), or a project number (such as "projects/12345"),
* or a folder number (such as "folders/123").
*
* Only assets belonging to the `parent` will be returned.
*/
function query_assets_sample(string $parent): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var QueryAssetsResponse $response */
$response = $assetServiceClient->queryAssets($parent);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$parent = '[PARENT]';
query_assets_sample($parent);
}
searchAllIamPolicies
Searches all IAM policies within the specified scope, such as a project,
folder, or organization. The caller must be granted the cloudasset.assets.searchAllIamPolicies
permission on the desired scope,
otherwise the request will be rejected.
scope
string
Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the scope
. The caller must be granted the cloudasset.assets.searchAllIamPolicies
permission on the desired scope. The allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-bar") * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
optionalArgs
array
Optional.
↳ query
string
Optional. The query statement. See how to construct a query
for more information. If not specified or empty, it will search all the IAM policies within the specified scope
. Note that the query string is compared against each Cloud IAM policy binding, including its principals, roles, and Cloud IAM conditions. The returned Cloud IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation
. Examples: * policy:amy@gmail.com
to find IAM policy bindings that specify user "amy@gmail.com". * policy:roles/compute.admin
to find IAM policy bindings that specify the Compute Admin role. * policy:comp*
to find IAM policy bindings that contain "comp" as a prefix of any word in the binding. * policy.role.permissions:storage.buckets.update
to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have iam.roles.get
access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * policy.role.permissions:upd*
to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have iam.roles.get
access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * resource:organizations/123456
to find IAM policy bindings that are set on "organizations/123456". * resource=//cloudresourcemanager.googleapis.com/projects/myproject
to find IAM policy bindings that are set on the project named "myproject". * Important
to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions). * resource:(instance1 OR instance2) policy:amy
to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy". * roles:roles/compute.admin
to find IAM policy bindings that specify the Compute Admin role. * memberTypes:user
to find IAM policy bindings that contain the principal type "user".
↳ pageSize
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
↳ pageToken
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
↳ assetTypes
string[]
Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the searchable asset types . Regular expressions are also supported. For example: * "compute.googleapis.com. " snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ". Instance" snapshots IAM policies attached to asset type ends with "Instance". * ". Instance. " snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
↳ orderBy
string
Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * resource * assetType * project All the other fields such as repeated fields (e.g., folders
) and non-primitive fields (e.g., policy
) are not supported.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\IamPolicySearchResult;
/**
* @param string $scope A scope can be a project, a folder, or an organization. The search is
* limited to the IAM policies within the `scope`. The caller must be granted
* the
* [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
* permission on the desired scope.
*
* The allowed values are:
*
* * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
* * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
* * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
*/
function search_all_iam_policies_sample(string $scope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->searchAllIamPolicies($scope);
/** @var IamPolicySearchResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
search_all_iam_policies_sample($scope);
}
searchAllResources
Searches all Cloud resources within the specified scope, such as a project,
folder, or organization. The caller must be granted the cloudasset.assets.searchAllResources
permission on the desired scope,
otherwise the request will be rejected.
scope
string
Required. A scope can be a project, a folder, or an organization. The search is limited to the resources within the scope
. The caller must be granted the cloudasset.assets.searchAllResources
permission on the desired scope. The allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-bar") * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
optionalArgs
array
Optional.
↳ query
string
Optional. The query statement. See how to construct a query
for more information. If not specified or empty, it will search all the resources within the specified scope
. Examples: * name:Important
to find Cloud resources whose name contains "Important" as a word. * name=Important
to find the Cloud resource whose name is exactly "Important". * displayName:Impor*
to find Cloud resources whose display name contains "Impor" as a prefix of any word in the field. * location:us-west*
to find Cloud resources whose location contains both "us" and "west" as prefixes. * labels:prod
to find Cloud resources whose labels contain "prod" as a key or value. * labels.env:prod
to find Cloud resources that have a label "env" and its value is "prod". * labels.env:*
to find Cloud resources that have a label "env". * kmsKey:key
to find Cloud resources encrypted with a customer-managed encryption key whose name contains "key" as a word. This field is deprecated. Please use the kmsKeys
field to retrieve KMS key information. * kmsKeys:key
to find Cloud resources encrypted with customer-managed encryption keys whose name contains the word "key". * relationships:instance-group-1
to find Cloud resources that have relationships with "instance-group-1" in the related resource name. * relationships:INSTANCE_TO_INSTANCEGROUP
to find compute instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". * relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1
to find compute instances that have relationships with "instance-group-1" in the compute instance group resource name, for relationship type "INSTANCE_TO_INSTANCEGROUP". * state:ACTIVE
to find Cloud resources whose state contains "ACTIVE" as a word. * NOT state:ACTIVE
to find Cloud resources whose state doesn't contain "ACTIVE" as a word. * createTime<1609459200
to find Cloud resources that were created before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * updateTime>1609459200
to find Cloud resources that were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * Important
to find Cloud resources that contain "Important" as a word in any of the searchable fields. * Impor*
to find Cloud resources that contain "Impor" as a prefix of any word in any of the searchable fields. * Important location:(us-west1 OR global)
to find Cloud resources that contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location.
↳ assetTypes
string[]
Optional. A list of asset types that this request searches for. If empty, it will search all the searchable asset types . Regular expressions are also supported. For example: * "compute.googleapis.com. " snapshots resources whose asset type starts with "compute.googleapis.com". * ". Instance" snapshots resources whose asset type ends with "Instance". * ". Instance. " snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
↳ pageSize
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
↳ pageToken
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
↳ orderBy
string
Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., networkTags
, kmsKeys
), map fields (e.g., labels
) and struct fields (e.g., additionalAttributes
) are not supported.
↳ readMask
FieldMask
Optional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only ' ' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `"
" ,
"name,location" ,
"name,versionedResources" . The read_mask paths must be valid field paths listed but not limited to (both snake_case and camelCase are supported): * name * assetType * project * displayName * description * location * tagKeys * tagValues * tagValueIds * labels * networkTags * kmsKey (This field is deprecated. Please use the
kmsKeys` field to retrieve KMS key information.) * kmsKeys * createTime * updateTime * state * additionalAttributes * versionedResources If read_mask is not specified, all fields except versionedResources will be returned. If only '*' is specified, all fields including versionedResources will be returned. Any invalid field path will trigger INVALID_ARGUMENT error.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\ResourceSearchResult;
/**
* @param string $scope A scope can be a project, a folder, or an organization. The search is
* limited to the resources within the `scope`. The caller must be granted the
* [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
* permission on the desired scope.
*
* The allowed values are:
*
* * projects/{PROJECT_ID} (e.g., "projects/foo-bar")
* * projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
* * folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
* * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
*/
function search_all_resources_sample(string $scope): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $assetServiceClient->searchAllResources($scope);
/** @var ResourceSearchResult $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$scope = '[SCOPE]';
search_all_resources_sample($scope);
}
updateFeed
Updates an asset feed configuration.
feed
Google\Cloud\Asset\V1\Feed
Required. The new values of feed details. It must match an existing feed and the field name
must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.
updateMask
Google\Protobuf\FieldMask
Required. Only updates the feed
fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\Feed;
use Google\Cloud\Asset\V1\FeedOutputConfig;
use Google\Protobuf\FieldMask;
/**
* @param string $feedName The format will be
* projects/{project_number}/feeds/{client-assigned_feed_identifier} or
* folders/{folder_number}/feeds/{client-assigned_feed_identifier} or
* organizations/{organization_number}/feeds/{client-assigned_feed_identifier}
*
* The client-assigned feed identifier must be unique within the parent
* project/folder/organization.
*/
function update_feed_sample(string $feedName): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$feedFeedOutputConfig = new FeedOutputConfig();
$feed = (new Feed())
->setName($feedName)
->setFeedOutputConfig($feedFeedOutputConfig);
$updateMask = new FieldMask();
// Call the API and handle any network failures.
try {
/** @var Feed $response */
$response = $assetServiceClient->updateFeed($feed, $updateMask);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$feedName = '[NAME]';
update_feed_sample($feedName);
}
updateSavedQuery
Updates a saved query.
savedQuery
Google\Cloud\Asset\V1\SavedQuery
Required. The saved query to update. The saved query's name
field is used to identify the one to update, which has format as below: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
updateMask
Google\Protobuf\FieldMask
Required. The list of fields to update.
optionalArgs
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a {@see} object, or an associative array of retry settings parameters. See the documentation on {@see} for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Asset\V1\AssetServiceClient;
use Google\Cloud\Asset\V1\SavedQuery;
use Google\Protobuf\FieldMask;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_saved_query_sample(): void
{
// Create a client.
$assetServiceClient = new AssetServiceClient();
// Prepare any non-scalar elements to be passed along with the request.
$savedQuery = new SavedQuery();
$updateMask = new FieldMask();
// Call the API and handle any network failures.
try {
/** @var SavedQuery $response */
$response = $assetServiceClient->updateSavedQuery($savedQuery, $updateMask);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
Constants
SERVICE_NAME
Value: 'google.cloud.asset.v1.AssetService'
The name of the service.
SERVICE_ADDRESS
Value: 'cloudasset.googleapis.com'
The default address of the service.
DEFAULT_SERVICE_PORT
Value: 443
The default port of the service.
CODEGEN_NAME
Value: 'gapic'
The name of the code generator, to be included in the agent header.
