google-api-ruby-client/generated/google/apis/cloudasset_v1p4beta1/service.rb

# Copyright 2015 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

require 'google/apis/core/base_service'
require 'google/apis/core/json_representation'
require 'google/apis/core/hashable'
require 'google/apis/errors'

module Google
  module Apis
    module CloudassetV1p4beta1
      # Cloud Asset API
      #
      # The cloud asset API manages the history and inventory of cloud resources.
      #
      # @example
      #    require 'google/apis/cloudasset_v1p4beta1'
      #
      #    Cloudasset = Google::Apis::CloudassetV1p4beta1 # Alias the module
      #    service = Cloudasset::CloudAssetService.new
      #
      # @see https://cloud.google.com/asset-inventory/docs/quickstart
      class CloudAssetService < Google::Apis::Core::BaseService
        # @return [String]
        #  API key. Your API key identifies your project and provides you with API access,
        #  quota, and reports. Required unless you provide an OAuth 2.0 token.
        attr_accessor :key

        # @return [String]
        #  Available to use for quota purposes for server-side applications. Can be any
        #  arbitrary string assigned to a user, but should not exceed 40 characters.
        attr_accessor :quota_user

        def initialize
          super('https://cloudasset.googleapis.com/', '')
          @batch_path = 'batch'
        end
        
        # Analyzes IAM policies based on the specified request. Returns
        # a list of IamPolicyAnalysisResult matching the request.
        # @param [String] parent
        #   Required. The relative name of the root asset. Only resources and IAM policies
        #   within
        #   the parent will be analyzed. This can only be an organization number (such
        #   as "organizations/123") or a folder number (such as "folders/123").
        # @param [Array<String>, String] analysis_query_access_selector_permissions
        #   Optional. The permissions to appear in result.
        # @param [Array<String>, String] analysis_query_access_selector_roles
        #   Optional. The roles to appear in result.
        # @param [String] analysis_query_identity_selector_identity
        #   Required. The identity appear in the form of members in
        #   [IAM policy
        #   binding](https://cloud.google.com/iam/reference/rest/v1/Binding).
        # @param [String] analysis_query_resource_selector_full_resource_name
        #   Required. The [full resource
        #   name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
        #   .
        # @param [Boolean] options_analyze_service_account_impersonation
        #   Optional. If true, the response will include access analysis from identities
        #   to
        #   resources via service account impersonation. This is a very expensive
        #   operation, because many derived queries will be executed. We highly
        #   recommend you use ExportIamPolicyAnalysis rpc instead.
        #   For example, if the request analyzes for which resources user A has
        #   permission P, and there's an IAM policy states user A has
        #   iam.serviceAccounts.getAccessToken permission to a service account SA,
        #   and there's another IAM policy states service account SA has permission P
        #   to a GCP folder F, then user A potentially has access to the GCP folder
        #   F. And those advanced analysis results will be included in
        #   AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
        #   Another example, if the request analyzes for who has
        #   permission P to a GCP folder F, and there's an IAM policy states user A
        #   has iam.serviceAccounts.actAs permission to a service account SA, and
        #   there's another IAM policy states service account SA has permission P to
        #   the GCP folder F, then user A potentially has access to the GCP folder
        #   F. And those advanced analysis results will be included in
        #   AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
        #   Default is false.
        # @param [String] options_execution_timeout
        #   Optional. Amount of time executable has to complete.  See JSON representation
        #   of
        #   [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
        #   If this field is set with a value less than the RPC deadline, and the
        #   execution of your query hasn't finished in the specified
        #   execution timeout,  you will get a response with partial result.
        #   Otherwise, your query's execution will continue until the RPC deadline.
        #   If it's not finished until then, you will get a  DEADLINE_EXCEEDED error.
        #   Default is empty.
        # @param [Boolean] options_expand_groups
        #   Optional. If true, the identities section of the result will expand any
        #   Google groups appearing in an IAM policy binding.
        #   If identity_selector is specified, the identity in the result will
        #   be determined by the selector, and this flag will have no effect.
        #   Default is false.
        # @param [Boolean] options_expand_resources
        #   Optional. If true, the resource section of the result will expand any
        #   resource attached to an IAM policy to include resources lower in the
        #   resource hierarchy.
        #   For example, if the request analyzes for which resources user A has
        #   permission P, and the results include an IAM policy with P on a GCP
        #   folder, the results will also include resources in that folder with
        #   permission P.
        #   If resource_selector is specified, the resource section of the result
        #   will be determined by the selector, and this flag will have no effect.
        #   Default is false.
        # @param [Boolean] options_expand_roles
        #   Optional. If true, the access section of result will expand any roles
        #   appearing in IAM policy bindings to include their permissions.
        #   If access_selector is specified, the access section of the result
        #   will be determined by the selector, and this flag will have no effect.
        #   Default is false.
        # @param [Boolean] options_output_group_edges
        #   Optional. If true, the result will output group identity edges, starting
        #   from the binding's group members, to any expanded identities.
        #   Default is false.
        # @param [Boolean] options_output_resource_edges
        #   Optional. If true, the result will output resource edges, starting
        #   from the policy attached resource, to any expanded resources.
        #   Default is false.
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
        # @param [String] quota_user
        #   Available to use for quota purposes for server-side applications. Can be any
        #   arbitrary string assigned to a user, but should not exceed 40 characters.
        # @param [Google::Apis::RequestOptions] options
        #   Request-specific options
        #
        # @yield [result, err] Result & error if block supplied
        # @yieldparam result [Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse] parsed result object
        # @yieldparam err [StandardError] error object if request failed
        #
        # @return [Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse]
        #
        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
        # @raise [Google::Apis::AuthorizationError] Authorization is required
        def analyze_iam_policy(parent, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_identity_selector_identity: nil, analysis_query_resource_selector_full_resource_name: nil, options_analyze_service_account_impersonation: nil, options_execution_timeout: nil, options_expand_groups: nil, options_expand_resources: nil, options_expand_roles: nil, options_output_group_edges: nil, options_output_resource_edges: nil, fields: nil, quota_user: nil, options: nil, &block)
          command = make_simple_command(:get, 'v1p4beta1/{+parent}:analyzeIamPolicy', options)
          command.response_representation = Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse::Representation
          command.response_class = Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse
          command.params['parent'] = parent unless parent.nil?
          command.query['analysisQuery.accessSelector.permissions'] = analysis_query_access_selector_permissions unless analysis_query_access_selector_permissions.nil?
          command.query['analysisQuery.accessSelector.roles'] = analysis_query_access_selector_roles unless analysis_query_access_selector_roles.nil?
          command.query['analysisQuery.identitySelector.identity'] = analysis_query_identity_selector_identity unless analysis_query_identity_selector_identity.nil?
          command.query['analysisQuery.resourceSelector.fullResourceName'] = analysis_query_resource_selector_full_resource_name unless analysis_query_resource_selector_full_resource_name.nil?
          command.query['options.analyzeServiceAccountImpersonation'] = options_analyze_service_account_impersonation unless options_analyze_service_account_impersonation.nil?
          command.query['options.executionTimeout'] = options_execution_timeout unless options_execution_timeout.nil?
          command.query['options.expandGroups'] = options_expand_groups unless options_expand_groups.nil?
          command.query['options.expandResources'] = options_expand_resources unless options_expand_resources.nil?
          command.query['options.expandRoles'] = options_expand_roles unless options_expand_roles.nil?
          command.query['options.outputGroupEdges'] = options_output_group_edges unless options_output_group_edges.nil?
          command.query['options.outputResourceEdges'] = options_output_resource_edges unless options_output_resource_edges.nil?
          command.query['fields'] = fields unless fields.nil?
          command.query['quotaUser'] = quota_user unless quota_user.nil?
          execute_or_queue_command(command, &block)
        end
        
        # Exports IAM policy analysis based on the specified request. This API
        # implements the google.longrunning.Operation API allowing you to keep
        # track of the export. The metadata contains the request to help callers to
        # map responses to requests.
        # @param [String] parent
        #   Required. The relative name of the root asset. Only resources and IAM policies
        #   within
        #   the parent will be analyzed. This can only be an organization number (such
        #   as "organizations/123") or a folder number (such as "folders/123").
        # @param [Google::Apis::CloudassetV1p4beta1::ExportIamPolicyAnalysisRequest] export_iam_policy_analysis_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
        # @param [String] quota_user
        #   Available to use for quota purposes for server-side applications. Can be any
        #   arbitrary string assigned to a user, but should not exceed 40 characters.
        # @param [Google::Apis::RequestOptions] options
        #   Request-specific options
        #
        # @yield [result, err] Result & error if block supplied
        # @yieldparam result [Google::Apis::CloudassetV1p4beta1::Operation] parsed result object
        # @yieldparam err [StandardError] error object if request failed
        #
        # @return [Google::Apis::CloudassetV1p4beta1::Operation]
        #
        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
        # @raise [Google::Apis::AuthorizationError] Authorization is required
        def export_iam_policy_analysis(parent, export_iam_policy_analysis_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
          command = make_simple_command(:post, 'v1p4beta1/{+parent}:exportIamPolicyAnalysis', options)
          command.request_representation = Google::Apis::CloudassetV1p4beta1::ExportIamPolicyAnalysisRequest::Representation
          command.request_object = export_iam_policy_analysis_request_object
          command.response_representation = Google::Apis::CloudassetV1p4beta1::Operation::Representation
          command.response_class = Google::Apis::CloudassetV1p4beta1::Operation
          command.params['parent'] = parent unless parent.nil?
          command.query['fields'] = fields unless fields.nil?
          command.query['quotaUser'] = quota_user unless quota_user.nil?
          execute_or_queue_command(command, &block)
        end

        protected

        def apply_command_defaults(command)
          command.query['key'] = key unless key.nil?
          command.query['quotaUser'] = quota_user unless quota_user.nil?
        end
      end
    end
  end
end