# Cloud Asset API — Full Reference Manifest
# Auto-generated by reference.py — DO NOT HAND-EDIT
# This file contains EVERY schema and operation from the discovery doc.
# Use it as a reference when extending codegen/manifests/cloudasset.toml
#
# Schemas: 141 total, 12 in manifest
# Operations: 24 total, 2 in manifest
#
# Legend:
# [IN MANIFEST] = already in the curated manifest
# format: byte = needs format = "bytes" override
# RESERVED_WORD = needs rust_name + serde_rename override
# ======================================================================
# SCHEMAS (141 total)
# ======================================================================
# --- AccessSelector (2 fields) ---
# Specifies roles and/or permissions to analyze, to determine both the identities possessing them and
# [[types]]
# schema = "AccessSelector"
# include_fields = ["permissions", "roles"]
#
# permissions: array<string>
# roles: array<string>
# --- AnalyzeIamPolicyLongrunningMetadata (1 fields) ---
# Represents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning RPC.
# [[types]]
# schema = "AnalyzeIamPolicyLongrunningMetadata"
# include_fields = ["createTime"]
#
# createTime: string, format: google-datetime, readOnly
# --- AnalyzeIamPolicyLongrunningRequest (3 fields) ---
# A request message for AssetService.AnalyzeIamPolicyLongrunning.
# [[types]]
# schema = "AnalyzeIamPolicyLongrunningRequest"
# include_fields = ["analysisQuery", "outputConfig", "savedAnalysisQuery"]
#
# analysisQuery: $ref: IamPolicyAnalysisQuery
# outputConfig: $ref: IamPolicyAnalysisOutputConfig
# savedAnalysisQuery: string
# --- AnalyzeIamPolicyLongrunningResponse (0 fields) ---
# A response message for AssetService.AnalyzeIamPolicyLongrunning.
# [[types]]
# schema = "AnalyzeIamPolicyLongrunningResponse"
# --- AnalyzeIamPolicyResponse (3 fields) ---
# A response message for AssetService.AnalyzeIamPolicy.
# [[types]]
# schema = "AnalyzeIamPolicyResponse"
# include_fields = ["fullyExplored", "mainAnalysis", "serviceAccountImpersonationAnalysis"]
#
# fullyExplored: boolean
# mainAnalysis: $ref: IamPolicyAnalysis
# serviceAccountImpersonationAnalysis: array<IamPolicyAnalysis>
# --- AnalyzeMoveResponse (1 fields) ---
# The response message for resource move analysis.
# [[types]]
# schema = "AnalyzeMoveResponse"
# include_fields = ["moveAnalysis"]
#
# moveAnalysis: array<MoveAnalysis>
# --- AnalyzeOrgPoliciesResponse (3 fields) ---
# The response message for AssetService.AnalyzeOrgPolicies.
# [[types]]
# schema = "AnalyzeOrgPoliciesResponse"
# include_fields = ["constraint", "nextPageToken", "orgPolicyResults"]
#
# constraint: $ref: AnalyzerOrgPolicyConstraint
# nextPageToken: string
# orgPolicyResults: array<OrgPolicyResult>
# --- AnalyzeOrgPolicyGovernedAssetsResponse (3 fields) ---
# The response message for AssetService.AnalyzeOrgPolicyGovernedAssets.
# [[types]]
# schema = "AnalyzeOrgPolicyGovernedAssetsResponse"
# include_fields = ["constraint", "governedAssets", "nextPageToken"]
#
# constraint: $ref: AnalyzerOrgPolicyConstraint
# governedAssets: array<GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset>
# nextPageToken: string
# --- AnalyzeOrgPolicyGovernedContainersResponse (3 fields) ---
# The response message for AssetService.AnalyzeOrgPolicyGovernedContainers.
# [[types]]
# schema = "AnalyzeOrgPolicyGovernedContainersResponse"
# include_fields = ["constraint", "governedContainers", "nextPageToken"]
#
# constraint: $ref: AnalyzerOrgPolicyConstraint
# governedContainers: array<GoogleCloudAssetV1GovernedContainer>
# nextPageToken: string
# --- AnalyzerOrgPolicy (5 fields) ---
# This organization policy message is a modified version of the one defined in the Organization Policy
# [[types]]
# schema = "AnalyzerOrgPolicy"
# include_fields = ["appliedResource", "attachedResource", "inheritFromParent", "reset", "rules"]
#
# appliedResource: string
# attachedResource: string
# inheritFromParent: boolean
# reset: boolean
# rules: array<GoogleCloudAssetV1Rule>
# --- AnalyzerOrgPolicyConstraint (2 fields) ---
# The organization policy constraint definition.
# [[types]]
# schema = "AnalyzerOrgPolicyConstraint"
# include_fields = ["customConstraint", "googleDefinedConstraint"]
#
# customConstraint: $ref: GoogleCloudAssetV1CustomConstraint
# googleDefinedConstraint: $ref: GoogleCloudAssetV1Constraint
# --- Asset (14 fields) [IN MANIFEST] ---
# An asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](http
# [[types]]
# schema = "Asset"
# include_fields = ["accessLevel", "accessPolicy", "ancestors", "assetExceptions", "assetType", "iamPolicy", "name", "orgPolicy", "osInventory", "relatedAsset", "relatedAssets", "resource", "servicePerimeter", "updateTime"]
#
# accessLevel: $ref: GoogleIdentityAccesscontextmanagerV1AccessLevel
# accessPolicy: $ref: GoogleIdentityAccesscontextmanagerV1AccessPolicy
# ancestors: array<string>
# assetExceptions: array<AssetException>
# assetType: string
# iamPolicy: $ref: Policy
# name: string
# orgPolicy: array<GoogleCloudOrgpolicyV1Policy>
# osInventory: $ref: Inventory
# relatedAsset: $ref: RelatedAsset
# relatedAssets: $ref: RelatedAssets
# resource: $ref: Resource
# servicePerimeter: $ref: GoogleIdentityAccesscontextmanagerV1ServicePerimeter
# updateTime: string, format: google-datetime
#
# [types.field_overrides]
# name = { required = true }
# --- AssetEnrichment (1 fields) ---
# The enhanced metadata information for a resource.
# [[types]]
# schema = "AssetEnrichment"
# include_fields = ["resourceOwners"]
#
# resourceOwners: $ref: ResourceOwners
# --- AssetException (2 fields) ---
# An exception of an asset.
# [[types]]
# schema = "AssetException"
# include_fields = ["details", "exceptionType"]
#
# details: string
# exceptionType: string, enum: [EXCEPTION_TYPE_UNSPECIFIED, TRUNCATION]
#
# [types.field_overrides]
# # exceptionType = { enum_type = "AssetExceptionExceptionType" }
# --- AttachedResource (2 fields) ---
# Attached resource representation, which is defined by the corresponding service provider. It represe
# [[types]]
# schema = "AttachedResource"
# include_fields = ["assetType", "versionedResources"]
#
# assetType: string
# versionedResources: array<VersionedResource>
# --- AuditConfig (2 fields) [IN MANIFEST] ---
# Specifies the audit configuration for a service. The configuration determines which permission types
# [[types]]
# schema = "AuditConfig"
# include_fields = ["auditLogConfigs", "service"]
#
# auditLogConfigs: array<AuditLogConfig>
# service: string
# --- AuditLogConfig (2 fields) [IN MANIFEST] ---
# Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "l
# [[types]]
# schema = "AuditLogConfig"
# include_fields = ["exemptedMembers", "logType"]
#
# exemptedMembers: array<string>
# logType: string, enum: [LOG_TYPE_UNSPECIFIED, ADMIN_READ, DATA_WRITE, DATA_READ]
#
# [types.field_overrides]
# # logType = { enum_type = "AuditLogConfigLogType" }
# --- BatchGetAssetsHistoryResponse (1 fields) ---
# Batch get assets history response.
# [[types]]
# schema = "BatchGetAssetsHistoryResponse"
# include_fields = ["assets"]
#
# assets: array<TemporalAsset>
# --- BatchGetEffectiveIamPoliciesResponse (1 fields) ---
# A response message for AssetService.BatchGetEffectiveIamPolicies.
# [[types]]
# schema = "BatchGetEffectiveIamPoliciesResponse"
# include_fields = ["policyResults"]
#
# policyResults: array<EffectiveIamPolicy>
# --- BigQueryDestination (5 fields) ---
# A BigQuery destination for exporting assets to.
# [[types]]
# schema = "BigQueryDestination"
# include_fields = ["dataset", "force", "partitionSpec", "separateTablesPerAssetType", "table"]
#
# dataset: string
# force: boolean
# partitionSpec: $ref: PartitionSpec
# separateTablesPerAssetType: boolean
# table: string
# --- Binding (3 fields) [IN MANIFEST] ---
# Associates `members`, or principals, with a `role`.
# [[types]]
# schema = "Binding"
# include_fields = ["condition", "members", "role"]
#
# condition: $ref: Expr
# members: array<string>
# role: string
# --- ConditionContext (1 fields) ---
# The IAM conditions context.
# [[types]]
# schema = "ConditionContext"
# include_fields = ["accessTime"]
#
# accessTime: string, format: google-datetime
# --- ConditionEvaluation (1 fields) ---
# The condition evaluation.
# [[types]]
# schema = "ConditionEvaluation"
# include_fields = ["evaluationValue"]
#
# evaluationValue: string, enum: [EVALUATION_VALUE_UNSPECIFIED, TRUE, FALSE, CONDITIONAL]
#
# [types.field_overrides]
# # evaluationValue = { enum_type = "ConditionEvaluationEvaluationValue" }
# --- CreateFeedRequest (2 fields) ---
# Create asset feed request.
# [[types]]
# schema = "CreateFeedRequest"
# include_fields = ["feed", "feedId"]
#
# feed: $ref: Feed
# feedId: string
# --- Date (3 fields) ---
# Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are e
# [[types]]
# schema = "Date"
# include_fields = ["day", "month", "year"]
#
# day: integer, format: int32
# month: integer, format: int32
# year: integer, format: int32
# --- EffectiveIamPolicy (2 fields) ---
# The effective IAM policies on one resource.
# [[types]]
# schema = "EffectiveIamPolicy"
# include_fields = ["fullResourceName", "policies"]
#
# fullResourceName: string
# policies: array<PolicyInfo>
# --- EffectiveTagDetails (2 fields) ---
# The effective tags and the ancestor resources from which they were inherited.
# [[types]]
# schema = "EffectiveTagDetails"
# include_fields = ["attachedResource", "effectiveTags"]
#
# attachedResource: string
# effectiveTags: array<Tag>
# --- Empty (0 fields) ---
# A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs
# [[types]]
# schema = "Empty"
# --- Explanation (1 fields) ---
# Explanation about the IAM policy search result.
# [[types]]
# schema = "Explanation"
# include_fields = ["matchedPermissions"]
#
# matchedPermissions: map<string, Permissions>
# --- ExportAssetsRequest (5 fields) ---
# Export asset request.
# [[types]]
# schema = "ExportAssetsRequest"
# include_fields = ["assetTypes", "contentType", "outputConfig", "readTime", "relationshipTypes"]
#
# assetTypes: array<string>
# contentType: string, enum: [CONTENT_TYPE_UNSPECIFIED, RESOURCE, IAM_POLICY, ORG_POLICY, ... +3]
# outputConfig: $ref: OutputConfig
# readTime: string, format: google-datetime
# relationshipTypes: array<string>
#
# [types.field_overrides]
# # contentType = { enum_type = "ExportAssetsRequestContentType" }
# --- Expr (4 fields) [IN MANIFEST] ---
# Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expr
# [[types]]
# schema = "Expr"
# include_fields = ["description", "expression", "location", "title"]
#
# description: string
# expression: string
# location: string
# title: string
# --- Feed (7 fields) ---
# An asset feed used to export asset updates to a destinations. An asset feed filter controls what upd
# [[types]]
# schema = "Feed"
# include_fields = ["assetNames", "assetTypes", "condition", "contentType", "feedOutputConfig", "name", "relationshipTypes"]
#
# assetNames: array<string>
# assetTypes: array<string>
# condition: $ref: Expr
# contentType: string, enum: [CONTENT_TYPE_UNSPECIFIED, RESOURCE, IAM_POLICY, ORG_POLICY, ... +3]
# feedOutputConfig: $ref: FeedOutputConfig
# name: string
# relationshipTypes: array<string>
#
# [types.field_overrides]
# name = { required = true }
# # contentType = { enum_type = "FeedContentType" }
# --- FeedOutputConfig (1 fields) ---
# Output configuration for asset feed destination.
# [[types]]
# schema = "FeedOutputConfig"
# include_fields = ["pubsubDestination"]
#
# pubsubDestination: $ref: PubsubDestination
# --- GcsDestination (2 fields) ---
# A Cloud Storage location.
# [[types]]
# schema = "GcsDestination"
# include_fields = ["uri", "uriPrefix"]
#
# uri: string
# uriPrefix: string
# --- GoogleCloudAssetV1Access (3 fields) ---
# An IAM role or permission under analysis.
# [[types]]
# schema = "GoogleCloudAssetV1Access"
# include_fields = ["analysisState", "permission", "role"]
#
# analysisState: $ref: IamPolicyAnalysisState
# permission: string
# role: string
# --- GoogleCloudAssetV1AccessControlList (4 fields) ---
# An access control list, derived from the above IAM policy binding, which contains a set of resources
# [[types]]
# schema = "GoogleCloudAssetV1AccessControlList"
# include_fields = ["accesses", "conditionEvaluation", "resourceEdges", "resources"]
#
# accesses: array<GoogleCloudAssetV1Access>
# conditionEvaluation: $ref: ConditionEvaluation
# resourceEdges: array<GoogleCloudAssetV1Edge>
# resources: array<GoogleCloudAssetV1Resource>
# --- GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset (4 fields) ---
# Represents a Google Cloud asset(resource or IAM policy) governed by the organization policies of the
# [[types]]
# schema = "GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset"
# include_fields = ["consolidatedPolicy", "governedIamPolicy", "governedResource", "policyBundle"]
#
# consolidatedPolicy: $ref: AnalyzerOrgPolicy
# governedIamPolicy: $ref: GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy
# governedResource: $ref: GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource
# policyBundle: array<AnalyzerOrgPolicy>
# --- GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy (6 fields) ---
# The IAM policies governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.
# [[types]]
# schema = "GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy"
# include_fields = ["assetType", "attachedResource", "folders", "organization", "policy", "project"]
#
# assetType: string
# attachedResource: string
# folders: array<string>
# organization: string
# policy: $ref: Policy
# project: string
# --- GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource (7 fields) ---
# The Google Cloud resources governed by the organization policies of the AnalyzeOrgPolicyGovernedAsse
# [[types]]
# schema = "GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource"
# include_fields = ["assetType", "effectiveTags", "folders", "fullResourceName", "organization", "parent", "project"]
#
# assetType: string
# effectiveTags: array<EffectiveTagDetails>
# folders: array<string>
# fullResourceName: string
# organization: string
# parent: string
# project: string
# --- GoogleCloudAssetV1BigQueryDestination (4 fields) ---
# A BigQuery destination.
# [[types]]
# schema = "GoogleCloudAssetV1BigQueryDestination"
# include_fields = ["dataset", "partitionKey", "tablePrefix", "writeDisposition"]
#
# dataset: string
# partitionKey: string, enum: [PARTITION_KEY_UNSPECIFIED, REQUEST_TIME]
# tablePrefix: string
# writeDisposition: string
#
# [types.field_overrides]
# # partitionKey = { enum_type = "GoogleCloudAssetV1BigQueryDestinationPartitionKey" }
# --- GoogleCloudAssetV1BooleanConstraint (0 fields) ---
# A `Constraint` that is either enforced or not. For example a constraint `constraints/compute.disable
# [[types]]
# schema = "GoogleCloudAssetV1BooleanConstraint"
# --- GoogleCloudAssetV1Constraint (6 fields) ---
# The definition of a constraint.
# [[types]]
# schema = "GoogleCloudAssetV1Constraint"
# include_fields = ["booleanConstraint", "constraintDefault", "description", "displayName", "listConstraint", "name"]
#
# booleanConstraint: $ref: GoogleCloudAssetV1BooleanConstraint
# constraintDefault: string, enum: [CONSTRAINT_DEFAULT_UNSPECIFIED, ALLOW, DENY]
# description: string
# displayName: string
# listConstraint: $ref: GoogleCloudAssetV1ListConstraint
# name: string
#
# [types.field_overrides]
# name = { required = true }
# # constraintDefault = { enum_type = "GoogleCloudAssetV1ConstraintConstraintDefault" }
# --- GoogleCloudAssetV1CustomConstraint (7 fields) ---
# The definition of a custom constraint.
# [[types]]
# schema = "GoogleCloudAssetV1CustomConstraint"
# include_fields = ["actionType", "condition", "description", "displayName", "methodTypes", "name", "resourceTypes"]
#
# actionType: string, enum: [ACTION_TYPE_UNSPECIFIED, ALLOW, DENY]
# condition: string
# description: string
# displayName: string
# methodTypes: array<string>
# name: string
# resourceTypes: array<string>
#
# [types.field_overrides]
# name = { required = true }
# # actionType = { enum_type = "GoogleCloudAssetV1CustomConstraintActionType" }
# --- GoogleCloudAssetV1Edge (2 fields) ---
# A directional edge.
# [[types]]
# schema = "GoogleCloudAssetV1Edge"
# include_fields = ["sourceNode", "targetNode"]
#
# sourceNode: string
# targetNode: string
# --- GoogleCloudAssetV1GcsDestination (1 fields) ---
# A Cloud Storage location.
# [[types]]
# schema = "GoogleCloudAssetV1GcsDestination"
# include_fields = ["uri"]
#
# uri: string
# --- GoogleCloudAssetV1GovernedContainer (8 fields) ---
# The organization/folder/project resource governed by organization policies of AnalyzeOrgPolicyGovern
# [[types]]
# schema = "GoogleCloudAssetV1GovernedContainer"
# include_fields = ["consolidatedPolicy", "effectiveTags", "folders", "fullResourceName", "organization", "parent", "policyBundle", "project"]
#
# consolidatedPolicy: $ref: AnalyzerOrgPolicy
# effectiveTags: array<EffectiveTagDetails>
# folders: array<string>
# fullResourceName: string
# organization: string
# parent: string
# policyBundle: array<AnalyzerOrgPolicy>
# project: string
# --- GoogleCloudAssetV1Identity (2 fields) ---
# An identity under analysis.
# [[types]]
# schema = "GoogleCloudAssetV1Identity"
# include_fields = ["analysisState", "name"]
#
# analysisState: $ref: IamPolicyAnalysisState
# name: string
#
# [types.field_overrides]
# name = { required = true }
# --- GoogleCloudAssetV1IdentityList (2 fields) ---
# The identities and group edges.
# [[types]]
# schema = "GoogleCloudAssetV1IdentityList"
# include_fields = ["groupEdges", "identities"]
#
# groupEdges: array<GoogleCloudAssetV1Edge>
# identities: array<GoogleCloudAssetV1Identity>
# --- GoogleCloudAssetV1ListConstraint (2 fields) ---
# A `Constraint` that allows or disallows a list of string values, which are configured by an organiza
# [[types]]
# schema = "GoogleCloudAssetV1ListConstraint"
# include_fields = ["supportsIn", "supportsUnder"]
#
# supportsIn: boolean
# supportsUnder: boolean
# --- GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination (3 fields) ---
# BigQuery destination.
# [[types]]
# schema = "GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination"
# include_fields = ["dataset", "table", "writeDisposition"]
#
# dataset: string
# table: string
# writeDisposition: string
# --- GoogleCloudAssetV1Resource (2 fields) ---
# A Google Cloud resource under analysis.
# [[types]]
# schema = "GoogleCloudAssetV1Resource"
# include_fields = ["analysisState", "fullResourceName"]
#
# analysisState: $ref: IamPolicyAnalysisState
# fullResourceName: string
# --- GoogleCloudAssetV1Rule (6 fields) ---
# This rule message is a customized version of the one defined in the Organization Policy system. In a
# [[types]]
# schema = "GoogleCloudAssetV1Rule"
# include_fields = ["allowAll", "condition", "conditionEvaluation", "denyAll", "enforce", "values"]
#
# allowAll: boolean
# condition: $ref: Expr
# conditionEvaluation: $ref: ConditionEvaluation
# denyAll: boolean
# enforce: boolean
# values: $ref: GoogleCloudAssetV1StringValues
# --- GoogleCloudAssetV1StringValues (2 fields) ---
# The string values for the list constraints.
# [[types]]
# schema = "GoogleCloudAssetV1StringValues"
# include_fields = ["allowedValues", "deniedValues"]
#
# allowedValues: array<string>
# deniedValues: array<string>
# --- GoogleCloudAssetV1p7beta1Asset (11 fields) ---
# An asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](http
# [[types]]
# schema = "GoogleCloudAssetV1p7beta1Asset"
# include_fields = ["accessLevel", "accessPolicy", "ancestors", "assetType", "iamPolicy", "name", "orgPolicy", "relatedAssets", "resource", "servicePerimeter", "updateTime"]
#
# accessLevel: $ref: GoogleIdentityAccesscontextmanagerV1AccessLevel
# accessPolicy: $ref: GoogleIdentityAccesscontextmanagerV1AccessPolicy
# ancestors: array<string>
# assetType: string
# iamPolicy: $ref: Policy
# name: string
# orgPolicy: array<GoogleCloudOrgpolicyV1Policy>
# relatedAssets: $ref: GoogleCloudAssetV1p7beta1RelatedAssets
# resource: $ref: GoogleCloudAssetV1p7beta1Resource
# servicePerimeter: $ref: GoogleIdentityAccesscontextmanagerV1ServicePerimeter
# updateTime: string, format: google-datetime
#
# [types.field_overrides]
# name = { required = true }
# --- GoogleCloudAssetV1p7beta1RelatedAsset (3 fields) ---
# An asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any r
# [[types]]
# schema = "GoogleCloudAssetV1p7beta1RelatedAsset"
# include_fields = ["ancestors", "asset", "assetType"]
#
# ancestors: array<string>
# asset: string
# assetType: string
# --- GoogleCloudAssetV1p7beta1RelatedAssets (2 fields) ---
# The detailed related assets with the `relationship_type`.
# [[types]]
# schema = "GoogleCloudAssetV1p7beta1RelatedAssets"
# include_fields = ["assets", "relationshipAttributes"]
#
# assets: array<GoogleCloudAssetV1p7beta1RelatedAsset>
# relationshipAttributes: $ref: GoogleCloudAssetV1p7beta1RelationshipAttributes
# --- GoogleCloudAssetV1p7beta1RelationshipAttributes (4 fields) ---
# The relationship attributes which include `type`, `source_resource_type`, `target_resource_type` and
# WARNING: reserved words: type
# [[types]]
# schema = "GoogleCloudAssetV1p7beta1RelationshipAttributes"
# include_fields = ["action", "sourceResourceType", "targetResourceType", "type"]
#
# action: string
# sourceResourceType: string
# targetResourceType: string
# type: string, RESERVED_WORD
#
# [types.field_overrides]
# type = { rust_name = "type_value", serde_rename = "type" }
# --- GoogleCloudAssetV1p7beta1Resource (7 fields) ---
# A representation of a Google Cloud resource.
# [[types]]
# schema = "GoogleCloudAssetV1p7beta1Resource"
# include_fields = ["data", "discoveryDocumentUri", "discoveryName", "location", "parent", "resourceUrl", "version"]
#
# data: map<string, any>
# discoveryDocumentUri: string
# discoveryName: string
# location: string
# parent: string
# resourceUrl: string
# version: string
# --- GoogleCloudOrgpolicyV1BooleanPolicy (1 fields) ---
# Used in `policy_type` to specify how `boolean_policy` will behave at this resource.
# [[types]]
# schema = "GoogleCloudOrgpolicyV1BooleanPolicy"
# include_fields = ["enforced"]
#
# enforced: boolean
# --- GoogleCloudOrgpolicyV1ListPolicy (5 fields) ---
# Used in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define
# [[types]]
# schema = "GoogleCloudOrgpolicyV1ListPolicy"
# include_fields = ["allValues", "allowedValues", "deniedValues", "inheritFromParent", "suggestedValue"]
#
# allValues: string, enum: [ALL_VALUES_UNSPECIFIED, ALLOW, DENY]
# allowedValues: array<string>
# deniedValues: array<string>
# inheritFromParent: boolean
# suggestedValue: string
#
# [types.field_overrides]
# # allValues = { enum_type = "GoogleCloudOrgpolicyV1ListPolicyAllValues" }
# --- GoogleCloudOrgpolicyV1Policy (7 fields) ---
# Defines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of C
# WARNING: format:"byte" fields: etag
# [[types]]
# schema = "GoogleCloudOrgpolicyV1Policy"
# include_fields = ["booleanPolicy", "constraint", "etag", "listPolicy", "restoreDefault", "updateTime", "version"]
#
# booleanPolicy: $ref: GoogleCloudOrgpolicyV1BooleanPolicy
# constraint: string
# etag: string, format: byte
# listPolicy: $ref: GoogleCloudOrgpolicyV1ListPolicy
# restoreDefault: $ref: GoogleCloudOrgpolicyV1RestoreDefault
# updateTime: string, format: google-datetime
# version: integer, format: int32
#
# [types.field_overrides]
# etag = { format = "bytes" }
# --- GoogleCloudOrgpolicyV1RestoreDefault (0 fields) ---
# Ignores policies set above this resource and restores the `constraint_default` enforcement behavior
# [[types]]
# schema = "GoogleCloudOrgpolicyV1RestoreDefault"
# --- GoogleIdentityAccesscontextmanagerV1AccessLevel (5 fields) ---
# An `AccessLevel` is a label that can be applied to requests to Google Cloud services, along with a l
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1AccessLevel"
# include_fields = ["basic", "custom", "description", "name", "title"]
#
# basic: $ref: GoogleIdentityAccesscontextmanagerV1BasicLevel
# custom: $ref: GoogleIdentityAccesscontextmanagerV1CustomLevel
# description: string
# name: string
# title: string
#
# [types.field_overrides]
# name = { required = true }
# --- GoogleIdentityAccesscontextmanagerV1AccessPolicy (5 fields) ---
# `AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use Googl
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1AccessPolicy"
# include_fields = ["etag", "name", "parent", "scopes", "title"]
#
# etag: string, readOnly
# name: string
# parent: string
# scopes: array<string>
# title: string
#
# [types.field_overrides]
# name = { required = true }
# --- GoogleIdentityAccesscontextmanagerV1ApiOperation (2 fields) ---
# Identification for an API Operation.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1ApiOperation"
# include_fields = ["methodSelectors", "serviceName"]
#
# methodSelectors: array<GoogleIdentityAccesscontextmanagerV1MethodSelector>
# serviceName: string
# --- GoogleIdentityAccesscontextmanagerV1BasicLevel (2 fields) ---
# `BasicLevel` is an `AccessLevel` using a set of recommended features.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1BasicLevel"
# include_fields = ["combiningFunction", "conditions"]
#
# combiningFunction: string, enum: [AND, OR]
# conditions: array<GoogleIdentityAccesscontextmanagerV1Condition>
#
# [types.field_overrides]
# # combiningFunction = { enum_type = "GoogleIdentityAccesscontextmanagerV1BasicLevelCombiningFunction" }
# --- GoogleIdentityAccesscontextmanagerV1Condition (7 fields) ---
# A condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its fields. S
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1Condition"
# include_fields = ["devicePolicy", "ipSubnetworks", "members", "negate", "regions", "requiredAccessLevels", "vpcNetworkSources"]
#
# devicePolicy: $ref: GoogleIdentityAccesscontextmanagerV1DevicePolicy
# ipSubnetworks: array<string>
# members: array<string>
# negate: boolean
# regions: array<string>
# requiredAccessLevels: array<string>
# vpcNetworkSources: array<GoogleIdentityAccesscontextmanagerV1VpcNetworkSource>
# --- GoogleIdentityAccesscontextmanagerV1CustomLevel (1 fields) ---
# `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language to represent the necess
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1CustomLevel"
# include_fields = ["expr"]
#
# expr: $ref: Expr
# --- GoogleIdentityAccesscontextmanagerV1DevicePolicy (6 fields) ---
# `DevicePolicy` specifies device specific restrictions necessary to acquire a given access level. A `
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1DevicePolicy"
# include_fields = ["allowedDeviceManagementLevels", "allowedEncryptionStatuses", "osConstraints", "requireAdminApproval", "requireCorpOwned", "requireScreenlock"]
#
# allowedDeviceManagementLevels: array<string>
# allowedEncryptionStatuses: array<string>
# osConstraints: array<GoogleIdentityAccesscontextmanagerV1OsConstraint>
# requireAdminApproval: boolean
# requireCorpOwned: boolean
# requireScreenlock: boolean
# --- GoogleIdentityAccesscontextmanagerV1EgressFrom (4 fields) ---
# Defines the conditions under which an EgressPolicy matches a request. Conditions based on informatio
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1EgressFrom"
# include_fields = ["identities", "identityType", "sourceRestriction", "sources"]
#
# identities: array<string>
# identityType: string, enum: [IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT]
# sourceRestriction: string, enum: [SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED]
# sources: array<GoogleIdentityAccesscontextmanagerV1EgressSource>
#
# [types.field_overrides]
# # identityType = { enum_type = "GoogleIdentityAccesscontextmanagerV1EgressFromIdentityType" }
# # sourceRestriction = { enum_type = "GoogleIdentityAccesscontextmanagerV1EgressFromSourceRestriction" }
# --- GoogleIdentityAccesscontextmanagerV1EgressPolicy (3 fields) ---
# Policy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_t
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1EgressPolicy"
# include_fields = ["egressFrom", "egressTo", "title"]
#
# egressFrom: $ref: GoogleIdentityAccesscontextmanagerV1EgressFrom
# egressTo: $ref: GoogleIdentityAccesscontextmanagerV1EgressTo
# title: string
# --- GoogleIdentityAccesscontextmanagerV1EgressSource (2 fields) ---
# The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1EgressSource"
# include_fields = ["accessLevel", "resource"]
#
# accessLevel: string
# resource: string
# --- GoogleIdentityAccesscontextmanagerV1EgressTo (4 fields) ---
# Defines the conditions under which an EgressPolicy matches a request. Conditions are based on inform
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1EgressTo"
# include_fields = ["externalResources", "operations", "resources", "roles"]
#
# externalResources: array<string>
# operations: array<GoogleIdentityAccesscontextmanagerV1ApiOperation>
# resources: array<string>
# roles: array<string>
# --- GoogleIdentityAccesscontextmanagerV1IngressFrom (3 fields) ---
# Defines the conditions under which an IngressPolicy matches a request. Conditions are based on infor
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1IngressFrom"
# include_fields = ["identities", "identityType", "sources"]
#
# identities: array<string>
# identityType: string, enum: [IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT]
# sources: array<GoogleIdentityAccesscontextmanagerV1IngressSource>
#
# [types.field_overrides]
# # identityType = { enum_type = "GoogleIdentityAccesscontextmanagerV1IngressFromIdentityType" }
# --- GoogleIdentityAccesscontextmanagerV1IngressPolicy (3 fields) ---
# Policy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1IngressPolicy"
# include_fields = ["ingressFrom", "ingressTo", "title"]
#
# ingressFrom: $ref: GoogleIdentityAccesscontextmanagerV1IngressFrom
# ingressTo: $ref: GoogleIdentityAccesscontextmanagerV1IngressTo
# title: string
# --- GoogleIdentityAccesscontextmanagerV1IngressSource (2 fields) ---
# The source that IngressPolicy authorizes access from.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1IngressSource"
# include_fields = ["accessLevel", "resource"]
#
# accessLevel: string
# resource: string
# --- GoogleIdentityAccesscontextmanagerV1IngressTo (3 fields) ---
# Defines the conditions under which an IngressPolicy matches a request. Conditions are based on infor
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1IngressTo"
# include_fields = ["operations", "resources", "roles"]
#
# operations: array<GoogleIdentityAccesscontextmanagerV1ApiOperation>
# resources: array<string>
# roles: array<string>
# --- GoogleIdentityAccesscontextmanagerV1MethodSelector (2 fields) ---
# An allowed method or permission of a service specified in ApiOperation.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1MethodSelector"
# include_fields = ["method", "permission"]
#
# method: string
# permission: string
# --- GoogleIdentityAccesscontextmanagerV1OsConstraint (3 fields) ---
# A restriction on the OS type and version of devices making requests.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1OsConstraint"
# include_fields = ["minimumVersion", "osType", "requireVerifiedChromeOs"]
#
# minimumVersion: string
# osType: string, enum: [OS_UNSPECIFIED, DESKTOP_MAC, DESKTOP_WINDOWS, DESKTOP_LINUX, ... +3]
# requireVerifiedChromeOs: boolean
#
# [types.field_overrides]
# # osType = { enum_type = "GoogleIdentityAccesscontextmanagerV1OsConstraintOsType" }
# --- GoogleIdentityAccesscontextmanagerV1ServicePerimeter (8 fields) ---
# `ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1ServicePerimeter"
# include_fields = ["description", "etag", "name", "perimeterType", "spec", "status", "title", "useExplicitDryRunSpec"]
#
# description: string
# etag: string
# name: string
# perimeterType: string, enum: [PERIMETER_TYPE_REGULAR, PERIMETER_TYPE_BRIDGE]
# spec: $ref: GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
# status: $ref: GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
# title: string
# useExplicitDryRunSpec: boolean
#
# [types.field_overrides]
# name = { required = true }
# # perimeterType = { enum_type = "GoogleIdentityAccesscontextmanagerV1ServicePerimeterPerimeterType" }
# --- GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig (6 fields) ---
# `ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Pe
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig"
# include_fields = ["accessLevels", "egressPolicies", "ingressPolicies", "resources", "restrictedServices", "vpcAccessibleServices"]
#
# accessLevels: array<string>
# egressPolicies: array<GoogleIdentityAccesscontextmanagerV1EgressPolicy>
# ingressPolicies: array<GoogleIdentityAccesscontextmanagerV1IngressPolicy>
# resources: array<string>
# restrictedServices: array<string>
# vpcAccessibleServices: $ref: GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
# --- GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices (2 fields) ---
# Specifies how APIs are allowed to communicate within the Service Perimeter.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices"
# include_fields = ["allowedServices", "enableRestriction"]
#
# allowedServices: array<string>
# enableRestriction: boolean
# --- GoogleIdentityAccesscontextmanagerV1VpcNetworkSource (1 fields) ---
# The originating network source in Google Cloud.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1VpcNetworkSource"
# include_fields = ["vpcSubnetwork"]
#
# vpcSubnetwork: $ref: GoogleIdentityAccesscontextmanagerV1VpcSubNetwork
# --- GoogleIdentityAccesscontextmanagerV1VpcSubNetwork (2 fields) ---
# Sub-segment ranges inside of a VPC Network.
# [[types]]
# schema = "GoogleIdentityAccesscontextmanagerV1VpcSubNetwork"
# include_fields = ["network", "vpcIpSubnetworks"]
#
# network: string
# vpcIpSubnetworks: array<string>
# --- IamPolicyAnalysis (4 fields) ---
# An analysis message to group the query and results.
# [[types]]
# schema = "IamPolicyAnalysis"
# include_fields = ["analysisQuery", "analysisResults", "fullyExplored", "nonCriticalErrors"]
#
# analysisQuery: $ref: IamPolicyAnalysisQuery
# analysisResults: array<IamPolicyAnalysisResult>
# fullyExplored: boolean
# nonCriticalErrors: array<IamPolicyAnalysisState>
# --- IamPolicyAnalysisOutputConfig (2 fields) ---
# Output configuration for export IAM policy analysis destination.
# [[types]]
# schema = "IamPolicyAnalysisOutputConfig"
# include_fields = ["bigqueryDestination", "gcsDestination"]
#
# bigqueryDestination: $ref: GoogleCloudAssetV1BigQueryDestination
# gcsDestination: $ref: GoogleCloudAssetV1GcsDestination
# --- IamPolicyAnalysisQuery (6 fields) ---
# IAM policy analysis query message.
# [[types]]
# schema = "IamPolicyAnalysisQuery"
# include_fields = ["accessSelector", "conditionContext", "identitySelector", "options", "resourceSelector", "scope"]
#
# accessSelector: $ref: AccessSelector
# conditionContext: $ref: ConditionContext
# identitySelector: $ref: IdentitySelector
# options: $ref: Options
# resourceSelector: $ref: ResourceSelector
# scope: string
# --- IamPolicyAnalysisResult (5 fields) ---
# IAM Policy analysis result, consisting of one IAM policy binding and derived access control lists.
# [[types]]
# schema = "IamPolicyAnalysisResult"
# include_fields = ["accessControlLists", "attachedResourceFullName", "fullyExplored", "iamBinding", "identityList"]
#
# accessControlLists: array<GoogleCloudAssetV1AccessControlList>
# attachedResourceFullName: string
# fullyExplored: boolean
# iamBinding: $ref: Binding
# identityList: $ref: GoogleCloudAssetV1IdentityList
# --- IamPolicyAnalysisState (2 fields) ---
# Represents the detailed state of an entity under analysis, such as a resource, an identity or an acc
# [[types]]
# schema = "IamPolicyAnalysisState"
# include_fields = ["cause", "code"]
#
# cause: string
# code: string, enum: [OK, CANCELLED, UNKNOWN, INVALID_ARGUMENT, ... +13]
#
# [types.field_overrides]
# # code = { enum_type = "IamPolicyAnalysisStateCode" }
# --- IamPolicySearchResult (7 fields) [IN MANIFEST] ---
# A result of IAM Policy search, containing information of an IAM policy.
# [[types]]
# schema = "IamPolicySearchResult"
# include_fields = ["assetType", "explanation", "folders", "organization", "policy", "project", "resource"]
#
# assetType: string
# explanation: $ref: Explanation
# folders: array<string>
# organization: string
# policy: $ref: Policy
# project: string
# resource: string
# --- IdentitySelector (1 fields) ---
# Specifies an identity for which to determine resource access, based on roles assigned either directl
# [[types]]
# schema = "IdentitySelector"
# include_fields = ["identity"]
#
# identity: string
# --- Inventory (4 fields) ---
# This API resource represents the available inventory data for a Compute Engine virtual machine (VM)
# [[types]]
# schema = "Inventory"
# include_fields = ["items", "name", "osInfo", "updateTime"]
#
# items: map<string, Item>
# name: string, readOnly
# osInfo: $ref: OsInfo
# updateTime: string, format: google-datetime, readOnly
#
# [types.field_overrides]
# name = { required = true }
# --- Item (7 fields) ---
# A single piece of inventory on a VM.
# WARNING: reserved words: type
# [[types]]
# schema = "Item"
# include_fields = ["availablePackage", "createTime", "id", "installedPackage", "originType", "type", "updateTime"]
#
# availablePackage: $ref: SoftwarePackage
# createTime: string, format: google-datetime
# id: string
# installedPackage: $ref: SoftwarePackage
# originType: string, enum: [ORIGIN_TYPE_UNSPECIFIED, INVENTORY_REPORT]
# type: string, enum: [TYPE_UNSPECIFIED, INSTALLED_PACKAGE, AVAILABLE_PACKAGE], RESERVED_WORD
# updateTime: string, format: google-datetime
#
# [types.field_overrides]
# type = { rust_name = "type_value", serde_rename = "type" }
# # originType = { enum_type = "ItemOriginType" }
# # type = { enum_type = "ItemType" }
# --- ListAssetsResponse (3 fields) [IN MANIFEST] ---
# ListAssets response.
# [[types]]
# schema = "ListAssetsResponse"
# include_fields = ["assets", "nextPageToken", "readTime"]
#
# assets: array<Asset>
# nextPageToken: string
# readTime: string, format: google-datetime
# --- ListFeedsResponse (1 fields) ---
# [[types]]
# schema = "ListFeedsResponse"
# include_fields = ["feeds"]
#
# feeds: array<Feed>
# --- ListSavedQueriesResponse (2 fields) ---
# Response of listing saved queries.
# [[types]]
# schema = "ListSavedQueriesResponse"
# include_fields = ["nextPageToken", "savedQueries"]
#
# nextPageToken: string
# savedQueries: array<SavedQuery>
# --- MoveAnalysis (3 fields) ---
# A message to group the analysis information.
# [[types]]
# schema = "MoveAnalysis"
# include_fields = ["analysis", "displayName", "error"]
#
# analysis: $ref: MoveAnalysisResult
# displayName: string
# error: $ref: Status
# --- MoveAnalysisResult (2 fields) ---
# An analysis result including blockers and warnings.
# [[types]]
# schema = "MoveAnalysisResult"
# include_fields = ["blockers", "warnings"]
#
# blockers: array<MoveImpact>
# warnings: array<MoveImpact>
# --- MoveImpact (1 fields) ---
# A message to group impacts of moving the target resource.
# [[types]]
# schema = "MoveImpact"
# include_fields = ["detail"]
#
# detail: string
# --- Operation (5 fields) ---
# This resource represents a long-running operation that is the result of a network API call.
# [[types]]
# schema = "Operation"
# include_fields = ["done", "error", "metadata", "name", "response"]
#
# done: boolean
# error: $ref: Status
# metadata: map<string, any>
# name: string
# response: map<string, any>
#
# [types.field_overrides]
# name = { required = true }
# --- Options (6 fields) ---
# Contains query options.
# [[types]]
# schema = "Options"
# include_fields = ["analyzeServiceAccountImpersonation", "expandGroups", "expandResources", "expandRoles", "outputGroupEdges", "outputResourceEdges"]
#
# analyzeServiceAccountImpersonation: boolean
# expandGroups: boolean
# expandResources: boolean
# expandRoles: boolean
# outputGroupEdges: boolean
# outputResourceEdges: boolean
# --- OrgPolicyResult (5 fields) ---
# The organization policy result to the query.
# [[types]]
# schema = "OrgPolicyResult"
# include_fields = ["consolidatedPolicy", "folders", "organization", "policyBundle", "project"]
#
# consolidatedPolicy: $ref: AnalyzerOrgPolicy
# folders: array<string>
# organization: string
# policyBundle: array<AnalyzerOrgPolicy>
# project: string
# --- OsInfo (8 fields) ---
# Operating system information for the VM.
# [[types]]
# schema = "OsInfo"
# include_fields = ["architecture", "hostname", "kernelRelease", "kernelVersion", "longName", "osconfigAgentVersion", "shortName", "version"]
#
# architecture: string
# hostname: string
# kernelRelease: string
# kernelVersion: string
# longName: string
# osconfigAgentVersion: string
# shortName: string
# version: string
# --- OutputConfig (2 fields) ---
# Output configuration for export assets destination.
# [[types]]
# schema = "OutputConfig"
# include_fields = ["bigqueryDestination", "gcsDestination"]
#
# bigqueryDestination: $ref: BigQueryDestination
# gcsDestination: $ref: GcsDestination
# --- PartitionSpec (1 fields) ---
# Specifications of BigQuery partitioned table as export destination.
# [[types]]
# schema = "PartitionSpec"
# include_fields = ["partitionKey"]
#
# partitionKey: string, enum: [PARTITION_KEY_UNSPECIFIED, READ_TIME, REQUEST_TIME]
#
# [types.field_overrides]
# # partitionKey = { enum_type = "PartitionSpecPartitionKey" }
# --- Permissions (1 fields) ---
# IAM permissions
# [[types]]
# schema = "Permissions"
# include_fields = ["permissions"]
#
# permissions: array<string>
# --- Policy (4 fields) [IN MANIFEST] ---
# An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud res
# WARNING: format:"byte" fields: etag
# [[types]]
# schema = "Policy"
# include_fields = ["auditConfigs", "bindings", "etag", "version"]
#
# auditConfigs: array<AuditConfig>
# bindings: array<Binding>
# etag: string, format: byte
# version: integer, format: int32
#
# [types.field_overrides]
# etag = { format = "bytes" }
# --- PolicyInfo (2 fields) ---
# The IAM policy and its attached resource.
# [[types]]
# schema = "PolicyInfo"
# include_fields = ["attachedResource", "policy"]
#
# attachedResource: string
# policy: $ref: Policy
# --- PubsubDestination (1 fields) ---
# A Pub/Sub destination.
# [[types]]
# schema = "PubsubDestination"
# include_fields = ["topic"]
#
# topic: string
# --- QueryAssetsOutputConfig (1 fields) ---
# Output configuration query assets.
# [[types]]
# schema = "QueryAssetsOutputConfig"
# include_fields = ["bigqueryDestination"]
#
# bigqueryDestination: $ref: GoogleCloudAssetV1QueryAssetsOutputConfigBigQueryDestination
# --- QueryAssetsRequest (8 fields) ---
# QueryAssets request.
# [[types]]
# schema = "QueryAssetsRequest"
# include_fields = ["jobReference", "outputConfig", "pageSize", "pageToken", "readTime", "readTimeWindow", "statement", "timeout"]
#
# jobReference: string
# outputConfig: $ref: QueryAssetsOutputConfig
# pageSize: integer, format: int32
# pageToken: string
# readTime: string, format: google-datetime
# readTimeWindow: $ref: TimeWindow
# statement: string
# timeout: string, format: google-duration
# --- QueryAssetsResponse (5 fields) ---
# QueryAssets response.
# [[types]]
# schema = "QueryAssetsResponse"
# include_fields = ["done", "error", "jobReference", "outputConfig", "queryResult"]
#
# done: boolean
# error: $ref: Status
# jobReference: string
# outputConfig: $ref: QueryAssetsOutputConfig
# queryResult: $ref: QueryResult
# --- QueryContent (1 fields) ---
# The query content.
# [[types]]
# schema = "QueryContent"
# include_fields = ["iamPolicyAnalysisQuery"]
#
# iamPolicyAnalysisQuery: $ref: IamPolicyAnalysisQuery
# --- QueryResult (4 fields) ---
# Execution results of the query. The result is formatted as rows represented by BigQuery compatible [
# [[types]]
# schema = "QueryResult"
# include_fields = ["nextPageToken", "rows", "schema", "totalRows"]
#
# nextPageToken: string
# rows: array<object>
# schema: $ref: TableSchema
# totalRows: string, format: int64
# --- RelatedAsset (4 fields) ---
# An asset identifier in Google Cloud which contains its name, type and ancestors. An asset can be any
# [[types]]
# schema = "RelatedAsset"
# include_fields = ["ancestors", "asset", "assetType", "relationshipType"]
#
# ancestors: array<string>
# asset: string
# assetType: string
# relationshipType: string
# --- RelatedAssets (2 fields) ---
# DEPRECATED. This message only presents for the purpose of backward-compatibility. The server will ne
# [[types]]
# schema = "RelatedAssets"
# include_fields = ["assets", "relationshipAttributes"]
#
# assets: array<RelatedAsset>
# relationshipAttributes: $ref: RelationshipAttributes
# --- RelatedResource (2 fields) ---
# The detailed related resource.
# [[types]]
# schema = "RelatedResource"
# include_fields = ["assetType", "fullResourceName"]
#
# assetType: string
# fullResourceName: string
# --- RelatedResources (1 fields) ---
# The related resources of the primary resource.
# [[types]]
# schema = "RelatedResources"
# include_fields = ["relatedResources"]
#
# relatedResources: array<RelatedResource>
# --- RelationshipAttributes (4 fields) ---
# DEPRECATED. This message only presents for the purpose of backward-compatibility. The server will ne
# WARNING: reserved words: type
# [[types]]
# schema = "RelationshipAttributes"
# include_fields = ["action", "sourceResourceType", "targetResourceType", "type"]
#
# action: string
# sourceResourceType: string
# targetResourceType: string
# type: string, RESERVED_WORD
#
# [types.field_overrides]
# type = { rust_name = "type_value", serde_rename = "type" }
# --- Resource (7 fields) [IN MANIFEST] ---
# A representation of a Google Cloud resource.
# [[types]]
# schema = "Resource"
# include_fields = ["data", "discoveryDocumentUri", "discoveryName", "location", "parent", "resourceUrl", "version"]
#
# data: map<string, any>
# discoveryDocumentUri: string
# discoveryName: string
# location: string
# parent: string
# resourceUrl: string
# version: string
# --- ResourceOwners (1 fields) ---
# The resource owners information.
# [[types]]
# schema = "ResourceOwners"
# include_fields = ["resourceOwners"]
#
# resourceOwners: array<string>
# --- ResourceSearchResult (28 fields) [IN MANIFEST] ---
# A result of Resource Search, containing information of a cloud resource.
# [[types]]
# schema = "ResourceSearchResult"
# include_fields = ["additionalAttributes", "assetType", "attachedResources", "createTime", "description", "displayName", "effectiveTags", "enrichments", "folders", "kmsKey", "kmsKeys", "labels", "location", "name", "networkTags", "organization", "parentAssetType", "parentFullResourceName", "project", "relationships", "sccSecurityMarks", "state", "tagKeys", "tagValueIds", "tagValues", "tags", "updateTime", "versionedResources"]
#
# additionalAttributes: map<string, any>
# assetType: string
# attachedResources: array<AttachedResource>
# createTime: string, format: google-datetime
# description: string
# displayName: string
# effectiveTags: array<EffectiveTagDetails>
# enrichments: array<AssetEnrichment>
# folders: array<string>
# kmsKey: string
# kmsKeys: array<string>
# labels: map<string, string>
# location: string
# name: string
# networkTags: array<string>
# organization: string
# parentAssetType: string
# parentFullResourceName: string
# project: string
# relationships: map<string, RelatedResources>
# sccSecurityMarks: map<string, string>
# state: string
# tagKeys: array<string>
# tagValueIds: array<string>
# tagValues: array<string>
# tags: array<Tag>
# updateTime: string, format: google-datetime
# versionedResources: array<VersionedResource>
#
# [types.field_overrides]
# name = { required = true }
# --- ResourceSelector (1 fields) ---
# Specifies the resource to analyze for access policies, which may be set directly on the resource, or
# [[types]]
# schema = "ResourceSelector"
# include_fields = ["fullResourceName"]
#
# fullResourceName: string
# --- SavedQuery (8 fields) ---
# A saved query which can be shared with others or used later.
# [[types]]
# schema = "SavedQuery"
# include_fields = ["content", "createTime", "creator", "description", "labels", "lastUpdateTime", "lastUpdater", "name"]
#
# content: $ref: QueryContent
# createTime: string, format: google-datetime, readOnly
# creator: string, readOnly
# description: string
# labels: map<string, string>
# lastUpdateTime: string, format: google-datetime, readOnly
# lastUpdater: string, readOnly
# name: string
#
# [types.field_overrides]
# name = { required = true }
# --- SearchAllIamPoliciesResponse (2 fields) [IN MANIFEST] ---
# Search all IAM policies response.
# [[types]]
# schema = "SearchAllIamPoliciesResponse"
# include_fields = ["nextPageToken", "results"]
#
# nextPageToken: string
# results: array<IamPolicySearchResult>
# --- SearchAllResourcesResponse (2 fields) [IN MANIFEST] ---
# Search all resources response.
# [[types]]
# schema = "SearchAllResourcesResponse"
# include_fields = ["nextPageToken", "results"]
#
# nextPageToken: string
# results: array<ResourceSearchResult>
# --- SoftwarePackage (9 fields) ---
# Software package information of the operating system.
# [[types]]
# schema = "SoftwarePackage"
# include_fields = ["aptPackage", "cosPackage", "googetPackage", "qfePackage", "windowsApplication", "wuaPackage", "yumPackage", "zypperPackage", "zypperPatch"]
#
# aptPackage: $ref: VersionedPackage
# cosPackage: $ref: VersionedPackage
# googetPackage: $ref: VersionedPackage
# qfePackage: $ref: WindowsQuickFixEngineeringPackage
# windowsApplication: $ref: WindowsApplication
# wuaPackage: $ref: WindowsUpdatePackage
# yumPackage: $ref: VersionedPackage
# zypperPackage: $ref: VersionedPackage
# zypperPatch: $ref: ZypperPatch
# --- Status (3 fields) ---
# The `Status` type defines a logical error model that is suitable for different programming environme
# [[types]]
# schema = "Status"
# include_fields = ["code", "details", "message"]
#
# code: integer, format: int32
# details: array<object>
# message: string
# --- TableFieldSchema (4 fields) ---
# A field in TableSchema.
# WARNING: reserved words: type
# [[types]]
# schema = "TableFieldSchema"
# include_fields = ["field", "fields", "mode", "type"]
#
# field: string
# fields: array<TableFieldSchema>
# mode: string
# type: string, RESERVED_WORD
#
# [types.field_overrides]
# type = { rust_name = "type_value", serde_rename = "type" }
# --- TableSchema (1 fields) ---
# BigQuery Compatible table schema.
# [[types]]
# schema = "TableSchema"
# include_fields = ["fields"]
#
# fields: array<TableFieldSchema>
# --- Tag (4 fields) ---
# The key and value for a [tag](https://cloud.google.com/resource-manager/docs/tags/tags-overview).
# [[types]]
# schema = "Tag"
# include_fields = ["tagKey", "tagKeyId", "tagValue", "tagValueId"]
#
# tagKey: string
# tagKeyId: string
# tagValue: string
# tagValueId: string
# --- TemporalAsset (5 fields) ---
# An asset in Google Cloud and its temporal metadata, including the time window when it was observed a
# [[types]]
# schema = "TemporalAsset"
# include_fields = ["asset", "deleted", "priorAsset", "priorAssetState", "window"]
#
# asset: $ref: Asset
# deleted: boolean
# priorAsset: $ref: Asset
# priorAssetState: string, enum: [PRIOR_ASSET_STATE_UNSPECIFIED, PRESENT, INVALID, DOES_NOT_EXIST, DELETED]
# window: $ref: TimeWindow
#
# [types.field_overrides]
# # priorAssetState = { enum_type = "TemporalAssetPriorAssetState" }
# --- TimeWindow (2 fields) ---
# A time window specified by its `start_time` and `end_time`.
# [[types]]
# schema = "TimeWindow"
# include_fields = ["endTime", "startTime"]
#
# endTime: string, format: google-datetime
# startTime: string, format: google-datetime
# --- UpdateFeedRequest (2 fields) ---
# Update asset feed request.
# [[types]]
# schema = "UpdateFeedRequest"
# include_fields = ["feed", "updateMask"]
#
# feed: $ref: Feed
# updateMask: string, format: google-fieldmask
# --- VersionedPackage (3 fields) ---
# Information related to the a standard versioned package. This includes package info for APT, Yum, Zy
# [[types]]
# schema = "VersionedPackage"
# include_fields = ["architecture", "packageName", "version"]
#
# architecture: string
# packageName: string
# version: string
# --- VersionedResource (3 fields) ---
# Resource representation as defined by the corresponding service providing the resource for a given A
# [[types]]
# schema = "VersionedResource"
# include_fields = ["assetExceptions", "resource", "version"]
#
# assetExceptions: array<AssetException>
# resource: map<string, any>
# version: string
# --- WindowsApplication (5 fields) ---
# Contains information about a Windows application that is retrieved from the Windows Registry. For mo
# [[types]]
# schema = "WindowsApplication"
# include_fields = ["displayName", "displayVersion", "helpLink", "installDate", "publisher"]
#
# displayName: string
# displayVersion: string
# helpLink: string
# installDate: $ref: Date
# publisher: string
# --- WindowsQuickFixEngineeringPackage (4 fields) ---
# Information related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngine
# [[types]]
# schema = "WindowsQuickFixEngineeringPackage"
# include_fields = ["caption", "description", "hotFixId", "installTime"]
#
# caption: string
# description: string
# hotFixId: string
# installTime: string, format: google-datetime
# --- WindowsUpdateCategory (2 fields) ---
# Categories specified by the Windows Update.
# [[types]]
# schema = "WindowsUpdateCategory"
# include_fields = ["id", "name"]
#
# id: string
# name: string
#
# [types.field_overrides]
# name = { required = true }
# --- WindowsUpdatePackage (9 fields) ---
# Details related to a Windows Update package. Field data and names are taken from Windows Update API
# [[types]]
# schema = "WindowsUpdatePackage"
# include_fields = ["categories", "description", "kbArticleIds", "lastDeploymentChangeTime", "moreInfoUrls", "revisionNumber", "supportUrl", "title", "updateId"]
#
# categories: array<WindowsUpdateCategory>
# description: string
# kbArticleIds: array<string>
# lastDeploymentChangeTime: string, format: google-datetime
# moreInfoUrls: array<string>
# revisionNumber: integer, format: int32
# supportUrl: string
# title: string
# updateId: string
# --- ZypperPatch (4 fields) ---
# Details related to a Zypper Patch.
# [[types]]
# schema = "ZypperPatch"
# include_fields = ["category", "patchName", "severity", "summary"]
#
# category: string
# patchName: string
# severity: string
# summary: string
# ======================================================================
# OPERATIONS (24 total)
# ======================================================================
# --- feeds.patch ---
# PATCH v1/{+name}
# Updates an asset feed configuration.
# Request: UpdateFeedRequest
# Response: Feed
# [[operations]]
# discovery_resource = "feeds"
# discovery_method = "patch"
# rust_name = "update_feed"
# --- feeds.create ---
# POST v1/{+parent}/feeds
# Creates a feed in a parent project/folder/organization to listen to its asset updates.
# Request: CreateFeedRequest
# Response: Feed
# [[operations]]
# discovery_resource = "feeds"
# discovery_method = "create"
# rust_name = "create_feed"
# --- feeds.delete ---
# DELETE v1/{+name}
# Deletes an asset feed.
# Response: Empty
# [[operations]]
# discovery_resource = "feeds"
# discovery_method = "delete"
# rust_name = "delete_feed"
# --- feeds.get ---
# GET v1/{+name}
# Gets details about an asset feed.
# Response: Feed
# [[operations]]
# discovery_resource = "feeds"
# discovery_method = "get"
# rust_name = "get_feed"
# --- feeds.list ---
# GET v1/{+parent}/feeds
# Lists all asset feeds in a parent project/folder/organization.
# Response: ListFeedsResponse
# [[operations]]
# discovery_resource = "feeds"
# discovery_method = "list"
# rust_name = "list_feeds"
# --- assets.list ---
# GET v1/{+parent}/assets
# Lists assets with time and resource types and returns paged results in response.
# Response: ListAssetsResponse
# Query params: assetTypes (repeated), contentType, pageSize, pageToken, readTime, relationshipTypes (repeated)
# [[operations]]
# discovery_resource = "assets"
# discovery_method = "list"
# rust_name = "list_assets"
# list_response = { type_name = "ListAssetsResponse", items_field = "assets", item_type = "Asset" }
# query_params = ["assetTypes", "contentType", "pageSize", "pageToken", "readTime", "relationshipTypes"]
# --- v1.analyzeIamPolicy ---
# GET v1/{+scope}:analyzeIamPolicy
# Analyzes IAM policies to answer which identities have what accesses on which resources.
# Response: AnalyzeIamPolicyResponse
# Query params: analysisQuery.accessSelector.permissions (repeated), analysisQuery.accessSelector.roles (repeated), analysisQuery.conditionContext.accessTime, analysisQuery.identitySelector.identity, analysisQuery.options.analyzeServiceAccountImpersonation, analysisQuery.options.expandGroups, analysisQuery.options.expandResources, analysisQuery.options.expandRoles, analysisQuery.options.outputGroupEdges, analysisQuery.options.outputResourceEdges, analysisQuery.resourceSelector.fullResourceName, executionTimeout, savedAnalysisQuery
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "analyzeIamPolicy"
# rust_name = "analyzeIamPolicy_v1"
# query_params = ["analysisQuery.accessSelector.permissions", "analysisQuery.accessSelector.roles", "analysisQuery.conditionContext.accessTime", "analysisQuery.identitySelector.identity", "analysisQuery.options.analyzeServiceAccountImpersonation", "analysisQuery.options.expandGroups", "analysisQuery.options.expandResources", "analysisQuery.options.expandRoles", "analysisQuery.options.outputGroupEdges", "analysisQuery.options.outputResourceEdges", "analysisQuery.resourceSelector.fullResourceName", "executionTimeout", "savedAnalysisQuery"]
# --- v1.analyzeMove ---
# GET v1/{+resource}:analyzeMove
# Analyze moving a resource to a specified destination without kicking off the actual move. The analys
# Response: AnalyzeMoveResponse
# Query params: destinationParent, view
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "analyzeMove"
# rust_name = "analyzeMove_v1"
# query_params = ["destinationParent", "view"]
# --- v1.searchAllResources [IN MANIFEST] ---
# GET v1/{+scope}:searchAllResources
# Searches all Google Cloud resources within the specified scope, such as a project, folder, or organi
# Response: SearchAllResourcesResponse
# Query params: assetTypes (repeated), orderBy, pageSize, pageToken, query, readMask
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "searchAllResources"
# rust_name = "searchAllResources_v1"
# list_response = { type_name = "SearchAllResourcesResponse", items_field = "results", item_type = "ResourceSearchResult" }
# query_params = ["assetTypes", "orderBy", "pageSize", "pageToken", "query", "readMask"]
# --- v1.searchAllIamPolicies [IN MANIFEST] ---
# GET v1/{+scope}:searchAllIamPolicies
# Searches all IAM policies within the specified scope, such as a project, folder, or organization. Th
# Response: SearchAllIamPoliciesResponse
# Query params: assetTypes (repeated), orderBy, pageSize, pageToken, query
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "searchAllIamPolicies"
# rust_name = "searchAllIamPolicies_v1"
# list_response = { type_name = "SearchAllIamPoliciesResponse", items_field = "results", item_type = "IamPolicySearchResult" }
# query_params = ["assetTypes", "orderBy", "pageSize", "pageToken", "query"]
# --- v1.analyzeOrgPolicyGovernedAssets ---
# GET v1/{+scope}:analyzeOrgPolicyGovernedAssets
# Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. T
# Response: AnalyzeOrgPolicyGovernedAssetsResponse
# Query params: constraint, filter, pageSize, pageToken
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "analyzeOrgPolicyGovernedAssets"
# rust_name = "analyzeOrgPolicyGovernedAssets_v1"
# list_response = { type_name = "AnalyzeOrgPolicyGovernedAssetsResponse", items_field = "governedAssets", item_type = "GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset" }
# query_params = ["constraint", "filter", "pageSize", "pageToken"]
# --- v1.batchGetAssetsHistory ---
# GET v1/{+parent}:batchGetAssetsHistory
# Batch gets the update history of assets that overlap a time window. For IAM_POLICY content, this API
# Response: BatchGetAssetsHistoryResponse
# Query params: assetNames (repeated), contentType, readTimeWindow.endTime, readTimeWindow.startTime, relationshipTypes (repeated)
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "batchGetAssetsHistory"
# rust_name = "batchGetAssetsHistory_v1"
# query_params = ["assetNames", "contentType", "readTimeWindow.endTime", "readTimeWindow.startTime", "relationshipTypes"]
# --- v1.queryAssets ---
# POST v1/{+parent}:queryAssets
# Issue a job that queries assets using a SQL statement compatible with [BigQuery SQL](https://cloud.g
# Request: QueryAssetsRequest
# Response: QueryAssetsResponse
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "queryAssets"
# rust_name = "queryAssets_v1"
# --- v1.exportAssets ---
# POST v1/{+parent}:exportAssets
# Exports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cl
# Request: ExportAssetsRequest
# Response: Operation
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "exportAssets"
# rust_name = "exportAssets_v1"
# is_lro = true
# --- v1.analyzeOrgPolicyGovernedContainers ---
# GET v1/{+scope}:analyzeOrgPolicyGovernedContainers
# Analyzes organization policies governed containers (projects, folders or organization) under a scope
# Response: AnalyzeOrgPolicyGovernedContainersResponse
# Query params: constraint, filter, pageSize, pageToken
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "analyzeOrgPolicyGovernedContainers"
# rust_name = "analyzeOrgPolicyGovernedContainers_v1"
# list_response = { type_name = "AnalyzeOrgPolicyGovernedContainersResponse", items_field = "governedContainers", item_type = "GoogleCloudAssetV1GovernedContainer" }
# query_params = ["constraint", "filter", "pageSize", "pageToken"]
# --- v1.analyzeOrgPolicies ---
# GET v1/{+scope}:analyzeOrgPolicies
# Analyzes organization policies under a scope.
# Response: AnalyzeOrgPoliciesResponse
# Query params: constraint, filter, pageSize, pageToken
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "analyzeOrgPolicies"
# rust_name = "analyzeOrgPolicies_v1"
# list_response = { type_name = "AnalyzeOrgPoliciesResponse", items_field = "orgPolicyResults", item_type = "OrgPolicyResult" }
# query_params = ["constraint", "filter", "pageSize", "pageToken"]
# --- v1.analyzeIamPolicyLongrunning ---
# POST v1/{+scope}:analyzeIamPolicyLongrunning
# Analyzes IAM policies asynchronously to answer which identities have what accesses on which resource
# Request: AnalyzeIamPolicyLongrunningRequest
# Response: Operation
# [[operations]]
# discovery_resource = "v1"
# discovery_method = "analyzeIamPolicyLongrunning"
# rust_name = "analyzeIamPolicyLongrunning_v1"
# is_lro = true
# --- operations.get ---
# GET v1/{+name}
# Gets the latest state of a long-running operation. Clients can use this method to poll the operation
# Response: Operation
# [[operations]]
# discovery_resource = "operations"
# discovery_method = "get"
# rust_name = "get_operation"
# is_lro = true
# --- effectiveIamPolicies.batchGet ---
# GET v1/{+scope}/effectiveIamPolicies:batchGet
# Gets effective IAM policies for a batch of resources.
# Response: BatchGetEffectiveIamPoliciesResponse
# Query params: names (repeated)
# [[operations]]
# discovery_resource = "effectiveIamPolicies"
# discovery_method = "batchGet"
# rust_name = "batchGet_effective_iam_policie"
# query_params = ["names"]
# --- savedQueries.delete ---
# DELETE v1/{+name}
# Deletes a saved query.
# Response: Empty
# [[operations]]
# discovery_resource = "savedQueries"
# discovery_method = "delete"
# rust_name = "delete_saved_querie"
# --- savedQueries.patch ---
# PATCH v1/{+name}
# Updates a saved query.
# Request: SavedQuery
# Response: SavedQuery
# Query params: updateMask
# [[operations]]
# discovery_resource = "savedQueries"
# discovery_method = "patch"
# rust_name = "update_saved_querie"
# query_params = ["updateMask"]
# --- savedQueries.get ---
# GET v1/{+name}
# Gets details about a saved query.
# Response: SavedQuery
# [[operations]]
# discovery_resource = "savedQueries"
# discovery_method = "get"
# rust_name = "get_saved_querie"
# --- savedQueries.list ---
# GET v1/{+parent}/savedQueries
# Lists all saved queries in a parent project/folder/organization.
# Response: ListSavedQueriesResponse
# Query params: filter, pageSize, pageToken
# [[operations]]
# discovery_resource = "savedQueries"
# discovery_method = "list"
# rust_name = "list_saved_queries"
# list_response = { type_name = "ListSavedQueriesResponse", items_field = "savedQueries", item_type = "SavedQuery" }
# query_params = ["filter", "pageSize", "pageToken"]
# --- savedQueries.create ---
# POST v1/{+parent}/savedQueries
# Creates a saved query in a parent project/folder/organization.
# Request: SavedQuery
# Response: SavedQuery
# Query params: savedQueryId
# [[operations]]
# discovery_resource = "savedQueries"
# discovery_method = "create"
# rust_name = "create_saved_querie"
# query_params = ["savedQueryId"]
# ======================================================================
# COVERAGE SUMMARY
# ======================================================================
# Schemas in discovery: 141
# Schemas in manifest: 12
# Coverage: 12/141 (8%)
#
# Operations in discovery: 24
# Operations in manifest: 2
# Coverage: 2/24 (8%)
#
# format:"byte" fields in manifest types: 1
# Unhandled (missing format="bytes"): 1