搜索资源

您可以在项目、文件夹或组织中搜索资源,并使用查询过滤返回的结果。

准备工作

  1. 在您运行 Cloud Asset Inventory 命令的项目中启用 Cloud Asset Inventory API。

    启用 Cloud Asset Inventory API

  2. 确保您的账号拥有调用 Cloud Asset Inventory API 的正确角色。如需了解每种通话类型的各项权限,请参阅权限

构建查询

在构建查询之前,最好先从指定查询的搜索请求开始。使用完整响应中的字段和值,通过搜索查询语法创建查询,并对其进行优化,直到返回所需的结果。

如需详细了解可在查询中使用的字段,请参阅 searchAllResources 参考文档

并非所有资源都可以搜索。如需了解资源名称并查看它们是否可用于搜索 API,请参阅资源类型

搜索资源

控制台

如需搜索资源元数据,请完成以下步骤。

  1. 前往 Google Cloud 控制台中的资产清单页面。

    前往“Asset Inventory”

  2. 切换到您要搜索的项目、文件夹或组织。
  3. 点击资源标签页。

  4. 如需搜索资源,请在过滤条件字段中输入查询。如需了解如何编写搜索查询,请参阅 搜索查询语法

    为方便您构建查询,您可以点击过滤条件字段,以显示可供搜索的字段并将其添加到查询中。

执行搜索后,结果表中会列出与查询匹配的资源。双击查询内容即可进行修改,也可以使用过滤结果窗格按特定条件限制搜索结果。

如需以 Google Cloud CLI 命令的形式来查看查询,请点击查看查询

如需导出结果,请点击下载 CSV

gcloud

gcloud asset search-all-resources \
    --scope=SCOPE_PATH \
    --query="QUERY" \
    --asset-types=ASSET_TYPE_1,ASSET_TYPE_2,... \
    --order-by="ORDER_BY" \
    --read-mask="READ_MASK"

请提供以下值:

  • SCOPE_PATH:请使用以下某个值:

    允许使用的值包括:

    • projects/PROJECT_ID,其中 PROJECT_ID 是包含您要搜索的资产的项目的 ID。

    • projects/PROJECT_NUMBER,其中 PROJECT_NUMBER 是包含您要搜索的资产的项目的编号。

      如何查找 Google Cloud 项目编号

      Google Cloud 控制台

      如需查找 Google Cloud 项目编号,请完成以下步骤:

      1. 前往 Google Cloud 控制台中的欢迎页面。

        前往“欢迎”页面

      2. 点击菜单栏中的切换器列表框。

      3. 从列表框中选择您的组织,然后搜索您的项目名称。 项目名称、项目编号和项目 ID 显示在欢迎标题附近。

        最多可显示 4,000 个资源。如果您没有看到要查找的项目,请前往管理资源页面,然后使用该项目的名称过滤列表。

      gcloud CLI

      您可以使用以下命令检索 Google Cloud 项目编号:

      gcloud projects describe PROJECT_ID --format="value(projectNumber)"

    • folders/FOLDER_ID,其中 FOLDER_ID 是包含您要搜索的媒体资源的文件夹的 ID。

      如何查找 Google Cloud 文件夹的 ID

      Google Cloud 控制台

      如需查找 Google Cloud 文件夹的 ID,请完成以下步骤:

      1. 前往 Google Cloud 控制台。

        前往 Google Cloud 控制台

      2. 点击菜单栏中的切换器列表框。
      3. 从列表框中选择您的组织。
      4. 搜索您的文件夹名称。文件夹 ID 会显示在文件夹名称旁边。

      gcloud CLI

      您可以使用以下命令检索组织级层文件夹的 ID: Google Cloud 

      gcloud resource-manager folders list \
    --organization=$(gcloud organizations describe ORGANIZATION_NAME \
      --format="value(name.segment(1))") \
    --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
    --format="value(ID)"

      其中,TOP_LEVEL_FOLDER_NAME 是文件夹名称的部分或完整字符串匹配项。移除 --format 标志即可查看有关找到的文件夹的更多信息。

      上一个命令不会返回文件夹中子文件夹的 ID。为此,请使用顶级文件夹的 ID 运行以下命令:

      gcloud resource-manager folders list --folder=FOLDER_ID

    • organizations/ORGANIZATION_ID,其中 ORGANIZATION_ID 是包含您要搜索的资产的组织的 ID。

      如何查找 Google Cloud 组织的 ID

      Google Cloud 控制台

      如需查找 Google Cloud 组织的 ID,请完成以下步骤:

      1. 前往 Google Cloud 控制台。

        前往 Google Cloud 控制台

      2. 点击菜单栏中的切换器列表框。
      3. 从列表框中选择您的组织。
      4. 点击全部标签页。组织 ID 显示在组织名称旁边。

      gcloud CLI

      您可以使用以下命令检索 Google Cloud 组织的 ID:

      gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"
  • QUERY:可选。查询表达式。如果未指定或为空,则在指定范围内搜索所有资源。如需了解如何编写搜索查询,请参阅搜索查询语法
  • ASSET_TYPE_#:可选。以英文逗号分隔的 可搜索资产类型列表。 支持 RE2 兼容的正则表达式。如果正则表达式与任何支持的资源类型均不匹配,则会返回 INVALID_ARGUMENT 错误。如果未指定 --asset-types,则返回所有资产类型。
  • ORDER_BY:可选。指定结果排序顺序的以逗号分隔的字段列表。默认顺序是升序。 在字段名称后添加 DESC 可指示降序顺序。如需了解哪些字段可用于排序,请参阅 参考文档
  • READ_MASK:可选。一个以英文逗号分隔的字段列表,用于指定要在结果中返回的字段。如需了解默认返回的字段,以及在指定读取掩码时应注意的其他条件,请参阅。

您可以使用 --format--flatten 标志来设置 gcloud CLI 输出的格式。

如需查看所有选项,请参阅 gcloud CLI 参考文档

示例

运行以下命令,获取 my-project 项目中所有 完整资源名称包含 instance 一词后跟 1 的 Compute Engine 实例的列表。结果按名称降序排列,并且由于读取掩码,仅返回 namelocation 字段。

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="name:instance 1" \
    --asset-types=compute.googleapis.com/Instance \
    --order-by="name DESC" \
    --read-mask="name,location"

示例响应

---
location: us-central1-a
name: //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/instance-2-1
---
location: us-central1-a
name: //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/instance-1

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/SCOPE_PATH:searchAllResources

请求 JSON 正文:

{
  "query": "QUERY",
  "assetTypes": [
    "ASSET_TYPE_1",
    "ASSET_TYPE_2",
    "..."
  ],
  "orderBy": "ORDER_BY",
  "pageSize": "PAGE_SIZE",
  "pageToken": "PAGE_TOKEN",
  "readMask": "READ_MASK"
}

请提供以下值:

  • SCOPE_PATH:请使用以下某个值:

    允许使用的值包括:

    • projects/PROJECT_ID,其中 PROJECT_ID 是包含您要搜索的资产的项目的 ID。

    • projects/PROJECT_NUMBER,其中 PROJECT_NUMBER 是包含您要搜索的资产的项目的编号。

      如何查找 Google Cloud 项目编号

      Google Cloud 控制台

      如需查找 Google Cloud 项目编号,请完成以下步骤:

      1. 前往 Google Cloud 控制台中的欢迎页面。

        前往“欢迎”页面

      2. 点击菜单栏中的切换器列表框。

      3. 从列表框中选择您的组织,然后搜索您的项目名称。 项目名称、项目编号和项目 ID 显示在欢迎标题附近。

        最多可显示 4,000 个资源。如果您没有看到要查找的项目,请前往管理资源页面,然后使用该项目的名称过滤列表。

      gcloud CLI

      您可以使用以下命令检索 Google Cloud 项目编号:

      gcloud projects describe PROJECT_ID --format="value(projectNumber)"

    • folders/FOLDER_ID,其中 FOLDER_ID 是包含您要搜索的资源的文件夹的 ID。

      如何查找 Google Cloud 文件夹的 ID

      Google Cloud 控制台

      如需查找 Google Cloud 文件夹的 ID,请完成以下步骤:

      1. 前往 Google Cloud 控制台。

        前往 Google Cloud 控制台

      2. 点击菜单栏中的切换器列表框。
      3. 从列表框中选择您的组织。
      4. 搜索您的文件夹名称。文件夹 ID 会显示在文件夹名称旁边。

      gcloud CLI

      您可以使用以下命令检索组织级层文件夹的 ID: Google Cloud 

      gcloud resource-manager folders list \
    --organization=$(gcloud organizations describe ORGANIZATION_NAME \
      --format="value(name.segment(1))") \
    --filter='"DISPLAY_NAME":"TOP_LEVEL_FOLDER_NAME"' \
    --format="value(ID)"

      其中,TOP_LEVEL_FOLDER_NAME 是文件夹名称的部分或完整字符串匹配项。移除 --format 标志即可查看有关已找到文件夹的更多信息。

      上一个命令不会返回文件夹中子文件夹的 ID。为此,请使用顶级文件夹的 ID 运行以下命令:

      gcloud resource-manager folders list --folder=FOLDER_ID

    • organizations/ORGANIZATION_ID,其中 ORGANIZATION_ID 是包含您要搜索的资产的组织的 ID。

      如何查找 Google Cloud 组织的 ID

      Google Cloud 控制台

      如需查找 Google Cloud 组织的 ID,请完成以下步骤:

      1. 前往 Google Cloud 控制台。

        前往 Google Cloud 控制台

      2. 点击菜单栏中的切换器列表框。
      3. 从列表框中选择您的组织。
      4. 点击全部标签页。组织 ID 显示在组织名称旁边。

      gcloud CLI

      您可以使用以下命令检索 Google Cloud 组织的 ID:

      gcloud organizations describe ORGANIZATION_NAME --format="value(name.segment(1))"
  • QUERY:可选。查询表达式。如果未指定或为空,则在指定范围内搜索所有资源。如需了解如何编写搜索查询,请参阅搜索查询语法
  • ASSET_TYPE_#:可选。 可搜索的资产类型数组。 支持 RE2 兼容的正则表达式。如果正则表达式与任何支持的资源类型均不匹配,则会返回 INVALID_ARGUMENT 错误。如果未指定 assetTypes,则返回所有资产类型。
  • ORDER_BY:可选。指定结果排序顺序的以逗号分隔的字段列表。默认顺序是升序。 在字段名称后添加 DESC 可指示降序顺序。如需了解哪些字段可用于排序,请参阅 参考文档

  • PAGE_SIZE:可选。每页返回的结果数。最大值是 500。如果该值设为 0 或负值,系统会选择适当的默认值。系统会返回 nextPageToken 以检索后续结果。

  • PAGE_TOKEN:可选。较长的请求响应会分布在多个页面上。如果未指定 pageToken,则返回第一页。 后续页面可以通过使用上一个响应的 nextPageToken 作为 pageToken 值来调用。
  • READ_MASK:可选。一个以英文逗号分隔的字段列表,用于指定要在结果中返回的字段。如需了解默认返回的字段,以及在指定读取掩码时应注意的其他条件,请参阅。

如需了解所有选项,请参阅 REST 参考文档

命令示例

运行以下任一命令,获取 my-project 项目中所有完整资源名称包含 instance 一词(后跟 1)的 Compute Engine 实例的列表。结果按名称降序排列,并且仅返回 namelocation 字段。

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "query": "name:instance 1",
            "assetTypes": ["compute.googleapis.com/Instance"],
            "orderBy": "name DESC",
            "readMask": "name,location"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "query": "name:instance 1",
  "assetTypes": ["compute.googleapis.com/Instance"],
  "orderBy": "name DESC",
  "readMask": "name,location"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

示例响应

{
  "results": [
    {
      "name": "//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/instance-2-1",
      "location": "us-central1-a"
    },
    {
      "name": "//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/instance-1",
      "location": "us-central1-a"
    }
  ]
}

C#

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证


using Google.Api.Gax;
using Google.Cloud.Asset.V1;
using System.Collections.Generic;
using System.Linq;

public class SearchAllResourcesSample
{
    public SearchAllResourcesResponse SearchAllResources(string scope, string query)
    {
        // Create the client.
        AssetServiceClient client = AssetServiceClient.Create();

        // Build the request.
        SearchAllResourcesRequest request = new SearchAllResourcesRequest
        {
            Scope = scope,
            Query = query,
        };

        // Call the API.
        PagedEnumerable<SearchAllResourcesResponse, ResourceSearchResult> response = client.SearchAllResources(request);

        // Return the first page.
        IEnumerable<SearchAllResourcesResponse> byPages = response.AsRawResponses();
        return byPages.First();
    }
}

Go

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证


// Sample search-all-resources searches all resources within the given scope.
package main

import (
	"context"
	"flag"
	"fmt"
	"log"

	asset "cloud.google.com/go/asset/apiv1"
	"cloud.google.com/go/asset/apiv1/assetpb"
	"google.golang.org/api/iterator"
)

func main() {
	scope := flag.String("scope", "", "Scope of the search.")
	query := flag.String("query", "", "Query statement.")
	flag.Parse()
	ctx := context.Background()
	client, err := asset.NewClient(ctx)
	if err != nil {
		log.Fatalf("asset.NewClient: %v", err)
	}
	defer client.Close()

	req := &assetpb.SearchAllResourcesRequest{
		Scope: *scope,
		Query: *query,
	}
	it := client.SearchAllResources(ctx, req)
	for {
		resource, err := it.Next()
		if err == iterator.Done {
			break
		}
		if err != nil {
			log.Fatal(err)
		}
		fmt.Println(resource)
	}
}

Java

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证

import com.google.api.gax.rpc.ApiException;
import com.google.api.gax.rpc.InvalidArgumentException;
import com.google.cloud.asset.v1.AssetServiceClient;
import com.google.cloud.asset.v1.AssetServiceClient.SearchAllResourcesPagedResponse;
import com.google.cloud.asset.v1.SearchAllResourcesRequest;
import java.io.IOException;
import java.util.Arrays;

public class SearchAllResourcesExample {

  // Searches for all the resources within the given scope.
  public static void searchAllResources(String scope, String query) {
    // TODO(developer): Replace these variables before running the sample.
    String[] assetTypes = {};
    int pageSize = 0;
    String pageToken = "";
    String orderBy = "";

    SearchAllResourcesRequest request =
        SearchAllResourcesRequest.newBuilder()
            .setScope(scope)
            .setQuery(query)
            .addAllAssetTypes(Arrays.asList(assetTypes))
            .setPageSize(pageSize)
            .setPageToken(pageToken)
            .setOrderBy(orderBy)
            .build();

    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (AssetServiceClient client = AssetServiceClient.create()) {
      SearchAllResourcesPagedResponse response = client.searchAllResources(request);
      System.out.println("Search completed successfully:\n" + response.getPage().getValues());
    } catch (IOException e) {
      System.out.println(String.format("Failed to create client:%n%s", e.toString()));
    } catch (InvalidArgumentException e) {
      System.out.println(String.format("Invalid request:%n%s", e.toString()));
    } catch (ApiException e) {
      System.out.println(String.format("Error during SearchAllResources:%n%s", e.toString()));
    }
  }
}

Node.js

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证

/**
 * TODO(developer): Uncomment these variables before running the sample.
 */
// const scope = '';
// const query = '';
// const assetTypes = [];
// const pageSize = 0;
// const pageToken = '';
// const orderBy = '';

const util = require('util');
const {AssetServiceClient} = require('@google-cloud/asset');

const client = new AssetServiceClient();
const projectId = await client.getProjectId();

async function searchAllResources() {
  const request = {
    scope: `projects/${projectId}`,
    query: query,
    assetTypes: assetTypes,
    pageSize: pageSize,
    pageToken: pageToken,
    orderBy: orderBy,
  };
  const options = {
    autoPaginate: false,
  };

  // Handle the operation using the promise pattern.
  const result = await client.searchAllResources(request, options);
  // Do things with with the response.
  console.log(util.inspect(result, {depth: null}));
}

PHP

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Asset\V1\Client\AssetServiceClient;
use Google\Cloud\Asset\V1\SearchAllResourcesRequest;

/**
 * @param string   $scope      Scope of the search
 * @param string   $query      (Optional) Query statement
 * @param string[] $assetTypes (Optional) Asset types to search for
 * @param int      $pageSize   (Optional) Size of each result page
 * @param string   $pageToken  (Optional) Token produced by the preceding call
 * @param string   $orderBy    (Optional) Fields to sort the results
 */
function search_all_resources(
    string $scope,
    string $query = '',
    array $assetTypes = [],
    int $pageSize = 0,
    string $pageToken = '',
    string $orderBy = ''
): void {
    // Instantiate a client.
    $asset = new AssetServiceClient();

    // Run request
    $request = (new SearchAllResourcesRequest())
        ->setScope($scope)
        ->setQuery($query)
        ->setAssetTypes($assetTypes)
        ->setPageSize($pageSize)
        ->setPageToken($pageToken)
        ->setOrderBy($orderBy);
    $response = $asset->searchAllResources($request);

    // Print the resource names in the first page of the result
    foreach ($response->getPage() as $resource) {
        print($resource->getName() . PHP_EOL);
    }
}

Python

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证

from google.cloud import asset_v1

# TODO scope = 'Scope of the search'
# TODO query = 'Query statement'
# TODO asset_types = 'List of asset types to search for'
# TODO page_size = Size of each result page
# TODO order_by = 'Fields to sort the results'

client = asset_v1.AssetServiceClient()
response = client.search_all_resources(
    request={
        "scope": scope,
        "query": query,
        "asset_types": asset_types,
        "page_size": page_size,
        "order_by": order_by,
    }
)
for resource in response:
    print(resource)

Ruby

如需了解如何安装和使用 Cloud Asset Inventory 客户端库,请参阅 Cloud Asset Inventory 客户端库

如需向 Cloud Asset Inventory 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证

require "google/cloud/asset"

# scope = 'SCOPE_OF_THE_QUERY'
# query = 'QUERY_STATEMENT'
# asset_types = 'AN_ARRAY_OF_ASSET_TYPES_TO_SEARCH_FOR'
# page_size = 'SIZE_OF_EACH_RESULT_PAGE'
# page_token = 'TOKEN_PRODUCED_BY_THE_PRECEDING_CALL'
# order_by = 'FIELDS_TO_SORT_THE RESULTS'
asset_service = Google::Cloud::Asset.asset_service

response = asset_service.search_all_resources(
  scope:       scope,
  query:       query,
  asset_types: asset_types,
  page_size:   page_size,
  page_token:  page_token,
  order_by:    order_by
)
# Do things with the response
response.page.each do |resource|
  puts resource
end

其他搜索示例

以下代码示例展示了 gcloud 和 REST 的具体搜索查询,可帮助您构建自己的搜索。

项目中的所有资源

以下示例展示了如何搜索 my-project 项目中的所有资源。

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --format="table(assetType.basename(), name.basename(), name.scope(projects).segment(0):label=PROJECT_ID, labels)"

REST

HTTP 方法和网址:

GET https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "Authorization" = "Bearer $cred"
}


Invoke-WebRequest `
  -Method GET `
  -Headers $headers `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

按说明划分的 Compute Engine 实例

以下示例展示了如何在 my-project 项目中搜索名称完全为 instance-prod 的 Compute Engine 实例。

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="description=instance-prod" \
    --asset-types=compute.googleapis.com/Instance \
    --format="table(name, assetType, location)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "description=instance-prod",
  "readMask": "name,assetType,location"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "description=instance-prod",
            "readMask": "name,assetType,location"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "description=instance-prod",
  "readMask": "name,assetType,location"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

如需搜索名称中包含 instance-prod(例如 instance-prod-1instance-prod-2)的实例,而不是完全匹配的实例,请将 =instance-prod 替换为 :instance-prod

按标签划分的 Compute Engine 实例

以下示例展示了如何搜索 my-project 项目中具有名为 env 的标签的 Compute Engine 实例。

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="labels.env:*" \
    --asset-types=compute.googleapis.com/Instance \
    --format="table(name, assetType, labels)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "labels.env:*",
  "readMask": "name,assetType,labels"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "labels.env:*",
            "readMask": "name,assetType,labels"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "labels.env:*",
  "readMask": "name,assetType,labels"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

按 TagKey 划分的 Compute Engine 实例

以下示例展示了如何搜索 my-project 项目中直接附加了 TagKey 的标记的 Compute Engine 实例。包含 envnamespacedName

如需按有效 TagKey 进行搜索,请将 tagKeys 替换为 effectiveTagKeys

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="tagKeys:env" \
    --asset-types=compute.googleapis.com/Instance \
    --format="table(name, assetType, tags)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "tagKeys:env",
  "readMask": "name,assetType,tags"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "tagKeys:env",
            "readMask": "name,assetType,tags"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "tagKeys:env",
  "readMask": "name,assetType,tags"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

按 TagValue 划分的 Compute Engine 实例

以下示例展示了如何搜索 my-project 项目中直接附加了标记的 Compute Engine 实例,其中 TagValuenamespacedName 包含 prodsea,且实例名称不包含 instance1

如需按有效 TagValues 进行搜索,请将 tagValues 替换为 effectiveTagValues

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="tagValues:(prod OR sea) (NOT name:instance1)" \
    --asset-types=compute.googleapis.com/Instance \
    --format="table(name, assetType, tags)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "tagValues:(prod OR sea) (NOT name:instance1)",
  "readMask": "name,assetType,tags"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "tagValues:(prod OR sea) (NOT name:instance1)",
            "readMask": "name,assetType,tags"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "tagValues:(prod OR sea) (NOT name:instance1)",
  "readMask": "name,assetType,tags"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

在特定时间之后创建的 Compute Engine 实例

以下示例展示了如何搜索 my-project 项目中在 2023 年 12 月 31 日之后创建的 Compute Engine 实例。

如需详细了解日期时间比较,请参阅数值和时间戳比较

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="createTime>2023-31-12" \
    --asset-types=compute.googleapis.com/Instance \
    --format="table(name, assetType, location)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "createTime>2023-31-12",
  "readMask": "name,assetType,location"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "createTime>2023-31-12",
            "readMask": "name,assetType,location"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "createTime>2023-31-12",
  "readMask": "name,assetType,location"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

位于美国的 Compute Engine 实例

以下示例展示了如何搜索位于美国的 my-project 项目中的 Compute Engine 实例。

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="location:us-*" \
    --asset-types=compute.googleapis.com/Instance \
    --format="table(name, assetType, location)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "location:us-*",
  "readMask": "name,assetType,location"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "location:us-*",
            "readMask": "name,assetType,location"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "location:us-*",
  "readMask": "name,assetType,location"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

正在运行的 Compute Engine 实例

以下示例展示了如何搜索在 my-project 项目中运行的 Compute Engine 实例。

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="state=RUNNING" \
    --asset-types=compute.googleapis.com/Instance \
    --read-mask="name,assetType,location,versionedResources" \
    --format="table(name, assetType, location, versionedResources)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "state=RUNNING",
  "readMask": "name,assetType,location,versionedResources"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "compute.googleapis.com/Instance",
            "pageSize": 1,
            "query": "state=RUNNING",
            "readMask": "name,assetType,location,versionedResources"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "compute.googleapis.com/Instance",
  "pageSize": 1,
  "query": "state=RUNNING",
  "readMask": "name,assetType,location,versionedResources"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

IAM 拒绝政策

以下示例展示了如何在 my-project 项目中搜索 IAM 拒绝政策

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --asset-types=iam.googleapis.com/PolicyV2 \
    --query="name:denypolicies"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "assetTypes": "iam.googleapis.com/PolicyV2",
  "pageSize": 1,
  "query": "name:denypolicies"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "assetTypes": "iam.googleapis.com/PolicyV2",
            "pageSize": 1,
            "query": "name:denypolicies"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "assetTypes": "iam.googleapis.com/PolicyV2",
  "pageSize": 1,
  "query": "name:denypolicies"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

如需搜索未运行的 Compute Engine 实例,请将 state=RUNNING 替换为 NOT state:running

相关 Google Cloud 资源

关系查询需要访问 Security Command Center 高级方案或 Enterprise 方案,或者 Gemini Cloud Assist

以下示例展示了如何在 my-project 项目中搜索相关资源,以查找支持的关系类型。例如,搜索完整资源名称中包含 instance-group实例组中的所有 Compute Engine 实例。

gcloud

gcloud asset search-all-resources \
    --scope=projects/my-project \
    --query="relationships:instance-group" \
    --format="table(name, assetType, relationships)"

REST

HTTP 方法和网址:

POST https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

请求 JSON 正文:

{
  "pageSize": 1,
  "query": "relationships:instance-group",
  "readMask": "name,assetType,relationships"
}

命令示例

curl(Linux、macOS 或 Cloud Shell)

curl -X POST \
     -H "X-HTTP-Method-Override: GET" \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d '{
            "pageSize": 1,
            "query": "relationships:instance-group",
            "readMask": "name,assetType,relationships"
          }' \
     https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources

PowerShell (Windows)

$cred = gcloud auth print-access-token

$headers = @{ 
  "X-HTTP-Method-Override" = "GET";
  "Authorization" = "Bearer $cred"
}


$body = @"
{
  "pageSize": 1,
  "query": "relationships:instance-group",
  "readMask": "name,assetType,relationships"
}
"@

Invoke-WebRequest `
  -Method POST `
  -Headers $headers `
  -ContentType: "application/json; charset=utf-8" `
  -Body $body `
  -Uri "https://cloudasset.googleapis.com/v1/projects/my-project:searchAllResources" | Select-Object -Expand Content

您还可以指定要搜索的关系类型。例如,如需搜索 INSTANCE_TO_INSTANCEGROUP 关系类型,请使用查询 relationships.INSTANCE_TO_INSTANCEGROUP。如需搜索完整资源名称中包含 instance-group 的该关系类型,请使用查询 relationships.INSTANCE_TO_INSTANCEGROUP:instance-group