Google Cloud Asset V1 Client - Class SearchAllIamPoliciesRequest (2.1.2)

Reference documentation and code samples for the Google Cloud Asset V1 Client class SearchAllIamPoliciesRequest.

Search all IAM policies request.

Generated from protobuf message google.cloud.asset.v1.SearchAllIamPoliciesRequest

Namespace

Google \ Cloud \ Asset \ V1

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ scope string

Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the scope. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope. The allowed values are: * * projects/{PROJECT_ID} (e.g., "projects/foo-bar") * * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") * * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

↳ query string

Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified scope. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation. Examples: * * policy:amy@gmail.com to find IAM policy bindings that specify user "amy@gmail.com". * * policy:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role. * * policy:comp* to find IAM policy bindings that contain "comp" as a prefix of any word in the binding. * * policy.role.permissions:storage.buckets.update to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * * policy.role.permissions:upd* to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results. * * resource:organizations/123456 to find IAM policy bindings that are set on "organizations/123456". * * resource=//cloudresourcemanager.googleapis.com/projects/myproject to find IAM policy bindings that are set on the project named "myproject". * * Important to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions). * * resource:(instance1 OR instance2) policy:amy to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy". * * roles:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role. * * memberTypes:user to find IAM policy bindings that contain the principal type "user".

↳ page_size int

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

↳ page_token string

Optional. If present, retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters must be identical to those in the previous call.

↳ asset_types array

Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types supported by search APIs Regular expressions are also supported. For example: * * "compute.googleapis.com." snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * * ".Instance" snapshots IAM policies attached to asset type ends with "Instance". * * ".Instance." snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.

↳ order_by string

Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * * resource * * assetType * * project All the other fields such as repeated fields (e.g., folders) and non-primitive fields (e.g., policy) are not supported.

getScope

Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the scope. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope.

The allowed values are:

  • projects/{PROJECT_ID} (e.g., "projects/foo-bar")
  • projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
  • folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
Returns
Type Description
string

setScope

Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the scope. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope.

The allowed values are:

  • projects/{PROJECT_ID} (e.g., "projects/foo-bar")
  • projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
  • folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
  • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
Parameter
Name Description
var string
Returns
Type Description
$this

getQuery

Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified scope. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation.

Examples:

  • policy:amy@gmail.com to find IAM policy bindings that specify user "amy@gmail.com".
  • policy:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role.
  • policy:comp* to find IAM policy bindings that contain "comp" as a prefix of any word in the binding.
  • policy.role.permissions:storage.buckets.update to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.
  • policy.role.permissions:upd* to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.
  • resource:organizations/123456 to find IAM policy bindings that are set on "organizations/123456".
  • resource=//cloudresourcemanager.googleapis.com/projects/myproject to find IAM policy bindings that are set on the project named "myproject".
  • Important to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions).
  • resource:(instance1 OR instance2) policy:amy to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy".
  • roles:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role.
  • memberTypes:user to find IAM policy bindings that contain the principal type "user".
Returns
Type Description
string

setQuery

Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified scope. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation.

Examples:

  • policy:amy@gmail.com to find IAM policy bindings that specify user "amy@gmail.com".
  • policy:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role.
  • policy:comp* to find IAM policy bindings that contain "comp" as a prefix of any word in the binding.
  • policy.role.permissions:storage.buckets.update to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.
  • policy.role.permissions:upd* to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.
  • resource:organizations/123456 to find IAM policy bindings that are set on "organizations/123456".
  • resource=//cloudresourcemanager.googleapis.com/projects/myproject to find IAM policy bindings that are set on the project named "myproject".
  • Important to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions).
  • resource:(instance1 OR instance2) policy:amy to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy".
  • roles:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role.
  • memberTypes:user to find IAM policy bindings that contain the principal type "user".
Parameter
Name Description
var string
Returns
Type Description
$this

getPageSize

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

Returns
Type Description
int

setPageSize

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

Parameter
Name Description
var int
Returns
Type Description
$this

getPageToken

Optional. If present, retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters must be identical to those in the previous call.

Returns
Type Description
string

setPageToken

Optional. If present, retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters must be identical to those in the previous call.

Parameter
Name Description
var string
Returns
Type Description
$this

getAssetTypes

Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types supported by search APIs Regular expressions are also supported. For example:

  • "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com".

  • ".*Instance" snapshots IAM policies attached to asset type ends with "Instance".

  • ".Instance." snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setAssetTypes

Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types supported by search APIs Regular expressions are also supported. For example:

  • "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com".

  • ".*Instance" snapshots IAM policies attached to asset type ends with "Instance".

  • ".Instance." snapshots IAM policies attached to asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
Parameter
Name Description
var string[]
Returns
Type Description
$this

getOrderBy

Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored.

Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable:

  • resource
  • assetType
  • project All the other fields such as repeated fields (e.g., folders) and non-primitive fields (e.g., policy) are not supported.
Returns
Type Description
string

setOrderBy

Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored.

Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable:

  • resource
  • assetType
  • project All the other fields such as repeated fields (e.g., folders) and non-primitive fields (e.g., policy) are not supported.
Parameter
Name Description
var string
Returns
Type Description
$this

static::build

Parameters
Name Description
scope string

Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the scope. The caller must be granted the cloudasset.assets.searchAllIamPolicies permission on the desired scope.

The allowed values are:

    • projects/{PROJECT_ID} (e.g., "projects/foo-bar")
    • projects/{PROJECT_NUMBER} (e.g., "projects/12345678")
    • folders/{FOLDER_NUMBER} (e.g., "folders/1234567")
    • organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
query string

Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified scope. Note that the query string is compared against each IAM policy binding, including its principals, roles, and IAM conditions. The returned IAM policies will only contain the bindings that match your query. To learn more about the IAM policy structure, see the IAM policy documentation.

Examples:

    • policy:amy@gmail.com to find IAM policy bindings that specify user "amy@gmail.com".
    • policy:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role.
    • policy:comp* to find IAM policy bindings that contain "comp" as a prefix of any word in the binding.
    • policy.role.permissions:storage.buckets.update to find IAM policy bindings that specify a role containing "storage.buckets.update" permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.
    • policy.role.permissions:upd* to find IAM policy bindings that specify a role containing "upd" as a prefix of any word in the role permission. Note that if callers don't have iam.roles.get access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.
    • resource:organizations/123456 to find IAM policy bindings that are set on "organizations/123456".
    • resource=//cloudresourcemanager.googleapis.com/projects/myproject to find IAM policy bindings that are set on the project named "myproject".
    • Important to find IAM policy bindings that contain "Important" as a word in any of the searchable fields (except for the included permissions).
    • resource:(instance1 OR instance2) policy:amy to find IAM policy bindings that are set on resources "instance1" or "instance2" and also specify user "amy".
    • roles:roles/compute.admin to find IAM policy bindings that specify the Compute Admin role.
    • memberTypes:user to find IAM policy bindings that contain the principal type "user".
Returns
Type Description
SearchAllIamPoliciesRequest