1. Packages
  2. Google Cloud Native
  3. API Docs
  4. cloudasset
  5. cloudasset/v1
  6. SavedQuery

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.cloudasset/v1.SavedQuery

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

Creates a saved query in a parent project/folder/organization. Auto-naming is currently not supported for this resource.

Create SavedQuery Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SavedQuery(name: string, args: SavedQueryArgs, opts?: CustomResourceOptions);
@overload
def SavedQuery(resource_name: str,
               args: SavedQueryArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def SavedQuery(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               saved_query_id: Optional[str] = None,
               v1_id: Optional[str] = None,
               v1_id1: Optional[str] = None,
               content: Optional[QueryContentArgs] = None,
               description: Optional[str] = None,
               labels: Optional[Mapping[str, str]] = None,
               name: Optional[str] = None)
func NewSavedQuery(ctx *Context, name string, args SavedQueryArgs, opts ...ResourceOption) (*SavedQuery, error)
public SavedQuery(string name, SavedQueryArgs args, CustomResourceOptions? opts = null)
public SavedQuery(String name, SavedQueryArgs args)
public SavedQuery(String name, SavedQueryArgs args, CustomResourceOptions options)
type: google-native:cloudasset/v1:SavedQuery
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SavedQueryArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SavedQueryArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SavedQueryArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SavedQueryArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SavedQueryArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var savedQueryResource = new GoogleNative.CloudAsset.V1.SavedQuery("savedQueryResource", new()
{
    SavedQueryId = "string",
    V1Id = "string",
    V1Id1 = "string",
    Content = new GoogleNative.CloudAsset.V1.Inputs.QueryContentArgs
    {
        IamPolicyAnalysisQuery = new GoogleNative.CloudAsset.V1.Inputs.IamPolicyAnalysisQueryArgs
        {
            Scope = "string",
            AccessSelector = new GoogleNative.CloudAsset.V1.Inputs.AccessSelectorArgs
            {
                Permissions = new[]
                {
                    "string",
                },
                Roles = new[]
                {
                    "string",
                },
            },
            ConditionContext = new GoogleNative.CloudAsset.V1.Inputs.ConditionContextArgs
            {
                AccessTime = "string",
            },
            IdentitySelector = new GoogleNative.CloudAsset.V1.Inputs.IdentitySelectorArgs
            {
                Identity = "string",
            },
            Options = new GoogleNative.CloudAsset.V1.Inputs.OptionsArgs
            {
                AnalyzeServiceAccountImpersonation = false,
                ExpandGroups = false,
                ExpandResources = false,
                ExpandRoles = false,
                OutputGroupEdges = false,
                OutputResourceEdges = false,
            },
            ResourceSelector = new GoogleNative.CloudAsset.V1.Inputs.ResourceSelectorArgs
            {
                FullResourceName = "string",
            },
        },
    },
    Description = "string",
    Labels = 
    {
        { "string", "string" },
    },
    Name = "string",
});
Copy
example, err := cloudasset.NewSavedQuery(ctx, "savedQueryResource", &cloudasset.SavedQueryArgs{
	SavedQueryId: pulumi.String("string"),
	V1Id:         pulumi.String("string"),
	V1Id1:        pulumi.String("string"),
	Content: &cloudasset.QueryContentArgs{
		IamPolicyAnalysisQuery: &cloudasset.IamPolicyAnalysisQueryArgs{
			Scope: pulumi.String("string"),
			AccessSelector: &cloudasset.AccessSelectorArgs{
				Permissions: pulumi.StringArray{
					pulumi.String("string"),
				},
				Roles: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			ConditionContext: &cloudasset.ConditionContextArgs{
				AccessTime: pulumi.String("string"),
			},
			IdentitySelector: &cloudasset.IdentitySelectorArgs{
				Identity: pulumi.String("string"),
			},
			Options: &cloudasset.OptionsArgs{
				AnalyzeServiceAccountImpersonation: pulumi.Bool(false),
				ExpandGroups:                       pulumi.Bool(false),
				ExpandResources:                    pulumi.Bool(false),
				ExpandRoles:                        pulumi.Bool(false),
				OutputGroupEdges:                   pulumi.Bool(false),
				OutputResourceEdges:                pulumi.Bool(false),
			},
			ResourceSelector: &cloudasset.ResourceSelectorArgs{
				FullResourceName: pulumi.String("string"),
			},
		},
	},
	Description: pulumi.String("string"),
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Name: pulumi.String("string"),
})
Copy
var savedQueryResource = new SavedQuery("savedQueryResource", SavedQueryArgs.builder()
    .savedQueryId("string")
    .v1Id("string")
    .v1Id1("string")
    .content(QueryContentArgs.builder()
        .iamPolicyAnalysisQuery(IamPolicyAnalysisQueryArgs.builder()
            .scope("string")
            .accessSelector(AccessSelectorArgs.builder()
                .permissions("string")
                .roles("string")
                .build())
            .conditionContext(ConditionContextArgs.builder()
                .accessTime("string")
                .build())
            .identitySelector(IdentitySelectorArgs.builder()
                .identity("string")
                .build())
            .options(OptionsArgs.builder()
                .analyzeServiceAccountImpersonation(false)
                .expandGroups(false)
                .expandResources(false)
                .expandRoles(false)
                .outputGroupEdges(false)
                .outputResourceEdges(false)
                .build())
            .resourceSelector(ResourceSelectorArgs.builder()
                .fullResourceName("string")
                .build())
            .build())
        .build())
    .description("string")
    .labels(Map.of("string", "string"))
    .name("string")
    .build());
Copy
saved_query_resource = google_native.cloudasset.v1.SavedQuery("savedQueryResource",
    saved_query_id="string",
    v1_id="string",
    v1_id1="string",
    content={
        "iam_policy_analysis_query": {
            "scope": "string",
            "access_selector": {
                "permissions": ["string"],
                "roles": ["string"],
            },
            "condition_context": {
                "access_time": "string",
            },
            "identity_selector": {
                "identity": "string",
            },
            "options": {
                "analyze_service_account_impersonation": False,
                "expand_groups": False,
                "expand_resources": False,
                "expand_roles": False,
                "output_group_edges": False,
                "output_resource_edges": False,
            },
            "resource_selector": {
                "full_resource_name": "string",
            },
        },
    },
    description="string",
    labels={
        "string": "string",
    },
    name="string")
Copy
const savedQueryResource = new google_native.cloudasset.v1.SavedQuery("savedQueryResource", {
    savedQueryId: "string",
    v1Id: "string",
    v1Id1: "string",
    content: {
        iamPolicyAnalysisQuery: {
            scope: "string",
            accessSelector: {
                permissions: ["string"],
                roles: ["string"],
            },
            conditionContext: {
                accessTime: "string",
            },
            identitySelector: {
                identity: "string",
            },
            options: {
                analyzeServiceAccountImpersonation: false,
                expandGroups: false,
                expandResources: false,
                expandRoles: false,
                outputGroupEdges: false,
                outputResourceEdges: false,
            },
            resourceSelector: {
                fullResourceName: "string",
            },
        },
    },
    description: "string",
    labels: {
        string: "string",
    },
    name: "string",
});
Copy
type: google-native:cloudasset/v1:SavedQuery
properties:
    content:
        iamPolicyAnalysisQuery:
            accessSelector:
                permissions:
                    - string
                roles:
                    - string
            conditionContext:
                accessTime: string
            identitySelector:
                identity: string
            options:
                analyzeServiceAccountImpersonation: false
                expandGroups: false
                expandResources: false
                expandRoles: false
                outputGroupEdges: false
                outputResourceEdges: false
            resourceSelector:
                fullResourceName: string
            scope: string
    description: string
    labels:
        string: string
    name: string
    savedQueryId: string
    v1Id: string
    v1Id1: string
Copy

SavedQuery Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SavedQuery resource accepts the following input properties:

SavedQueryId
This property is required.
Changes to this property will trigger replacement.
string
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are a-z-. Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.
V1Id
This property is required.
Changes to this property will trigger replacement.
string
V1Id1
This property is required.
Changes to this property will trigger replacement.
string
Content Pulumi.GoogleNative.CloudAsset.V1.Inputs.QueryContent
The query content.
Description string
The description of this saved query. This value should be fewer than 255 characters.
Labels Dictionary<string, string>
Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
Name string
The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
SavedQueryId
This property is required.
Changes to this property will trigger replacement.
string
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are a-z-. Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.
V1Id
This property is required.
Changes to this property will trigger replacement.
string
V1Id1
This property is required.
Changes to this property will trigger replacement.
string
Content QueryContentArgs
The query content.
Description string
The description of this saved query. This value should be fewer than 255 characters.
Labels map[string]string
Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
Name string
The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
savedQueryId
This property is required.
Changes to this property will trigger replacement.
String
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are a-z-. Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.
v1Id
This property is required.
Changes to this property will trigger replacement.
String
v1Id1
This property is required.
Changes to this property will trigger replacement.
String
content QueryContent
The query content.
description String
The description of this saved query. This value should be fewer than 255 characters.
labels Map<String,String>
Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
name String
The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
savedQueryId
This property is required.
Changes to this property will trigger replacement.
string
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are a-z-. Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.
v1Id
This property is required.
Changes to this property will trigger replacement.
string
v1Id1
This property is required.
Changes to this property will trigger replacement.
string
content QueryContent
The query content.
description string
The description of this saved query. This value should be fewer than 255 characters.
labels {[key: string]: string}
Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
name string
The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
saved_query_id
This property is required.
Changes to this property will trigger replacement.
str
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are a-z-. Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.
v1_id
This property is required.
Changes to this property will trigger replacement.
str
v1_id1
This property is required.
Changes to this property will trigger replacement.
str
content QueryContentArgs
The query content.
description str
The description of this saved query. This value should be fewer than 255 characters.
labels Mapping[str, str]
Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
name str
The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
savedQueryId
This property is required.
Changes to this property will trigger replacement.
String
Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are a-z-. Notice that this field is required in the saved query creation, and the name field of the saved_query will be ignored.
v1Id
This property is required.
Changes to this property will trigger replacement.
String
v1Id1
This property is required.
Changes to this property will trigger replacement.
String
content Property Map
The query content.
description String
The description of this saved query. This value should be fewer than 255 characters.
labels Map<String>
Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
name String
The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id

Outputs

All input properties are implicitly available as output properties. Additionally, the SavedQuery resource produces the following output properties:

CreateTime string
The create time of this saved query.
Creator string
The account's email address who has created this saved query.
Id string
The provider-assigned unique ID for this managed resource.
LastUpdateTime string
The last update time of this saved query.
LastUpdater string
The account's email address who has updated this saved query most recently.
CreateTime string
The create time of this saved query.
Creator string
The account's email address who has created this saved query.
Id string
The provider-assigned unique ID for this managed resource.
LastUpdateTime string
The last update time of this saved query.
LastUpdater string
The account's email address who has updated this saved query most recently.
createTime String
The create time of this saved query.
creator String
The account's email address who has created this saved query.
id String
The provider-assigned unique ID for this managed resource.
lastUpdateTime String
The last update time of this saved query.
lastUpdater String
The account's email address who has updated this saved query most recently.
createTime string
The create time of this saved query.
creator string
The account's email address who has created this saved query.
id string
The provider-assigned unique ID for this managed resource.
lastUpdateTime string
The last update time of this saved query.
lastUpdater string
The account's email address who has updated this saved query most recently.
create_time str
The create time of this saved query.
creator str
The account's email address who has created this saved query.
id str
The provider-assigned unique ID for this managed resource.
last_update_time str
The last update time of this saved query.
last_updater str
The account's email address who has updated this saved query most recently.
createTime String
The create time of this saved query.
creator String
The account's email address who has created this saved query.
id String
The provider-assigned unique ID for this managed resource.
lastUpdateTime String
The last update time of this saved query.
lastUpdater String
The account's email address who has updated this saved query most recently.

Supporting Types

AccessSelector
, AccessSelectorArgs

Permissions List<string>
Optional. The permissions to appear in result.
Roles List<string>
Optional. The roles to appear in result.
Permissions []string
Optional. The permissions to appear in result.
Roles []string
Optional. The roles to appear in result.
permissions List<String>
Optional. The permissions to appear in result.
roles List<String>
Optional. The roles to appear in result.
permissions string[]
Optional. The permissions to appear in result.
roles string[]
Optional. The roles to appear in result.
permissions Sequence[str]
Optional. The permissions to appear in result.
roles Sequence[str]
Optional. The roles to appear in result.
permissions List<String>
Optional. The permissions to appear in result.
roles List<String>
Optional. The roles to appear in result.

AccessSelectorResponse
, AccessSelectorResponseArgs

Permissions This property is required. List<string>
Optional. The permissions to appear in result.
Roles This property is required. List<string>
Optional. The roles to appear in result.
Permissions This property is required. []string
Optional. The permissions to appear in result.
Roles This property is required. []string
Optional. The roles to appear in result.
permissions This property is required. List<String>
Optional. The permissions to appear in result.
roles This property is required. List<String>
Optional. The roles to appear in result.
permissions This property is required. string[]
Optional. The permissions to appear in result.
roles This property is required. string[]
Optional. The roles to appear in result.
permissions This property is required. Sequence[str]
Optional. The permissions to appear in result.
roles This property is required. Sequence[str]
Optional. The roles to appear in result.
permissions This property is required. List<String>
Optional. The permissions to appear in result.
roles This property is required. List<String>
Optional. The roles to appear in result.

ConditionContext
, ConditionContextArgs

AccessTime string
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
AccessTime string
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
accessTime String
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
accessTime string
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
access_time str
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
accessTime String
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.

ConditionContextResponse
, ConditionContextResponseArgs

AccessTime This property is required. string
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
AccessTime This property is required. string
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
accessTime This property is required. String
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
accessTime This property is required. string
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
access_time This property is required. str
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
accessTime This property is required. String
The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.

IamPolicyAnalysisQuery
, IamPolicyAnalysisQueryArgs

Scope This property is required. string
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
AccessSelector Pulumi.GoogleNative.CloudAsset.V1.Inputs.AccessSelector
Optional. Specifies roles or permissions for analysis. This is optional.
ConditionContext Pulumi.GoogleNative.CloudAsset.V1.Inputs.ConditionContext
Optional. The hypothetical context for IAM conditions evaluation.
IdentitySelector Pulumi.GoogleNative.CloudAsset.V1.Inputs.IdentitySelector
Optional. Specifies an identity for analysis.
Options Pulumi.GoogleNative.CloudAsset.V1.Inputs.Options
Optional. The query options.
ResourceSelector Pulumi.GoogleNative.CloudAsset.V1.Inputs.ResourceSelector
Optional. Specifies a resource for analysis.
Scope This property is required. string
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
AccessSelector AccessSelector
Optional. Specifies roles or permissions for analysis. This is optional.
ConditionContext ConditionContext
Optional. The hypothetical context for IAM conditions evaluation.
IdentitySelector IdentitySelector
Optional. Specifies an identity for analysis.
Options Options
Optional. The query options.
ResourceSelector ResourceSelector
Optional. Specifies a resource for analysis.
scope This property is required. String
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
accessSelector AccessSelector
Optional. Specifies roles or permissions for analysis. This is optional.
conditionContext ConditionContext
Optional. The hypothetical context for IAM conditions evaluation.
identitySelector IdentitySelector
Optional. Specifies an identity for analysis.
options Options
Optional. The query options.
resourceSelector ResourceSelector
Optional. Specifies a resource for analysis.
scope This property is required. string
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
accessSelector AccessSelector
Optional. Specifies roles or permissions for analysis. This is optional.
conditionContext ConditionContext
Optional. The hypothetical context for IAM conditions evaluation.
identitySelector IdentitySelector
Optional. Specifies an identity for analysis.
options Options
Optional. The query options.
resourceSelector ResourceSelector
Optional. Specifies a resource for analysis.
scope This property is required. str
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
access_selector AccessSelector
Optional. Specifies roles or permissions for analysis. This is optional.
condition_context ConditionContext
Optional. The hypothetical context for IAM conditions evaluation.
identity_selector IdentitySelector
Optional. Specifies an identity for analysis.
options Options
Optional. The query options.
resource_selector ResourceSelector
Optional. Specifies a resource for analysis.
scope This property is required. String
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
accessSelector Property Map
Optional. Specifies roles or permissions for analysis. This is optional.
conditionContext Property Map
Optional. The hypothetical context for IAM conditions evaluation.
identitySelector Property Map
Optional. Specifies an identity for analysis.
options Property Map
Optional. The query options.
resourceSelector Property Map
Optional. Specifies a resource for analysis.

IamPolicyAnalysisQueryResponse
, IamPolicyAnalysisQueryResponseArgs

AccessSelector This property is required. Pulumi.GoogleNative.CloudAsset.V1.Inputs.AccessSelectorResponse
Optional. Specifies roles or permissions for analysis. This is optional.
ConditionContext This property is required. Pulumi.GoogleNative.CloudAsset.V1.Inputs.ConditionContextResponse
Optional. The hypothetical context for IAM conditions evaluation.
IdentitySelector This property is required. Pulumi.GoogleNative.CloudAsset.V1.Inputs.IdentitySelectorResponse
Optional. Specifies an identity for analysis.
Options This property is required. Pulumi.GoogleNative.CloudAsset.V1.Inputs.OptionsResponse
Optional. The query options.
ResourceSelector This property is required. Pulumi.GoogleNative.CloudAsset.V1.Inputs.ResourceSelectorResponse
Optional. Specifies a resource for analysis.
Scope This property is required. string
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
AccessSelector This property is required. AccessSelectorResponse
Optional. Specifies roles or permissions for analysis. This is optional.
ConditionContext This property is required. ConditionContextResponse
Optional. The hypothetical context for IAM conditions evaluation.
IdentitySelector This property is required. IdentitySelectorResponse
Optional. Specifies an identity for analysis.
Options This property is required. OptionsResponse
Optional. The query options.
ResourceSelector This property is required. ResourceSelectorResponse
Optional. Specifies a resource for analysis.
Scope This property is required. string
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
accessSelector This property is required. AccessSelectorResponse
Optional. Specifies roles or permissions for analysis. This is optional.
conditionContext This property is required. ConditionContextResponse
Optional. The hypothetical context for IAM conditions evaluation.
identitySelector This property is required. IdentitySelectorResponse
Optional. Specifies an identity for analysis.
options This property is required. OptionsResponse
Optional. The query options.
resourceSelector This property is required. ResourceSelectorResponse
Optional. Specifies a resource for analysis.
scope This property is required. String
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
accessSelector This property is required. AccessSelectorResponse
Optional. Specifies roles or permissions for analysis. This is optional.
conditionContext This property is required. ConditionContextResponse
Optional. The hypothetical context for IAM conditions evaluation.
identitySelector This property is required. IdentitySelectorResponse
Optional. Specifies an identity for analysis.
options This property is required. OptionsResponse
Optional. The query options.
resourceSelector This property is required. ResourceSelectorResponse
Optional. Specifies a resource for analysis.
scope This property is required. string
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
access_selector This property is required. AccessSelectorResponse
Optional. Specifies roles or permissions for analysis. This is optional.
condition_context This property is required. ConditionContextResponse
Optional. The hypothetical context for IAM conditions evaluation.
identity_selector This property is required. IdentitySelectorResponse
Optional. Specifies an identity for analysis.
options This property is required. OptionsResponse
Optional. The query options.
resource_selector This property is required. ResourceSelectorResponse
Optional. Specifies a resource for analysis.
scope This property is required. str
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .
accessSelector This property is required. Property Map
Optional. Specifies roles or permissions for analysis. This is optional.
conditionContext This property is required. Property Map
Optional. The hypothetical context for IAM conditions evaluation.
identitySelector This property is required. Property Map
Optional. Specifies an identity for analysis.
options This property is required. Property Map
Optional. The query options.
resourceSelector This property is required. Property Map
Optional. Specifies a resource for analysis.
scope This property is required. String
The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit here . To know how to get folder or project id, visit here .

IdentitySelector
, IdentitySelectorArgs

Identity This property is required. string
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
Identity This property is required. string
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. String
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. string
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. str
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. String
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.

IdentitySelectorResponse
, IdentitySelectorResponseArgs

Identity This property is required. string
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
Identity This property is required. string
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. String
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. string
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. str
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
identity This property is required. String
The identity appear in the form of principals in IAM policy binding. The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.

Options
, OptionsArgs

AnalyzeServiceAccountImpersonation bool
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
ExpandGroups bool
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
ExpandResources bool
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
ExpandRoles bool
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
OutputGroupEdges bool
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
OutputResourceEdges bool
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
AnalyzeServiceAccountImpersonation bool
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
ExpandGroups bool
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
ExpandResources bool
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
ExpandRoles bool
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
OutputGroupEdges bool
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
OutputResourceEdges bool
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyzeServiceAccountImpersonation Boolean
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expandGroups Boolean
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expandResources Boolean
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expandRoles Boolean
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
outputGroupEdges Boolean
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
outputResourceEdges Boolean
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyzeServiceAccountImpersonation boolean
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expandGroups boolean
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expandResources boolean
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expandRoles boolean
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
outputGroupEdges boolean
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
outputResourceEdges boolean
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyze_service_account_impersonation bool
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expand_groups bool
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expand_resources bool
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expand_roles bool
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
output_group_edges bool
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
output_resource_edges bool
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyzeServiceAccountImpersonation Boolean
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expandGroups Boolean
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expandResources Boolean
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expandRoles Boolean
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
outputGroupEdges Boolean
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
outputResourceEdges Boolean
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.

OptionsResponse
, OptionsResponseArgs

AnalyzeServiceAccountImpersonation This property is required. bool
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
ExpandGroups This property is required. bool
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
ExpandResources This property is required. bool
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
ExpandRoles This property is required. bool
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
OutputGroupEdges This property is required. bool
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
OutputResourceEdges This property is required. bool
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
AnalyzeServiceAccountImpersonation This property is required. bool
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
ExpandGroups This property is required. bool
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
ExpandResources This property is required. bool
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
ExpandRoles This property is required. bool
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
OutputGroupEdges This property is required. bool
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
OutputResourceEdges This property is required. bool
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyzeServiceAccountImpersonation This property is required. Boolean
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expandGroups This property is required. Boolean
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expandResources This property is required. Boolean
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expandRoles This property is required. Boolean
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
outputGroupEdges This property is required. Boolean
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
outputResourceEdges This property is required. Boolean
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyzeServiceAccountImpersonation This property is required. boolean
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expandGroups This property is required. boolean
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expandResources This property is required. boolean
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expandRoles This property is required. boolean
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
outputGroupEdges This property is required. boolean
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
outputResourceEdges This property is required. boolean
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyze_service_account_impersonation This property is required. bool
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expand_groups This property is required. bool
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expand_resources This property is required. bool
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expand_roles This property is required. bool
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
output_group_edges This property is required. bool
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
output_resource_edges This property is required. bool
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
analyzeServiceAccountImpersonation This property is required. Boolean
Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning RPC instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a Google Cloud folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the Google Cloud folder F, then user A potentially has access to the Google Cloud folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the following permissions are considered in this analysis: * iam.serviceAccounts.actAs * iam.serviceAccounts.signBlob * iam.serviceAccounts.signJwt * iam.serviceAccounts.getAccessToken * iam.serviceAccounts.getOpenIdToken * iam.serviceAccounts.implicitDelegation Default is false.
expandGroups This property is required. Boolean
Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. If true, the default max expansion per group is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
expandResources This property is required. Boolean
Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a Google Cloud folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resources cannot be used together with this option. For example, if the request analyzes for which users have permission P on a Google Cloud project with this option enabled, the results will include all users who have permission P on that project or any lower resource. If true, the default max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
expandRoles This property is required. Boolean
Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
outputGroupEdges This property is required. Boolean
Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
outputResourceEdges This property is required. Boolean
Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.

QueryContent
, QueryContentArgs

IamPolicyAnalysisQuery Pulumi.GoogleNative.CloudAsset.V1.Inputs.IamPolicyAnalysisQuery
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
IamPolicyAnalysisQuery IamPolicyAnalysisQuery
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iamPolicyAnalysisQuery IamPolicyAnalysisQuery
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iamPolicyAnalysisQuery IamPolicyAnalysisQuery
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iam_policy_analysis_query IamPolicyAnalysisQuery
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iamPolicyAnalysisQuery Property Map
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.

QueryContentResponse
, QueryContentResponseArgs

IamPolicyAnalysisQuery This property is required. Pulumi.GoogleNative.CloudAsset.V1.Inputs.IamPolicyAnalysisQueryResponse
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
IamPolicyAnalysisQuery This property is required. IamPolicyAnalysisQueryResponse
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iamPolicyAnalysisQuery This property is required. IamPolicyAnalysisQueryResponse
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iamPolicyAnalysisQuery This property is required. IamPolicyAnalysisQueryResponse
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iam_policy_analysis_query This property is required. IamPolicyAnalysisQueryResponse
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.
iamPolicyAnalysisQuery This property is required. Property Map
An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy RPC or the AssetService.AnalyzeIamPolicyLongrunning RPC.

ResourceSelector
, ResourceSelectorArgs

FullResourceName This property is required. string
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
FullResourceName This property is required. string
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
fullResourceName This property is required. String
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
fullResourceName This property is required. string
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
full_resource_name This property is required. str
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
fullResourceName This property is required. String
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.

ResourceSelectorResponse
, ResourceSelectorResponseArgs

FullResourceName This property is required. string
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
FullResourceName This property is required. string
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
fullResourceName This property is required. String
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
fullResourceName This property is required. string
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
full_resource_name This property is required. str
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.
fullResourceName This property is required. String
The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of supported resource types.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi