sandbox/alpha-scone-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/alpha-scone-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/alpha-tasks-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/alpha-tasks-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-analyticssuitefrontend-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-analyticssuitefrontend-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-apigateway-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-apigateway-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-apigateway-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-apigateway-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-apigateway-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-apigee-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-apigee-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-appsbackup-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-appsbackup-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-appsgenaiserver-pa-
dictionary_item_added
  • root['schemas']['AppsUpsellSharedRecommendationTemplatesMessageWithAction']
  • root['schemas']['AssistantLamdaWorkspaceEditorResourceReferenceImageOnly']
  • root['schemas']['AppsUpsellSharedRecommendationCommonRecommendation']['properties']['messageWithAction']
  • root['schemas']['AssistantLamdaWorkspaceEditorResourceReferenceEditorResourceType']['description']
  • root['schemas']['AssistantLamdaWorkspaceEditorResourceReferenceEditorResourceType']['properties']['imageOnly']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['AppsUpsellSharedRecommendationCommonRecommendation']['description']
new_valueA common response for recommendation systems. Next id: 25
old_valueA common response for recommendation systems. Next id: 24
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][651]
new_valueNOTEBOOKLM_SOURCE_LIMIT_DASHER_END_USER
old_valueNOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][651]
new_valueNOTEBOOKLM_SOURCE_LIMIT_DASHER_END_USER
old_valueNOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
iterable_item_added
root['schemas']['AppsExtensionsDuetAiActionStaticPlanData']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsExtensionsDuetAiActionStaticPlanData']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiClientDebugInfo']['properties']['useCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiClientDebugInfo']['properties']['useCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiGenerateRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiGenerateRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiGenerationIteration']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiGenerationIteration']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiGetQuotaSummaryRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiGetQuotaSummaryRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiQuestionAnswerListActionParamsQuestionAnswer']['properties']['useCaseForSuggestionFollowup']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiQuestionAnswerListActionParamsQuestionAnswer']['properties']['useCaseForSuggestionFollowup']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiRecordFeatureUsageRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiRecordFeatureUsageRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiStarterTile']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiStarterTile']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiTurn']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiTurn']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiWriteAuditLogRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiWriteAuditLogRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][173]SECURITY_INSIGHTS_PHISHING_MALWARE_V2_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][233]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][234]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][235]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][313]DOCS_BANNER_AI_VALUE_UPSELL_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][314]SHEETS_BANNER_AI_VALUE_UPSELL_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][315]SLIDES_BANNER_AI_VALUE_UPSELL_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enumDescriptions'][313]go/dasheraiedd-mar25
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][189]SECURITY_INSIGHTS_PHISHING_MALWARE_V2
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][219]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][643]NOTEBOOKLM_DASHER_END_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][649]NOTEBOOKLM_NOTEBOOKLM_PLUS_DASHER_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][650]NOTEBOOKLM_NOTEBOOKLM_PLUS_CONSUMER_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][657]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][658]NOTEBOOKLM_SOURCE_LIMIT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][651]Source limit path - Notebook owned by a plus user - 300 limits msg Notebook not owned by a plus user - * Dasher (no matter whether they are owner or not, show upgrade path) - Dasher end user, dasher admin, AE user * Consumer - check owner * Owner - show upgrade path for consumer EM, consumer none EM * Not owner - show contact owner path
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][189]SECURITY_INSIGHTS_PHISHING_MALWARE_V2
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][219]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][643]NOTEBOOKLM_DASHER_END_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][649]NOTEBOOKLM_NOTEBOOKLM_PLUS_DASHER_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][650]NOTEBOOKLM_NOTEBOOKLM_PLUS_CONSUMER_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][657]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][658]NOTEBOOKLM_SOURCE_LIMIT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][651]Source limit path - Notebook owned by a plus user - 300 limits msg Notebook not owned by a plus user - * Dasher (no matter whether they are owner or not, show upgrade path) - Dasher end user, dasher admin, AE user * Consumer - check owner * Owner - show upgrade path for consumer EM, consumer none EM * Not owner - show contact owner path
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
iterable_item_removed
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][645]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][645]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][645]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][645]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
sandbox/autopush-appsgenaiserver-pa-v1
dictionary_item_added
  • root['schemas']['AppsUpsellSharedRecommendationTemplatesMessageWithAction']
  • root['schemas']['AssistantLamdaWorkspaceEditorResourceReferenceImageOnly']
  • root['schemas']['AppsUpsellSharedRecommendationCommonRecommendation']['properties']['messageWithAction']
  • root['schemas']['AssistantLamdaWorkspaceEditorResourceReferenceEditorResourceType']['description']
  • root['schemas']['AssistantLamdaWorkspaceEditorResourceReferenceEditorResourceType']['properties']['imageOnly']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['AppsUpsellSharedRecommendationCommonRecommendation']['description']
new_valueA common response for recommendation systems. Next id: 25
old_valueA common response for recommendation systems. Next id: 24
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][651]
new_valueNOTEBOOKLM_SOURCE_LIMIT_DASHER_END_USER
old_valueNOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][651]
new_valueNOTEBOOKLM_SOURCE_LIMIT_DASHER_END_USER
old_valueNOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
iterable_item_added
root['schemas']['AppsExtensionsDuetAiActionStaticPlanData']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsExtensionsDuetAiActionStaticPlanData']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiClientDebugInfo']['properties']['useCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiClientDebugInfo']['properties']['useCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiGenerateRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiGenerateRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiGenerationIteration']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiGenerationIteration']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiGetQuotaSummaryRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiGetQuotaSummaryRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiQuestionAnswerListActionParamsQuestionAnswer']['properties']['useCaseForSuggestionFollowup']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiQuestionAnswerListActionParamsQuestionAnswer']['properties']['useCaseForSuggestionFollowup']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiRecordFeatureUsageRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiRecordFeatureUsageRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiStarterTile']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiStarterTile']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiTurn']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiTurn']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsIntelligenceGenAiWriteAuditLogRequest']['properties']['generateUseCase']['enum'][14]LIST_ACTION_ITEMS_ANNOTATOR
root['schemas']['AppsIntelligenceGenAiWriteAuditLogRequest']['properties']['generateUseCase']['enumDescriptions'][14]Annotate the action items generated by LIST_ACTION_ITEMS.
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][173]SECURITY_INSIGHTS_PHISHING_MALWARE_V2_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][233]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][234]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][235]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][313]DOCS_BANNER_AI_VALUE_UPSELL_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][314]SHEETS_BANNER_AI_VALUE_UPSELL_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][315]SLIDES_BANNER_AI_VALUE_UPSELL_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enumDescriptions'][313]go/dasheraiedd-mar25
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][189]SECURITY_INSIGHTS_PHISHING_MALWARE_V2
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][219]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][643]NOTEBOOKLM_DASHER_END_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][649]NOTEBOOKLM_NOTEBOOKLM_PLUS_DASHER_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][650]NOTEBOOKLM_NOTEBOOKLM_PLUS_CONSUMER_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][657]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][658]NOTEBOOKLM_SOURCE_LIMIT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][651]Source limit path - Notebook owned by a plus user - 300 limits msg Notebook not owned by a plus user - * Dasher (no matter whether they are owner or not, show upgrade path) - Dasher end user, dasher admin, AE user * Consumer - check owner * Owner - show upgrade path for consumer EM, consumer none EM * Not owner - show contact owner path
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][189]SECURITY_INSIGHTS_PHISHING_MALWARE_V2
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][219]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][643]NOTEBOOKLM_DASHER_END_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][649]NOTEBOOKLM_NOTEBOOKLM_PLUS_DASHER_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][650]NOTEBOOKLM_NOTEBOOKLM_PLUS_CONSUMER_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][657]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][658]NOTEBOOKLM_SOURCE_LIMIT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][651]Source limit path - Notebook owned by a plus user - 300 limits msg Notebook not owned by a plus user - * Dasher (no matter whether they are owner or not, show upgrade path) - Dasher end user, dasher admin, AE user * Consumer - check owner * Owner - show upgrade path for consumer EM, consumer none EM * Not owner - show contact owner path
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][203]GEMINI_UPSELL_EFT_FREEMIUM_THINKING_MODE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][212]GEMINI_UPSELL_FREEMIUM_THINKING_MODE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][353]NOTEBOOKLM_SETTINGS_DROPDOWN
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][203]Gemini: G1 upsell EFT onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][212]Gemini: G1 upsell onramp via mobile SDK in Gemini freemium thinking mode disclaimer.
iterable_item_removed
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][645]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][645]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][645]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][645]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
sandbox/autopush-asia-east1-cloudbuild-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-asia-east1-cloudbuild-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-asia-east1-cloudbuild-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-auditrecording-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-auditrecording-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-automl-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-automl-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-automl-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-automl-v1p1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-blobcomments-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-blobcomments-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudaicompanion-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanion-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanion-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanion-v1beta
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanionadmin-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanionadmin-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanionadmin-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudaicompanionadmin-v1beta
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudbuild-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudbuild-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudbuild-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudchannel-
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['authority']['description']
new_valueOptional. Authority. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Authority. Can't be edited after the Opportunity is Accepted.
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['budget']['description']
new_valueOptional. Budget. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Budget. Can't be edited after the Opportunity is Accepted.
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['need']['description']
new_valueOptional. Need. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Need. Can't be edited after the Opportunity is Accepted.
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['timeline']['description']
new_valueOptional. Timeline. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Timeline. Can't be edited after the Opportunity is Accepted.
sandbox/autopush-cloudchannel-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudchannel-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudchannel-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudchannel-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudchannel-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['authority']['description']
new_valueOptional. Authority. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Authority. Can't be edited after the Opportunity is Accepted.
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['budget']['description']
new_valueOptional. Budget. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Budget. Can't be edited after the Opportunity is Accepted.
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['need']['description']
new_valueOptional. Need. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Need. Can't be edited after the Opportunity is Accepted.
root['schemas']['GoogleCloudChannelV1alpha1QualificationInfo']['properties']['timeline']['description']
new_valueOptional. Timeline. Can't be edited after the Opportunity is Accepted. Optional for ISV Opportunity.
old_valueRequired. Timeline. Can't be edited after the Opportunity is Accepted.
sandbox/autopush-cloudcommerceconsumerprocurement-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcommerceconsumerprocurement-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcommerceconsumerprocurement-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcommerceprocurement-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcommerceprocurement-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcrmcards-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcrmcards-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcrmeventbus-pa-
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProtoIosCustomAction']
  • root['schemas']['NotificationsPlatformCommonProtoIosCustomActionInAppBrowserRedirect']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesContract']['properties']['accountConfidentialClassification']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesContract']['properties']['isConfidential']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunity']['properties']['opportunityProducts']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunity']['properties']['partnerDesignatedConfidential']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel4']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel5']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel6']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel7']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesRep']['properties']['custosGaiaId']
  • root['schemas']['NotificationsPlatformCommonProtoCustomPromptButtonsActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['NotificationsPlatformCommonProtoCustomPromptButtonsActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
iterable_item_added
root['schemas']['CloudSalesAppsGclmProtoBlobReference']['properties']['blobType']['enum'][9]BLOB_TYPE_LARGE_TABLE
root['schemas']['CloudSalesAppsGclmProtoBlobReference']['properties']['blobType']['enumDescriptions'][9]Blob corresponding to large table document content.
root['schemas']['CloudSalesAppsGclmServicesUploadBlobRequest']['properties']['blobType']['enum'][9]BLOB_TYPE_LARGE_TABLE
root['schemas']['CloudSalesAppsGclmServicesUploadBlobRequest']['properties']['blobType']['enumDescriptions'][9]Blob corresponding to large table document content.
root['schemas']['EnterpriseCrmMdmCustomerProtoCompanyDomain']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoCompanyDomain']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoFinanceDeal']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoFinanceDeal']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoIndustryCode']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoIndustryCode']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoTechnologyProduct']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoTechnologyProduct']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmProtoPotentialMatch']['properties']['potentialMatchSourceSystem']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmProtoPotentialMatch']['properties']['potentialMatchSourceSystem']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmProtoSourceEntityId']['properties']['sourceSystem']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmProtoSourceEntityId']['properties']['sourceSystem']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
sandbox/autopush-cloudcrmeventbus-pa-v1
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProtoIosCustomAction']
  • root['schemas']['NotificationsPlatformCommonProtoIosCustomActionInAppBrowserRedirect']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesContract']['properties']['accountConfidentialClassification']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesContract']['properties']['isConfidential']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunity']['properties']['opportunityProducts']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunity']['properties']['partnerDesignatedConfidential']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel4']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel5']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel6']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel7']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesRep']['properties']['custosGaiaId']
  • root['schemas']['NotificationsPlatformCommonProtoCustomPromptButtonsActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['NotificationsPlatformCommonProtoCustomPromptButtonsActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
iterable_item_added
root['schemas']['CloudSalesAppsGclmProtoBlobReference']['properties']['blobType']['enum'][9]BLOB_TYPE_LARGE_TABLE
root['schemas']['CloudSalesAppsGclmProtoBlobReference']['properties']['blobType']['enumDescriptions'][9]Blob corresponding to large table document content.
root['schemas']['CloudSalesAppsGclmServicesUploadBlobRequest']['properties']['blobType']['enum'][9]BLOB_TYPE_LARGE_TABLE
root['schemas']['CloudSalesAppsGclmServicesUploadBlobRequest']['properties']['blobType']['enumDescriptions'][9]Blob corresponding to large table document content.
root['schemas']['EnterpriseCrmMdmCustomerProtoCompanyDomain']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoCompanyDomain']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoFinanceDeal']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoFinanceDeal']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoIndustryCode']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoIndustryCode']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoTechnologyProduct']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoTechnologyProduct']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmProtoPotentialMatch']['properties']['potentialMatchSourceSystem']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmProtoPotentialMatch']['properties']['potentialMatchSourceSystem']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmProtoSourceEntityId']['properties']['sourceSystem']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmProtoSourceEntityId']['properties']['sourceSystem']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
sandbox/autopush-cloudcrmeventbus-pa-v3
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProtoIosCustomAction']
  • root['schemas']['NotificationsPlatformCommonProtoIosCustomActionInAppBrowserRedirect']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesContract']['properties']['accountConfidentialClassification']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesContract']['properties']['isConfidential']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunity']['properties']['opportunityProducts']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunity']['properties']['partnerDesignatedConfidential']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel4']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel5']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel6']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesOpportunityProduct']['properties']['productFphLevel7']
  • root['schemas']['CloudSalesAppsCloudbaseModulesEntitiesRep']['properties']['custosGaiaId']
  • root['schemas']['NotificationsPlatformCommonProtoCustomPromptButtonsActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['NotificationsPlatformCommonProtoCustomPromptButtonsActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
iterable_item_added
root['schemas']['CloudSalesAppsGclmProtoBlobReference']['properties']['blobType']['enum'][9]BLOB_TYPE_LARGE_TABLE
root['schemas']['CloudSalesAppsGclmProtoBlobReference']['properties']['blobType']['enumDescriptions'][9]Blob corresponding to large table document content.
root['schemas']['CloudSalesAppsGclmServicesUploadBlobRequest']['properties']['blobType']['enum'][9]BLOB_TYPE_LARGE_TABLE
root['schemas']['CloudSalesAppsGclmServicesUploadBlobRequest']['properties']['blobType']['enumDescriptions'][9]Blob corresponding to large table document content.
root['schemas']['EnterpriseCrmMdmCustomerProtoCompanyDomain']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoCompanyDomain']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoFinanceDeal']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoFinanceDeal']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoIndustryCode']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoIndustryCode']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmCustomerProtoTechnologyProduct']['properties']['source']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmCustomerProtoTechnologyProduct']['properties']['source']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmProtoPotentialMatch']['properties']['potentialMatchSourceSystem']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmProtoPotentialMatch']['properties']['potentialMatchSourceSystem']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
root['schemas']['EnterpriseCrmMdmProtoSourceEntityId']['properties']['sourceSystem']['enum'][66]CGC_FORM_PREFERENCE_CENTER
root['schemas']['EnterpriseCrmMdmProtoSourceEntityId']['properties']['sourceSystem']['enumDescriptions'][66]Source system for CGC Form for Preference Center based lead ingestion.
sandbox/autopush-cloudcrmipfrontend-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcrmipfrontend-pa-v1
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcrmipfrontend-pa-v1alpha
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudcrmipfrontend-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudidentity-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudidentity-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudidentity-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudidentity-pa-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudidentity-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudidentity-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalog-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalog-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalog-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalog-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalogproducer-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalogproducer-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudprivatecatalogproducer-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudsupport-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudsupport-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudsupport-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudsupport-v2beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-cloudusersettings-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-cloudusersettings-pa-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-datamigration-
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/autopush-datamigration-v1
values_changed
root['revision']
new_value20250225
old_value20250217
root['schemas']['EntityDdl']['properties']['ddlKind']['description']
new_valueThe DDL Kind selected for apply, or UNSPECIFIED if the entity wasn't converted yet.
old_valueThe DDL Kind selected for apply, or SOURCE if getting the source tree.
sandbox/autopush-datamigration-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/autopush-datamigration-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/autopush-datamixer-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-datamixer-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-developerconnect-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/autopush-developerconnect-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/autopush-developerconnect-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/autopush-dlp-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-dlp-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-dlp-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-drivefrontend-pa-
dictionary_item_added
  • root['schemas']['InitiateRewindRequest']['properties']['selectedEventTime']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['InitiateRewindResponse']['description']
new_valueResponse definition for initiating the Rewind process for the user. No status is provided here. The client should look at the HTTP status code to determine if the initiation was successful. After a successful initiation, the client should call GetRewindStatus() to get the status.
old_valueResponse definition for initiating the Rewind process for the user.
sandbox/autopush-drivefrontend-pa-v1
dictionary_item_added
  • root['schemas']['InitiateRewindRequest']['properties']['selectedEventTime']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['InitiateRewindResponse']['description']
new_valueResponse definition for initiating the Rewind process for the user. No status is provided here. The client should look at the HTTP status code to determine if the initiation was successful. After a successful initiation, the client should call GetRewindStatus() to get the status.
old_valueResponse definition for initiating the Rewind process for the user.
sandbox/autopush-drivequal-drivemetadata-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-drivequal-drivemetadata-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-drivequal-drivemetadata-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-emmapplecodevice-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-emmapplecodevice-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-essentialcontacts-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-essentialcontacts-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-essentialcontacts-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-essentialcontacts-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-familymanagement-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-familymanagement-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-fiamserver-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-fiamserver-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseappcheck-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseappcheck-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseappcheck-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseappdistribution-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseappdistribution-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseappdistribution-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasedomains-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasedomains-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasedomains-pa-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasedurablelinks-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasedurablelinks-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseextensions-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseextensions-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseextensionspublisher-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseextensionspublisher-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasehosting-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasehosting-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasehosting-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasemessagingcampaigns-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasemessagingcampaigns-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseperusertopics-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseperusertopics-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseremoteconfig-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseremoteconfig-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebaseremoteconfig-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasesagepredictions-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-firebasesagepredictions-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-fireconsole-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-fireconsole-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-geofeedtaskrouting-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-geofeedtaskrouting-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-gkeonprem-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-gkeonprem-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-growth-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-growth-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-instantmessaging-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-instantmessaging-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-integrations-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-integrations-v1
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-integrations-v1alpha
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-integrations-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-jibemessagestore-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-jibemessagestore-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-kidsmanagement-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-kidsmanagement-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-kidsnotification-pa-
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/autopush-kidsnotification-pa-v1
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/autopush-mapsplatformdatasets-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-mapsplatformdatasets-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-mapsplatformdatasets-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-meet-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-meet-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-meet-v2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-mobileperformancereporting-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-mobileperformancereporting-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-mobileperformancereporting-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-mobileperformancereporting-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-myphonenumbers-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
iterable_item_added
root['schemas']['CustomConsentFlavors']['properties']['wpDiscoverabilityDiscoverableFlavor']['enum'][4]GPAY3_SIGN_UP_WITH_CONSTELLATION_CONSENT
root['schemas']['CustomConsentFlavors']['properties']['wpDiscoverabilityDiscoverableFlavor']['enumDescriptions'][4]Used by GPay3 sign up flow with Constellation consent.
sandbox/autopush-myphonenumbers-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
iterable_item_added
root['schemas']['CustomConsentFlavors']['properties']['wpDiscoverabilityDiscoverableFlavor']['enum'][4]GPAY3_SIGN_UP_WITH_CONSTELLATION_CONSENT
root['schemas']['CustomConsentFlavors']['properties']['wpDiscoverabilityDiscoverableFlavor']['enumDescriptions'][4]Used by GPay3 sign up flow with Constellation consent.
sandbox/autopush-notifications-pa-
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProto_IosCustomAction_InAppBrowserRedirect']
  • root['schemas']['NotificationsPlatformCommonProto__IosCustomAction']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationServerSessionId']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationSessionId']
  • root['schemas']['GoogleLogsTapandpayAndroid_PermissionState_NotificationPermissionMetadata']['properties']['isFirstTimeRequest']
  • root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250223
root['schemas']['GoogleLogsTapandpayAndroid__FetchTransitPassesForFirstPartyEvent']['description']
new_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 5
old_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 4
root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][23]
new_valueaccount, but not account. A notification is updated.
old_valueaccount, but not account. Slient notification.
iterable_item_added
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][13]SV_WEAR_TOKENIZATION
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][14]SV_INSTALL_WEAR_WALLET_APP
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][13]Start tokenization of a supervised stored value card to a wearable
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][14]Go to the Play Store to install the Wallet app on WearOS
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enum'][23]DELIVERED_REPLACED
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][24]Slient notification.
root['schemas']['SearchNotificationsClientCommon__InboxChimeData']['properties']['category']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__SemanticProperties']['properties']['notificationCategory']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
sandbox/autopush-notifications-pa-v1
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProto_IosCustomAction_InAppBrowserRedirect']
  • root['schemas']['NotificationsPlatformCommonProto__IosCustomAction']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationServerSessionId']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationSessionId']
  • root['schemas']['GoogleLogsTapandpayAndroid_PermissionState_NotificationPermissionMetadata']['properties']['isFirstTimeRequest']
  • root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250223
root['schemas']['GoogleLogsTapandpayAndroid__FetchTransitPassesForFirstPartyEvent']['description']
new_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 5
old_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 4
root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][23]
new_valueaccount, but not account. A notification is updated.
old_valueaccount, but not account. Slient notification.
iterable_item_added
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][13]SV_WEAR_TOKENIZATION
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][14]SV_INSTALL_WEAR_WALLET_APP
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][13]Start tokenization of a supervised stored value card to a wearable
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][14]Go to the Play Store to install the Wallet app on WearOS
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enum'][23]DELIVERED_REPLACED
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][24]Slient notification.
root['schemas']['SearchNotificationsClientCommon__InboxChimeData']['properties']['category']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__SemanticProperties']['properties']['notificationCategory']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
sandbox/autopush-ogads-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-ogads-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-paisadatamixer-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-paisadatamixer-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-people-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-people-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-people-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-people-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-people-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-peoplestack-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-peoplestack-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policysimulator-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-policysimulator-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-policysimulator-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-policysimulator-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-policytroubleshooter-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policytroubleshooter-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policytroubleshooter-v1beta
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policytroubleshooter-v2alpha1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policytroubleshooter-v3
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policytroubleshooter-v3alpha
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-policytroubleshooter-v3beta
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/autopush-reauth-
dictionary_item_added
  • root['schemas']['DeviceDetail']
  • root['schemas']['DevicePromptDetail']['properties']['deviceDetails']
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-reauth-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-reauth-v2
dictionary_item_added
  • root['schemas']['DeviceDetail']
  • root['schemas']['DevicePromptDetail']['properties']['deviceDetails']
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/autopush-recaptchaenterprise-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-recaptchaenterprise-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-recaptchaenterprise-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-serviceusage-
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-serviceusage-v1
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-serviceusage-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-serviceusage-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-serviceusage-v2
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-serviceusage-v2alpha
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-serviceusage-v2beta
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['ApiVersionConstraint']['description']
new_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version. LINT.IfChange
old_valueConstraints are access controls over which API consumers are allowed to use a specific API@version. They will be evaluated at runtime (generally by ESF) to determine if a specific request satisfies the constraints for the requested API@version.
root['schemas']['BreakGlassMpaConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review a break-glass MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
root['schemas']['MultiPartyAuthorizationConfigV1']['properties']['reviewGuidance']['description']
new_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource.
old_valueGuidance that will be given to reviewers when asked to review an MPA request for this mapping. Can include a link to a playbook or other resource. NOTE: This field will not be displayed in the MPA UI until b/234646055 is completed.
sandbox/autopush-us-central1-cloudbuild-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-us-central1-cloudbuild-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-us-central1-cloudbuild-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-userguard-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-userguard-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-userguard-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-workspacevideo-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-workspacevideo-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/autopush-workstations-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/autopush-workstations-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/autopush-workstations-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/autopush-workstations-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/beta-tasks-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/beta-tasks-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/content-autopush-apigee-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-apigee-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-automl-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-automl-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-automl-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-automl-v1p1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-datamigration-
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/content-autopush-datamigration-v1
values_changed
root['revision']
new_value20250225
old_value20250217
root['schemas']['EntityDdl']['properties']['ddlKind']['description']
new_valueThe DDL Kind selected for apply, or UNSPECIFIED if the entity wasn't converted yet.
old_valueThe DDL Kind selected for apply, or SOURCE if getting the source tree.
sandbox/content-autopush-datamigration-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/content-autopush-datamigration-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/content-autopush-datamixer-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-datamixer-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-autopush-dlp-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-autopush-dlp-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-autopush-dlp-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-autopush-growth-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-autopush-growth-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-autopush-notifications-pa-
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProto_IosCustomAction_InAppBrowserRedirect']
  • root['schemas']['NotificationsPlatformCommonProto__IosCustomAction']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationServerSessionId']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationSessionId']
  • root['schemas']['GoogleLogsTapandpayAndroid_PermissionState_NotificationPermissionMetadata']['properties']['isFirstTimeRequest']
  • root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250223
root['schemas']['GoogleLogsTapandpayAndroid__FetchTransitPassesForFirstPartyEvent']['description']
new_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 5
old_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 4
root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][23]
new_valueaccount, but not account. A notification is updated.
old_valueaccount, but not account. Slient notification.
iterable_item_added
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][13]SV_WEAR_TOKENIZATION
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][14]SV_INSTALL_WEAR_WALLET_APP
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][13]Start tokenization of a supervised stored value card to a wearable
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][14]Go to the Play Store to install the Wallet app on WearOS
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enum'][23]DELIVERED_REPLACED
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][24]Slient notification.
root['schemas']['SearchNotificationsClientCommon__InboxChimeData']['properties']['category']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__SemanticProperties']['properties']['notificationCategory']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
sandbox/content-autopush-notifications-pa-v1
dictionary_item_added
  • root['schemas']['NotificationsPlatformCommonProto_IosCustomAction_InAppBrowserRedirect']
  • root['schemas']['NotificationsPlatformCommonProto__IosCustomAction']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationServerSessionId']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationSessionId']
  • root['schemas']['GoogleLogsTapandpayAndroid_PermissionState_NotificationPermissionMetadata']['properties']['isFirstTimeRequest']
  • root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['iosCustomAction']
values_changed
root['revision']
new_value20250225
old_value20250223
root['schemas']['GoogleLogsTapandpayAndroid__FetchTransitPassesForFirstPartyEvent']['description']
new_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 5
old_valueThe events related to fetching transit passes for first party. Design doc: go/wallet-design-ondc-india-ticket-access Next id: 4
root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][23]
new_valueaccount, but not account. A notification is updated.
old_valueaccount, but not account. Slient notification.
iterable_item_added
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][13]SV_WEAR_TOKENIZATION
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][14]SV_INSTALL_WEAR_WALLET_APP
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][13]Start tokenization of a supervised stored value card to a wearable
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][14]Go to the Play Store to install the Wallet app on WearOS
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enum'][23]DELIVERED_REPLACED
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][24]Slient notification.
root['schemas']['SearchNotificationsClientCommon__InboxChimeData']['properties']['category']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__SemanticProperties']['properties']['notificationCategory']['enum'][277]WHISPERSTREAM_UPDATE
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
sandbox/content-autopush-people-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-autopush-people-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-autopush-people-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-daily-cloudsearch-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-daily-cloudsearch-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-daily-dynamicmail-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-daily-dynamicmail-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-hourly-dynamicmail-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-hourly-dynamicmail-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/content-qa-alkalimetricsink-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-qa-alkalimetricsink-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-qa-binaryauthorization-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-qa-binaryauthorization-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-qa-binaryauthorization-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-qa-binaryauthorization-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-staging-binaryauthorization-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-staging-binaryauthorization-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-staging-binaryauthorization-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-staging-binaryauthorization-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/content-staging-firebase-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/content-staging-firebase-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/content-staging-firebase-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/content-staging-firebase-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/content-test-translate-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-test-translate-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-test-translate-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-test-translate-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/content-test-translate-v3beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-cloudsearch-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-cloudsearch-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-dataflowbackend-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/daily-dataflowbackend-pa-v1b3
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/daily-dynamicmail-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/daily-dynamicmail-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/daily-firebaseml-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-firebaseml-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-firebaseml-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-firebaseml-v2beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-mlkit-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-mlkit-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/daily-serviceconsumermanagement-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-serviceconsumermanagement-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-serviceconsumermanagement-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-serviceconsumermanagement-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-serviceconsumermanagement-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-serviceconsumermanagement-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-servicenetworking-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-servicenetworking-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-servicenetworking-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/daily-serviceusage-
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily-serviceusage-v1
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily-serviceusage-v1alpha
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily-serviceusage-v1beta1
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily-serviceusage-v2
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily-serviceusage-v2alpha
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily-serviceusage-v2beta
dictionary_item_added
  • root['schemas']['PrivacyDataGovernanceAttributesPiiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcess']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessBardHumanReview']
  • root['schemas']['PrivacyDataGovernanceAttributesSanitizationProcessSyft']
  • root['schemas']['SecurityRealmCondition']
  • root['schemas']['BindingCondition']['properties']['securityRealm']
  • root['schemas']['EndpointPolicyCondition']['properties']['securityRealm']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsDataCustom']['properties']['piiAndContentSanitization']
  • root['schemas']['PrivacyDataGovernanceAttributesAnnotationsProcess']['properties']['deferredSemanticPurposes']
values_changed
root['revision']
new_value20250224
old_value20250216
root['schemas']['BindingCondition']['description']
new_valueA condition that must be satisfied for a binding to apply. Next ID: 19
old_valueA condition that must be satisfied for a binding to apply.
root['schemas']['Documentation']['properties']['sectionOverrides']['description']
new_valueSpecifies section and content to override the boilerplate content. Currently overrides following sections: 1. rest.service.client_libraries
old_valueSpecifies section and content to override boilerplate content provided by go/api-docgen. Currently overrides following sections: 1. rest.service.client_libraries
root['schemas']['DocumentationRule']['properties']['disableReplacementWords']['description']
new_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled.
old_valueString of comma or space separated case-sensitive words for which method/field name replacement will be disabled by go/api-docgen.
iterable_item_added
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][303]BE
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][304]ES
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][305]FI
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][306]FR
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][307]HK
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][308]MX
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][309]NL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][310]PL
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][311]QA
root['schemas']['DataResidencyLocationEnum']['properties']['cloudEnum']['enum'][312]ZA
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiers']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][103]ID_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesAnnotationsData']['properties']['identifiersRedacted']['items']['enum'][104]ID_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][63]ST_ANDROID_APP
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][112]ST_CROSS_DEVICE_SESSION_ID
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][147]ST_REMOTE_DEVICE_INFO
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enum'][148]ST_SENSITIVE_SIZE
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][63]This includes Android App Packages (which typically look more or less like a Java class). This also includes Android App Names. For example, QuickShare starts from a share sheet in an Android app (e.g Google Photo, Youtube, Camera). We can annotate the referrer app name field as ST_ANDROID_APP.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][112]The session-id is shared between (typically two) devices and used in the logs (for an event shared across the devices, such as a file transfer via bluetooth or local-wifi). The session logs from multiple devices can be joined using this session-id for better understanding of the device-device interactions. For the existing fields with ST_SESSION_ID annotated, it can either be changed the annotation to this new annotation or be added through a FieldDetails annotation.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][147]Information (metadata only, not content) about a remote device such as (e.g. from the perspective of an Android phone): a bluetooth device, another nearby phone, a TV to chromecast to, etc. This information is typically received from the other device. A "remote device" does not include Google servers. The information can be used in cross-device analysis, such as # of files shared from Android-device to iPhone, the errors caused by different GMS version pairs (sender’s gms-version and receiver’s gms-version). Examples: device name, model, manufacturer, OS, firmware version, hardware version etc.
root['schemas']['PrivacyDataGovernanceAttributesDatapolAnnotations']['properties']['semanticTypes']['items']['enumDescriptions'][148]The size of a sensitive object. When the same size is logged by multiple users/devices, the size can be considered as sensitive. For example, in QuickShare, when a sender sends a file to a receiver, both sender and receiver log the size of the same file. The precise file size can derive the identity/connection of the sender/receiver. Examples: size of a video, a photo, a document, a message, a file etc.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcement']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementDiscoveryOptIn']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptout']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyEnforcementOptoutFromFiltering']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enum'][10]BARD_DATA_ACCESS
root['schemas']['PrivacyDataGovernanceAttributesPTokenProcess']['properties']['requestPolicyGlobalRampup']['items']['enumDescriptions'][10]Bard data access policy.
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enum'][80]WEB_DATA
root['schemas']['PrivacyDataGovernanceAttributesPTokenStorage']['properties']['types']['items']['enumDescriptions'][80]Objects that represent if the web data can be used in AI scope, such as AI data training, recitation, grounding. See go/google-extended-ptoken-proposal
sandbox/daily1-emmapplecodevice-
values_changed
root['revision']
new_value20250224
old_value20250217
sandbox/daily1-emmapplecodevice-v1
values_changed
root['revision']
new_value20250224
old_value20250217
sandbox/dataflow-staging-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/dataflow-staging-v1b3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/dev-dialogflow-
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-dialogflow-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-dialogflow-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-dialogflow-v2beta1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-dialogflow-v3
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-dialogflow-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-dialogflow-v3beta1
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-scone-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/dev-scone-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/dev-us-central1-dialogflow-
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-us-central1-dialogflow-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-us-central1-dialogflow-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-us-central1-dialogflow-v2beta1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-us-central1-dialogflow-v3
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-us-central1-dialogflow-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/dev-us-central1-dialogflow-v3beta1
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/devel-language-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-eu-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-eu-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-eu-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-eu-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-us-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-us-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-us-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-us-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/devel-language-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/dynamiteintegration-pa-staging-
dictionary_item_added
  • root['schemas']['ImageButton']['properties']['backgroundColors']
values_changed
root['revision']
new_value20250223
old_value20250220
sandbox/dynamiteintegration-pa-staging-v1
dictionary_item_added
  • root['schemas']['ImageButton']['properties']['backgroundColors']
values_changed
root['revision']
new_value20250223
old_value20250220
sandbox/eu-autopush-automl-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/eu-autopush-automl-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/eu-autopush-automl-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/eu-autopush-automl-v1p1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/eu-staging-automl-
values_changed
root['revision']
new_value20250224
old_value20250218
sandbox/eu-staging-automl-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/eu-staging-automl-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/eu-staging-automl-v1p1beta
values_changed
root['revision']
new_value20250224
old_value20250218
sandbox/eu-staging-datacatalog-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/eu-staging-datacatalog-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/eu-staging-datacatalog-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/eu-staging-vision-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/eu-staging-vision-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/eu-staging-vision-v1p1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/eu-staging-vision-v1p2beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/eu-staging-vision-v1p3beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/eu-staging-vision-v1p4beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/hourly-dynamicmail-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/hourly-dynamicmail-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/nightly-alkalibasemap-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/nightly-alkalibasemap-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/nightly-alkalimetricsink-pa-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/nightly-alkalimetricsink-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/nightly-alkalisrfassessment-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/nightly-alkalisrfassessment-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/nightly-alkalisrfassessment-pa-v2
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/ppissuer-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/ppissuer-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/preprod-blobcomments-pa-
dictionary_item_added
  • root['resources']['v1']['methods']['pdfFields']
  • root['schemas']['GetPdfFieldsRequest']
values_changed
root['revision']
new_value20250220
old_value20250213
sandbox/preprod-blobcomments-pa-v1
dictionary_item_added
  • root['resources']['v1']['methods']['pdfFields']
  • root['schemas']['GetPdfFieldsRequest']
values_changed
root['revision']
new_value20250220
old_value20250213
sandbox/preprod-cloudasset-v1
dictionary_item_added
  • root['schemas']['AssetEnrichment']
  • root['schemas']['EffectiveTagDetails']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['ResourceOwners']
  • root['schemas']['Tag']
  • root['schemas']['Asset']['properties']['relatedAssets']['deprecated']
  • root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['assetType']
  • root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['assetType']
  • root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['effectiveTags']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['effectiveTags']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['folders']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['organization']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['project']
  • root['schemas']['GoogleCloudAssetV1Rule']['properties']['conditionEvaluation']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
  • root['schemas']['OrgPolicyResult']['properties']['folders']
  • root['schemas']['OrgPolicyResult']['properties']['organization']
  • root['schemas']['OrgPolicyResult']['properties']['project']
  • root['schemas']['RelatedAssets']['deprecated']
  • root['schemas']['RelationshipAttributes']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['effectiveTags']
  • root['schemas']['ResourceSearchResult']['properties']['enrichments']
  • root['schemas']['ResourceSearchResult']['properties']['sccSecurityMarks']
  • root['schemas']['ResourceSearchResult']['properties']['tags']
  • root['schemas']['ResourceSearchResult']['properties']['kmsKey']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagKeys']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagValueIds']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagValues']['deprecated']
values_changed
root['resources']['effectiveIamPolicies']['methods']['batchGet']['parameters']['names']['description']
new_valueRequired. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch.
old_valueRequired. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). A maximum of 20 resources' effective policies can be retrieved in a batch.
root['resources']['effectiveIamPolicies']['methods']['batchGet']['parameters']['scope']['description']
new_valueRequired. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['resources']['v1']['methods']['analyzeIamPolicy']['parameters']['savedAnalysisQuery']['description']
new_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
old_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
root['resources']['v1']['methods']['analyzeIamPolicy']['parameters']['scope']['description']
new_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['resources']['v1']['methods']['analyzeIamPolicyLongrunning']['parameters']['scope']['description']
new_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['resources']['v1']['methods']['analyzeMove']['parameters']['destinationParent']['description']
new_valueRequired. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified destination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123").
old_valueRequired. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123").
root['resources']['v1']['methods']['analyzeOrgPolicies']['parameters']['filter']['description']
new_valueThe expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. Filtering is currently available for bare literal values and the following fields: * consolidated_policy.attached_resource * consolidated_policy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return all the Organization Policy results attached to "folders/001".
old_valueThe expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is `consolidated_policy.attached_resource`, and the only supported operator is `=`. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001".
root['resources']['v1']['methods']['analyzeOrgPolicyGovernedAssets']['description']
new_valueAnalyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following canned constraints: * constraints/ainotebooks.accessMode * constraints/ainotebooks.disableFileDownloads * constraints/ainotebooks.disableRootAccess * constraints/ainotebooks.disableTerminal * constraints/ainotebooks.environmentOptions * constraints/ainotebooks.requireAutoUpgradeSchedule * constraints/ainotebooks.restrictVpcNetworks * constraints/compute.disableGuestAttributesAccess * constraints/compute.disableInstanceDataAccessApis * constraints/compute.disableNestedVirtualization * constraints/compute.disableSerialPortAccess * constraints/compute.disableSerialPortLogging * constraints/compute.disableVpcExternalIpv6 * constraints/compute.requireOsLogin * constraints/compute.requireShieldedVm * constraints/compute.restrictLoadBalancerCreationForTypes * constraints/compute.restrictProtocolForwardingCreationForTypes * constraints/compute.restrictXpnProjectLienRemoval * constraints/compute.setNewProjectDefaultToZonalDNSOnly * constraints/compute.skipDefaultNetworkCreation * constraints/compute.trustedImageProjects * constraints/compute.vmCanIpForward * constraints/compute.vmExternalIpAccess * constraints/gcp.detailedAuditLoggingMode * constraints/gcp.resourceLocations * constraints/iam.allowedPolicyMemberDomains * constraints/iam.automaticIamGrantsForDefaultServiceAccounts * constraints/iam.disableServiceAccountCreation * constraints/iam.disableServiceAccountKeyCreation * constraints/iam.disableServiceAccountKeyUpload * constraints/iam.restrictCrossProjectServiceAccountLienRemoval * constraints/iam.serviceAccountKeyExpiryHours * constraints/resourcemanager.accessBoundaries * constraints/resourcemanager.allowedExportDestinations * constraints/sql.restrictAuthorizedNetworks * constraints/sql.restrictNoncompliantDiagnosticDataAccess * constraints/sql.restrictNoncompliantResourceCreation * constraints/sql.restrictPublicIp * constraints/storage.publicAccessPrevention * constraints/storage.restrictAuthTypes * constraints/storage.uniformBucketLevelAccess This RPC only returns either resources of types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) or IAM policies.
old_valueAnalyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types), or IAM policies.
root['resources']['v1']['methods']['analyzeOrgPolicyGovernedAssets']['parameters']['filter']['description']
new_valueThe expression to filter AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets. For governed resources, filtering is currently available for bare literal values and the following fields: * governed_resource.project * governed_resource.folders * consolidated_policy.rules.enforce When filtering by `governed_resource.project` or `consolidated_policy.rules.enforce`, the only supported operator is `=`. When filtering by `governed_resource.folders`, the supported operators are `=` and `:`. For example, filtering by `governed_resource.project="projects/12345678"` will return all the governed resources under "projects/12345678", including the project itself if applicable. For governed IAM policies, filtering is currently available for bare literal values and the following fields: * governed_iam_policy.project * governed_iam_policy.folders * consolidated_policy.rules.enforce When filtering by `governed_iam_policy.project` or `consolidated_policy.rules.enforce`, the only supported operator is `=`. When filtering by `governed_iam_policy.folders`, the supported operators are `=` and `:`. For example, filtering by `governed_iam_policy.folders:"folders/12345678"` will return all the governed IAM policies under "folders/001".
old_valueThe expression to filter the governed assets in result. The only supported fields for governed resources are `governed_resource.project` and `governed_resource.folders`. The only supported fields for governed iam policies are `governed_iam_policy.project` and `governed_iam_policy.folders`. The only supported operator is `=`. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable.
root['resources']['v1']['methods']['analyzeOrgPolicyGovernedContainers']['parameters']['filter']['description']
new_valueThe expression to filter AnalyzeOrgPolicyGovernedContainersResponse.governed_containers. Filtering is currently available for bare literal values and the following fields: * parent * consolidated_policy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" will return all the containers under "folders/001".
old_valueThe expression to filter the governed containers in result. The only supported field is `parent`, and the only supported operator is `=`. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001".
root['resources']['v1']['methods']['queryAssets']['description']
new_valueIssue a job that queries assets using a SQL statement compatible with [BigQuery SQL](https://cloud.google.com/bigquery/docs/introduction-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by [BigQuery](https://cloud.google.com/bigquery/docs/best-practices-performance-output). Queries return larger results will result in errors.
old_valueIssue a job that queries assets using a SQL statement compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.
root['resources']['v1']['methods']['searchAllIamPolicies']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies attached to asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
old_valueOptional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies attached to asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
root['resources']['v1']['methods']['searchAllIamPolicies']['parameters']['pageSize']['description']
new_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
old_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
root['resources']['v1']['methods']['searchAllResources']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
old_valueOptional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
root['resources']['v1']['methods']['searchAllResources']['parameters']['orderBy']['description']
new_valueOptional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only the following fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType
old_valueOptional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., `networkTags`, `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) are not supported.
root['resources']['v1']['methods']['searchAllResources']['parameters']['pageSize']['description']
new_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
old_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
root['resources']['v1']['methods']['searchAllResources']['parameters']['query']['description']
new_valueOptional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Google Cloud resources whose name contains `Important` as a word. * `name=Important` to find the Google Cloud resource whose name is exactly `Important`. * `displayName:Impor*` to find Google Cloud resources whose display name contains `Impor` as a prefix of any word in the field. * `location:us-west*` to find Google Cloud resources whose location contains both `us` and `west` as prefixes. * `labels:prod` to find Google Cloud resources whose labels contain `prod` as a key or value. * `labels.env:prod` to find Google Cloud resources that have a label `env` and its value is `prod`. * `labels.env:*` to find Google Cloud resources that have a label `env`. * `tagKeys:env` to find Google Cloud resources that have directly attached tags where the [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey) contains `env`. * `tagValues:prod*` to find Google Cloud resources that have directly attached tags where the [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) contains a word prefixed by `prod`. * `tagValueIds=tagValues/123` to find Google Cloud resources that have directly attached tags where the [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) is exactly `tagValues/123`. * `effectiveTagKeys:env` to find Google Cloud resources that have directly attached or inherited tags where the [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey) contains `env`. * `effectiveTagValues:prod*` to find Google Cloud resources that have directly attached or inherited tags where the [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) contains a word prefixed by `prod`. * `effectiveTagValueIds=tagValues/123` to find Google Cloud resources that have directly attached or inherited tags where the [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) is exactly `tagValues/123`. * `kmsKey:key` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains `key` as a word. This field is deprecated. Use the `kmsKeys` field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word `key`. * `relationships:instance-group-1` to find Google Cloud resources that have relationships with `instance-group-1` in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine instances that have relationships of type `INSTANCE_TO_INSTANCEGROUP`. * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine instances that have relationships with `instance-group-1` in the Compute Engine instance group resource name, for relationship type `INSTANCE_TO_INSTANCEGROUP`. * `sccSecurityMarks.key=value` to find Cloud resources that are attached with security marks whose key is `key` and value is `value`. * `sccSecurityMarks.key:*` to find Cloud resources that are attached with security marks whose key is `key`. * `state:ACTIVE` to find Google Cloud resources whose state contains `ACTIVE` as a word. * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain `ACTIVE` as a word. * `createTime<1609459200` to find Google Cloud resources that were created before `2021-01-01 00:00:00 UTC`. `1609459200` is the epoch timestamp of `2021-01-01 00:00:00 UTC` in seconds. * `updateTime>1609459200` to find Google Cloud resources that were updated after `2021-01-01 00:00:00 UTC`. `1609459200` is the epoch timestamp of `2021-01-01 00:00:00 UTC` in seconds. * `Important` to find Google Cloud resources that contain `Important` as a word in any of the searchable fields. * `Impor*` to find Google Cloud resources that contain `Impor` as a prefix of any word in any of the searchable fields. * `Important location:(us-west1 OR global)` to find Google Cloud resources that contain `Important` as a word in any of the searchable fields and are also located in the `us-west1` region or the `global` location.
old_valueOptional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Google Cloud resources whose name contains "Important" as a word. * `name=Important` to find the Google Cloud resource whose name is exactly "Important". * `displayName:Impor*` to find Google Cloud resources whose display name contains "Impor" as a prefix of any word in the field. * `location:us-west*` to find Google Cloud resources whose location contains both "us" and "west" as prefixes. * `labels:prod` to find Google Cloud resources whose labels contain "prod" as a key or value. * `labels.env:prod` to find Google Cloud resources that have a label "env" and its value is "prod". * `labels.env:*` to find Google Cloud resources that have a label "env". * `kmsKey:key` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains "key" as a word. This field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word "key". * `relationships:instance-group-1` to find Google Cloud resources that have relationships with "instance-group-1" in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine instances that have relationships with "instance-group-1" in the Compute Engine instance group resource name, for relationship type "INSTANCE_TO_INSTANCEGROUP". * `state:ACTIVE` to find Google Cloud resources whose state contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain "ACTIVE" as a word. * `createTime<1609459200` to find Google Cloud resources that were created before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `updateTime>1609459200` to find Google Cloud resources that were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `Important` to find Google Cloud resources that contain "Important" as a word in any of the searchable fields. * `Impor*` to find Google Cloud resources that contain "Impor" as a prefix of any word in any of the searchable fields. * `Important location:(us-west1 OR global)` to find Google Cloud resources that contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location.
root['resources']['v1']['methods']['searchAllResources']['parameters']['readMask']['description']
new_valueOptional. A comma-separated list of fields that you want returned in the results. The following fields are returned by default if not specified: * `name` * `assetType` * `project` * `folders` * `organization` * `displayName` * `description` * `location` * `labels` * `tags` * `effectiveTags` * `networkTags` * `kmsKeys` * `createTime` * `updateTime` * `state` * `additionalAttributes` * `parentFullResourceName` * `parentAssetType` Some fields of large size, such as `versionedResources`, `attachedResources`, `effectiveTags` etc., are not returned by default, but you can specify them in the `read_mask` parameter if you want to include them. If `"*"` is specified, all [available fields](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/searchAllResources#resourcesearchresult) are returned. Examples: `"name,location"`, `"name,versionedResources"`, `"*"`. Any invalid field path will trigger INVALID_ARGUMENT error.
old_valueOptional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only '*' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `"*"`, `"name,location"`, `"name,versionedResources"`. The read_mask paths must be valid field paths listed but not limited to (both snake_case and camelCase are supported): * name * assetType * project * displayName * description * location * tagKeys * tagValues * tagValueIds * labels * networkTags * kmsKey (This field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS key information.) * kmsKeys * createTime * updateTime * state * additionalAttributes * versionedResources If read_mask is not specified, all fields except versionedResources will be returned. If only '*' is specified, all fields including versionedResources will be returned. Any invalid field path will trigger INVALID_ARGUMENT error.
root['revision']
new_value20250224
old_value20230223
root['schemas']['AnalyzeIamPolicyLongrunningRequest']['properties']['savedAnalysisQuery']['description']
new_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
old_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
root['schemas']['AnalyzeIamPolicyResponse']['properties']['serviceAccountImpersonationAnalysis']['description']
new_valueThe service account impersonation analysis if IamPolicyAnalysisQuery.Options.analyze_service_account_impersonation is enabled.
old_valueThe service account impersonation analysis if AnalyzeIamPolicyRequest.analyze_service_account_impersonation is enabled.
root['schemas']['Asset']['properties']['accessLevel']['description']
new_valueAlso refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
old_valuePlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
root['schemas']['Asset']['properties']['accessPolicy']['description']
new_valueAlso refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
old_valuePlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
root['schemas']['Asset']['properties']['servicePerimeter']['description']
new_valueAlso refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
old_valuePlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
root['schemas']['AttachedResource']['properties']['assetType']['description']
new_valueThe type of this attached resource. Example: `osconfig.googleapis.com/Inventory` You can find the supported attached asset types of each resource in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types`
old_valueThe type of this attached resource. Example: `osconfig.googleapis.com/Inventory` You can find the supported attached asset types of each resource in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['ConditionEvaluation']['description']
new_valueThe condition evaluation.
old_valueThe Condition evaluation.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset']['properties']['policyBundle']['description']
new_valueThe ordered list of all organization policies from the consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
old_valueThe ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['attachedResource']['description']
new_valueThe full resource name of the resource on which this IAM policy is set. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information.
old_valueThe full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['folders']['description']
new_valueThe folder(s) that this IAM policy belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to one or more folders.
old_valueThe folder(s) that this IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs(directly or cascadingly) to one or more folders.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['organization']['description']
new_valueThe organization that this IAM policy belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to an organization.
old_valueThe organization that this IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs(directly or cascadingly) to an organization.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['project']['description']
new_valueThe project that this IAM policy belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the IAM policy belongs to a project.
old_valueThe project that this IAM policy belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the IAM policy belongs to a project.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['folders']['description']
new_valueThe folder(s) that this resource belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to one or more folders.
old_valueThe folder(s) that this resource belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the resource belongs(directly or cascadingly) to one or more folders.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['organization']['description']
new_valueThe organization that this resource belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization.
old_valueThe organization that this resource belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs(directly or cascadingly) to an organization.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['project']['description']
new_valueThe project that this resource belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project.
old_valueThe project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project.
root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['policyBundle']['description']
new_valueThe ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
old_valueThe ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
root['schemas']['GoogleCloudAssetV1Identity']['properties']['name']['description']
new_valueThe identity of members, formatted as appear in an [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For example, they might be formatted like the following: - user:foo@google.com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id - domain:google.com - allUsers
old_valueThe identity name in any form of members appear in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such as: - user:foo@google.com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id - domain:google.com - allUsers - etc.
root['schemas']['GoogleCloudAssetV1Rule']['description']
new_valueThis rule message is a customized version of the one defined in the Organization Policy system. In addition to the fields defined in the original organization policy, it contains additional field(s) under specific circumstances to support analysis results.
old_valueRepresents a rule defined in an organization policy
root['schemas']['GoogleCloudAssetV1Rule']['properties']['values']['description']
new_valueList of values to be used for this policy rule. This field can be set only in policies for list constraints.
old_valueList of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['IamPolicyAnalysisQuery']['properties']['scope']['description']
new_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['schemas']['IamPolicySearchResult']['properties']['project']['description']
new_valueThe project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or organization, this field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request.
old_valueThe project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['OrgPolicyResult']['properties']['consolidatedPolicy']['description']
new_valueThe consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
old_valueThe consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating AnalyzeOrgPoliciesResponse.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
root['schemas']['OrgPolicyResult']['properties']['policyBundle']['description']
new_valueThe ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
old_valueThe ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['QueryAssetsRequest']['properties']['statement']['description']
new_valueOptional. A SQL statement that's compatible with [BigQuery SQL](https://cloud.google.com/bigquery/docs/introduction-sql).
old_valueOptional. A SQL statement that's compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
root['schemas']['QueryAssetsResponse']['properties']['done']['description']
new_valueThe query response, which can be either an `error` or a valid `response`. If `done` == `false` and the query result is being saved in an output, the output_config field will be set. If `done` == `true`, exactly one of `error`, `query_result` or `output_config` will be set. [done] is unset unless the [QueryAssetsResponse] contains a [QueryAssetsResponse.job_reference].
old_valueThe query response, which can be either an `error` or a valid `response`. If `done` == `false` and the query result is being saved in a output, the output_config field will be set. If `done` == `true`, exactly one of `error`, `query_result` or `output_config` will be set.
root['schemas']['QueryAssetsResponse']['properties']['outputConfig']['description']
new_valueOutput configuration, which indicates that instead of being returned in an API response on the fly, the query result will be saved in a specific output.
old_valueOutput configuration which indicates instead of being returned in API response on the fly, the query result will be saved in a specific output.
root['schemas']['Resource']['properties']['parent']['description']
new_valueThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123`
old_valueThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
root['schemas']['ResourceSearchResult']['description']
new_valueA result of Resource Search, containing information of a cloud resource.
old_valueA result of Resource Search, containing information of a cloud resource. Next ID: 32
root['schemas']['ResourceSearchResult']['properties']['additionalAttributes']['description']
new_valueThe additional searchable attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding Google Cloud service (e.g., Compute Engine). see [API references and supported searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types) to see which fields are included. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the Google Cloud service updates to a new incompatible API version. To search against the `additional_attributes`: * Use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `foobar`.
old_valueThe additional searchable attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding Google Cloud service (e.g., Compute Engine). see [API references and supported searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types) to see which fields are included. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the Google Cloud service updates to a new incompatible API version. To search against the `additional_attributes`: * Use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `foobar`.
root['schemas']['ResourceSearchResult']['properties']['kmsKey']['description']
new_valueThe Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose of backward compatibility. Use the `kms_keys` field to retrieve Cloud KMS key information. This field is available only when the resource's Protobuf contains it and will only be populated for [these resource types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible purposes. To search against the `kms_key`: * Use a field query. Example: `kmsKey:key` * Use a free text query. Example: `key`
old_valueThe Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose of backward compatibility. Please use the `kms_keys` field to retrieve Cloud KMS key information. This field is available only when the resource's Protobuf contains it and will only be populated for [these resource types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible purposes. To search against the `kms_key`: * Use a field query. Example: `kmsKey:key` * Use a free text query. Example: `key`
root['schemas']['ResourceSearchResult']['properties']['labels']['description']
new_valueUser labels associated with this resource. See [Labelling and grouping Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `labels`: * Use a field query: - query on any label's key or value. Example: `labels:prod` - query by a given label. Example: `labels.env:prod` - query by a given label's existence. Example: `labels.env:*` * Use a free text query. Example: `prod`
old_valueLabels associated with this resource. See [Labelling and grouping Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `labels`: * Use a field query: - query on any label's key or value. Example: `labels:prod` - query by a given label. Example: `labels.env:prod` - query by a given label's existence. Example: `labels.env:*` * Use a free text query. Example: `prod`
root['schemas']['ResourceSearchResult']['properties']['tagKeys']['description']
new_valueThis field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the `tagKeys`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` * Use a free text query. Example: - `env`
old_valueTagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the `tagKeys`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` * Use a free text query. Example: - `env`
root['schemas']['ResourceSearchResult']['properties']['tagValueIds']['description']
new_valueThis field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the `tagValueIds`: * Use a field query. Example: - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `456`
old_valueTagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the `tagValueIds`: * Use a field query. Example: - `tagValueIds:"456"` - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `456`
root['schemas']['ResourceSearchResult']['properties']['tagValues']['description']
new_valueThis field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the `tagValues`: * Use a field query. Example: - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` * Use a free text query. Example: - `prod`
old_valueTagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the `tagValues`: * Use a field query. Example: - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` * Use a free text query. Example: - `prod`
root['schemas']['VersionedResource']['properties']['resource']['description']
new_valueJSON representation of the resource as defined by the corresponding service providing this resource. Example: If the resource is an instance provided by Compute Engine, this field will contain the JSON representation of the instance as defined by Compute Engine: `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. You can find the resource definition for each supported resource type in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types`
old_valueJSON representation of the resource as defined by the corresponding service providing this resource. Example: If the resource is an instance provided by Compute Engine, this field will contain the JSON representation of the instance as defined by Compute Engine: `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. You can find the resource definition for each supported resource type in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`
root['schemas']['PartitionSpec']['properties']['partitionKey']['enumDescriptions'][1]
new_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitioned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
old_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitoned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
root['schemas']['Item']['properties']['type']['enumDescriptions'][0]
new_valueInvalid. A type must be specified.
old_valueInvalid. An type must be specified.
root['schemas']['ConditionEvaluation']['properties']['evaluationValue']['enumDescriptions'][3]
new_valueThe evaluation result is `conditional` when the condition expression contains variables that are either missing input values or have not been supported by Policy Analyzer yet.
old_valueThe evaluation result is `conditional` when the condition expression contains variables that are either missing input values or have not been supported by Analyzer yet.
root['schemas']['PartitionSpec']['properties']['partitionKey']['enumDescriptions'][2]
new_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitioned by the requestTime column, an additional timestamp column representing when the request was received.
old_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitoned by the requestTime column, an additional timestamp column representing when the request was received.
root['schemas']['GoogleCloudAssetV1BigQueryDestination']['properties']['partitionKey']['enumDescriptions'][1]
new_valueThe time when the request is received. If specified as partition key, the result table(s) is partitioned by the RequestTime column, an additional timestamp column representing when the request was received.
old_valueThe time when the request is received. If specified as partition key, the result table(s) is partitoned by the RequestTime column, an additional timestamp column representing when the request was received.
iterable_item_added
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enum'][4]REMOVE_GRANT
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enum'][5]GOVERN_TAGS
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enumDescriptions'][4]Constraint applied when removing an IAM grant.
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enumDescriptions'][5]Constraint applied when enforcing forced tagging.
sandbox/preprod-cloudasset-v1beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
values_changed
root['revision']
new_value20250224
old_value20230223
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
sandbox/preprod-cloudasset-v1p1beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
values_changed
root['resources']['iamPolicies']['methods']['searchAll']['description']
new_valueSearches all the IAM policies within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the IAM policies within a scope, even if they don't have `.getIamPolicy` permission of all the IAM policies. Callers should have `cloudasset.assets.searchAllIamPolicies` permission on the requested scope, otherwise the request will be rejected.
old_valueSearches all the IAM policies within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the IAM policies within a scope, even if they don't have `.getIamPolicy` permission of all the IAM policies. Callers should have `cloud.assets.SearchAllIamPolicies` permission on the requested scope, otherwise the request will be rejected.
root['resources']['resources']['methods']['searchAll']['description']
new_valueSearches all the resources within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the resources within a scope, even if they don't have `.get` permission of all the resources. Callers should have `cloudasset.assets.searchAllResources` permission on the requested scope, otherwise the request will be rejected.
old_valueSearches all the resources within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the resources within a scope, even if they don't have `.get` permission of all the resources. Callers should have `cloud.assets.SearchAllResources` permission on the requested scope, otherwise the request will be rejected.
root['revision']
new_value20250224
old_value20230223
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['IamPolicySearchResult']['properties']['project']['description']
new_valueThe project that the associated Google Cloud resource belongs to, in the form of `projects/{project_number}`. If an IAM policy is set on a resource -- such as a Compute Engine instance or a Cloud Storage bucket -- the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or organization, the project field will be empty.
old_valueThe project that the associated Google Cloud resource belongs to, in the form of `projects/{project_number}`. If an IAM policy is set on a resource -- such as a Compute Engine instance or a Cloud Storage bucket -- the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, the project field will be empty.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
sandbox/preprod-cloudasset-v1p2alpha1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
values_changed
root['revision']
new_value20250224
old_value20230223
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
sandbox/preprod-cloudasset-v1p2beta1
values_changed
root
new_value
auth
oauth2
scopes
https://www.googleapis.com/auth/cloud-platform
descriptionSee, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
basePath
baseUrlhttps://preprod-cloudasset.sandbox.googleapis.com/
batchPathbatch
canonicalNameCloud Asset
descriptionThe Cloud Asset API manages the history and inventory of Google Cloud resources.
discoveryVersionv1
documentationLinkhttps://cloud.google.com/asset-inventory/docs/quickstart
fullyEncodeReservedExpansionTrue
icons
x16http://www.google.com/images/icons/product/search-16.gif
x32http://www.google.com/images/icons/product/search-32.gif
idpreprod_cloudasset_sandbox:v1p2beta1
kinddiscovery#restDescription
mtlsRootUrlhttps://preprod-cloudasset.mtls.sandbox.googleapis.com/
namepreprod_cloudasset_sandbox
ownerDomaingoogle.com
ownerNameGoogle
parameters
$.xgafv
descriptionV1 error format.
enum
  • 1
  • 2
enumDescriptions
  • v1 error format
  • v2 error format
locationquery
typestring
access_token
descriptionOAuth access token.
locationquery
typestring
alt
defaultjson
descriptionData format for response.
enum
  • json
  • media
  • proto
enumDescriptions
  • Responses with Content-Type of application/json
  • Media download with context-dependent Content-Type
  • Responses with Content-Type of application/x-protobuf
locationquery
typestring
callback
descriptionJSONP
locationquery
typestring
fields
descriptionSelector specifying which fields to include in a partial response.
locationquery
typestring
key
descriptionAPI key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
locationquery
typestring
oauth_token
descriptionOAuth 2.0 token for the current user.
locationquery
typestring
prettyPrint
defaulttrue
descriptionReturns response with indentations and line breaks.
locationquery
typeboolean
quotaUser
descriptionAvailable to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
locationquery
typestring
uploadType
descriptionLegacy upload protocol for media (e.g. "media", "multipart").
locationquery
typestring
upload_protocol
descriptionUpload protocol for media (e.g. "raw", "multipart").
locationquery
typestring
protocolrest
resources
feeds
methods
create
descriptionCreates a feed in a parent project/folder/organization to listen to its asset updates.
flatPathv1p2beta1/{v1p2beta1Id}/{v1p2beta1Id1}/feeds
httpMethodPOST
idpreprod_cloudasset_sandbox.feeds.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p2beta1/{+parent}/feeds
request
$refCreateFeedRequest
response
$refFeed
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes an asset feed.
flatPathv1p2beta1/{v1p2beta1Id}/{v1p2beta1Id1}/feeds/{feedsId}
httpMethodDELETE
idpreprod_cloudasset_sandbox.feeds.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
locationpath
pattern^[^/]+/[^/]+/feeds/[^/]+$
requiredTrue
typestring
pathv1p2beta1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details about an asset feed.
flatPathv1p2beta1/{v1p2beta1Id}/{v1p2beta1Id1}/feeds/{feedsId}
httpMethodGET
idpreprod_cloudasset_sandbox.feeds.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
locationpath
pattern^[^/]+/[^/]+/feeds/[^/]+$
requiredTrue
typestring
pathv1p2beta1/{+name}
response
$refFeed
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists all asset feeds in a parent project/folder/organization.
flatPathv1p2beta1/{v1p2beta1Id}/{v1p2beta1Id1}/feeds
httpMethodGET
idpreprod_cloudasset_sandbox.feeds.list
parameterOrder
  • parent
parameters
parent
descriptionRequired. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p2beta1/{+parent}/feeds
response
$refListFeedsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates an asset feed configuration.
flatPathv1p2beta1/{v1p2beta1Id}/{v1p2beta1Id1}/feeds/{feedsId}
httpMethodPATCH
idpreprod_cloudasset_sandbox.feeds.patch
parameterOrder
  • name
parameters
name
descriptionRequired. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier} The client-assigned feed identifier must be unique within the parent project/folder/organization.
locationpath
pattern^[^/]+/[^/]+/feeds/[^/]+$
requiredTrue
typestring
pathv1p2beta1/{+name}
request
$refUpdateFeedRequest
response
$refFeed
scopes
  • https://www.googleapis.com/auth/cloud-platform
operations
methods
get
descriptionGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
flatPathv1p2beta1/{v1p2beta1Id}/{v1p2beta1Id1}/operations/{operationsId}/{operationsId1}
httpMethodGET
idpreprod_cloudasset_sandbox.operations.get
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource.
locationpath
pattern^[^/]+/[^/]+/operations/[^/]+/.*$
requiredTrue
typestring
pathv1p2beta1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
revision20250224
rootUrlhttps://preprod-cloudasset.sandbox.googleapis.com/
schemas
AnalyzeIamPolicyLongrunningMetadata
descriptionRepresents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning RPC.
idAnalyzeIamPolicyLongrunningMetadata
properties
createTime
descriptionOutput only. The time the operation was created.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
AnalyzeIamPolicyLongrunningResponse
descriptionA response message for AssetService.AnalyzeIamPolicyLongrunning.
idAnalyzeIamPolicyLongrunningResponse
properties
typeobject
AuditConfig
descriptionSpecifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
idAuditConfig
properties
auditLogConfigs
descriptionThe configuration for logging of each type of permission.
items
$refAuditLogConfig
typearray
service
descriptionSpecifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
typestring
typeobject
AuditLogConfig
descriptionProvides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
idAuditLogConfig
properties
exemptedMembers
descriptionSpecifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
items
typestring
typearray
logType
descriptionThe log type that this config enables.
enum
  • LOG_TYPE_UNSPECIFIED
  • ADMIN_READ
  • DATA_WRITE
  • DATA_READ
enumDescriptions
  • Default case. Should never be this.
  • Admin reads. Example: CloudIAM getIamPolicy
  • Data writes. Example: CloudSQL Users create
  • Data reads. Example: CloudSQL Users list
typestring
typeobject
Binding
descriptionAssociates `members`, or principals, with a `role`.
idBinding
properties
condition
$refExpr
descriptionThe condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
members
descriptionSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
items
typestring
typearray
role
descriptionRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
typestring
typeobject
CreateFeedRequest
descriptionCreate asset feed request.
idCreateFeedRequest
properties
feed
$refFeed
descriptionRequired. The feed details. The field `name` must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
feedId
descriptionRequired. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.
typestring
typeobject
Empty
descriptionA generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
idEmpty
properties
typeobject
Expr
descriptionRepresents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
idExpr
properties
description
descriptionOptional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
typestring
expression
descriptionTextual representation of an expression in Common Expression Language syntax.
typestring
location
descriptionOptional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
typestring
title
descriptionOptional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
typestring
typeobject
Feed
descriptionAn asset feed used to export asset updates to a destinations. An asset feed filter controls what updates are exported. The asset feed must be created within a project, organization, or folder. Supported destinations are: Cloud Pub/Sub topics.
idFeed
properties
assetNames
descriptionA list of the full names of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info.
items
typestring
typearray
assetTypes
descriptionA list of types of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. For example: "compute.googleapis.com/Disk" See [Introduction to Cloud Asset Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) for all supported asset types.
items
typestring
typearray
contentType
descriptionAsset content type. If not specified, no content but the asset name and type will be returned.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
typestring
feedOutputConfig
$refFeedOutputConfig
descriptionRequired. Feed output configuration defining where the asset updates are published to.
name
descriptionRequired. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier} The client-assigned feed identifier must be unique within the parent project/folder/organization.
typestring
typeobject
FeedOutputConfig
descriptionOutput configuration for asset feed destination.
idFeedOutputConfig
properties
pubsubDestination
$refPubsubDestination
descriptionDestination on Pub/Sub.
typeobject
GoogleCloudAssetV1p7beta1Asset
descriptionAn asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1Asset
properties
accessLevel
$refGoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionPlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
accessPolicy
$refGoogleIdentityAccesscontextmanagerV1AccessPolicy
descriptionPlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
ancestors
descriptionThe ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
iamPolicy
$refPolicy
descriptionA representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information.
name
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
orgPolicy
descriptionA representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource.
items
$refGoogleCloudOrgpolicyV1Policy
typearray
relatedAssets
$refGoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe related assets of the asset of one relationship type. One asset only represents one type of relationship.
resource
$refGoogleCloudAssetV1p7beta1Resource
descriptionA representation of the resource.
servicePerimeter
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeter
descriptionPlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
updateTime
descriptionThe last update timestamp of an asset. update_time is updated when create/update/delete operation is performed.
formatgoogle-datetime
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAsset
descriptionAn asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1RelatedAsset
properties
ancestors
descriptionThe ancestors of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
asset
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe detailed related assets with the `relationship_type`.
idGoogleCloudAssetV1p7beta1RelatedAssets
properties
assets
descriptionThe peer resources of the relationship.
items
$refGoogleCloudAssetV1p7beta1RelatedAsset
typearray
relationshipAttributes
$refGoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe detailed relation attributes.
typeobject
GoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe relationship attributes which include `type`, `source_resource_type`, `target_resource_type` and `action`.
idGoogleCloudAssetV1p7beta1RelationshipAttributes
properties
action
descriptionThe detail of the relationship, e.g. `contains`, `attaches`
typestring
sourceResourceType
descriptionThe source asset type. Example: `compute.googleapis.com/Instance`
typestring
targetResourceType
descriptionThe target asset type. Example: `compute.googleapis.com/Disk`
typestring
type
descriptionThe unique identifier of the relationship type. Example: `INSTANCE_TO_INSTANCEGROUP`
typestring
typeobject
GoogleCloudAssetV1p7beta1Resource
descriptionA representation of a Google Cloud resource.
idGoogleCloudAssetV1p7beta1Resource
properties
data
additionalProperties
descriptionProperties of the object.
typeany
descriptionThe content of the resource, in which some sensitive fields are removed and may not be present.
typeobject
discoveryDocumentUri
descriptionThe URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
discoveryName
descriptionThe JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
location
descriptionThe location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/.
typestring
parent
descriptionThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
typestring
resourceUrl
descriptionThe REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
typestring
version
descriptionThe API version. Example: `v1`
typestring
typeobject
GoogleCloudOrgpolicyV1BooleanPolicy
descriptionUsed in `policy_type` to specify how `boolean_policy` will behave at this resource.
idGoogleCloudOrgpolicyV1BooleanPolicy
properties
enforced
descriptionIf `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`.
typeboolean
typeobject
GoogleCloudOrgpolicyV1ListPolicy
descriptionUsed in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset.
idGoogleCloudOrgpolicyV1ListPolicy
properties
allValues
descriptionThe policy all_values state.
enum
  • ALL_VALUES_UNSPECIFIED
  • ALLOW
  • DENY
enumDescriptions
  • Indicates that allowed_values or denied_values must be set.
  • A policy with this set allows all values.
  • A policy with this set denies all values.
typestring
allowedValues
descriptionList of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
deniedValues
descriptionList of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
inheritFromParent
descriptionDetermines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`.
typeboolean
suggestedValue
descriptionOptional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
typestring
typeobject
GoogleCloudOrgpolicyV1Policy
descriptionDefines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.
idGoogleCloudOrgpolicyV1Policy
properties
booleanPolicy
$refGoogleCloudOrgpolicyV1BooleanPolicy
descriptionFor boolean `Constraints`, whether to enforce the `Constraint` or not.
constraint
descriptionThe name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation.
typestring
etag
descriptionAn opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`.
formatbyte
typestring
listPolicy
$refGoogleCloudOrgpolicyV1ListPolicy
descriptionList of values either allowed or disallowed.
restoreDefault
$refGoogleCloudOrgpolicyV1RestoreDefault
descriptionRestores the default behavior of the constraint; independent of `Constraint` type.
updateTime
descriptionThe time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored.
formatgoogle-datetime
typestring
version
descriptionVersion of the `Policy`. Default version is 0;
formatint32
typeinteger
typeobject
GoogleCloudOrgpolicyV1RestoreDefault
descriptionIgnores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated.
idGoogleCloudOrgpolicyV1RestoreDefault
properties
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionAn `AccessLevel` is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.
idGoogleIdentityAccesscontextmanagerV1AccessLevel
properties
basic
$refGoogleIdentityAccesscontextmanagerV1BasicLevel
descriptionA `BasicLevel` composed of `Conditions`.
custom
$refGoogleIdentityAccesscontextmanagerV1CustomLevel
descriptionA `CustomLevel` written in the Common Expression Language.
description
descriptionDescription of the `AccessLevel` and its use. Does not affect behavior.
typestring
name
descriptionIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
typestring
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AccessPolicy
description`AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use Google Cloud services) and `ServicePerimeters` (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
idGoogleIdentityAccesscontextmanagerV1AccessPolicy
properties
etag
descriptionOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
readOnlyTrue
typestring
name
descriptionOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
typestring
parent
descriptionRequired. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
typestring
scopes
descriptionThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
items
typestring
typearray
title
descriptionRequired. Human readable title. Does not affect behavior.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1ApiOperation
descriptionIdentification for an API Operation.
idGoogleIdentityAccesscontextmanagerV1ApiOperation
properties
methodSelectors
descriptionAPI methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
items
$refGoogleIdentityAccesscontextmanagerV1MethodSelector
typearray
serviceName
descriptionThe name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1BasicLevel
description`BasicLevel` is an `AccessLevel` using a set of recommended features.
idGoogleIdentityAccesscontextmanagerV1BasicLevel
properties
combiningFunction
descriptionHow the `conditions` list should be combined to determine if a request is granted this `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. Default behavior is AND.
enum
  • AND
  • OR
enumDescriptions
  • All `Conditions` must be true for the `BasicLevel` to be true.
  • If at least one `Condition` is true, then the `BasicLevel` is true.
typestring
conditions
descriptionRequired. A list of requirements for the `AccessLevel` to be granted.
items
$refGoogleIdentityAccesscontextmanagerV1Condition
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1Condition
descriptionA condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
idGoogleIdentityAccesscontextmanagerV1Condition
properties
devicePolicy
$refGoogleIdentityAccesscontextmanagerV1DevicePolicy
descriptionDevice specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks
descriptionCIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
items
typestring
typearray
members
descriptionThe request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may come from any user.
items
typestring
typearray
negate
descriptionWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
typeboolean
regions
descriptionThe request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
items
typestring
typearray
requiredAccessLevels
descriptionA list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
items
typestring
typearray
vpcNetworkSources
descriptionThe request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
items
$refGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1CustomLevel
description`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec
idGoogleIdentityAccesscontextmanagerV1CustomLevel
properties
expr
$refExpr
descriptionRequired. A Cloud CEL expression evaluating to a boolean.
typeobject
GoogleIdentityAccesscontextmanagerV1DevicePolicy
description`DevicePolicy` specifies device specific restrictions necessary to acquire a given access level. A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.
idGoogleIdentityAccesscontextmanagerV1DevicePolicy
properties
allowedDeviceManagementLevels
descriptionAllowed device management levels, an empty list allows all management levels.
items
enum
  • MANAGEMENT_UNSPECIFIED
  • NONE
  • BASIC
  • COMPLETE
enumDescriptions
  • The device's management level is not specified or not known.
  • The device is not managed.
  • Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
  • Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
typestring
typearray
allowedEncryptionStatuses
descriptionAllowed encryptions statuses, an empty list allows all statuses.
items
enum
  • ENCRYPTION_UNSPECIFIED
  • ENCRYPTION_UNSUPPORTED
  • UNENCRYPTED
  • ENCRYPTED
enumDescriptions
  • The encryption status of the device is not specified or not known.
  • The device does not support encryption.
  • The device supports encryption, but is currently unencrypted.
  • The device is encrypted.
typestring
typearray
osConstraints
descriptionAllowed OS versions, an empty list allows all types and all versions.
items
$refGoogleIdentityAccesscontextmanagerV1OsConstraint
typearray
requireAdminApproval
descriptionWhether the device needs to be approved by the customer admin.
typeboolean
requireCorpOwned
descriptionWhether the device needs to be corp owned.
typeboolean
requireScreenlock
descriptionWhether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.
idGoogleIdentityAccesscontextmanagerV1EgressFrom
properties
identities
descriptionA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sourceRestriction
descriptionWhether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.
enum
  • SOURCE_RESTRICTION_UNSPECIFIED
  • SOURCE_RESTRICTION_ENABLED
  • SOURCE_RESTRICTION_DISABLED
enumDescriptions
  • Enforcement preference unspecified, will not enforce traffic restrictions based on `sources` in EgressFrom.
  • Enforcement preference enabled, traffic restrictions will be enforced based on `sources` in EgressFrom.
  • Enforcement preference disabled, will not enforce traffic restrictions based on `sources` in EgressFrom.
typestring
sources
descriptionSources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`.
items
$refGoogleIdentityAccesscontextmanagerV1EgressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1EgressPolicy
descriptionPolicy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the *resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.
idGoogleIdentityAccesscontextmanagerV1EgressPolicy
properties
egressFrom
$refGoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines conditions on the source of a request causing this EgressPolicy to apply.
egressTo
$refGoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
title
descriptionOptional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressSource
descriptionThe source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.
idGoogleIdentityAccesscontextmanagerV1EgressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource from the service perimeter that you want to allow to access data outside the perimeter. This field supports only projects. The project format is `projects/{project_number}`. You can't use `*` in this field to allow all Google Cloud resources.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter.
idGoogleIdentityAccesscontextmanagerV1EgressTo
properties
externalResources
descriptionA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
items
typestring
typearray
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressFrom
properties
identities
descriptionA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sources
descriptionSources that this IngressPolicy authorizes access from.
items
$refGoogleIdentityAccesscontextmanagerV1IngressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressPolicy
descriptionPolicy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match, both the `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/or actions they match using the `ingress_to` field.
idGoogleIdentityAccesscontextmanagerV1IngressPolicy
properties
ingressFrom
$refGoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions on the source of a request causing this IngressPolicy to apply.
ingressTo
$refGoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
title
descriptionOptional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressSource
descriptionThe source that IngressPolicy authorizes access from.
idGoogleIdentityAccesscontextmanagerV1IngressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressTo
properties
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1MethodSelector
descriptionAn allowed method or permission of a service specified in ApiOperation.
idGoogleIdentityAccesscontextmanagerV1MethodSelector
properties
method
descriptionA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
typestring
permission
descriptionA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1OsConstraint
descriptionA restriction on the OS type and version of devices making requests.
idGoogleIdentityAccesscontextmanagerV1OsConstraint
properties
minimumVersion
descriptionThe minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
typestring
osType
descriptionRequired. The allowed OS type.
enum
  • OS_UNSPECIFIED
  • DESKTOP_MAC
  • DESKTOP_WINDOWS
  • DESKTOP_LINUX
  • DESKTOP_CHROME_OS
  • ANDROID
  • IOS
enumDescriptions
  • The operating system of the device is not specified or not known.
  • A desktop Mac operating system.
  • A desktop Windows operating system.
  • A desktop Linux operating system.
  • A desktop ChromeOS operating system.
  • An Android operating system.
  • An iOS operating system.
typestring
requireVerifiedChromeOs
descriptionOnly allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeter
description`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeter
properties
description
descriptionDescription of the `ServicePerimeter` and its use. Does not affect behavior.
typestring
etag
descriptionOptional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.
typestring
name
descriptionIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
typestring
perimeterType
descriptionPerimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
enum
  • PERIMETER_TYPE_REGULAR
  • PERIMETER_TYPE_BRIDGE
enumDescriptions
  • Regular Perimeter. When no value is specified, the perimeter uses this type.
  • Perimeter Bridge.
typestring
spec
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionProposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
status
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionCurrent ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
useExplicitDryRunSpec
descriptionUse explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
description`ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
properties
accessLevels
descriptionA list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.
items
typestring
typearray
egressPolicies
descriptionList of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1EgressPolicy
typearray
ingressPolicies
descriptionList of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1IngressPolicy
typearray
resources
descriptionA list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
items
typestring
typearray
restrictedServices
descriptionGoogle Cloud services that are subject to the Service Perimeter restrictions. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
items
typestring
typearray
vpcAccessibleServices
$refGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionConfiguration for APIs allowed within Perimeter.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionSpecifies how APIs are allowed to communicate within the Service Perimeter.
idGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
properties
allowedServices
descriptionThe list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
items
typestring
typearray
enableRestriction
descriptionWhether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1VpcNetworkSource
descriptionThe originating network source in Google Cloud.
idGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
properties
vpcSubnetwork
$refGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges of a VPC network.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges inside of a VPC Network.
idGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
properties
network
descriptionRequired. Network name. If the network is not part of the organization, the `compute.network.get` permission must be granted to the caller. Format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME}` Example: `//compute.googleapis.com/projects/my-project/global/networks/network-1`
typestring
vpcIpSubnetworks
descriptionCIDR block IP subnetwork specification. The IP address must be an IPv4 address and can be a public or private IP address. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. If empty, all IP addresses are allowed.
items
typestring
typearray
typeobject
ListFeedsResponse
idListFeedsResponse
properties
feeds
descriptionA list of feeds.
items
$refFeed
typearray
typeobject
Operation
descriptionThis resource represents a long-running operation that is the result of a network API call.
idOperation
properties
done
descriptionIf the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
typeboolean
error
$refStatus
descriptionThe error result of the operation in case of failure or cancellation.
metadata
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
typeobject
name
descriptionThe server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
typestring
response
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
typeobject
typeobject
Policy
descriptionAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
idPolicy
properties
auditConfigs
descriptionSpecifies cloud audit logging configuration for this policy.
items
$refAuditConfig
typearray
bindings
descriptionAssociates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
items
$refBinding
typearray
etag
description`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
formatbyte
typestring
version
descriptionSpecifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
formatint32
typeinteger
typeobject
PubsubDestination
descriptionA Pub/Sub destination.
idPubsubDestination
properties
topic
descriptionThe name of the Pub/Sub topic to publish to. For example: `projects/PROJECT_ID/topics/TOPIC_ID`.
typestring
typeobject
Status
descriptionThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).
idStatus
properties
code
descriptionThe status code, which should be an enum value of google.rpc.Code.
formatint32
typeinteger
details
descriptionA list of messages that carry the error details. There is a common set of message types for APIs to use.
items
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
typeobject
typearray
message
descriptionA developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
typestring
typeobject
UpdateFeedRequest
descriptionUpdate asset feed request.
idUpdateFeedRequest
properties
feed
$refFeed
descriptionRequired. The new values of feed details. It must match an existing feed and the field `name` must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.
updateMask
descriptionRequired. Only updates the `feed` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
formatgoogle-fieldmask
typestring
typeobject
servicePath
titleCloud Asset API (Preprod)
versionv1p2beta1
version_moduleTrue
old_value
error
code403
details
  • @typetype.googleapis.com/google.rpc.Help
    links
    descriptionurl
    Google developers console API activationhttps://console.developers.google.com/apis/api/preprod-cloudasset.sandbox.googleapis.com/overview?project=292824132082
  • @typetype.googleapis.com/google.rpc.ErrorInfo
    domaingoogleapis.com
    metadata
    consumerprojects/292824132082
    servicepreprod-cloudasset.sandbox.googleapis.com
    reasonSERVICE_DISABLED
messageCloud Asset API (Preprod) has not been used in project 292824132082 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/preprod-cloudasset.sandbox.googleapis.com/overview?project=292824132082 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
statusPERMISSION_DENIED
sandbox/preprod-cloudasset-v1p5beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
values_changed
root['revision']
new_value20250224
old_value20230223
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
sandbox/preprod-cloudasset-v1p7beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
values_changed
root['revision']
new_value20250224
old_value20230223
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['GoogleCloudAssetV1p7beta1PartitionSpec']['properties']['partitionKey']['enumDescriptions'][1]
new_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitioned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
old_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitoned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
root['schemas']['GoogleCloudAssetV1p7beta1PartitionSpec']['properties']['partitionKey']['enumDescriptions'][2]
new_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitioned by the requestTime column, an additional timestamp column representing when the request was received.
old_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitoned by the requestTime column, an additional timestamp column representing when the request was received.
sandbox/preprod-firebaseremoteconfig-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/preprod-firebaseremoteconfig-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/preprod-firebaseremoteconfig-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/preprod-growth-pa-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/preprod-growth-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/preprod-hangouts-
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/preprod-hangouts-v1
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/preprod-rsvp-
dictionary_item_added
  • root['resources']['events']['resources']['tags']['methods']['list']['parameters']['filter']
  • root['resources']['events']['resources']['tags']['methods']['list']['parameters']['orderBy']
  • root['schemas']['GoogleAppsRsvpV1HydrateSiteResponse']['properties']['tags']
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/preprod-rsvp-v1
dictionary_item_added
  • root['resources']['events']['resources']['tags']['methods']['list']['parameters']['filter']
  • root['resources']['events']['resources']['tags']['methods']['list']['parameters']['orderBy']
  • root['schemas']['GoogleAppsRsvpV1HydrateSiteResponse']['properties']['tags']
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/prod-meshca-
values_changed
root['revision']
new_value20250221
old_value20250214
sandbox/prod-meshca-v1
values_changed
root['revision']
new_value20250221
old_value20250214
sandbox/qa-alkalibasemap-pa-
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/qa-alkalibasemap-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/qa-alkalimetricsink-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/qa-alkalimetricsink-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/qa-alkalisrfassessment-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/qa-alkalisrfassessment-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/qa-alkalisrfassessment-pa-v2
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/qa-alkalitermsofservice-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/qa-alkalitermsofservice-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/qa-binaryauthorization-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/qa-binaryauthorization-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/qa-binaryauthorization-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/qa-binaryauthorization-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-accesscontextmanager-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-accesscontextmanager-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-accesscontextmanager-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-actions-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-actions-v2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-actions-v2alpha
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-actions-v3
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-adsmarketingfrontend-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-adsmarketingfrontend-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-aerialview-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-aerialview-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-aerialview-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-aida-
dictionary_item_added
  • root['schemas']['TensorflowServingQueryCost']
  • root['schemas']['GoogleXPitchforkAidaV1ResponseMetadata']['properties']['queryCosts']
values_changed
root['revision']
new_value20250225
old_value20250216
sandbox/staging-aida-v1
dictionary_item_added
  • root['schemas']['TensorflowServingQueryCost']
  • root['schemas']['GoogleXPitchforkAidaV1ResponseMetadata']['properties']['queryCosts']
values_changed
root['revision']
new_value20250225
old_value20250216
sandbox/staging-aiplatform-
dictionary_item_added
  • root['resources']['projects']['resources']['locations']['resources']['indexes']['methods']['import']
  • root['resources']['projects']['resources']['locations']['resources']['reasoningEngines']['methods']['getMemoryBank']
  • root['resources']['projects']['resources']['locations']['resources']['reasoningEngines']['methods']['updateMemoryBank']
  • root['resources']['projects']['resources']['locations']['resources']['reasoningEngines']['resources']['memoryBank']
  • root['schemas']['GoogleCloudAiplatformV1beta1BatchPredictionJobPublisherModelConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1FeatureViewBigtableMetadata']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequest']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigBigQuerySourceConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigDatapointFieldMapping']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigDatapointFieldMappingNumericRestrict']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigDatapointFieldMappingRestrict']
  • root['schemas']['GoogleCloudAiplatformV1beta1ListMemoriesResponse']
  • root['schemas']['GoogleCloudAiplatformV1beta1ListMemoryCollectionsResponse']
  • root['schemas']['GoogleCloudAiplatformV1beta1Memory']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryBank']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryCollection']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryCollectionCollectionIdentifiers']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryEvent']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemorySummary']
  • root['schemas']['GoogleCloudAiplatformV1beta1RagChunk']
  • root['schemas']['GoogleCloudAiplatformV1beta1RagChunkPageSpan']
  • root['schemas']['GoogleCloudAiplatformV1beta1BatchPredictionJob']['properties']['publisherModelConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1Fact']['properties']['chunk']
  • root['schemas']['GoogleCloudAiplatformV1beta1FeatureView']['properties']['bigtableMetadata']
  • root['schemas']['GoogleCloudAiplatformV1beta1GenerateContentResponseUsageMetadata']['properties']['thoughtsTokenCount']
  • root['schemas']['GoogleCloudAiplatformV1beta1GroundingChunkRetrievedContext']['properties']['ragChunk']
  • root['schemas']['GoogleCloudAiplatformV1beta1RagContextsContext']['properties']['chunk']
values_changed
root['revision']
new_value20250224
old_value20250220
root['schemas']['GoogleCloudAiplatformV1beta1ReasoningEngineSpecDeploymentSpec']['properties']['secretEnv']['description']
new_valueOptional. Environment variables where the value is a secret in Cloud Secret Manager. To use this feature, add 'Secret Manager Secret Accessor' role (roles/secretmanager.secretAccessor) to AI Platform Reasoning Engine Service Agent.
old_valueOptional. Environment variables where the value is a secret in Cloud Secret Manager.
root['schemas']['GoogleCloudAiplatformV1beta1ReservationAffinity']['properties']['values']['description']
new_valueOptional. Corresponds to the label values of a reservation resource. This must be the full resource name of the reservation or reservation block.
old_valueOptional. Corresponds to the label values of a reservation resource. This must be the full resource name of the reservation.
sandbox/staging-aiplatform-v1
dictionary_item_added
  • root['schemas']['GoogleCloudAiplatformV1RagChunk']
  • root['schemas']['GoogleCloudAiplatformV1RagChunkPageSpan']
  • root['schemas']['GoogleCloudAiplatformV1Fact']['properties']['chunk']
  • root['schemas']['GoogleCloudAiplatformV1GenerateContentResponseUsageMetadata']['properties']['thoughtsTokenCount']
  • root['schemas']['GoogleCloudAiplatformV1GroundingChunkRetrievedContext']['properties']['ragChunk']
  • root['schemas']['GoogleCloudAiplatformV1RagContextsContext']['properties']['chunk']
values_changed
root['revision']
new_value20250224
old_value20250220
root['schemas']['GoogleCloudAiplatformV1ReasoningEngineSpecDeploymentSpec']['properties']['secretEnv']['description']
new_valueOptional. Environment variables where the value is a secret in Cloud Secret Manager. To use this feature, add 'Secret Manager Secret Accessor' role (roles/secretmanager.secretAccessor) to AI Platform Reasoning Engine Service Agent.
old_valueOptional. Environment variables where the value is a secret in Cloud Secret Manager.
root['schemas']['GoogleCloudAiplatformV1ReservationAffinity']['properties']['values']['description']
new_valueOptional. Corresponds to the label values of a reservation resource. This must be the full resource name of the reservation or reservation block.
old_valueOptional. Corresponds to the label values of a reservation resource. This must be the full resource name of the reservation.
sandbox/staging-aiplatform-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-aiplatform-v1beta1
dictionary_item_added
  • root['resources']['projects']['resources']['locations']['resources']['indexes']['methods']['import']
  • root['resources']['projects']['resources']['locations']['resources']['reasoningEngines']['methods']['getMemoryBank']
  • root['resources']['projects']['resources']['locations']['resources']['reasoningEngines']['methods']['updateMemoryBank']
  • root['resources']['projects']['resources']['locations']['resources']['reasoningEngines']['resources']['memoryBank']
  • root['schemas']['GoogleCloudAiplatformV1beta1BatchPredictionJobPublisherModelConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1FeatureViewBigtableMetadata']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequest']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigBigQuerySourceConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigDatapointFieldMapping']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigDatapointFieldMappingNumericRestrict']
  • root['schemas']['GoogleCloudAiplatformV1beta1ImportIndexRequestConnectorConfigDatapointFieldMappingRestrict']
  • root['schemas']['GoogleCloudAiplatformV1beta1ListMemoriesResponse']
  • root['schemas']['GoogleCloudAiplatformV1beta1ListMemoryCollectionsResponse']
  • root['schemas']['GoogleCloudAiplatformV1beta1Memory']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryBank']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryCollection']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryCollectionCollectionIdentifiers']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemoryEvent']
  • root['schemas']['GoogleCloudAiplatformV1beta1MemorySummary']
  • root['schemas']['GoogleCloudAiplatformV1beta1RagChunk']
  • root['schemas']['GoogleCloudAiplatformV1beta1RagChunkPageSpan']
  • root['schemas']['GoogleCloudAiplatformV1beta1BatchPredictionJob']['properties']['publisherModelConfig']
  • root['schemas']['GoogleCloudAiplatformV1beta1Fact']['properties']['chunk']
  • root['schemas']['GoogleCloudAiplatformV1beta1FeatureView']['properties']['bigtableMetadata']
  • root['schemas']['GoogleCloudAiplatformV1beta1GenerateContentResponseUsageMetadata']['properties']['thoughtsTokenCount']
  • root['schemas']['GoogleCloudAiplatformV1beta1GroundingChunkRetrievedContext']['properties']['ragChunk']
  • root['schemas']['GoogleCloudAiplatformV1beta1RagContextsContext']['properties']['chunk']
values_changed
root['revision']
new_value20250224
old_value20250220
root['schemas']['GoogleCloudAiplatformV1beta1ReasoningEngineSpecDeploymentSpec']['properties']['secretEnv']['description']
new_valueOptional. Environment variables where the value is a secret in Cloud Secret Manager. To use this feature, add 'Secret Manager Secret Accessor' role (roles/secretmanager.secretAccessor) to AI Platform Reasoning Engine Service Agent.
old_valueOptional. Environment variables where the value is a secret in Cloud Secret Manager.
root['schemas']['GoogleCloudAiplatformV1beta1ReservationAffinity']['properties']['values']['description']
new_valueOptional. Corresponds to the label values of a reservation resource. This must be the full resource name of the reservation or reservation block.
old_valueOptional. Corresponds to the label values of a reservation resource. This must be the full resource name of the reservation.
sandbox/staging-aiplugin-pa-
dictionary_item_added
  • root['schemas']['GenerateChatResponse']['properties']['moaInfo']
  • root['schemas']['YieldInfo']['properties']['buttonText']
values_changed
root['revision']
new_value20250224
old_value20250221
root['schemas']['Citation']['description']
new_valueCitation identifies which parts of content have a license ( -- LINT.IfChange -- )
old_valueCitation identifies which parts of content have a license
sandbox/staging-aiplugin-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-aiplugin-pa-v1internal
dictionary_item_added
  • root['schemas']['GenerateChatResponse']['properties']['moaInfo']
  • root['schemas']['YieldInfo']['properties']['buttonText']
values_changed
root['revision']
new_value20250224
old_value20250221
root['schemas']['Citation']['description']
new_valueCitation identifies which parts of content have a license ( -- LINT.IfChange -- )
old_valueCitation identifies which parts of content have a license
sandbox/staging-analyticsdata-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-analyticsdata-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-analyticsdata-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-analyticsdata-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-analyticssuitefrontend-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-analyticssuitefrontend-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-apigee-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-apigee-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-appsgenaiserver-pa-
dictionary_item_added
  • root['schemas']['CaribouApiProtoAddonsTemplatesWidgetImageButton']['properties']['backgroundColors']
dictionary_item_removed
  • root['schemas']['AppsExtensionsWorkflowActionsResourceFieldsDefinitionRetrievedAction']['properties']['fields']
values_changed
root['revision']
new_value20250224
old_value20250221
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
iterable_item_added
root['schemas']['AppsIntelligenceGenAiContextSnippetInfo']['properties']['contextKind']['enum'][7]CONTEXT_KIND_BROWSE_RESULTS_CONTEXT
root['schemas']['AppsIntelligenceGenAiContextSnippetInfo']['properties']['contextKind']['enumDescriptions'][7]Indicates the context that is from URL Browse Results.
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][232]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][233]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][234]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][407]AFFILIATE_ENTITY_ESIG_UPSELL_ACTION_ONLY
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][408]AFFILIATE_ENTITY_MEET_UPSELL_ACTION_ONLY
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][409]AFFILIATE_ENTITY_CAL_UPSELL_ACTION_ONLY
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enumDescriptions'][407]Action only templates for the Affiliaty Entity program.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][217]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][409]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][410]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][411]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_DRAWER_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][412]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_SPOTLIGHT_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][413]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_FEATURED_ADDONS_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][414]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V2
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][415]COMMERCE_BUYFLOW_ENTRYPOINT_SUBSCRIPTION_DETAILS_DOWNGRADE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][416]COMMERCE_BUYFLOW_ENTRYPOINT_DO_NOT_CANCEL_DOWNGRADE_INSTEAD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][642]NOTEBOOKLM_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][644]NOTEBOOKLM_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][646]NOTEBOOKLM_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][647]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][648]NOTEBOOKLM_SOURCE_LIMIT_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][649]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_EM
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][650]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][651]NOTEBOOKLM_SOURCE_LIMIT_AFFILIATE_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][653]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][654]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][668]AFFILIATE_ENTITY_UPSELL
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][409]Types of entry points to Commerce-owned Buyflow from Admin Console pages.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][641]go/notebook-lm-integration Common path - Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][647]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][668]Will be used by multiple clients (Docs, Meet, etc) to offer the Affiliate Entity (AE) program.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][217]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][409]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V1
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][410]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][411]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_DRAWER_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][412]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_SPOTLIGHT_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][413]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_FEATURED_ADDONS_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][414]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V2
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][415]COMMERCE_BUYFLOW_ENTRYPOINT_SUBSCRIPTION_DETAILS_DOWNGRADE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][416]COMMERCE_BUYFLOW_ENTRYPOINT_DO_NOT_CANCEL_DOWNGRADE_INSTEAD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][642]NOTEBOOKLM_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][644]NOTEBOOKLM_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][646]NOTEBOOKLM_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][647]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][648]NOTEBOOKLM_SOURCE_LIMIT_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][649]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_EM
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][650]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][651]NOTEBOOKLM_SOURCE_LIMIT_AFFILIATE_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][653]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][654]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][668]AFFILIATE_ENTITY_UPSELL
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][409]Types of entry points to Commerce-owned Buyflow from Admin Console pages.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][641]go/notebook-lm-integration Common path - Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][647]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][668]Will be used by multiple clients (Docs, Meet, etc) to offer the Affiliate Entity (AE) program.
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
iterable_item_removed
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][631]go/notebook-lm-integration
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][631]go/notebook-lm-integration
sandbox/staging-appsgenaiserver-pa-v1
dictionary_item_added
  • root['schemas']['CaribouApiProtoAddonsTemplatesWidgetImageButton']['properties']['backgroundColors']
dictionary_item_removed
  • root['schemas']['AppsExtensionsWorkflowActionsResourceFieldsDefinitionRetrievedAction']['properties']['fields']
values_changed
root['revision']
new_value20250224
old_value20250221
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][4]
new_valueAdmin console surfaces
old_valueAdmin console upsell nudges on billing pages. go/upsell-banner-on-billing-pages
iterable_item_added
root['schemas']['AppsIntelligenceGenAiContextSnippetInfo']['properties']['contextKind']['enum'][7]CONTEXT_KIND_BROWSE_RESULTS_CONTEXT
root['schemas']['AppsIntelligenceGenAiContextSnippetInfo']['properties']['contextKind']['enumDescriptions'][7]Indicates the context that is from URL Browse Results.
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['AppsUpsellSharedRecommendationRecommendationSurface']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][232]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][233]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][234]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT_BANNER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][407]AFFILIATE_ENTITY_ESIG_UPSELL_ACTION_ONLY
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][408]AFFILIATE_ENTITY_MEET_UPSELL_ACTION_ONLY
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enum'][409]AFFILIATE_ENTITY_CAL_UPSELL_ACTION_ONLY
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoTemplateId']['enumDescriptions'][407]Action only templates for the Affiliaty Entity program.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][217]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][409]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V1
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][410]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][411]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_DRAWER_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][412]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_SPOTLIGHT_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][413]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_FEATURED_ADDONS_SKU_CARD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][414]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V2
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][415]COMMERCE_BUYFLOW_ENTRYPOINT_SUBSCRIPTION_DETAILS_DOWNGRADE
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][416]COMMERCE_BUYFLOW_ENTRYPOINT_DO_NOT_CANCEL_DOWNGRADE_INSTEAD
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][642]NOTEBOOKLM_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][644]NOTEBOOKLM_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][646]NOTEBOOKLM_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][647]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][648]NOTEBOOKLM_SOURCE_LIMIT_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][649]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_EM
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][650]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][651]NOTEBOOKLM_SOURCE_LIMIT_AFFILIATE_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][653]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][654]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enum'][668]AFFILIATE_ENTITY_UPSELL
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][409]Types of entry points to Commerce-owned Buyflow from Admin Console pages.
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][641]go/notebook-lm-integration Common path - Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][647]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][668]Will be used by multiple clients (Docs, Meet, etc) to offer the Affiliate Entity (AE) program.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][217]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_EIGHTY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][218]AC_BILLING_STORAGE_UPSELL_NUDGE_BUSINESS_STARTER_TO_BUSINESS_STANDARD_NINETY_PERCENT
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][409]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V1
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][410]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][411]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_MAINLINE_DRAWER_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][412]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_SPOTLIGHT_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][413]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_FEATURED_ADDONS_SKU_CARD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][414]COMMERCE_BUYFLOW_ENTRYPOINT_CATALOG_GENERIC_SKU_CARD_V2
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][415]COMMERCE_BUYFLOW_ENTRYPOINT_SUBSCRIPTION_DETAILS_DOWNGRADE
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][416]COMMERCE_BUYFLOW_ENTRYPOINT_DO_NOT_CANCEL_DOWNGRADE_INSTEAD
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][642]NOTEBOOKLM_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][644]NOTEBOOKLM_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][646]NOTEBOOKLM_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][647]NOTEBOOKLM_SOURCE_LIMIT_DASHER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][648]NOTEBOOKLM_SOURCE_LIMIT_DASHER_ADMIN
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][649]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_EM
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][650]NOTEBOOKLM_SOURCE_LIMIT_CONSUMER_NONE_EM
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][651]NOTEBOOKLM_SOURCE_LIMIT_AFFILIATE_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][652]NOTEBOOKLM_SOURCE_LIMIT_NOTEBOOKLM_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][653]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_NOT_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][654]NOTEBOOKLM_SOURCE_LIMIT_NOT_OWNER_AND_OWNED_BY_PLUS_USER
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enum'][668]AFFILIATE_ENTITY_UPSELL
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][409]Types of entry points to Commerce-owned Buyflow from Admin Console pages.
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][641]go/notebook-lm-integration Common path - Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][647]Source limit path - Owner of notebook: Dasher end user, dasher admin, consumer EM, consumer none EM, AE user, notebooklm plus user Not owner of notebook: Not owner and notebooklm is not owned by plus user, not owner and notebooklm is owned by plus user
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][668]Will be used by multiple clients (Docs, Meet, etc) to offer the Affiliate Entity (AE) program.
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][4]ADMIN_CONSOLE_BILLING_CATALOG_PAGE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][5]ADMIN_CONSOLE_BILLING_INTERSTITIAL
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][6]ADMIN_CONSOLE_BILLING_RETAINMENT_DIALOG
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enum'][7]ADMIN_CONSOLE_BILLING_SUBSCRIPTION_DETAILS_PAGE
root['schemas']['GoogleInternalSubscriptionsFirstpartyV1CallToActionInAppPurchase']['properties']['onramp']['enumDescriptions'][8]See go/upsell-banner-on-billing-pages
iterable_item_removed
root['schemas']['CccHostedUpsellProtoEventsDerivedRecommendationInteractionDetails']['properties']['promoType']['enumDescriptions'][631]go/notebook-lm-integration
root['schemas']['CccHostedUpsellProtoSourceAttributionSource']['properties']['promoType']['enumDescriptions'][631]go/notebook-lm-integration
sandbox/staging-artifactregistry-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-artifactregistry-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-artifactregistry-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-artifactregistry-v1beta2
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-auditrecording-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-auditrecording-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-automl-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-automl-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-automl-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-automl-v1p1beta
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-automotivemaps-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-automotivemaps-v1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-bigtableadmin-
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtableadmin-v1
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtableadmin-v2
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtableclusteradmin-
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtableclusteradmin-v1
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtableclusteradmin-v2
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtablekeyvisualizer-
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtablekeyvisualizer-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtabletableadmin-
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtabletableadmin-v1
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-bigtabletableadmin-v2
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-binaryauthorization-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-binaryauthorization-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-binaryauthorization-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-binaryauthorization-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-clientauthconfig-
values_changed
root['revision']
new_value20250224
old_value20250222
root['schemas']['Client']['properties']['accountRestrictionService']['enumDescriptions'][760]
new_valueAccount Security Encryption Service (API part of cloudidentity) Provides an API to get public encryption key to encrypt plain-text password in Admin console. go/sdp-password-encryption-api-design Boq: boq/dasher-security-encryption Contact: account-security-team@
old_valueAccount Security Encryption Service (API part of cloudidentity) Provides an API to get public encryption key to encrypt plain-text password in Admin console. go/sdp-password-encryption-api-design Boq: boq/dasher-security-encryption Contact: avinashkondeti@, account-security-team@
sandbox/staging-clientauthconfig-v1
values_changed
root['revision']
new_value20250224
old_value20250222
root['schemas']['Client']['properties']['accountRestrictionService']['enumDescriptions'][760]
new_valueAccount Security Encryption Service (API part of cloudidentity) Provides an API to get public encryption key to encrypt plain-text password in Admin console. go/sdp-password-encryption-api-design Boq: boq/dasher-security-encryption Contact: account-security-team@
old_valueAccount Security Encryption Service (API part of cloudidentity) Provides an API to get public encryption key to encrypt plain-text password in Admin console. go/sdp-password-encryption-api-design Boq: boq/dasher-security-encryption Contact: avinashkondeti@, account-security-team@
sandbox/staging-cloudaicompanion-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudaicompanion-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudaicompanion-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudaicompanion-v1beta
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudaicompanionadmin-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudaicompanionadmin-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudaicompanionadmin-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudaicompanionadmin-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudasset-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1p1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1p2alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1p2beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1p5alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1p5beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudasset-v1p7beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudbi-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudbi-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudbilling-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudbilling-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudbilling-v1beta
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudbilling-v2beta
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudbuild-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudbuild-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudbuild-v2
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudchannel-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudchannel-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudchannel-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudchannel-pa-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudchannel-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudchannel-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcode-pa-
dictionary_item_added
  • root['schemas']['GenerateChatResponse']['properties']['moaInfo']
  • root['schemas']['YieldInfo']['properties']['buttonText']
values_changed
root['revision']
new_value20250224
old_value20250221
root['schemas']['Citation']['description']
new_valueCitation identifies which parts of content have a license ( -- LINT.IfChange -- )
old_valueCitation identifies which parts of content have a license
sandbox/staging-cloudcode-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-cloudcode-pa-v1internal
dictionary_item_added
  • root['schemas']['GenerateChatResponse']['properties']['moaInfo']
  • root['schemas']['YieldInfo']['properties']['buttonText']
values_changed
root['revision']
new_value20250224
old_value20250221
root['schemas']['Citation']['description']
new_valueCitation identifies which parts of content have a license ( -- LINT.IfChange -- )
old_valueCitation identifies which parts of content have a license
sandbox/staging-cloudcommerceconsumerprocurement-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceconsumerprocurement-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceconsumerprocurement-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceinventory-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceinventory-pa-v0
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceinventoryconsumer-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceinventoryconsumer-pa-v0
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceprocurement-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceprocurement-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceprocurement-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcommerceprocurement-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcrmipfrontend-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcrmipfrontend-pa-v1
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcrmipfrontend-pa-v1alpha
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudcrmipfrontend-pa-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudkms-
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/staging-cloudkms-v1
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/staging-cloudmarketplace-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudmarketplace-v1test
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudmarketplaceadmin-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudmarketplaceadmin-v1test
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudmarketplacepartner-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudmarketplacepartner-v2test
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudprivatecatalog-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudprivatecatalog-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudprivatecatalog-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudprivatecatalog-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudprivatecatalogproducer-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudprivatecatalogproducer-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudprivatecatalogproducer-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudrecommendations-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudrecommendations-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudresourcemanager-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-cloudresourcemanager-v1
values_changed
root['revision']
new_value20250224
old_value20250220
root['schemas']['SearchOrganizationsRequest']['properties']['filter']['description']
new_valueAn optional query string used to filter the Organizations to return in the response. Filter rules are case-insensitive. Organizations may be filtered by `owner.directoryCustomerId` or by `domain`, where the domain is a verified G Suite domain, for example: * Filter `owner.directorycustomerid:123456789` returns Organization resources with `owner.directory_customer_id` equal to `123456789`. * Filter `domain:google.com` returns Organization resources corresponding to the domain `google.com`. This field is optional.
old_valueAn optional query string used to filter the Organizations to return in the response. Filter rules are case-insensitive. Organizations may be filtered by `owner.directoryCustomerId` or by `domain`, where the domain is a G Suite domain, for example: * Filter `owner.directorycustomerid:123456789` returns Organization resources with `owner.directory_customer_id` equal to `123456789`. * Filter `domain:google.com` returns Organization resources corresponding to the domain `google.com`. This field is optional.
sandbox/staging-cloudresourcemanager-v1beta1
values_changed
root['resources']['organizations']['methods']['list']['parameters']['filter']['description']
new_valueAn optional query string used to filter the Organizations to return in the response. Filter rules are case-insensitive. Organizations may be filtered by `owner.directoryCustomerId` or by `domain`, where the domain is a verified G Suite domain, for example: * Filter `owner.directorycustomerid:123456789` returns Organization resources with `owner.directory_customer_id` equal to `123456789`. * Filter `domain:google.com` returns Organization resources corresponding to the domain `google.com`. This field is optional.
old_valueAn optional query string used to filter the Organizations to return in the response. Filter rules are case-insensitive. Organizations may be filtered by `owner.directoryCustomerId` or by `domain`, where the domain is a G Suite domain, for example: * Filter `owner.directorycustomerid:123456789` returns Organization resources with `owner.directory_customer_id` equal to `123456789`. * Filter `domain:google.com` returns Organization resources corresponding to the domain `google.com`. This field is optional.
root['revision']
new_value20250224
old_value20250220
sandbox/staging-cloudresourcemanager-v2
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-cloudresourcemanager-v2alpha1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-cloudresourcemanager-v2beta1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-cloudresourcemanager-v3
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-cloudshell-
values_changed
root['revision']
new_value20250221
old_value20250217
sandbox/staging-cloudshell-v1
values_changed
root['revision']
new_value20250221
old_value20250217
sandbox/staging-cloudsupport-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudsupport-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudsupport-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudsupport-v2beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-cloudtrace-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-cloudtrace-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-cloudtrace-v2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-cloudtrace-v2beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-cloudusersettings-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-cloudusersettings-pa-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-containeranalysis-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-containeranalysis-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-containeranalysis-v1alpha1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-containeranalysis-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-corplearning-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-corplearning-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-dataflowbackend-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-dataflowbackend-pa-v1b3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-datamanager-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-datamanager-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-datamigration-
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/staging-datamigration-v1
values_changed
root['revision']
new_value20250225
old_value20250217
root['schemas']['EntityDdl']['properties']['ddlKind']['description']
new_valueThe DDL Kind selected for apply, or UNSPECIFIED if the entity wasn't converted yet.
old_valueThe DDL Kind selected for apply, or SOURCE if getting the source tree.
sandbox/staging-datamigration-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/staging-datamigration-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250217
sandbox/staging-developerconnect-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-developerconnect-v1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-developerconnect-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-developerscontentsearch-pa-
dictionary_item_removed
  • root['resources']['namespaces']['resources']['resources']['methods']['generatePageSummary']
  • root['schemas']['GeneratePageSummaryRequest']
  • root['schemas']['GeneratePageSummaryResponse']
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-developerscontentsearch-pa-v1
dictionary_item_removed
  • root['resources']['namespaces']['resources']['resources']['methods']['generatePageSummary']
  • root['schemas']['GeneratePageSummaryRequest']
  • root['schemas']['GeneratePageSummaryResponse']
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-dialogflow-
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-dialogflow-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-dialogflow-v2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-dialogflow-v2beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-dialogflow-v3
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-dialogflow-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-dialogflow-v3beta1
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-essentialcontacts-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-essentialcontacts-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-essentialcontacts-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-essentialcontacts-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-familymanagement-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-familymanagement-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-fiamserver-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-fiamserver-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firealerts-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firealerts-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebase-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebase-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebase-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebase-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebaseabt-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseabt-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseabt-pa-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseappcheck-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebaseappcheck-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebaseappcheck-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebaseappdistribution-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebaseappdistribution-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebaseappdistribution-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebaseextensions-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseextensions-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseextensionspublisher-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseextensionspublisher-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasehosting-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasehosting-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasehosting-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasemessagingcampaigns-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasemessagingcampaigns-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseml-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseml-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseml-v1beta2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseml-v2beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebaseremoteconfig-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebaseremoteconfig-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebaseremoteconfig-pa-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebaseremoteconfigrealtime-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebaseremoteconfigrealtime-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebasesagepredictions-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasesagepredictions-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-firebasesegmentation-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebasesegmentation-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-firebasestorage-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebasestorage-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebasestorage-v1beta
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-firebasetargeting-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-firebasetargeting-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-fireconsole-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-fireconsole-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-gcmcontextualcampaign-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-gcmcontextualcampaign-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-gcmcontextualcampaign-pa-v2
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-generativelanguage-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-generativelanguage-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-generativelanguage-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-generativelanguage-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-generativelanguage-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-generativelanguage-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-generativelanguage-v1beta3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-geofeedtaskrouting-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-geofeedtaskrouting-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-gkeonprem-
values_changed
root['revision']
new_value20250224
old_value20250219
sandbox/staging-growth-pa-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-growth-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-guidedhelp-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-guidedhelp-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-iam-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v2alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v2beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v3alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iam-v3beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iap-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iap-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-iap-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-identitytoolkit-v1
values_changed
root['revision']
new_value20250225
old_value20250219
sandbox/staging-identitytoolkit-v2
values_changed
root['revision']
new_value20250225
old_value20250219
sandbox/staging-identitytoolkit-v2alpha1
values_changed
root['revision']
new_value20250225
old_value20250219
sandbox/staging-identitytoolkit-v2beta1
values_changed
root['revision']
new_value20250225
old_value20250219
sandbox/staging-instantmessaging-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-instantmessaging-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-integrations-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-integrations-v1
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-integrations-v1alpha
dictionary_item_removed
  • root['resources']['projects']['resources']['locations']['resources']['integrations']['resources']['versions']['resources']['testCases']['methods']['listExecutions']
  • root['schemas']['GoogleCloudIntegrationsV1alphaListTestCaseExecutionsResponse']
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-integrations-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-kidsmanagement-pa-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-kidsmanagement-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-kidsnotification-pa-
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-kidsnotification-pa-v1
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-language-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-eu-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-eu-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-eu-v1beta2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-eu-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-us-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-us-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-us-v1beta2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-us-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-v1beta2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-language-v2
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-listallowedkids-
values_changed
root['revision']
new_value20250223
old_value20250222
sandbox/staging-listallowedkids-v1
values_changed
root['revision']
new_value20250223
old_value20250222
sandbox/staging-mapsplatformdatasets-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-mapsplatformdatasets-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-mapsplatformdatasets-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-mlengine-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-mlengine-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-mlkit-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-mlkit-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-mobileperformancereporting-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-mobileperformancereporting-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-monitoring-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-monitoring-v1
dictionary_item_added
  • root['schemas']['SingleViewGroup']['properties']['displayType']
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-monitoring-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-monospace-pa-
dictionary_item_added
  • root['schemas']['Subscription']
  • root['schemas']['Profile']['properties']['activeSubscription']
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-monospace-pa-v1
dictionary_item_added
  • root['schemas']['Subscription']
  • root['schemas']['Profile']['properties']['activeSubscription']
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-myphonenumbers-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-myphonenumbers-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-networksecurity-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-networksecurity-v1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-networksecurity-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-networksecurity-v1beta1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-notifications-pa-
dictionary_item_added
  • root['schemas']['GoogleAndroidLibrariesTapandpayPropose__Proposal']
  • root['schemas']['NotificationsPlatformCommonProto_IosCustomAction_InAppBrowserRedirect']
  • root['schemas']['NotificationsPlatformCommonProto__IosCustomAction']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationServerSessionId']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationSessionId']
  • root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['iosCustomAction']
  • root['schemas']['WalletGooglepayCommon__NavigationTarget']['properties']['walletPage']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
root['schemas']['WalletGooglepayCommon__NavigationTarget']['description']
new_valueThe target to navigate to. A target should be a pure navigation target. I.e. the target should not represent an action to be taken (besides navigation). Next id: 74
old_valueThe target to navigate to. A target should be a pure navigation target. I.e. the target should not represent an action to be taken (besides navigation). Next id: 73
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][23]
new_valueaccount, but not account. A notification is updated.
old_valueaccount, but not account. Slient notification.
iterable_item_added
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][13]SV_WEAR_TOKENIZATION
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][14]SV_INSTALL_WEAR_WALLET_APP
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][13]Start tokenization of a supervised stored value card to a wearable
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][14]Go to the Play Store to install the Wallet app on WearOS
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enum'][23]DELIVERED_REPLACED
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][24]Slient notification.
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
sandbox/staging-notifications-pa-v1
dictionary_item_added
  • root['schemas']['GoogleAndroidLibrariesTapandpayPropose__Proposal']
  • root['schemas']['NotificationsPlatformCommonProto_IosCustomAction_InAppBrowserRedirect']
  • root['schemas']['NotificationsPlatformCommonProto__IosCustomAction']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationServerSessionId']
  • root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['svTokenizationSessionId']
  • root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['iosCustomAction']
  • root['schemas']['WalletGooglepayCommon__NavigationTarget']['properties']['walletPage']
values_changed
root['revision']
new_value20250225
old_value20250222
root['schemas']['NotificationsPlatformCommonProto_CustomPromptButtons_ActionButton']['properties']['customAction']['description']
new_valueCustom action to be handled by the SDK. Android specific
old_valueCustom action to be handled by the SDK. Only supported by Android at the moment.
root['schemas']['WalletGooglepayCommon__NavigationTarget']['description']
new_valueThe target to navigate to. A target should be a pure navigation target. I.e. the target should not represent an action to be taken (besides navigation). Next id: 74
old_valueThe target to navigate to. A target should be a pure navigation target. I.e. the target should not represent an action to be taken (besides navigation). Next id: 73
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][23]
new_valueaccount, but not account. A notification is updated.
old_valueaccount, but not account. Slient notification.
iterable_item_added
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][13]SV_WEAR_TOKENIZATION
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enum'][14]SV_INSTALL_WEAR_WALLET_APP
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][13]Start tokenization of a supervised stored value card to a wearable
root['schemas']['ComGoogleCommerceTapandpayNotifications_TapAndPayNotificationAppPayload_AndroidPayGmsCoreTarget']['properties']['targetType']['enumDescriptions'][14]Go to the Play Store to install the Wallet app on WearOS
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enum'][23]DELIVERED_REPLACED
root['schemas']['LogsChimeNotifications__UserInteraction']['properties']['interactionType']['enumDescriptions'][24]Slient notification.
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNotifications_UserActionMetadata_Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ActionLogFilter']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ChimeAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['SearchNowPushProtoChimepayloads__ExpiresAfterSetting']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ContentFeedbackSurvey_SurveyAnswer']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick_ReportAction_ReportReason']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Action']['properties']['type']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Action']['properties']['type']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClickAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClientAction']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ClosetAction']['properties']['undoActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__InlineInjectionMetadata']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__Rating']['properties']['actionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['checkedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['clearedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][136]NOTIFICATION_THUMBS_UP_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enum'][137]NOTIFICATION_THUMBS_DOWN_CLICKED_SRP_LANDING
root['schemas']['Sidekick__ToggleStateAction']['properties']['uncheckedActionType']['enumDescriptions'][136]Actions for Notification SRP landing thumbs button click.
sandbox/staging-ogads-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-ogads-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-oslogin-
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-oslogin-v1
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-oslogin-v1alpha
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-oslogin-v1beta
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-peoplestack-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-peoplestack-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-policyremediator-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-policyremediator-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-policysimulator-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-policysimulator-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-policysimulator-v1alpha
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-policysimulator-v1beta
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-policytroubleshooter-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-policytroubleshooter-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-policytroubleshooter-v1beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-policytroubleshooter-v2alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-policytroubleshooter-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-policytroubleshooter-v3alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-policytroubleshooter-v3beta
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-privacysandboxmaven-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-privacysandboxmaven-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-quantum-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-quantum-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-reach-pa-
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/staging-reach-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/staging-recommender-
values_changed
root['revision']
new_value20250223
old_value20250222
sandbox/staging-recommender-v1
values_changed
root['revision']
new_value20250223
old_value20250222
sandbox/staging-recommender-v1beta1
values_changed
root['revision']
new_value20250223
old_value20250222
sandbox/staging-retail-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-retail-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-retail-v2
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-retail-v2alpha
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-retail-v2beta
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-salesforceshopping-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-salesforceshopping-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-sasportal-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-sasportal-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-sasportal-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-scone-pa-
values_changed
root['revision']
new_value20250224
old_value20250219
iterable_item_added
root['schemas']['CustomerSupportContentContactFlowModel']['properties']['contactFlowType']['enum'][13]MOSP
root['schemas']['CustomerSupportContentContactFlowModel']['properties']['contactFlowType']['enumDescriptions'][13]Submission via MOSP.
root['schemas']['CustomerSupportContentContactForm']['properties']['connectorType']['enum'][13]MOSP
root['schemas']['CustomerSupportContentContactForm']['properties']['connectorType']['enumDescriptions'][13]Submission via MOSP.
sandbox/staging-scone-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250219
iterable_item_added
root['schemas']['CustomerSupportContentContactFlowModel']['properties']['contactFlowType']['enum'][13]MOSP
root['schemas']['CustomerSupportContentContactFlowModel']['properties']['contactFlowType']['enumDescriptions'][13]Submission via MOSP.
root['schemas']['CustomerSupportContentContactForm']['properties']['connectorType']['enum'][13]MOSP
root['schemas']['CustomerSupportContentContactForm']['properties']['connectorType']['enumDescriptions'][13]Submission via MOSP.
sandbox/staging-searchresearcherresults-
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-searchresearcherresults-v1
values_changed
root['revision']
new_value20250224
old_value20250220
sandbox/staging-secretmanager-
values_changed
root['revision']
new_value20250225
old_value20250221
iterable_item_added
root['endpoints'][2]
descriptionLocational Endpoint
endpointUrlhttps://staging-secretmanager.us.rep.sandbox.googleapis.com/
locationus
sandbox/staging-secretmanager-v1
values_changed
root['revision']
new_value20250225
old_value20250221
iterable_item_added
root['endpoints'][2]
descriptionLocational Endpoint
endpointUrlhttps://staging-secretmanager.us.rep.sandbox.googleapis.com/
locationus
sandbox/staging-secretmanager-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
iterable_item_added
root['endpoints'][2]
descriptionLocational Endpoint
endpointUrlhttps://staging-secretmanager.us.rep.sandbox.googleapis.com/
locationus
sandbox/staging-secretmanager-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250221
iterable_item_added
root['endpoints'][2]
descriptionLocational Endpoint
endpointUrlhttps://staging-secretmanager.us.rep.sandbox.googleapis.com/
locationus
sandbox/staging-securitycenter-
dictionary_item_added
  • root['schemas']['NotificationConfig']['properties']['updateTime']
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v1
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v1alpha2
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v1p1alpha1
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v1p1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-securitycenter-v2
dictionary_item_added
  • root['schemas']['NotificationConfig']['properties']['updateTime']
values_changed
root['revision']
new_value20250225
old_value20250221
root['schemas']['DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
root['schemas']['GoogleCloudSecuritycenterV2DataRetentionDeletionEvent']['properties']['maxRetentionAllowed']['description']
new_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user sets the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
old_valueMaximum duration of retention allowed from the DRD control. This comes from the DRD control where users set a max TTL for their data. For example, suppose that a user set the max TTL for a Cloud Storage bucket to 90 days. However, an object in that bucket is 100 days old. In this case, a DataRetentionDeletionEvent will be generated for that Cloud Storage bucket, and the max_retention_allowed is 90 days.
root['schemas']['GoogleCloudSecuritycenterV2Disk']['properties']['name']['description']
new_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/{project-id}/zones/{zone-id}/disks/{disk-id}".
old_valueThe name of the disk, for example, "https://www.googleapis.com/compute/v1/projects/project-id/zones/zone-id/disks/disk-id".
sandbox/staging-servicemanagement-
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/staging-servicemanagement-v1
values_changed
root['revision']
new_value20250225
old_value20250220
sandbox/staging-shoppingdataintegration-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-shoppingdataintegration-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-spectrumsas-pa-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-spectrumsas-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-spectrumsas-pa-v1alpha1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-taskassist-pa-
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-taskassist-pa-v1
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-taskassist-pa-v2
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-tasks-pa-
values_changed
root['revision']
new_value20250223
old_value20250216
sandbox/staging-tasks-pa-v1
values_changed
root['revision']
new_value20250223
old_value20250216
sandbox/staging-toolresults-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-toolresults-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-toolresults-v1beta3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/staging-translate-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translate-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translate-v3
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translate-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translate-v3beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translation-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translation-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translation-v3
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translation-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-translation-v3beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-travelpartnerprices-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-travelpartnerprices-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/staging-us-east4-cloudbuild-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-us-east4-cloudbuild-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-us-east4-cloudbuild-v2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-us-west1-cloudbuild-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-us-west1-cloudbuild-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-us-west1-cloudbuild-v2
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-userpaneltv-pa-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-userpaneltv-pa-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/staging-vision-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-vision-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-vision-v1p1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-vision-v1p2beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-vision-v1p3beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-vision-v1p4beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/staging-vmmigration-v1
values_changed
root
new_value
auth
oauth2
scopes
https://www.googleapis.com/auth/cloud-platform
descriptionSee, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
basePath
baseUrlhttps://staging-vmmigration.sandbox.googleapis.com/
batchPathbatch
canonicalNameVM Migration Service
description
discoveryVersionv1
documentationLinkhttps://cloud.google.com/migrate/virtual-machines
fullyEncodeReservedExpansionTrue
icons
x16http://www.google.com/images/icons/product/search-16.gif
x32http://www.google.com/images/icons/product/search-32.gif
idvmmigration:v1
kinddiscovery#restDescription
mtlsRootUrlhttps://staging-vmmigration.mtls.sandbox.googleapis.com/
namevmmigration
ownerDomaingoogle.com
ownerNameGoogle
parameters
$.xgafv
descriptionV1 error format.
enum
  • 1
  • 2
enumDescriptions
  • v1 error format
  • v2 error format
locationquery
typestring
access_token
descriptionOAuth access token.
locationquery
typestring
alt
defaultjson
descriptionData format for response.
enum
  • json
  • media
  • proto
enumDescriptions
  • Responses with Content-Type of application/json
  • Media download with context-dependent Content-Type
  • Responses with Content-Type of application/x-protobuf
locationquery
typestring
callback
descriptionJSONP
locationquery
typestring
fields
descriptionSelector specifying which fields to include in a partial response.
locationquery
typestring
key
descriptionAPI key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
locationquery
typestring
oauth_token
descriptionOAuth 2.0 token for the current user.
locationquery
typestring
prettyPrint
defaulttrue
descriptionReturns response with indentations and line breaks.
locationquery
typeboolean
quotaUser
descriptionAvailable to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
locationquery
typestring
uploadType
descriptionLegacy upload protocol for media (e.g. "media", "multipart").
locationquery
typestring
upload_protocol
descriptionUpload protocol for media (e.g. "raw", "multipart").
locationquery
typestring
protocolrest
resources
projects
resources
locations
methods
get
descriptionGets information about a location.
flatPathv1/projects/{projectsId}/locations/{locationsId}
httpMethodGET
idvmmigration.projects.locations.get
parameterOrder
  • name
parameters
name
descriptionResource name for the location.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refLocation
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists information about the supported locations for this service.
flatPathv1/projects/{projectsId}/locations
httpMethodGET
idvmmigration.projects.locations.list
parameterOrder
  • name
parameters
filter
descriptionA filter to narrow down results to a preferred subset. The filtering language accepts strings like `"displayName=tokyo"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160).
locationquery
typestring
name
descriptionThe resource that owns the locations collection, if applicable.
locationpath
pattern^projects/[^/]+$
requiredTrue
typestring
pageSize
descriptionThe maximum number of results to return. If not set, the service selects a default.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.
locationquery
typestring
pathv1/{+name}/locations
response
$refListLocationsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
groups
methods
addGroupMigration
descriptionAdds a MigratingVm to a Group.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}:addGroupMigration
httpMethodPOST
idvmmigration.projects.locations.groups.addGroupMigration
parameterOrder
  • group
parameters
group
descriptionRequired. The full path name of the Group to add to.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
pathv1/{+group}:addGroupMigration
request
$refAddGroupMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
create
descriptionCreates a new Group in a given project and location.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups
httpMethodPOST
idvmmigration.projects.locations.groups.create
parameterOrder
  • parent
parameters
groupId
descriptionRequired. The group identifier.
locationquery
typestring
parent
descriptionRequired. The Group's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+parent}/groups
request
$refGroup
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single Group.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}
httpMethodDELETE
idvmmigration.projects.locations.groups.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The Group name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single Group.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}
httpMethodGET
idvmmigration.projects.locations.groups.get
parameterOrder
  • name
parameters
name
descriptionRequired. The group name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refGroup
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists Groups in a given project and location.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups
httpMethodGET
idvmmigration.projects.locations.groups.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of groups to return. The service may return fewer than this value. If unspecified, at most 500 groups will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListGroups` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListGroups` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of groups.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/groups
response
$refListGroupsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single Group.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}
httpMethodPATCH
idvmmigration.projects.locations.groups.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The Group name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the Group resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1/{+name}
request
$refGroup
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
removeGroupMigration
descriptionRemoves a MigratingVm from a Group.
flatPathv1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}:removeGroupMigration
httpMethodPOST
idvmmigration.projects.locations.groups.removeGroupMigration
parameterOrder
  • group
parameters
group
descriptionRequired. The name of the Group.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
pathv1/{+group}:removeGroupMigration
request
$refRemoveGroupMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
imageImports
methods
create
descriptionCreates a new ImageImport in a given project.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports
httpMethodPOST
idvmmigration.projects.locations.imageImports.create
parameterOrder
  • parent
parameters
imageImportId
descriptionRequired. The image import identifier. This value maximum length is 63 characters, and valid characters are /a-z-/. It must start with an english letter and must not end with a hyphen.
locationquery
typestring
parent
descriptionRequired. The ImageImport's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+parent}/imageImports
request
$refImageImport
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single ImageImport.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}
httpMethodDELETE
idvmmigration.projects.locations.imageImports.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The ImageImport name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single ImageImport.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}
httpMethodGET
idvmmigration.projects.locations.imageImports.get
parameterOrder
  • name
parameters
name
descriptionRequired. The ImageImport name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refImageImport
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists ImageImports in a given project.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports
httpMethodGET
idvmmigration.projects.locations.imageImports.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request (according to AIP-160).
locationquery
typestring
orderBy
descriptionOptional. The order by fields for the result (according to AIP-132). Currently ordering is only possible by "name" field.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionOptional. A page token, received from a previous `ListImageImports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListImageImports` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of targets.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/imageImports
response
$refListImageImportsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
imageImportJobs
methods
cancel
descriptionInitiates the cancellation of a running clone job.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}/imageImportJobs/{imageImportJobsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.imageImports.imageImportJobs.cancel
parameterOrder
  • name
parameters
name
descriptionRequired. The image import job id.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+/imageImportJobs/[^/]+$
requiredTrue
typestring
pathv1/{+name}:cancel
request
$refCancelImageImportJobRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single ImageImportJob.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}/imageImportJobs/{imageImportJobsId}
httpMethodGET
idvmmigration.projects.locations.imageImports.imageImportJobs.get
parameterOrder
  • name
parameters
name
descriptionRequired. The ImageImportJob name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+/imageImportJobs/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refImageImportJob
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists ImageImportJobs in a given project.
flatPathv1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}/imageImportJobs
httpMethodGET
idvmmigration.projects.locations.imageImports.imageImportJobs.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request (according to AIP-160).
locationquery
typestring
orderBy
descriptionOptional. The order by fields for the result (according to AIP-132). Currently ordering is only possible by "name" field.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionOptional. A page token, received from a previous `ListImageImportJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListImageImportJobs` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of targets.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/imageImportJobs
response
$refListImageImportJobsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
operations
methods
cancel
descriptionStarts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.operations.cancel
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource to be cancelled.
locationpath
pattern^projects/[^/]+/locations/[^/]+/operations/[^/]+$
requiredTrue
typestring
pathv1/{+name}:cancel
request
$refCancelOperationRequest
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}
httpMethodDELETE
idvmmigration.projects.locations.operations.delete
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource to be deleted.
locationpath
pattern^projects/[^/]+/locations/[^/]+/operations/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
flatPathv1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}
httpMethodGET
idvmmigration.projects.locations.operations.get
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource.
locationpath
pattern^projects/[^/]+/locations/[^/]+/operations/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/operations
httpMethodGET
idvmmigration.projects.locations.operations.list
parameterOrder
  • name
parameters
filter
descriptionThe standard list filter.
locationquery
typestring
name
descriptionThe name of the operation's parent resource.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pageSize
descriptionThe standard list page size.
formatint32
locationquery
typeinteger
pageToken
descriptionThe standard list page token.
locationquery
typestring
pathv1/{+name}/operations
response
$refListOperationsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
sources
methods
create
descriptionCreates a new Source in a given project and location.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources
httpMethodPOST
idvmmigration.projects.locations.sources.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The Source's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
sourceId
descriptionRequired. The source identifier.
locationquery
typestring
pathv1/{+parent}/sources
request
$refSource
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}
httpMethodDELETE
idvmmigration.projects.locations.sources.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The Source name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
fetchInventory
descriptionList remote source's inventory of VMs. The remote source is the onprem vCenter (remote in the sense it's not in Compute Engine). The inventory describes the list of existing VMs in that source. Note that this operation lists the VMs on the remote source, as opposed to listing the MigratingVms resources in the vmmigration service.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}:fetchInventory
httpMethodGET
idvmmigration.projects.locations.sources.fetchInventory
parameterOrder
  • source
parameters
forceRefresh
descriptionIf this flag is set to true, the source will be queried instead of using cached results. Using this flag will make the call slower.
locationquery
typeboolean
pageSize
descriptionThe maximum number of VMs to return. The service may return fewer than this value. For AWS source: If unspecified, at most 500 VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. For VMWare source: If unspecified, all VMs will be returned. There is no limit for maximum value.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token, received from a previous `FetchInventory` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `FetchInventory` must match the call that provided the page token.
locationquery
typestring
source
descriptionRequired. The name of the Source.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
pathv1/{+source}:fetchInventory
response
$refFetchInventoryResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}
httpMethodGET
idvmmigration.projects.locations.sources.get
parameterOrder
  • name
parameters
name
descriptionRequired. The Source name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refSource
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists Sources in a given project and location.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources
httpMethodGET
idvmmigration.projects.locations.sources.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of sources to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListSources` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListSources` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of sources.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/sources
response
$refListSourcesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}
httpMethodPATCH
idvmmigration.projects.locations.sources.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The Source name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the Source resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1/{+name}
request
$refSource
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
datacenterConnectors
methods
create
descriptionCreates a new DatacenterConnector in a given Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors
httpMethodPOST
idvmmigration.projects.locations.sources.datacenterConnectors.create
parameterOrder
  • parent
parameters
datacenterConnectorId
descriptionRequired. The datacenterConnector identifier.
locationquery
typestring
parent
descriptionRequired. The DatacenterConnector's parent. Required. The Source in where the new DatacenterConnector will be created. For example: `projects/my-project/locations/us-central1/sources/my-source`
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+parent}/datacenterConnectors
request
$refDatacenterConnector
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single DatacenterConnector.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors/{datacenterConnectorsId}
httpMethodDELETE
idvmmigration.projects.locations.sources.datacenterConnectors.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The DatacenterConnector name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/datacenterConnectors/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single DatacenterConnector.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors/{datacenterConnectorsId}
httpMethodGET
idvmmigration.projects.locations.sources.datacenterConnectors.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the DatacenterConnector.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/datacenterConnectors/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refDatacenterConnector
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists DatacenterConnectors in a given Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors
httpMethodGET
idvmmigration.projects.locations.sources.datacenterConnectors.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of connectors to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListDatacenterConnectors` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListDatacenterConnectors` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of connectors.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/datacenterConnectors
response
$refListDatacenterConnectorsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
upgradeAppliance
descriptionUpgrades the appliance relate to this DatacenterConnector to the in-place updateable version.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors/{datacenterConnectorsId}:upgradeAppliance
httpMethodPOST
idvmmigration.projects.locations.sources.datacenterConnectors.upgradeAppliance
parameterOrder
  • datacenterConnector
parameters
datacenterConnector
descriptionRequired. The DatacenterConnector name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/datacenterConnectors/[^/]+$
requiredTrue
typestring
pathv1/{+datacenterConnector}:upgradeAppliance
request
$refUpgradeApplianceRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
migratingVms
methods
create
descriptionCreates a new MigratingVm in a given Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.create
parameterOrder
  • parent
parameters
migratingVmId
descriptionRequired. The migratingVm identifier.
locationquery
typestring
parent
descriptionRequired. The MigratingVm's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+parent}/migratingVms
request
$refMigratingVm
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single MigratingVm.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}
httpMethodDELETE
idvmmigration.projects.locations.sources.migratingVms.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
finalizeMigration
descriptionMarks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:finalizeMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.finalizeMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+migratingVm}:finalizeMigration
request
$refFinalizeMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single MigratingVm.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of the migrating VM.
enum
  • MIGRATING_VM_VIEW_UNSPECIFIED
  • MIGRATING_VM_VIEW_BASIC
  • MIGRATING_VM_VIEW_FULL
enumDescriptions
  • View is unspecified. The API will fallback to the default value.
  • Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
  • Include everything.
locationquery
typestring
pathv1/{+name}
response
$refMigratingVm
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists MigratingVms in a given Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of migrating VMs to return. The service may return fewer than this value. If unspecified, at most 500 migrating VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListMigratingVms` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMigratingVms` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of MigratingVms.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of each migrating VM.
enum
  • MIGRATING_VM_VIEW_UNSPECIFIED
  • MIGRATING_VM_VIEW_BASIC
  • MIGRATING_VM_VIEW_FULL
enumDescriptions
  • View is unspecified. The API will fallback to the default value.
  • Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
  • Include everything.
locationquery
typestring
pathv1/{+parent}/migratingVms
response
$refListMigratingVmsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single MigratingVm.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}
httpMethodPATCH
idvmmigration.projects.locations.sources.migratingVms.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The identifier of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the MigratingVm resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1/{+name}
request
$refMigratingVm
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
pauseMigration
descriptionPauses a migration for a VM. If cycle tasks are running they will be cancelled, preserving source task data. Further replication cycles will not be triggered while the VM is paused.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:pauseMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.pauseMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+migratingVm}:pauseMigration
request
$refPauseMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
resumeMigration
descriptionResumes a migration for a VM. When called on a paused migration, will start the process of uploading data and creating snapshots; when called on a completed cut-over migration, will update the migration to active state and start the process of uploading data and creating snapshots.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:resumeMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.resumeMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+migratingVm}:resumeMigration
request
$refResumeMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
startMigration
descriptionStarts migration for a VM. Starts the process of uploading data and creating snapshots, in replication cycles scheduled by the policy.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:startMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.startMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+migratingVm}:startMigration
request
$refStartMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
cloneJobs
methods
cancel
descriptionInitiates the cancellation of a running clone job.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs/{cloneJobsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.cancel
parameterOrder
  • name
parameters
name
descriptionRequired. The clone job id
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cloneJobs/[^/]+$
requiredTrue
typestring
pathv1/{+name}:cancel
request
$refCancelCloneJobRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
create
descriptionInitiates a Clone of a specific migrating VM.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.create
parameterOrder
  • parent
parameters
cloneJobId
descriptionRequired. The clone job identifier.
locationquery
typestring
parent
descriptionRequired. The Clone's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+parent}/cloneJobs
request
$refCloneJob
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single CloneJob.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs/{cloneJobsId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the CloneJob.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cloneJobs/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refCloneJob
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists the CloneJobs of a migrating VM. Only 25 most recent CloneJobs are listed.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of clone jobs to return. The service may return fewer than this value. If unspecified, at most 500 clone jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListCloneJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCloneJobs` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of source VMs.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/cloneJobs
response
$refListCloneJobsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
cutoverJobs
methods
cancel
descriptionInitiates the cancellation of a running cutover job.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs/{cutoverJobsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.cancel
parameterOrder
  • name
parameters
name
descriptionRequired. The cutover job id
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cutoverJobs/[^/]+$
requiredTrue
typestring
pathv1/{+name}:cancel
request
$refCancelCutoverJobRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
create
descriptionInitiates a Cutover of a specific migrating VM. The returned LRO is completed when the cutover job resource is created and the job is initiated.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.create
parameterOrder
  • parent
parameters
cutoverJobId
descriptionRequired. The cutover job identifier.
locationquery
typestring
parent
descriptionRequired. The Cutover's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+parent}/cutoverJobs
request
$refCutoverJob
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single CutoverJob.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs/{cutoverJobsId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the CutoverJob.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cutoverJobs/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refCutoverJob
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists the CutoverJobs of a migrating VM. Only 25 most recent CutoverJobs are listed.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of cutover jobs to return. The service may return fewer than this value. If unspecified, at most 500 cutover jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListCutoverJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCutoverJobs` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of migrating VMs.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/cutoverJobs
response
$refListCutoverJobsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
replicationCycles
methods
get
descriptionGets details of a single ReplicationCycle.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/replicationCycles/{replicationCyclesId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.replicationCycles.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the ReplicationCycle.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/replicationCycles/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refReplicationCycle
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists ReplicationCycles in a given MigratingVM.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/replicationCycles
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.replicationCycles.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of replication cycles to return. The service may return fewer than this value. If unspecified, at most 100 migrating VMs will be returned. The maximum value is 100; values above 100 will be coerced to 100.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListReplicationCycles` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListReplicationCycles` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of ReplicationCycles.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/replicationCycles
response
$refListReplicationCyclesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
utilizationReports
methods
create
descriptionCreates a new UtilizationReport.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports
httpMethodPOST
idvmmigration.projects.locations.sources.utilizationReports.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The Utilization Report's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
utilizationReportId
descriptionRequired. The ID to use for the report, which will become the final component of the reports's resource name. This value maximum length is 63 characters, and valid characters are /a-z-/. It must start with an english letter and must not end with a hyphen.
locationquery
typestring
pathv1/{+parent}/utilizationReports
request
$refUtilizationReport
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single Utilization Report.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports/{utilizationReportsId}
httpMethodDELETE
idvmmigration.projects.locations.sources.utilizationReports.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The Utilization Report name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/utilizationReports/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets a single Utilization Report.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports/{utilizationReportsId}
httpMethodGET
idvmmigration.projects.locations.sources.utilizationReports.get
parameterOrder
  • name
parameters
name
descriptionRequired. The Utilization Report name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/utilizationReports/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of the report. Defaults to FULL
enum
  • UTILIZATION_REPORT_VIEW_UNSPECIFIED
  • BASIC
  • FULL
enumDescriptions
  • The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
  • Get the report metadata, without the list of VMs and their utilization info.
  • Include everything.
locationquery
typestring
pathv1/{+name}
response
$refUtilizationReport
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists Utilization Reports of the given Source.
flatPathv1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports
httpMethodGET
idvmmigration.projects.locations.sources.utilizationReports.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of reports to return. The service may return fewer than this value. If unspecified, at most 500 reports will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListUtilizationReports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListUtilizationReports` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The Utilization Reports parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of each report. Defaults to BASIC.
enum
  • UTILIZATION_REPORT_VIEW_UNSPECIFIED
  • BASIC
  • FULL
enumDescriptions
  • The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
  • Get the report metadata, without the list of VMs and their utilization info.
  • Include everything.
locationquery
typestring
pathv1/{+parent}/utilizationReports
response
$refListUtilizationReportsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
targetProjects
methods
create
descriptionCreates a new TargetProject in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/targetProjects
httpMethodPOST
idvmmigration.projects.locations.targetProjects.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The TargetProject's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
targetProjectId
descriptionRequired. The target_project identifier.
locationquery
typestring
pathv1/{+parent}/targetProjects
request
$refTargetProject
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/targetProjects/{targetProjectsId}
httpMethodDELETE
idvmmigration.projects.locations.targetProjects.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The TargetProject name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/targetProjects/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/targetProjects/{targetProjectsId}
httpMethodGET
idvmmigration.projects.locations.targetProjects.get
parameterOrder
  • name
parameters
name
descriptionRequired. The TargetProject name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/targetProjects/[^/]+$
requiredTrue
typestring
pathv1/{+name}
response
$refTargetProject
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists TargetProjects in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/targetProjects
httpMethodGET
idvmmigration.projects.locations.targetProjects.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListTargets` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListTargets` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of targets.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1/{+parent}/targetProjects
response
$refListTargetProjectsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1/projects/{projectsId}/locations/{locationsId}/targetProjects/{targetProjectsId}
httpMethodPATCH
idvmmigration.projects.locations.targetProjects.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The name of the target project.
locationpath
pattern^projects/[^/]+/locations/[^/]+/targetProjects/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the TargetProject resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1/{+name}
request
$refTargetProject
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
revision20250224
rootUrlhttps://staging-vmmigration.sandbox.googleapis.com/
schemas
AccessKeyCredentials
descriptionMessage describing AWS Credentials using access key id and secret.
idAccessKeyCredentials
properties
accessKeyId
descriptionAWS access key ID.
typestring
secretAccessKey
descriptionInput only. AWS secret access key.
typestring
sessionToken
descriptionInput only. AWS session token. Used only when AWS security token service (STS) is responsible for creating the temporary credentials.
typestring
typeobject
AdaptingOSStep
descriptionAdaptingOSStep contains specific step details.
idAdaptingOSStep
properties
typeobject
AddGroupMigrationRequest
descriptionRequest message for 'AddGroupMigration' request.
idAddGroupMigrationRequest
properties
migratingVm
descriptionThe full path name of the MigratingVm to add.
typestring
typeobject
ApplianceVersion
descriptionDescribes an appliance version.
idApplianceVersion
properties
critical
descriptionDetermine whether it's critical to upgrade the appliance to this version.
typeboolean
releaseNotesUri
descriptionLink to a page that contains the version release notes.
typestring
uri
descriptionA link for downloading the version.
typestring
version
descriptionThe appliance version.
typestring
typeobject
AppliedLicense
descriptionAppliedLicense holds the license data returned by adaptation module report.
idAppliedLicense
properties
osLicense
descriptionThe OS license returned from the adaptation module's report.
typestring
type
descriptionThe license type that was used in OS adaptation.
enum
  • TYPE_UNSPECIFIED
  • NONE
  • PAYG
  • BYOL
enumDescriptions
  • Unspecified license for the OS.
  • No license available for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
typeobject
AvailableUpdates
descriptionHolds information about the available versions for upgrade.
idAvailableUpdates
properties
inPlaceUpdate
$refApplianceVersion
descriptionThe latest version for in place update. The current appliance can be updated to this version using the API or m4c CLI.
newDeployableAppliance
$refApplianceVersion
descriptionThe newest deployable version of the appliance. The current appliance can't be updated into this version, and the owner must manually deploy this OVA to a new appliance.
typeobject
AwsDiskDetails
descriptionThe details of an AWS instance disk.
idAwsDiskDetails
properties
diskNumber
descriptionOutput only. The ordinal number of the disk.
formatint32
readOnlyTrue
typeinteger
sizeGb
descriptionOutput only. Size in GB.
formatint64
readOnlyTrue
typestring
volumeId
descriptionOutput only. AWS volume ID.
readOnlyTrue
typestring
typeobject
AwsSecurityGroup
descriptionAwsSecurityGroup describes a security group of an AWS VM.
idAwsSecurityGroup
properties
id
descriptionThe AWS security group id.
typestring
name
descriptionThe AWS security group name.
typestring
typeobject
AwsSourceDetails
descriptionAwsSourceDetails message describes a specific source details for the AWS source type.
idAwsSourceDetails
properties
accessKeyCreds
$refAccessKeyCredentials
descriptionAWS Credentials using access key id and secret.
awsRegion
descriptionImmutable. The AWS region that the source VMs will be migrated from.
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the Source in case of an error.
readOnlyTrue
inventorySecurityGroupNames
descriptionAWS security group names to limit the scope of the source inventory.
items
typestring
typearray
inventoryTagList
descriptionAWS resource tags to limit the scope of the source inventory.
items
$refTag
typearray
migrationResourcesUserTags
additionalProperties
typestring
descriptionUser specified tags to add to every M2VM generated resource in AWS. These tags will be set in addition to the default tags that are set as part of the migration process. The tags must not begin with the reserved prefix `m2vm`.
typeobject
publicIp
descriptionOutput only. The source's public IP. All communication initiated by this source will originate from this IP.
readOnlyTrue
typestring
state
descriptionOutput only. State of the source as determined by the health check.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • FAILED
  • ACTIVE
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The state was not sampled by the health checks yet.
  • The source is available but might not be usable yet due to invalid credentials or another reason. The error message will contain further details.
  • The source exists and its credentials were verified.
readOnlyTrue
typestring
typeobject
AwsSourceVmDetails
descriptionRepresent the source AWS VM details.
idAwsSourceVmDetails
properties
architecture
descriptionOutput only. The VM architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
committedStorageBytes
descriptionOutput only. The total size of the disks being migrated in bytes.
formatint64
readOnlyTrue
typestring
disks
descriptionOutput only. The disks attached to the source VM.
items
$refAwsDiskDetails
readOnlyTrue
typearray
firmware
descriptionOutput only. The firmware type of the source VM.
enum
  • FIRMWARE_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The firmware is unknown.
  • The firmware is EFI.
  • The firmware is BIOS.
readOnlyTrue
typestring
vmCapabilitiesInfo
$refVmCapabilities
descriptionOutput only. Information about VM capabilities needed for some Compute Engine features.
readOnlyTrue
typeobject
AwsVmDetails
descriptionAwsVmDetails describes a VM in AWS.
idAwsVmDetails
properties
architecture
descriptionThe CPU architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • I386
  • X86_64
  • ARM64
  • X86_64_MAC
enumDescriptions
  • The architecture is unknown.
  • The architecture is I386.
  • The architecture is X86_64.
  • The architecture is ARM64.
  • The architecture is X86_64_MAC.
typestring
bootOption
descriptionThe VM Boot Option.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is UEFI.
  • The boot option is LEGACY-BIOS.
typestring
committedStorageMb
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
cpuCount
descriptionThe number of cpus the VM has.
formatint32
typeinteger
diskCount
descriptionThe number of disks the VM has.
formatint32
typeinteger
displayName
descriptionThe display name of the VM. Note that this value is not necessarily unique.
typestring
instanceType
descriptionThe instance type of the VM.
typestring
memoryMb
descriptionThe memory size of the VM in MB.
formatint32
typeinteger
osDescription
descriptionThe VM's OS.
typestring
powerState
descriptionOutput only. The power state of the VM at the moment list was taken.
enum
  • POWER_STATE_UNSPECIFIED
  • ON
  • OFF
  • SUSPENDED
  • PENDING
enumDescriptions
  • Power state is not specified.
  • The VM is turned on.
  • The VM is turned off.
  • The VM is suspended. This is similar to hibernation or sleep mode.
  • The VM is starting.
readOnlyTrue
typestring
securityGroups
descriptionThe security groups the VM belongs to.
items
$refAwsSecurityGroup
typearray
sourceDescription
descriptionThe descriptive name of the AWS's source this VM is connected to.
typestring
sourceId
descriptionThe id of the AWS's source this VM is connected to.
typestring
tags
additionalProperties
typestring
descriptionThe tags of the VM.
typeobject
virtualizationType
descriptionThe virtualization type.
enum
  • VM_VIRTUALIZATION_TYPE_UNSPECIFIED
  • HVM
  • PARAVIRTUAL
enumDescriptions
  • The virtualization type is unknown.
  • The virtualziation type is HVM.
  • The virtualziation type is PARAVIRTUAL.
typestring
vmId
descriptionThe VM ID in AWS.
typestring
vpcId
descriptionThe VPC ID the VM belongs to.
typestring
zone
descriptionThe AWS zone of the VM.
typestring
typeobject
AwsVmsDetails
descriptionAWSVmsDetails describes VMs in AWS.
idAwsVmsDetails
properties
details
descriptionThe details of the AWS VMs.
items
$refAwsVmDetails
typearray
typeobject
AzureDiskDetails
descriptionThe details of an Azure VM disk.
idAzureDiskDetails
properties
diskId
descriptionOutput only. Azure disk ID.
readOnlyTrue
typestring
diskNumber
descriptionOutput only. The ordinal number of the disk.
formatint32
readOnlyTrue
typeinteger
sizeGb
descriptionOutput only. Size in GB.
formatint64
readOnlyTrue
typestring
typeobject
AzureSourceDetails
descriptionAzureSourceDetails message describes a specific source details for the Azure source type.
idAzureSourceDetails
properties
azureLocation
descriptionImmutable. The Azure location (region) that the source VMs will be migrated from.
typestring
clientSecretCreds
$refClientSecretCredentials
descriptionAzure Credentials using tenant ID, client ID and secret.
error
$refStatus
descriptionOutput only. Provides details on the state of the Source in case of an error.
readOnlyTrue
migrationResourcesUserTags
additionalProperties
typestring
descriptionUser specified tags to add to every M2VM generated resource in Azure. These tags will be set in addition to the default tags that are set as part of the migration process. The tags must not begin with the reserved prefix `m4ce` or `m2vm`.
typeobject
resourceGroupId
descriptionOutput only. The ID of the Azure resource group that contains all resources related to the migration process of this source.
readOnlyTrue
typestring
state
descriptionOutput only. State of the source as determined by the health check.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • FAILED
  • ACTIVE
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The state was not sampled by the health checks yet.
  • The source is available but might not be usable yet due to invalid credentials or another reason. The error message will contain further details.
  • The source exists and its credentials were verified.
readOnlyTrue
typestring
subscriptionId
descriptionImmutable. Azure subscription ID.
typestring
typeobject
AzureSourceVmDetails
descriptionRepresent the source Azure VM details.
idAzureSourceVmDetails
properties
architecture
descriptionOutput only. The VM architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
committedStorageBytes
descriptionOutput only. The total size of the disks being migrated in bytes.
formatint64
readOnlyTrue
typestring
disks
descriptionOutput only. The disks attached to the source VM.
items
$refAzureDiskDetails
readOnlyTrue
typearray
firmware
descriptionOutput only. The firmware type of the source VM.
enum
  • FIRMWARE_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The firmware is unknown.
  • The firmware is EFI.
  • The firmware is BIOS.
readOnlyTrue
typestring
vmCapabilitiesInfo
$refVmCapabilities
descriptionOutput only. Information about VM capabilities needed for some Compute Engine features.
readOnlyTrue
typeobject
AzureVmDetails
descriptionAzureVmDetails describes a VM in Azure.
idAzureVmDetails
properties
architecture
descriptionThe CPU architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
typestring
bootOption
descriptionThe VM Boot Option.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is UEFI.
  • The boot option is BIOS.
typestring
committedStorageMb
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
computerName
descriptionThe VM's ComputerName.
typestring
cpuCount
descriptionThe number of cpus the VM has.
formatint32
typeinteger
diskCount
descriptionThe number of disks the VM has, including OS disk.
formatint32
typeinteger
disks
descriptionDescription of the data disks.
items
$refDisk
typearray
memoryMb
descriptionThe memory size of the VM in MB.
formatint32
typeinteger
osDescription
$refOSDescription
descriptionDescription of the OS.
osDisk
$refOSDisk
descriptionDescription of the OS disk.
powerState
descriptionThe power state of the VM at the moment list was taken.
enum
  • POWER_STATE_UNSPECIFIED
  • STARTING
  • RUNNING
  • STOPPING
  • STOPPED
  • DEALLOCATING
  • DEALLOCATED
  • UNKNOWN
enumDescriptions
  • Power state is not specified.
  • The VM is starting.
  • The VM is running.
  • The VM is stopping.
  • The VM is stopped.
  • The VM is deallocating.
  • The VM is deallocated.
  • The VM's power state is unknown.
typestring
tags
additionalProperties
typestring
descriptionThe tags of the VM.
typeobject
vmId
descriptionThe VM full path in Azure.
typestring
vmSize
descriptionVM size as configured in Azure. Determines the VM's hardware spec.
typestring
typeobject
AzureVmsDetails
descriptionAzureVmsDetails describes VMs in Azure.
idAzureVmsDetails
properties
details
descriptionThe details of the Azure VMs.
items
$refAzureVmDetails
typearray
typeobject
BootDiskDefaults
descriptionBootDiskDefaults hold information about the boot disk of a VM.
idBootDiskDefaults
properties
deviceName
descriptionOptional. Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
typestring
diskName
descriptionOptional. The name of the disk.
typestring
diskType
descriptionOptional. The type of disk provisioning to use for the VM.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
encryption
$refEncryption
descriptionOptional. The encryption to apply to the boot disk.
image
$refDiskImageDefaults
descriptionThe image to use when creating the disk.
typeobject
CancelCloneJobRequest
descriptionRequest message for 'CancelCloneJob' request.
idCancelCloneJobRequest
properties
typeobject
CancelCutoverJobRequest
descriptionRequest message for 'CancelCutoverJob' request.
idCancelCutoverJobRequest
properties
typeobject
CancelImageImportJobRequest
descriptionRequest message for 'CancelImageImportJob' request.
idCancelImageImportJobRequest
properties
typeobject
CancelOperationRequest
descriptionThe request message for Operations.CancelOperation.
idCancelOperationRequest
properties
typeobject
ClientSecretCredentials
descriptionMessage describing Azure Credentials using tenant ID, client ID and secret.
idClientSecretCredentials
properties
clientId
descriptionAzure client ID.
typestring
clientSecret
descriptionInput only. Azure client secret.
typestring
tenantId
descriptionAzure tenant ID.
typestring
typeobject
CloneJob
descriptionCloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
idCloneJob
properties
computeEngineDisksTargetDetails
$refComputeEngineDisksTargetDetails
descriptionOutput only. Details of the target Persistent Disks in Compute Engine.
readOnlyTrue
computeEngineTargetDetails
$refComputeEngineTargetDetails
descriptionOutput only. Details of the target VM in Compute Engine.
readOnlyTrue
createTime
descriptionOutput only. The time the clone job was created (as an API call, not when it was actually created in the target).
formatgoogle-datetime
readOnlyTrue
typestring
endTime
descriptionOutput only. The time the clone job was ended.
formatgoogle-datetime
readOnlyTrue
typestring
error
$refStatus
descriptionOutput only. Provides details for the errors that led to the Clone Job's state.
readOnlyTrue
name
descriptionOutput only. The name of the clone.
readOnlyTrue
typestring
state
descriptionOutput only. State of the clone job.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • ACTIVE
  • FAILED
  • SUCCEEDED
  • CANCELLED
  • CANCELLING
  • ADAPTING_OS
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The clone job has not yet started.
  • The clone job is active and running.
  • The clone job finished with errors.
  • The clone job finished successfully.
  • The clone job was cancelled.
  • The clone job is being cancelled.
  • OS adaptation is running as part of the clone job to generate license.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last updated.
formatgoogle-datetime
readOnlyTrue
typestring
steps
descriptionOutput only. The clone steps list representing its progress.
items
$refCloneStep
readOnlyTrue
typearray
typeobject
CloneStep
descriptionCloneStep holds information about the clone step progress.
idCloneStep
properties
adaptingOs
$refAdaptingOSStep
descriptionAdapting OS step.
endTime
descriptionThe time the step has ended.
formatgoogle-datetime
typestring
instantiatingMigratedVm
$refInstantiatingMigratedVMStep
descriptionInstantiating migrated VM step.
preparingVmDisks
$refPreparingVMDisksStep
descriptionPreparing VM disks step.
startTime
descriptionThe time the step has started.
formatgoogle-datetime
typestring
typeobject
ComputeEngineDisksTargetDefaults
descriptionComputeEngineDisksTargetDefaults is a collection of details for creating Persistent Disks in a target Compute Engine project.
idComputeEngineDisksTargetDefaults
properties
disks
descriptionThe details of each Persistent Disk to create.
items
$refPersistentDiskDefaults
typearray
disksTargetDefaults
$refDisksMigrationDisksTargetDefaults
descriptionDetails of the disk only migration target.
targetProject
descriptionThe full path of the resource of type TargetProject which represents the Compute Engine project in which to create the Persistent Disks.
typestring
vmTargetDefaults
$refDisksMigrationVmTargetDefaults
descriptionDetails of the VM migration target.
zone
descriptionThe zone in which to create the Persistent Disks.
typestring
typeobject
ComputeEngineDisksTargetDetails
descriptionComputeEngineDisksTargetDetails is a collection of created Persistent Disks details.
idComputeEngineDisksTargetDetails
properties
disks
descriptionThe details of each created Persistent Disk.
items
$refPersistentDisk
typearray
disksTargetDetails
$refDisksMigrationDisksTargetDetails
descriptionDetails of the disks-only migration target.
vmTargetDetails
$refDisksMigrationVmTargetDetails
descriptionDetails for the VM the migrated data disks are attached to.
typeobject
ComputeEngineTargetDefaults
descriptionComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project.
idComputeEngineTargetDefaults
properties
additionalLicenses
descriptionAdditional licenses to assign to the VM.
items
typestring
typearray
appliedLicense
$refAppliedLicense
descriptionOutput only. The OS license returned from the adaptation module report.
readOnlyTrue
bootConversion
descriptionOptional. By default the virtual machine will keep its existing boot option. Setting this property will trigger an internal process which will convert the virtual machine from using the existing boot option to another.
enum
  • BOOT_CONVERSION_UNSPECIFIED
  • NONE
  • BIOS_TO_EFI
enumDescriptions
  • Unspecified conversion type.
  • No conversion.
  • Convert from BIOS to EFI.
typestring
bootOption
descriptionOutput only. The VM Boot Option, as set in the source VM.
enum
  • COMPUTE_ENGINE_BOOT_OPTION_UNSPECIFIED
  • COMPUTE_ENGINE_BOOT_OPTION_EFI
  • COMPUTE_ENGINE_BOOT_OPTION_BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
readOnlyTrue
typestring
computeScheduling
$refComputeScheduling
descriptionCompute instance scheduling information (if empty default is used).
diskType
descriptionThe disk type to use in the VM.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance has integrity monitoring enabled. This can be set to true only if the VM boot option is EFI, and vTPM is enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance has vTPM enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
encryption
$refEncryption
descriptionOptional. Immutable. The encryption to apply to the VM disks.
hostname
descriptionThe hostname to assign to the VM.
typestring
labels
additionalProperties
typestring
descriptionA map of labels to associate with the VM.
typeobject
licenseType
descriptionThe license type to use in OS adaptation.
enum
  • COMPUTE_ENGINE_LICENSE_TYPE_DEFAULT
  • COMPUTE_ENGINE_LICENSE_TYPE_PAYG
  • COMPUTE_ENGINE_LICENSE_TYPE_BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
machineType
descriptionThe machine type to create the VM with.
typestring
machineTypeSeries
descriptionThe machine type series to create the VM with.
typestring
metadata
additionalProperties
typestring
descriptionThe metadata key/value pairs to assign to the VM.
typeobject
networkInterfaces
descriptionList of NICs connected to this VM.
items
$refNetworkInterface
typearray
networkTags
descriptionA list of network tags to associate with the VM.
items
typestring
typearray
secureBoot
descriptionDefines whether the instance has Secure Boot enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
serviceAccount
descriptionThe service account to associate the VM with.
typestring
targetProject
descriptionThe full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
typestring
vmName
descriptionThe name of the VM to create.
typestring
zone
descriptionThe zone in which to create the VM.
typestring
typeobject
ComputeEngineTargetDetails
descriptionComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project.
idComputeEngineTargetDetails
properties
additionalLicenses
descriptionAdditional licenses to assign to the VM.
items
typestring
typearray
appliedLicense
$refAppliedLicense
descriptionThe OS license returned from the adaptation module report.
bootConversion
descriptionOptional. By default the virtual machine will keep its existing boot option. Setting this property will trigger an internal process which will convert the virtual machine from using the existing boot option to another.
enum
  • BOOT_CONVERSION_UNSPECIFIED
  • NONE
  • BIOS_TO_EFI
enumDescriptions
  • Unspecified conversion type.
  • No conversion.
  • Convert from BIOS to EFI.
typestring
bootOption
descriptionThe VM Boot Option, as set in the source VM.
enum
  • COMPUTE_ENGINE_BOOT_OPTION_UNSPECIFIED
  • COMPUTE_ENGINE_BOOT_OPTION_EFI
  • COMPUTE_ENGINE_BOOT_OPTION_BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
typestring
computeScheduling
$refComputeScheduling
descriptionCompute instance scheduling information (if empty default is used).
diskType
descriptionThe disk type to use in the VM.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance has integrity monitoring enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance has vTPM enabled.
typeboolean
encryption
$refEncryption
descriptionOptional. The encryption to apply to the VM disks.
hostname
descriptionThe hostname to assign to the VM.
typestring
labels
additionalProperties
typestring
descriptionA map of labels to associate with the VM.
typeobject
licenseType
descriptionThe license type to use in OS adaptation.
enum
  • COMPUTE_ENGINE_LICENSE_TYPE_DEFAULT
  • COMPUTE_ENGINE_LICENSE_TYPE_PAYG
  • COMPUTE_ENGINE_LICENSE_TYPE_BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
machineType
descriptionThe machine type to create the VM with.
typestring
machineTypeSeries
descriptionThe machine type series to create the VM with.
typestring
metadata
additionalProperties
typestring
descriptionThe metadata key/value pairs to assign to the VM.
typeobject
networkInterfaces
descriptionList of NICs connected to this VM.
items
$refNetworkInterface
typearray
networkTags
descriptionA list of network tags to associate with the VM.
items
typestring
typearray
project
descriptionThe Google Cloud target project ID or project name.
typestring
secureBoot
descriptionDefines whether the instance has Secure Boot enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
serviceAccount
descriptionThe service account to associate the VM with.
typestring
vmName
descriptionThe name of the VM to create.
typestring
zone
descriptionThe zone in which to create the VM.
typestring
typeobject
ComputeScheduling
descriptionScheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. Options for instance behavior when the host machine undergoes maintenance that may temporarily impact instance performance.
idComputeScheduling
properties
minNodeCpus
descriptionThe minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
formatint32
typeinteger
nodeAffinities
descriptionA set of node affinity and anti-affinity configurations for sole tenant nodes.
items
$refSchedulingNodeAffinity
typearray
onHostMaintenance
descriptionHow the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
enum
  • ON_HOST_MAINTENANCE_UNSPECIFIED
  • TERMINATE
  • MIGRATE
enumDescriptions
  • An unknown, unexpected behavior.
  • Terminate the instance when the host machine undergoes maintenance.
  • Migrate the instance when the host machine undergoes maintenance.
typestring
restartType
descriptionWhether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
enum
  • RESTART_TYPE_UNSPECIFIED
  • AUTOMATIC_RESTART
  • NO_AUTOMATIC_RESTART
enumDescriptions
  • Unspecified behavior. This will use the default.
  • The Instance should be automatically restarted whenever it is terminated by Compute Engine.
  • The Instance isn't automatically restarted whenever it is terminated by Compute Engine.
typestring
typeobject
CreatingImageStep
descriptionCreatingImageStep contains specific step details.
idCreatingImageStep
properties
typeobject
CutoverForecast
descriptionCutoverForecast holds information about future CutoverJobs of a MigratingVm.
idCutoverForecast
properties
estimatedCutoverJobDuration
descriptionOutput only. Estimation of the CutoverJob duration.
formatgoogle-duration
readOnlyTrue
typestring
typeobject
CutoverJob
descriptionCutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and cloning the VM using the replicated snapshot.
idCutoverJob
properties
computeEngineDisksTargetDetails
$refComputeEngineDisksTargetDetails
descriptionOutput only. Details of the target Persistent Disks in Compute Engine.
readOnlyTrue
computeEngineTargetDetails
$refComputeEngineTargetDetails
descriptionOutput only. Details of the target VM in Compute Engine.
readOnlyTrue
createTime
descriptionOutput only. The time the cutover job was created (as an API call, not when it was actually created in the target).
formatgoogle-datetime
readOnlyTrue
typestring
endTime
descriptionOutput only. The time the cutover job had finished.
formatgoogle-datetime
readOnlyTrue
typestring
error
$refStatus
descriptionOutput only. Provides details for the errors that led to the Cutover Job's state.
readOnlyTrue
name
descriptionOutput only. The name of the cutover job.
readOnlyTrue
typestring
progressPercent
descriptionOutput only. The current progress in percentage of the cutover job.
formatint32
readOnlyTrue
typeinteger
state
descriptionOutput only. State of the cutover job.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • FAILED
  • SUCCEEDED
  • CANCELLED
  • CANCELLING
  • ACTIVE
  • ADAPTING_OS
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The cutover job has not yet started.
  • The cutover job finished with errors.
  • The cutover job finished successfully.
  • The cutover job was cancelled.
  • The cutover job is being cancelled.
  • The cutover job is active and running.
  • OS adaptation is running as part of the cutover job to generate license.
readOnlyTrue
typestring
stateMessage
descriptionOutput only. A message providing possible extra details about the current state.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last updated.
formatgoogle-datetime
readOnlyTrue
typestring
steps
descriptionOutput only. The cutover steps list representing its progress.
items
$refCutoverStep
readOnlyTrue
typearray
typeobject
CutoverStep
descriptionCutoverStep holds information about the cutover step progress.
idCutoverStep
properties
endTime
descriptionThe time the step has ended.
formatgoogle-datetime
typestring
finalSync
$refReplicationCycle
descriptionFinal sync step.
instantiatingMigratedVm
$refInstantiatingMigratedVMStep
descriptionInstantiating migrated VM step.
preparingVmDisks
$refPreparingVMDisksStep
descriptionPreparing VM disks step.
previousReplicationCycle
$refReplicationCycle
descriptionA replication cycle prior cutover step.
shuttingDownSourceVm
$refShuttingDownSourceVMStep
descriptionShutting down VM step.
startTime
descriptionThe time the step has started.
formatgoogle-datetime
typestring
typeobject
CycleStep
descriptionCycleStep holds information about a step progress.
idCycleStep
properties
endTime
descriptionThe time the cycle step has ended.
formatgoogle-datetime
typestring
initializingReplication
$refInitializingReplicationStep
descriptionInitializing replication step.
postProcessing
$refPostProcessingStep
descriptionPost processing step.
replicating
$refReplicatingStep
descriptionReplicating step.
startTime
descriptionThe time the cycle step has started.
formatgoogle-datetime
typestring
typeobject
DataDiskImageImport
descriptionMentions that the image import is not using OS adaptation process.
idDataDiskImageImport
properties
typeobject
DatacenterConnector
descriptionDatacenterConnector message describes a connector between the Source and Google Cloud, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to Google Cloud and support vm migration data transfer.
idDatacenterConnector
properties
applianceInfrastructureVersion
descriptionOutput only. Appliance OVA version. This is the OVA which is manually installed by the user and contains the infrastructure for the automatically updatable components on the appliance.
readOnlyTrue
typestring
applianceSoftwareVersion
descriptionOutput only. Appliance last installed update bundle version. This is the version of the automatically updatable components on the appliance.
readOnlyTrue
typestring
availableVersions
$refAvailableUpdates
descriptionOutput only. The available versions for updating this appliance.
readOnlyTrue
bucket
descriptionOutput only. The communication channel between the datacenter connector and Google Cloud.
readOnlyTrue
typestring
createTime
descriptionOutput only. The time the connector was created (as an API call, not when it was actually installed).
formatgoogle-datetime
readOnlyTrue
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the Datacenter Connector in case of an error.
readOnlyTrue
name
descriptionOutput only. The connector's name.
readOnlyTrue
typestring
registrationId
descriptionImmutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
typestring
serviceAccount
descriptionThe service account to use in the connector when communicating with the cloud.
typestring
state
descriptionOutput only. State of the DatacenterConnector, as determined by the health checks.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • OFFLINE
  • FAILED
  • ACTIVE
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The state was not sampled by the health checks yet.
  • The source was sampled by health checks and is not available.
  • The source is available but might not be usable yet due to unvalidated credentials or another reason. The credentials referred to are the ones to the Source. The error message will contain further details.
  • The source exists and its credentials were verified.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last set.
formatgoogle-datetime
readOnlyTrue
typestring
updateTime
descriptionOutput only. The last time the connector was updated with an API call.
formatgoogle-datetime
readOnlyTrue
typestring
upgradeStatus
$refUpgradeStatus
descriptionOutput only. The status of the current / last upgradeAppliance operation.
readOnlyTrue
version
descriptionThe version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
typestring
typeobject
Disk
descriptionA message describing a data disk.
idDisk
properties
lun
descriptionThe disk's Logical Unit Number (LUN).
formatint32
typeinteger
name
descriptionThe disk name.
typestring
sizeGb
descriptionThe disk size in GB.
formatint32
typeinteger
typeobject
DiskImageDefaults
descriptionContains details about the image source used to create the disk.
idDiskImageDefaults
properties
sourceImage
descriptionRequired. The Image resource used when creating the disk.
typestring
typeobject
DiskImageTargetDetails
descriptionThe target details of the image resource that will be created by the import job.
idDiskImageTargetDetails
properties
additionalLicenses
descriptionOptional. Additional licenses to assign to the image. Format: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/licenses/LICENSE_NAME Or https://www.googleapis.com/compute/beta/projects/PROJECT_ID/global/licenses/LICENSE_NAME
items
typestring
typearray
dataDiskImageImport
$refDataDiskImageImport
descriptionOptional. Use to skip OS adaptation process.
description
descriptionOptional. An optional description of the image.
typestring
encryption
$refEncryption
descriptionImmutable. The encryption to apply to the image.
familyName
descriptionOptional. The name of the image family to which the new image belongs.
typestring
imageName
descriptionRequired. The name of the image to be created.
typestring
labels
additionalProperties
typestring
descriptionOptional. A map of labels to associate with the image.
typeobject
osAdaptationParameters
$refImageImportOsAdaptationParameters
descriptionOptional. Use to set the parameters relevant for the OS adaptation process.
singleRegionStorage
descriptionOptional. Set to true to set the image storageLocations to the single region of the import job. When false, the closest multi-region is selected.
typeboolean
targetProject
descriptionRequired. Reference to the TargetProject resource that represents the target project in which the imported image will be created.
typestring
typeobject
DisksMigrationDisksTargetDefaults
descriptionDetails for a disk only migration.
idDisksMigrationDisksTargetDefaults
properties
typeobject
DisksMigrationDisksTargetDetails
descriptionDetails for a disks-only migration.
idDisksMigrationDisksTargetDetails
properties
typeobject
DisksMigrationVmTargetDefaults
descriptionDetails for creation of a VM that migrated data disks will be attached to.
idDisksMigrationVmTargetDefaults
properties
additionalLicenses
descriptionOptional. Additional licenses to assign to the VM.
items
typestring
typearray
bootDiskDefaults
$refBootDiskDefaults
descriptionOptional. Details of the boot disk of the VM.
computeScheduling
$refComputeScheduling
descriptionOptional. Compute instance scheduling information (if empty default is used).
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance has integrity monitoring enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance has vTPM enabled.
typeboolean
encryption
$refEncryption
descriptionOptional. The encryption to apply to the VM.
hostname
descriptionOptional. The hostname to assign to the VM.
typestring
labels
additionalProperties
typestring
descriptionOptional. A map of labels to associate with the VM.
typeobject
machineType
descriptionRequired. The machine type to create the VM with.
typestring
machineTypeSeries
descriptionOptional. The machine type series to create the VM with. For presentation only.
typestring
metadata
additionalProperties
typestring
descriptionOptional. The metadata key/value pairs to assign to the VM.
typeobject
networkInterfaces
descriptionOptional. NICs to attach to the VM.
items
$refNetworkInterface
typearray
networkTags
descriptionOptional. A list of network tags to associate with the VM.
items
typestring
typearray
secureBoot
descriptionOptional. Defines whether the instance has Secure Boot enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
serviceAccount
descriptionOptional. The service account to associate the VM with.
typestring
vmName
descriptionRequired. The name of the VM to create.
typestring
typeobject
DisksMigrationVmTargetDetails
descriptionDetails for the VM created VM as part of disks migration.
idDisksMigrationVmTargetDetails
properties
vmUri
descriptionOutput only. The URI of the Compute Engine VM.
readOnlyTrue
typestring
typeobject
Empty
descriptionA generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
idEmpty
properties
typeobject
Encryption
descriptionEncryption message describes the details of the applied encryption.
idEncryption
properties
kmsKey
descriptionRequired. The name of the encryption key that is stored in Google Cloud KMS.
typestring
typeobject
FetchInventoryResponse
descriptionResponse message for fetchInventory.
idFetchInventoryResponse
properties
awsVms
$refAwsVmsDetails
descriptionThe description of the VMs in a Source of type AWS.
azureVms
$refAzureVmsDetails
descriptionThe description of the VMs in a Source of type Azure.
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
updateTime
descriptionOutput only. The timestamp when the source was last queried (if the result is from the cache).
formatgoogle-datetime
readOnlyTrue
typestring
vmwareVms
$refVmwareVmsDetails
descriptionThe description of the VMs in a Source of type Vmware.
typeobject
FinalizeMigrationRequest
descriptionRequest message for 'FinalizeMigration' request.
idFinalizeMigrationRequest
properties
typeobject
Group
descriptionDescribes message for 'Group' resource. The Group is a collections of several MigratingVms.
idGroup
properties
createTime
descriptionOutput only. The create time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionUser-provided description of the group.
typestring
displayName
descriptionDisplay name is a user defined name for this group which can be updated.
typestring
migrationTargetType
descriptionImmutable. The target type of this group.
enum
  • MIGRATION_TARGET_TYPE_UNSPECIFIED
  • MIGRATION_TARGET_TYPE_GCE
  • MIGRATION_TARGET_TYPE_DISKS
enumDescriptions
  • Group type is not specified. This defaults to Compute Engine targets.
  • All MigratingVMs in the group must have Compute Engine targets.
  • All MigratingVMs in the group must have Compute Engine Disks targets.
typestring
name
descriptionOutput only. The Group name.
readOnlyTrue
typestring
updateTime
descriptionOutput only. The update time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
ImageImport
descriptionImageImport describes the configuration of the image import to run.
idImageImport
properties
cloudStorageUri
descriptionImmutable. The path to the Cloud Storage file from which the image should be imported.
typestring
createTime
descriptionOutput only. The time the image import was created.
formatgoogle-datetime
readOnlyTrue
typestring
diskImageTargetDefaults
$refDiskImageTargetDetails
descriptionImmutable. Target details for importing a disk image, will be used by ImageImportJob.
encryption
$refEncryption
descriptionImmutable. The encryption details used by the image import process during the image adaptation for Compute Engine.
machineImageTargetDefaults
$refMachineImageTargetDetails
descriptionImmutable. Target details for importing a machine image, will be used by ImageImportJob.
name
descriptionOutput only. The resource path of the ImageImport.
readOnlyTrue
typestring
recentImageImportJobs
descriptionOutput only. The result of the most recent runs for this ImageImport. All jobs for this ImageImport can be listed via ListImageImportJobs.
items
$refImageImportJob
readOnlyTrue
typearray
typeobject
ImageImportJob
descriptionImageImportJob describes the progress and result of an image import.
idImageImportJob
properties
cloudStorageUri
descriptionOutput only. The path to the Cloud Storage file from which the image should be imported.
readOnlyTrue
typestring
createTime
descriptionOutput only. The time the image import was created (as an API call, not when it was actually created in the target).
formatgoogle-datetime
readOnlyTrue
typestring
createdResources
descriptionOutput only. The resource paths of the resources created by the image import job.
items
typestring
readOnlyTrue
typearray
diskImageTargetDetails
$refDiskImageTargetDetails
descriptionOutput only. Target details used to import a disk image.
readOnlyTrue
endTime
descriptionOutput only. The time the image import was ended.
formatgoogle-datetime
readOnlyTrue
typestring
errors
descriptionOutput only. Provides details on the error that led to the image import state in case of an error.
items
$refStatus
readOnlyTrue
typearray
machineImageTargetDetails
$refMachineImageTargetDetails
descriptionOutput only. Target details used to import a machine image.
readOnlyTrue
name
descriptionOutput only. The resource path of the ImageImportJob.
readOnlyTrue
typestring
state
descriptionOutput only. The state of the image import.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • RUNNING
  • SUCCEEDED
  • FAILED
  • CANCELLING
  • CANCELLED
enumDescriptions
  • The state is unknown.
  • The image import has not yet started.
  • The image import is active and running.
  • The image import has finished successfully.
  • The image import has finished with errors.
  • The image import is being cancelled.
  • The image import was cancelled.
readOnlyTrue
typestring
steps
descriptionOutput only. The image import steps list representing its progress.
items
$refImageImportStep
readOnlyTrue
typearray
warnings
descriptionOutput only. Warnings that occurred during the image import.
items
$refMigrationWarning
readOnlyTrue
typearray
typeobject
ImageImportOsAdaptationParameters
descriptionParameters affecting the OS adaptation process.
idImageImportOsAdaptationParameters
properties
generalize
descriptionOptional. Set to true in order to generalize the imported image. The generalization process enables co-existence of multiple VMs created from the same image. For Windows, generalizing the image removes computer-specific information such as installed drivers and the computer security identifier (SID).
typeboolean
licenseType
descriptionOptional. Choose which type of license to apply to the imported image.
enum
  • COMPUTE_ENGINE_LICENSE_TYPE_DEFAULT
  • COMPUTE_ENGINE_LICENSE_TYPE_PAYG
  • COMPUTE_ENGINE_LICENSE_TYPE_BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
typeobject
ImageImportStep
descriptionImageImportStep holds information about the image import step progress.
idImageImportStep
properties
adaptingOs
$refAdaptingOSStep
descriptionAdapting OS step.
creatingImage
$refCreatingImageStep
descriptionCreating image step.
endTime
descriptionOutput only. The time the step has ended.
formatgoogle-datetime
readOnlyTrue
typestring
initializing
$refInitializingImageImportStep
descriptionInitializing step.
loadingSourceFiles
$refLoadingImageSourceFilesStep
descriptionLoading source files step.
startTime
descriptionOutput only. The time the step has started.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
InitializingImageImportStep
descriptionInitializingImageImportStep contains specific step details.
idInitializingImageImportStep
properties
typeobject
InitializingReplicationStep
descriptionInitializingReplicationStep contains specific step details.
idInitializingReplicationStep
properties
typeobject
InstantiatingMigratedVMStep
descriptionInstantiatingMigratedVMStep contains specific step details.
idInstantiatingMigratedVMStep
properties
typeobject
Link
descriptionDescribes a URL link.
idLink
properties
description
descriptionDescribes what the link offers.
typestring
url
descriptionThe URL of the link.
typestring
typeobject
ListCloneJobsResponse
descriptionResponse message for 'ListCloneJobs' request.
idListCloneJobsResponse
properties
cloneJobs
descriptionOutput only. The list of clone jobs response.
items
$refCloneJob
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListCutoverJobsResponse
descriptionResponse message for 'ListCutoverJobs' request.
idListCutoverJobsResponse
properties
cutoverJobs
descriptionOutput only. The list of cutover jobs response.
items
$refCutoverJob
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListDatacenterConnectorsResponse
descriptionResponse message for 'ListDatacenterConnectors' request.
idListDatacenterConnectorsResponse
properties
datacenterConnectors
descriptionOutput only. The list of sources response.
items
$refDatacenterConnector
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListGroupsResponse
descriptionResponse message for 'ListGroups' request.
idListGroupsResponse
properties
groups
descriptionOutput only. The list of groups response.
items
$refGroup
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListImageImportJobsResponse
descriptionResponse message for 'ListImageImportJobs' call.
idListImageImportJobsResponse
properties
imageImportJobs
descriptionOutput only. The list of target response.
items
$refImageImportJob
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListImageImportsResponse
descriptionResponse message for 'ListImageImports' call.
idListImageImportsResponse
properties
imageImports
descriptionOutput only. The list of target response.
items
$refImageImport
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListLocationsResponse
descriptionThe response message for Locations.ListLocations.
idListLocationsResponse
properties
locations
descriptionA list of locations that matches the specified filter in the request.
items
$refLocation
typearray
nextPageToken
descriptionThe standard List next-page token.
typestring
typeobject
ListMigratingVmsResponse
descriptionResponse message for 'ListMigratingVms' request.
idListMigratingVmsResponse
properties
migratingVms
descriptionOutput only. The list of Migrating VMs response.
items
$refMigratingVm
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListOperationsResponse
descriptionThe response message for Operations.ListOperations.
idListOperationsResponse
properties
nextPageToken
descriptionThe standard List next-page token.
typestring
operations
descriptionA list of operations that matches the specified filter in the request.
items
$refOperation
typearray
typeobject
ListReplicationCyclesResponse
descriptionResponse message for 'ListReplicationCycles' request.
idListReplicationCyclesResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
replicationCycles
descriptionOutput only. The list of replication cycles response.
items
$refReplicationCycle
readOnlyTrue
typearray
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListSourcesResponse
descriptionResponse message for 'ListSources' request.
idListSourcesResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
sources
descriptionOutput only. The list of sources response.
items
$refSource
readOnlyTrue
typearray
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListTargetProjectsResponse
descriptionResponse message for 'ListTargetProjects' call.
idListTargetProjectsResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
targetProjects
descriptionOutput only. The list of target response.
items
$refTargetProject
readOnlyTrue
typearray
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListUtilizationReportsResponse
descriptionResponse message for 'ListUtilizationReports' request.
idListUtilizationReportsResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
utilizationReports
descriptionOutput only. The list of reports.
items
$refUtilizationReport
readOnlyTrue
typearray
typeobject
LoadingImageSourceFilesStep
descriptionLoadingImageSourceFilesStep contains specific step details.
idLoadingImageSourceFilesStep
properties
typeobject
LocalizedMessage
descriptionProvides a localized error message that is safe to return to the user which can be attached to an RPC error.
idLocalizedMessage
properties
locale
descriptionThe locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX"
typestring
message
descriptionThe localized error message in the above locale.
typestring
typeobject
Location
descriptionA resource that represents a Google Cloud location.
idLocation
properties
displayName
descriptionThe friendly name for this location, typically a nearby city name. For example, "Tokyo".
typestring
labels
additionalProperties
typestring
descriptionCross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
typeobject
locationId
descriptionThe canonical id for this location. For example: `"us-east1"`.
typestring
metadata
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionService-specific metadata. For example the available capacity at the given location.
typeobject
name
descriptionResource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
typestring
typeobject
MachineImageParametersOverrides
descriptionParameters overriding decisions based on the source machine image configurations.
idMachineImageParametersOverrides
properties
machineType
descriptionOptional. The machine type to create the MachineImage with. If empty, the service will choose a relevant machine type based on the information from the source image. For more information about machine types, please refer to https://cloud.google.com/compute/docs/machine-resource.
typestring
typeobject
MachineImageTargetDetails
descriptionThe target details of the machine image resource that will be created by the image import job.
idMachineImageTargetDetails
properties
additionalLicenses
descriptionOptional. Additional licenses to assign to the instance created by the machine image. Format: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/licenses/LICENSE_NAME Or https://www.googleapis.com/compute/beta/projects/PROJECT_ID/global/licenses/LICENSE_NAME
items
typestring
typearray
description
descriptionOptional. An optional description of the machine image.
typestring
encryption
$refEncryption
descriptionImmutable. The encryption to apply to the machine image.
labels
additionalProperties
typestring
descriptionOptional. The labels to apply to the instance created by the machine image.
typeobject
machineImageName
descriptionRequired. The name of the machine image to be created.
typestring
machineImageParametersOverrides
$refMachineImageParametersOverrides
descriptionOptional. Parameters overriding decisions based on the source machine image configurations.
networkInterfaces
descriptionOptional. The network interfaces to create with the instance created by the machine image. Internal and external IP addresses are ignored for machine image import.
items
$refNetworkInterface
typearray
osAdaptationParameters
$refImageImportOsAdaptationParameters
descriptionOptional. Use to set the parameters relevant for the OS adaptation process.
serviceAccount
$refServiceAccount
descriptionOptional. The service account to assign to the instance created by the machine image.
shieldedInstanceConfig
$refShieldedInstanceConfig
descriptionOptional. Shielded instance configuration.
singleRegionStorage
descriptionOptional. Set to true to set the machine image storageLocations to the single region of the import job. When false, the closest multi-region is selected.
typeboolean
skipOsAdaptation
$refSkipOsAdaptation
descriptionOptional. Use to skip OS adaptation process.
tags
descriptionOptional. The tags to apply to the instance created by the machine image.
items
typestring
typearray
targetProject
descriptionRequired. Reference to the TargetProject resource that represents the target project in which the imported machine image will be created.
typestring
typeobject
MigratingVm
descriptionMigratingVm describes the VM that will be migrated from a Source environment and its replication state.
idMigratingVm
properties
awsSourceVmDetails
$refAwsSourceVmDetails
descriptionOutput only. Details of the VM from an AWS source.
readOnlyTrue
azureSourceVmDetails
$refAzureSourceVmDetails
descriptionOutput only. Details of the VM from an Azure source.
readOnlyTrue
computeEngineDisksTargetDefaults
$refComputeEngineDisksTargetDefaults
descriptionDetails of the target Persistent Disks in Compute Engine.
computeEngineTargetDefaults
$refComputeEngineTargetDefaults
descriptionDetails of the target VM in Compute Engine.
createTime
descriptionOutput only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
formatgoogle-datetime
readOnlyTrue
typestring
currentSyncInfo
$refReplicationCycle
descriptionOutput only. Details of the current running replication cycle.
readOnlyTrue
cutoverForecast
$refCutoverForecast
descriptionOutput only. Provides details of future CutoverJobs of a MigratingVm. Set to empty when cutover forecast is unavailable.
readOnlyTrue
description
descriptionThe description attached to the migrating VM by the user.
typestring
displayName
descriptionThe display name attached to the MigratingVm by the user.
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the Migrating VM in case of an error in replication.
readOnlyTrue
group
descriptionOutput only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
readOnlyTrue
typestring
labels
additionalProperties
typestring
descriptionThe labels of the migrating VM.
typeobject
lastReplicationCycle
$refReplicationCycle
descriptionOutput only. Details of the last replication cycle. This will be updated whenever a replication cycle is finished and is not to be confused with last_sync which is only updated on successful replication cycles.
readOnlyTrue
lastSync
$refReplicationSync
descriptionOutput only. The most updated snapshot created time in the source that finished replication.
readOnlyTrue
name
descriptionOutput only. The identifier of the MigratingVm.
readOnlyTrue
typestring
policy
$refSchedulePolicy
descriptionThe replication schedule policy.
recentCloneJobs
descriptionOutput only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
items
$refCloneJob
readOnlyTrue
typearray
recentCutoverJobs
descriptionOutput only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
items
$refCutoverJob
readOnlyTrue
typearray
sourceVmId
descriptionThe unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
typestring
state
descriptionOutput only. State of the MigratingVm.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • READY
  • FIRST_SYNC
  • ACTIVE
  • CUTTING_OVER
  • CUTOVER
  • FINAL_SYNC
  • PAUSED
  • FINALIZING
  • FINALIZED
  • ERROR
enumDescriptions
  • The state was not sampled by the health checks yet.
  • The VM in the source is being verified.
  • The source VM was verified, and it's ready to start replication.
  • Migration is going through the first sync cycle.
  • The replication is active, and it's running or scheduled to run.
  • The source VM is being turned off, and a final replication is currently running.
  • The source VM was stopped and replicated. The replication is currently paused.
  • A cutover job is active and replication cycle is running the final sync.
  • The replication was paused by the user and no cycles are scheduled to run.
  • The migrating VM is being finalized and migration resources are being removed.
  • The replication process is done. The migrating VM is finalized and no longer consumes billable resources.
  • The replication process encountered an unrecoverable error and was aborted.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The last time the migrating VM state was updated.
formatgoogle-datetime
readOnlyTrue
typestring
updateTime
descriptionOutput only. The last time the migrating VM resource was updated.
formatgoogle-datetime
readOnlyTrue
typestring
vmwareSourceVmDetails
$refVmwareSourceVmDetails
descriptionOutput only. Details of the VM from a Vmware source.
readOnlyTrue
typeobject
MigrationError
descriptionRepresents migration resource error information that can be used with google.rpc.Status message. MigrationError is used to present the user with error information in migration operations.
idMigrationError
properties
actionItem
$refLocalizedMessage
descriptionOutput only. Suggested action for solving the error.
readOnlyTrue
code
descriptionOutput only. The error code.
enum
  • ERROR_CODE_UNSPECIFIED
  • UNKNOWN_ERROR
  • SOURCE_VALIDATION_ERROR
  • SOURCE_REPLICATION_ERROR
  • TARGET_REPLICATION_ERROR
  • OS_ADAPTATION_ERROR
  • CLONE_ERROR
  • CUTOVER_ERROR
  • UTILIZATION_REPORT_ERROR
  • APPLIANCE_UPGRADE_ERROR
  • IMAGE_IMPORT_ERROR
enumDescriptions
  • Default value. This value is not used.
  • Migrate to Virtual Machines encountered an unknown error.
  • Migrate to Virtual Machines encountered an error while validating replication source health.
  • Migrate to Virtual Machines encountered an error during source data operation.
  • Migrate to Virtual Machines encountered an error during target data operation.
  • Migrate to Virtual Machines encountered an error during OS adaptation.
  • Migrate to Virtual Machines encountered an error in clone operation.
  • Migrate to Virtual Machines encountered an error in cutover operation.
  • Migrate to Virtual Machines encountered an error during utilization report creation.
  • Migrate to Virtual Machines encountered an error during appliance upgrade.
  • Migrate to Virtual Machines encountered an error in image import operation.
readOnlyTrue
typestring
errorMessage
$refLocalizedMessage
descriptionOutput only. The localized error message.
readOnlyTrue
errorTime
descriptionOutput only. The time the error occurred.
formatgoogle-datetime
readOnlyTrue
typestring
helpLinks
descriptionOutput only. URL(s) pointing to additional information on handling the current error.
items
$refLink
readOnlyTrue
typearray
typeobject
MigrationWarning
descriptionRepresents migration resource warning information that can be used with google.rpc.Status message. MigrationWarning is used to present the user with warning information in migration operations.
idMigrationWarning
properties
actionItem
$refLocalizedMessage
descriptionOutput only. Suggested action for solving the warning.
readOnlyTrue
code
descriptionThe warning code.
enum
  • WARNING_CODE_UNSPECIFIED
  • ADAPTATION_WARNING
enumDescriptions
  • Default value. This value is not used.
  • A warning originated from OS Adaptation.
typestring
helpLinks
descriptionOutput only. URL(s) pointing to additional information on handling the current warning.
items
$refLink
readOnlyTrue
typearray
warningMessage
$refLocalizedMessage
descriptionOutput only. The localized warning message.
readOnlyTrue
warningTime
descriptionThe time the warning occurred.
formatgoogle-datetime
typestring
typeobject
NetworkInterface
descriptionNetworkInterface represents a NIC of a VM.
idNetworkInterface
properties
externalIp
descriptionOptional. The external IP to define in the NIC.
typestring
internalIp
descriptionOptional. The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
typestring
network
descriptionThe network to connect the NIC to.
typestring
networkTier
descriptionOptional. The networking tier used for optimizing connectivity between instances and systems on the internet. Applies only for external ephemeral IP addresses. If left empty, will default to PREMIUM.
enum
  • COMPUTE_ENGINE_NETWORK_TIER_UNSPECIFIED
  • NETWORK_TIER_STANDARD
  • NETWORK_TIER_PREMIUM
enumDescriptions
  • An unspecified network tier. Will be used as PREMIUM.
  • A standard network tier.
  • A premium network tier.
typestring
subnetwork
descriptionOptional. The subnetwork to connect the NIC to.
typestring
typeobject
OSDescription
descriptionA message describing the VM's OS. Including OS, Publisher, Offer and Plan if applicable.
idOSDescription
properties
offer
descriptionOS offer.
typestring
plan
descriptionOS plan.
typestring
publisher
descriptionOS publisher.
typestring
type
descriptionOS type.
typestring
typeobject
OSDisk
descriptionA message describing the OS disk.
idOSDisk
properties
name
descriptionThe disk's full name.
typestring
sizeGb
descriptionThe disk's size in GB.
formatint32
typeinteger
type
descriptionThe disk's type.
typestring
typeobject
Operation
descriptionThis resource represents a long-running operation that is the result of a network API call.
idOperation
properties
done
descriptionIf the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
typeboolean
error
$refStatus
descriptionThe error result of the operation in case of failure or cancellation.
metadata
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
typeobject
name
descriptionThe server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
typestring
response
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
typeobject
typeobject
OperationMetadata
descriptionRepresents the metadata of the long-running operation.
idOperationMetadata
properties
apiVersion
descriptionOutput only. API version used to start the operation.
readOnlyTrue
typestring
createTime
descriptionOutput only. The time the operation was created.
formatgoogle-datetime
readOnlyTrue
typestring
endTime
descriptionOutput only. The time the operation finished running.
formatgoogle-datetime
readOnlyTrue
typestring
requestedCancellation
descriptionOutput only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
readOnlyTrue
typeboolean
statusMessage
descriptionOutput only. Human-readable status of the operation, if any.
readOnlyTrue
typestring
target
descriptionOutput only. Server-defined resource path for the target of the operation.
readOnlyTrue
typestring
verb
descriptionOutput only. Name of the verb executed by the operation.
readOnlyTrue
typestring
typeobject
PauseMigrationRequest
descriptionRequest message for 'PauseMigration' request.
idPauseMigrationRequest
properties
typeobject
PersistentDisk
descriptionDetails of a created Persistent Disk.
idPersistentDisk
properties
diskUri
descriptionThe URI of the Persistent Disk.
typestring
sourceDiskNumber
descriptionThe ordinal number of the source VM disk.
formatint32
typeinteger
typeobject
PersistentDiskDefaults
descriptionDetails for creation of a Persistent Disk.
idPersistentDiskDefaults
properties
additionalLabels
additionalProperties
typestring
descriptionA map of labels to associate with the Persistent Disk.
typeobject
diskName
descriptionOptional. The name of the Persistent Disk to create.
typestring
diskType
descriptionThe disk type to use.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
encryption
$refEncryption
descriptionOptional. The encryption to apply to the disk.
sourceDiskNumber
descriptionRequired. The ordinal number of the source VM disk.
formatint32
typeinteger
vmAttachmentDetails
$refVmAttachmentDetails
descriptionOptional. Details for attachment of the disk to a VM. Used when the disk is set to be attached to a target VM.
typeobject
PostProcessingStep
descriptionPostProcessingStep contains specific step details.
idPostProcessingStep
properties
typeobject
PreparingVMDisksStep
descriptionPreparingVMDisksStep contains specific step details.
idPreparingVMDisksStep
properties
typeobject
RemoveGroupMigrationRequest
descriptionRequest message for 'RemoveMigration' request.
idRemoveGroupMigrationRequest
properties
migratingVm
descriptionThe MigratingVm to remove.
typestring
typeobject
ReplicatingStep
descriptionReplicatingStep contains specific step details.
idReplicatingStep
properties
lastThirtyMinutesAverageBytesPerSecond
descriptionThe source disks replication rate for the last 30 minutes in bytes per second.
formatint64
typestring
lastTwoMinutesAverageBytesPerSecond
descriptionThe source disks replication rate for the last 2 minutes in bytes per second.
formatint64
typestring
replicatedBytes
descriptionReplicated bytes in the step.
formatint64
typestring
totalBytes
descriptionTotal bytes to be handled in the step.
formatint64
typestring
typeobject
ReplicationCycle
descriptionReplicationCycle contains information about the current replication cycle status.
idReplicationCycle
properties
cycleNumber
descriptionThe cycle's ordinal number.
formatint32
typeinteger
endTime
descriptionThe time the replication cycle has ended.
formatgoogle-datetime
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the cycle in case of an error.
readOnlyTrue
name
descriptionThe identifier of the ReplicationCycle.
typestring
progressPercent
deprecatedTrue
descriptionThe current progress in percentage of this cycle. Was replaced by 'steps' field, which breaks down the cycle progression more accurately.
formatint32
typeinteger
startTime
descriptionThe time the replication cycle has started.
formatgoogle-datetime
typestring
state
descriptionState of the ReplicationCycle.
enum
  • STATE_UNSPECIFIED
  • RUNNING
  • PAUSED
  • FAILED
  • SUCCEEDED
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The replication cycle is running.
  • The replication cycle is paused.
  • The replication cycle finished with errors.
  • The replication cycle finished successfully.
typestring
steps
descriptionThe cycle's steps list representing its progress.
items
$refCycleStep
typearray
totalPauseDuration
descriptionThe accumulated duration the replication cycle was paused.
formatgoogle-duration
typestring
warnings
descriptionOutput only. Warnings that occurred during the cycle.
items
$refMigrationWarning
readOnlyTrue
typearray
typeobject
ReplicationSync
descriptionReplicationSync contain information about the last replica sync to the cloud.
idReplicationSync
properties
lastSyncTime
descriptionThe most updated snapshot created time in the source that finished replication.
formatgoogle-datetime
typestring
typeobject
ResumeMigrationRequest
descriptionRequest message for 'ResumeMigration' request.
idResumeMigrationRequest
properties
typeobject
SchedulePolicy
descriptionA policy for scheduling replications.
idSchedulePolicy
properties
idleDuration
descriptionThe idle duration between replication stages.
formatgoogle-duration
typestring
skipOsAdaptation
descriptionA flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
typeboolean
typeobject
SchedulingNodeAffinity
descriptionNode Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
idSchedulingNodeAffinity
properties
key
descriptionThe label key of Node resource to reference.
typestring
operator
descriptionThe operator to use for the node resources specified in the `values` parameter.
enum
  • OPERATOR_UNSPECIFIED
  • IN
  • NOT_IN
enumDescriptions
  • An unknown, unexpected behavior.
  • The node resource group should be in these resources affinity.
  • The node resource group should not be in these resources affinity.
typestring
values
descriptionCorresponds to the label values of Node resource.
items
typestring
typearray
typeobject
ServiceAccount
descriptionService account to assign to the instance created by the machine image.
idServiceAccount
properties
email
descriptionRequired. The email address of the service account.
typestring
scopes
descriptionOptional. The list of scopes to be made available for this service account.
items
typestring
typearray
typeobject
ShieldedInstanceConfig
descriptionShielded instance configuration.
idShieldedInstanceConfig
properties
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance created by the machine image has integrity monitoring enabled. This can be set to true only if the image boot option is EFI, and vTPM is enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance created by the machine image has vTPM enabled. This can be set to true only if the image boot option is EFI.
typeboolean
secureBoot
descriptionOptional. Defines whether the instance created by the machine image has Secure Boot enabled. This can be set to true only if the image boot option is EFI.
enum
  • SECURE_BOOT_UNSPECIFIED
  • TRUE
  • FALSE
enumDescriptions
  • No explicit value is selected. Will use the configuration of the source (if exists, otherwise the default will be false).
  • Use secure boot. This can be set to true only if the image boot option is EFI.
  • Do not use secure boot.
typestring
typeobject
ShuttingDownSourceVMStep
descriptionShuttingDownSourceVMStep contains specific step details.
idShuttingDownSourceVMStep
properties
typeobject
SkipOsAdaptation
descriptionMentions that the machine image import is not using OS adaptation process.
idSkipOsAdaptation
properties
typeobject
Source
descriptionSource message describes a specific vm migration Source resource. It contains the source environment information.
idSource
properties
aws
$refAwsSourceDetails
descriptionAWS type source details.
azure
$refAzureSourceDetails
descriptionAzure type source details.
createTime
descriptionOutput only. The create time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionUser-provided description of the source.
typestring
encryption
$refEncryption
descriptionOptional. Immutable. The encryption details of the source data stored by the service.
labels
additionalProperties
typestring
descriptionThe labels of the source.
typeobject
name
descriptionOutput only. The Source name.
readOnlyTrue
typestring
updateTime
descriptionOutput only. The update time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
vmware
$refVmwareSourceDetails
descriptionVmware type source details.
typeobject
StartMigrationRequest
descriptionRequest message for 'StartMigrationRequest' request.
idStartMigrationRequest
properties
typeobject
Status
descriptionThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).
idStatus
properties
code
descriptionThe status code, which should be an enum value of google.rpc.Code.
formatint32
typeinteger
details
descriptionA list of messages that carry the error details. There is a common set of message types for APIs to use.
items
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
typeobject
typearray
message
descriptionA developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
typestring
typeobject
Tag
descriptionTag is an AWS tag representation.
idTag
properties
key
descriptionRequired. Key of tag.
typestring
value
descriptionRequired. Value of tag.
typestring
typeobject
TargetProject
descriptionTargetProject message represents a target Compute Engine project for a migration or a clone.
idTargetProject
properties
createTime
descriptionOutput only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionThe target project's description.
typestring
name
descriptionOutput only. The name of the target project.
readOnlyTrue
typestring
project
descriptionRequired. The target project ID (number) or project name.
typestring
updateTime
descriptionOutput only. The last time the target project resource was updated.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
UpgradeApplianceRequest
descriptionRequest message for 'UpgradeAppliance' request.
idUpgradeApplianceRequest
properties
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
typestring
typeobject
UpgradeStatus
descriptionUpgradeStatus contains information about upgradeAppliance operation.
idUpgradeStatus
properties
error
$refStatus
descriptionOutput only. Provides details on the state of the upgrade operation in case of an error.
readOnlyTrue
previousVersion
descriptionThe version from which we upgraded.
typestring
startTime
descriptionThe time the operation was started.
formatgoogle-datetime
typestring
state
descriptionThe state of the upgradeAppliance operation.
enum
  • STATE_UNSPECIFIED
  • RUNNING
  • FAILED
  • SUCCEEDED
enumDescriptions
  • The state was not sampled by the health checks yet.
  • The upgrade has started.
  • The upgrade failed.
  • The upgrade finished successfully.
typestring
version
descriptionThe version to upgrade to.
typestring
typeobject
UtilizationReport
descriptionUtilization report details the utilization (CPU, memory, etc.) of selected source VMs.
idUtilizationReport
properties
createTime
descriptionOutput only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
formatgoogle-datetime
readOnlyTrue
typestring
displayName
descriptionThe report display name, as assigned by the user.
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the report in case of an error.
readOnlyTrue
frameEndTime
descriptionOutput only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
formatgoogle-datetime
readOnlyTrue
typestring
name
descriptionOutput only. The report unique name.
readOnlyTrue
typestring
state
descriptionOutput only. Current state of the report.
enum
  • STATE_UNSPECIFIED
  • CREATING
  • SUCCEEDED
  • FAILED
enumDescriptions
  • The state is unknown. This value is not in use.
  • The report is in the making.
  • Report creation completed successfully.
  • Report creation failed.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last set.
formatgoogle-datetime
readOnlyTrue
typestring
timeFrame
descriptionTime frame of the report.
enum
  • TIME_FRAME_UNSPECIFIED
  • WEEK
  • MONTH
  • YEAR
enumDescriptions
  • The time frame was not specified and will default to WEEK.
  • One week.
  • One month.
  • One year.
typestring
vmCount
descriptionOutput only. Total number of VMs included in the report.
formatint32
readOnlyTrue
typeinteger
vms
descriptionList of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
items
$refVmUtilizationInfo
typearray
typeobject
VmAttachmentDetails
descriptionDetails for attachment of the disk to a VM.
idVmAttachmentDetails
properties
deviceName
descriptionOptional. Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
typestring
typeobject
VmCapabilities
descriptionMigrating VM source information about the VM capabilities needed for some Compute Engine features.
idVmCapabilities
properties
lastOsCapabilitiesUpdateTime
descriptionOutput only. The last time OS capabilities list was updated.
formatgoogle-datetime
readOnlyTrue
typestring
osCapabilities
descriptionOutput only. Unordered list. List of certain VM OS capabilities needed for some Compute Engine features.
items
enum
  • OS_CAPABILITY_UNSPECIFIED
  • OS_CAPABILITY_NVME_STORAGE_ACCESS
  • OS_CAPABILITY_GVNIC_NETWORK_INTERFACE
  • OS_CAPABILITY_IDPF_NETWORK_INTERFACE
enumDescriptions
  • This is for API compatibility only and is not in use.
  • NVMe driver installed and the VM can use NVMe PD or local SSD.
  • gVNIC virtual NIC driver supported.
  • IDPF virtual NIC driver supported.
typestring
readOnlyTrue
typearray
typeobject
VmUtilizationInfo
descriptionUtilization information of a single VM.
idVmUtilizationInfo
properties
utilization
$refVmUtilizationMetrics
descriptionUtilization metrics for this VM.
vmId
descriptionThe VM's ID in the source.
typestring
vmwareVmDetails
$refVmwareVmDetails
descriptionThe description of the VM in a Source of type Vmware.
typeobject
VmUtilizationMetrics
descriptionUtilization metrics values for a single VM.
idVmUtilizationMetrics
properties
cpuAveragePercent
descriptionAverage CPU usage, percent.
formatint32
typeinteger
cpuMaxPercent
descriptionMax CPU usage, percent.
formatint32
typeinteger
diskIoRateAverageKbps
descriptionAverage disk IO rate, in kilobytes per second.
formatint64
typestring
diskIoRateMaxKbps
descriptionMax disk IO rate, in kilobytes per second.
formatint64
typestring
memoryAveragePercent
descriptionAverage memory usage, percent.
formatint32
typeinteger
memoryMaxPercent
descriptionMax memory usage, percent.
formatint32
typeinteger
networkThroughputAverageKbps
descriptionAverage network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
formatint64
typestring
networkThroughputMaxKbps
descriptionMax network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
formatint64
typestring
typeobject
VmwareDiskDetails
descriptionThe details of a Vmware VM disk.
idVmwareDiskDetails
properties
diskNumber
descriptionOutput only. The ordinal number of the disk.
formatint32
readOnlyTrue
typeinteger
label
descriptionOutput only. The disk label.
readOnlyTrue
typestring
sizeGb
descriptionOutput only. Size in GB.
formatint64
readOnlyTrue
typestring
typeobject
VmwareSourceDetails
descriptionVmwareSourceDetails message describes a specific source details for the vmware source type.
idVmwareSourceDetails
properties
password
descriptionInput only. The credentials password. This is write only and can not be read in a GET operation.
typestring
resolvedVcenterHost
descriptionThe hostname of the vcenter.
typestring
thumbprint
descriptionThe thumbprint representing the certificate for the vcenter.
typestring
username
descriptionThe credentials username.
typestring
vcenterIp
descriptionThe ip address of the vcenter this Source represents.
typestring
typeobject
VmwareSourceVmDetails
descriptionRepresent the source Vmware VM details.
idVmwareSourceVmDetails
properties
architecture
descriptionOutput only. The VM architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
committedStorageBytes
descriptionOutput only. The total size of the disks being migrated in bytes.
formatint64
readOnlyTrue
typestring
disks
descriptionOutput only. The disks attached to the source VM.
items
$refVmwareDiskDetails
readOnlyTrue
typearray
firmware
descriptionOutput only. The firmware type of the source VM.
enum
  • FIRMWARE_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The firmware is unknown.
  • The firmware is EFI.
  • The firmware is BIOS.
readOnlyTrue
typestring
vmCapabilitiesInfo
$refVmCapabilities
descriptionOutput only. Information about VM capabilities needed for some Compute Engine features.
readOnlyTrue
typeobject
VmwareVmDetails
descriptionVmwareVmDetails describes a VM in vCenter.
idVmwareVmDetails
properties
architecture
descriptionOutput only. The CPU architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
bootOption
descriptionOutput only. The VM Boot Option.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
readOnlyTrue
typestring
committedStorageMb
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
cpuCount
descriptionThe number of cpus in the VM.
formatint32
typeinteger
datacenterDescription
descriptionThe descriptive name of the vCenter's datacenter this VM is contained in.
typestring
datacenterId
descriptionThe id of the vCenter's datacenter this VM is contained in.
typestring
diskCount
descriptionThe number of disks the VM has.
formatint32
typeinteger
displayName
descriptionThe display name of the VM. Note that this is not necessarily unique.
typestring
guestDescription
descriptionThe VM's OS. See for example https://vdc-repo.vmware.com/vmwb-repository/dcr-public/da47f910-60ac-438b-8b9b-6122f4d14524/16b7274a-bf8b-4b4c-a05e-746f2aa93c8c/doc/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
typestring
memoryMb
descriptionThe size of the memory of the VM in MB.
formatint32
typeinteger
powerState
descriptionThe power state of the VM at the moment list was taken.
enum
  • POWER_STATE_UNSPECIFIED
  • ON
  • OFF
  • SUSPENDED
enumDescriptions
  • Power state is not specified.
  • The VM is turned ON.
  • The VM is turned OFF.
  • The VM is suspended. This is similar to hibernation or sleep mode.
typestring
uuid
descriptionThe unique identifier of the VM in vCenter.
typestring
vmId
descriptionThe VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
typestring
typeobject
VmwareVmsDetails
descriptionVmwareVmsDetails describes VMs in vCenter.
idVmwareVmsDetails
properties
details
descriptionThe details of the vmware VMs.
items
$refVmwareVmDetails
typearray
typeobject
servicePath
titlevmmigration API (staging)
versionv1
version_moduleTrue
old_value
error
code403
details
  • @typetype.googleapis.com/google.rpc.Help
  • @typetype.googleapis.com/google.rpc.ErrorInfo
    domaingoogleapis.com
    metadata
    consumerprojects/448220722672
    servicestaging-vmmigration.sandbox.googleapis.com
    reasonSERVICE_DISABLED
messagevmmigration API (staging) has not been used in project 448220722672 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/staging-vmmigration.sandbox.googleapis.com/overview?project=448220722672 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
statusPERMISSION_DENIED
sandbox/staging-vmmigration-v1alpha1
values_changed
root
new_value
auth
oauth2
scopes
https://www.googleapis.com/auth/cloud-platform
descriptionSee, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
basePath
baseUrlhttps://staging-vmmigration.sandbox.googleapis.com/
batchPathbatch
canonicalNameVM Migration Service
description
discoveryVersionv1
documentationLinkhttps://cloud.google.com/migrate/virtual-machines
fullyEncodeReservedExpansionTrue
icons
x16http://www.google.com/images/icons/product/search-16.gif
x32http://www.google.com/images/icons/product/search-32.gif
idvmmigration:v1alpha1
kinddiscovery#restDescription
mtlsRootUrlhttps://staging-vmmigration.mtls.sandbox.googleapis.com/
namevmmigration
ownerDomaingoogle.com
ownerNameGoogle
parameters
$.xgafv
descriptionV1 error format.
enum
  • 1
  • 2
enumDescriptions
  • v1 error format
  • v2 error format
locationquery
typestring
access_token
descriptionOAuth access token.
locationquery
typestring
alt
defaultjson
descriptionData format for response.
enum
  • json
  • media
  • proto
enumDescriptions
  • Responses with Content-Type of application/json
  • Media download with context-dependent Content-Type
  • Responses with Content-Type of application/x-protobuf
locationquery
typestring
callback
descriptionJSONP
locationquery
typestring
fields
descriptionSelector specifying which fields to include in a partial response.
locationquery
typestring
key
descriptionAPI key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
locationquery
typestring
oauth_token
descriptionOAuth 2.0 token for the current user.
locationquery
typestring
prettyPrint
defaulttrue
descriptionReturns response with indentations and line breaks.
locationquery
typeboolean
quotaUser
descriptionAvailable to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
locationquery
typestring
uploadType
descriptionLegacy upload protocol for media (e.g. "media", "multipart").
locationquery
typestring
upload_protocol
descriptionUpload protocol for media (e.g. "raw", "multipart").
locationquery
typestring
protocolrest
resources
projects
resources
locations
methods
get
descriptionGets information about a location.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}
httpMethodGET
idvmmigration.projects.locations.get
parameterOrder
  • name
parameters
name
descriptionResource name for the location.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refLocation
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists information about the supported locations for this service.
flatPathv1alpha1/projects/{projectsId}/locations
httpMethodGET
idvmmigration.projects.locations.list
parameterOrder
  • name
parameters
filter
descriptionA filter to narrow down results to a preferred subset. The filtering language accepts strings like `"displayName=tokyo"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160).
locationquery
typestring
name
descriptionThe resource that owns the locations collection, if applicable.
locationpath
pattern^projects/[^/]+$
requiredTrue
typestring
pageSize
descriptionThe maximum number of results to return. If not set, the service selects a default.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.
locationquery
typestring
pathv1alpha1/{+name}/locations
response
$refListLocationsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
groups
methods
addGroupMigration
descriptionAdds a MigratingVm to a Group.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}:addGroupMigration
httpMethodPOST
idvmmigration.projects.locations.groups.addGroupMigration
parameterOrder
  • group
parameters
group
descriptionRequired. The full path name of the Group to add to.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+group}:addGroupMigration
request
$refAddGroupMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
create
descriptionCreates a new Group in a given project and location.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups
httpMethodPOST
idvmmigration.projects.locations.groups.create
parameterOrder
  • parent
parameters
groupId
descriptionRequired. The group identifier.
locationquery
typestring
parent
descriptionRequired. The Group's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+parent}/groups
request
$refGroup
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single Group.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}
httpMethodDELETE
idvmmigration.projects.locations.groups.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The Group name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single Group.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}
httpMethodGET
idvmmigration.projects.locations.groups.get
parameterOrder
  • name
parameters
name
descriptionRequired. The group name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refGroup
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists Groups in a given project and location.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups
httpMethodGET
idvmmigration.projects.locations.groups.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of groups to return. The service may return fewer than this value. If unspecified, at most 500 groups will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListGroups` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListGroups` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of groups.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/groups
response
$refListGroupsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single Group.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}
httpMethodPATCH
idvmmigration.projects.locations.groups.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The Group name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the Group resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1alpha1/{+name}
request
$refGroup
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
removeGroupMigration
descriptionRemoves a MigratingVm from a Group.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/groups/{groupsId}:removeGroupMigration
httpMethodPOST
idvmmigration.projects.locations.groups.removeGroupMigration
parameterOrder
  • group
parameters
group
descriptionRequired. The name of the Group.
locationpath
pattern^projects/[^/]+/locations/[^/]+/groups/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+group}:removeGroupMigration
request
$refRemoveGroupMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
imageImports
methods
create
descriptionCreates a new ImageImport in a given project.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports
httpMethodPOST
idvmmigration.projects.locations.imageImports.create
parameterOrder
  • parent
parameters
imageImportId
descriptionRequired. The image import identifier. This value maximum length is 63 characters, and valid characters are /a-z-/. It must start with an english letter and must not end with a hyphen.
locationquery
typestring
parent
descriptionRequired. The ImageImport's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+parent}/imageImports
request
$refImageImport
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single ImageImport.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}
httpMethodDELETE
idvmmigration.projects.locations.imageImports.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The ImageImport name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single ImageImport.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}
httpMethodGET
idvmmigration.projects.locations.imageImports.get
parameterOrder
  • name
parameters
name
descriptionRequired. The ImageImport name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refImageImport
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists ImageImports in a given project.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports
httpMethodGET
idvmmigration.projects.locations.imageImports.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request (according to AIP-160).
locationquery
typestring
orderBy
descriptionOptional. The order by fields for the result (according to AIP-132). Currently ordering is only possible by "name" field.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionOptional. A page token, received from a previous `ListImageImports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListImageImports` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of targets.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/imageImports
response
$refListImageImportsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
imageImportJobs
methods
cancel
descriptionInitiates the cancellation of a running clone job.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}/imageImportJobs/{imageImportJobsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.imageImports.imageImportJobs.cancel
parameterOrder
  • name
parameters
name
descriptionRequired. The image import job id.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+/imageImportJobs/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}:cancel
request
$refCancelImageImportJobRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single ImageImportJob.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}/imageImportJobs/{imageImportJobsId}
httpMethodGET
idvmmigration.projects.locations.imageImports.imageImportJobs.get
parameterOrder
  • name
parameters
name
descriptionRequired. The ImageImportJob name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+/imageImportJobs/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refImageImportJob
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists ImageImportJobs in a given project.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/imageImports/{imageImportsId}/imageImportJobs
httpMethodGET
idvmmigration.projects.locations.imageImports.imageImportJobs.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request (according to AIP-160).
locationquery
typestring
orderBy
descriptionOptional. The order by fields for the result (according to AIP-132). Currently ordering is only possible by "name" field.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionOptional. A page token, received from a previous `ListImageImportJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListImageImportJobs` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of targets.
locationpath
pattern^projects/[^/]+/locations/[^/]+/imageImports/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/imageImportJobs
response
$refListImageImportJobsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
operations
methods
cancel
descriptionStarts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.operations.cancel
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource to be cancelled.
locationpath
pattern^projects/[^/]+/locations/[^/]+/operations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}:cancel
request
$refCancelOperationRequest
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}
httpMethodDELETE
idvmmigration.projects.locations.operations.delete
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource to be deleted.
locationpath
pattern^projects/[^/]+/locations/[^/]+/operations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}
httpMethodGET
idvmmigration.projects.locations.operations.get
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource.
locationpath
pattern^projects/[^/]+/locations/[^/]+/operations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/operations
httpMethodGET
idvmmigration.projects.locations.operations.list
parameterOrder
  • name
parameters
filter
descriptionThe standard list filter.
locationquery
typestring
name
descriptionThe name of the operation's parent resource.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pageSize
descriptionThe standard list page size.
formatint32
locationquery
typeinteger
pageToken
descriptionThe standard list page token.
locationquery
typestring
pathv1alpha1/{+name}/operations
response
$refListOperationsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
sources
methods
create
descriptionCreates a new Source in a given project and location.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources
httpMethodPOST
idvmmigration.projects.locations.sources.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The Source's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
sourceId
descriptionRequired. The source identifier.
locationquery
typestring
pathv1alpha1/{+parent}/sources
request
$refSource
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}
httpMethodDELETE
idvmmigration.projects.locations.sources.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The Source name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
fetchInventory
descriptionList remote source's inventory of VMs. The remote source is the onprem vCenter (remote in the sense it's not in Compute Engine). The inventory describes the list of existing VMs in that source. Note that this operation lists the VMs on the remote source, as opposed to listing the MigratingVms resources in the vmmigration service.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}:fetchInventory
httpMethodGET
idvmmigration.projects.locations.sources.fetchInventory
parameterOrder
  • source
parameters
forceRefresh
descriptionIf this flag is set to true, the source will be queried instead of using cached results. Using this flag will make the call slower.
locationquery
typeboolean
pageSize
descriptionThe maximum number of VMs to return. The service may return fewer than this value. For AWS source: If unspecified, at most 500 VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. For VMWare source: If unspecified, all VMs will be returned. There is no limit for maximum value.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token, received from a previous `FetchInventory` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `FetchInventory` must match the call that provided the page token.
locationquery
typestring
source
descriptionRequired. The name of the Source.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+source}:fetchInventory
response
$refFetchInventoryResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}
httpMethodGET
idvmmigration.projects.locations.sources.get
parameterOrder
  • name
parameters
name
descriptionRequired. The Source name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refSource
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists Sources in a given project and location.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources
httpMethodGET
idvmmigration.projects.locations.sources.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of sources to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListSources` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListSources` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of sources.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/sources
response
$refListSourcesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}
httpMethodPATCH
idvmmigration.projects.locations.sources.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The Source name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the Source resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1alpha1/{+name}
request
$refSource
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
datacenterConnectors
methods
create
descriptionCreates a new DatacenterConnector in a given Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors
httpMethodPOST
idvmmigration.projects.locations.sources.datacenterConnectors.create
parameterOrder
  • parent
parameters
datacenterConnectorId
descriptionRequired. The datacenterConnector identifier.
locationquery
typestring
parent
descriptionRequired. The DatacenterConnector's parent. Required. The Source in where the new DatacenterConnector will be created. For example: `projects/my-project/locations/us-central1/sources/my-source`
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+parent}/datacenterConnectors
request
$refDatacenterConnector
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single DatacenterConnector.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors/{datacenterConnectorsId}
httpMethodDELETE
idvmmigration.projects.locations.sources.datacenterConnectors.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The DatacenterConnector name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/datacenterConnectors/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single DatacenterConnector.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors/{datacenterConnectorsId}
httpMethodGET
idvmmigration.projects.locations.sources.datacenterConnectors.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the DatacenterConnector.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/datacenterConnectors/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refDatacenterConnector
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists DatacenterConnectors in a given Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors
httpMethodGET
idvmmigration.projects.locations.sources.datacenterConnectors.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of connectors to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListDatacenterConnectors` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListDatacenterConnectors` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of connectors.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/datacenterConnectors
response
$refListDatacenterConnectorsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
upgradeAppliance
descriptionUpgrades the appliance relate to this DatacenterConnector to the in-place updateable version.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/datacenterConnectors/{datacenterConnectorsId}:upgradeAppliance
httpMethodPOST
idvmmigration.projects.locations.sources.datacenterConnectors.upgradeAppliance
parameterOrder
  • datacenterConnector
parameters
datacenterConnector
descriptionRequired. The DatacenterConnector name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/datacenterConnectors/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+datacenterConnector}:upgradeAppliance
request
$refUpgradeApplianceRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
migratingVms
methods
create
descriptionCreates a new MigratingVm in a given Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.create
parameterOrder
  • parent
parameters
migratingVmId
descriptionRequired. The migratingVm identifier.
locationquery
typestring
parent
descriptionRequired. The MigratingVm's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+parent}/migratingVms
request
$refMigratingVm
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single MigratingVm.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}
httpMethodDELETE
idvmmigration.projects.locations.sources.migratingVms.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
finalizeMigration
descriptionMarks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:finalizeMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.finalizeMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+migratingVm}:finalizeMigration
request
$refFinalizeMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single MigratingVm.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of the migrating VM.
enum
  • MIGRATING_VM_VIEW_UNSPECIFIED
  • MIGRATING_VM_VIEW_BASIC
  • MIGRATING_VM_VIEW_FULL
enumDescriptions
  • View is unspecified. The API will fallback to the default value.
  • Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
  • Include everything.
locationquery
typestring
pathv1alpha1/{+name}
response
$refMigratingVm
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists MigratingVms in a given Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of migrating VMs to return. The service may return fewer than this value. If unspecified, at most 500 migrating VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListMigratingVms` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMigratingVms` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of MigratingVms.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of each migrating VM.
enum
  • MIGRATING_VM_VIEW_UNSPECIFIED
  • MIGRATING_VM_VIEW_BASIC
  • MIGRATING_VM_VIEW_FULL
enumDescriptions
  • View is unspecified. The API will fallback to the default value.
  • Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
  • Include everything.
locationquery
typestring
pathv1alpha1/{+parent}/migratingVms
response
$refListMigratingVmsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single MigratingVm.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}
httpMethodPATCH
idvmmigration.projects.locations.sources.migratingVms.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The identifier of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the MigratingVm resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1alpha1/{+name}
request
$refMigratingVm
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
pauseMigration
descriptionPauses a migration for a VM. If cycle tasks are running they will be cancelled, preserving source task data. Further replication cycles will not be triggered while the VM is paused.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:pauseMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.pauseMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+migratingVm}:pauseMigration
request
$refPauseMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
resumeMigration
descriptionResumes a migration for a VM. When called on a paused migration, will start the process of uploading data and creating snapshots; when called on a completed cut-over migration, will update the migration to active state and start the process of uploading data and creating snapshots.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:resumeMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.resumeMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+migratingVm}:resumeMigration
request
$refResumeMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
startMigration
descriptionStarts migration for a VM. Starts the process of uploading data and creating snapshots, in replication cycles scheduled by the policy.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}:startMigration
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.startMigration
parameterOrder
  • migratingVm
parameters
migratingVm
descriptionRequired. The name of the MigratingVm.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+migratingVm}:startMigration
request
$refStartMigrationRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
cloneJobs
methods
cancel
descriptionInitiates the cancellation of a running clone job.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs/{cloneJobsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.cancel
parameterOrder
  • name
parameters
name
descriptionRequired. The clone job id
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cloneJobs/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}:cancel
request
$refCancelCloneJobRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
create
descriptionInitiates a Clone of a specific migrating VM.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.create
parameterOrder
  • parent
parameters
cloneJobId
descriptionRequired. The clone job identifier.
locationquery
typestring
parent
descriptionRequired. The Clone's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+parent}/cloneJobs
request
$refCloneJob
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single CloneJob.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs/{cloneJobsId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the CloneJob.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cloneJobs/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refCloneJob
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists the CloneJobs of a migrating VM. Only 25 most recent CloneJobs are listed.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cloneJobs
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cloneJobs.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of clone jobs to return. The service may return fewer than this value. If unspecified, at most 500 clone jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListCloneJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCloneJobs` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of source VMs.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/cloneJobs
response
$refListCloneJobsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
cutoverJobs
methods
cancel
descriptionInitiates the cancellation of a running cutover job.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs/{cutoverJobsId}:cancel
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.cancel
parameterOrder
  • name
parameters
name
descriptionRequired. The cutover job id
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cutoverJobs/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}:cancel
request
$refCancelCutoverJobRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
create
descriptionInitiates a Cutover of a specific migrating VM. The returned LRO is completed when the cutover job resource is created and the job is initiated.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs
httpMethodPOST
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.create
parameterOrder
  • parent
parameters
cutoverJobId
descriptionRequired. The cutover job identifier.
locationquery
typestring
parent
descriptionRequired. The Cutover's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+parent}/cutoverJobs
request
$refCutoverJob
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single CutoverJob.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs/{cutoverJobsId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the CutoverJob.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/cutoverJobs/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refCutoverJob
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists the CutoverJobs of a migrating VM. Only 25 most recent CutoverJobs are listed.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/cutoverJobs
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.cutoverJobs.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of cutover jobs to return. The service may return fewer than this value. If unspecified, at most 500 cutover jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListCutoverJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCutoverJobs` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of migrating VMs.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/cutoverJobs
response
$refListCutoverJobsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
replicationCycles
methods
get
descriptionGets details of a single ReplicationCycle.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/replicationCycles/{replicationCyclesId}
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.replicationCycles.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the ReplicationCycle.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+/replicationCycles/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refReplicationCycle
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists ReplicationCycles in a given MigratingVM.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/migratingVms/{migratingVmsId}/replicationCycles
httpMethodGET
idvmmigration.projects.locations.sources.migratingVms.replicationCycles.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of replication cycles to return. The service may return fewer than this value. If unspecified, at most 100 migrating VMs will be returned. The maximum value is 100; values above 100 will be coerced to 100.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListReplicationCycles` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListReplicationCycles` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of ReplicationCycles.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/replicationCycles
response
$refListReplicationCyclesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
utilizationReports
methods
create
descriptionCreates a new UtilizationReport.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports
httpMethodPOST
idvmmigration.projects.locations.sources.utilizationReports.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The Utilization Report's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
utilizationReportId
descriptionRequired. The ID to use for the report, which will become the final component of the reports's resource name. This value maximum length is 63 characters, and valid characters are /a-z-/. It must start with an english letter and must not end with a hyphen.
locationquery
typestring
pathv1alpha1/{+parent}/utilizationReports
request
$refUtilizationReport
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single Utilization Report.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports/{utilizationReportsId}
httpMethodDELETE
idvmmigration.projects.locations.sources.utilizationReports.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The Utilization Report name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/utilizationReports/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets a single Utilization Report.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports/{utilizationReportsId}
httpMethodGET
idvmmigration.projects.locations.sources.utilizationReports.get
parameterOrder
  • name
parameters
name
descriptionRequired. The Utilization Report name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+/utilizationReports/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of the report. Defaults to FULL
enum
  • UTILIZATION_REPORT_VIEW_UNSPECIFIED
  • BASIC
  • FULL
enumDescriptions
  • The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
  • Get the report metadata, without the list of VMs and their utilization info.
  • Include everything.
locationquery
typestring
pathv1alpha1/{+name}
response
$refUtilizationReport
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists Utilization Reports of the given Source.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/sources/{sourcesId}/utilizationReports
httpMethodGET
idvmmigration.projects.locations.sources.utilizationReports.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of reports to return. The service may return fewer than this value. If unspecified, at most 500 reports will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListUtilizationReports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListUtilizationReports` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The Utilization Reports parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+/sources/[^/]+$
requiredTrue
typestring
view
descriptionOptional. The level of details of each report. Defaults to BASIC.
enum
  • UTILIZATION_REPORT_VIEW_UNSPECIFIED
  • BASIC
  • FULL
enumDescriptions
  • The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
  • Get the report metadata, without the list of VMs and their utilization info.
  • Include everything.
locationquery
typestring
pathv1alpha1/{+parent}/utilizationReports
response
$refListUtilizationReportsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
targetProjects
methods
create
descriptionCreates a new TargetProject in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/targetProjects
httpMethodPOST
idvmmigration.projects.locations.targetProjects.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The TargetProject's parent.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
targetProjectId
descriptionRequired. The target_project identifier.
locationquery
typestring
pathv1alpha1/{+parent}/targetProjects
request
$refTargetProject
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/targetProjects/{targetProjectsId}
httpMethodDELETE
idvmmigration.projects.locations.targetProjects.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The TargetProject name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/targetProjects/[^/]+$
requiredTrue
typestring
requestId
descriptionOptional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
pathv1alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/targetProjects/{targetProjectsId}
httpMethodGET
idvmmigration.projects.locations.targetProjects.get
parameterOrder
  • name
parameters
name
descriptionRequired. The TargetProject name.
locationpath
pattern^projects/[^/]+/locations/[^/]+/targetProjects/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+name}
response
$refTargetProject
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists TargetProjects in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/targetProjects
httpMethodGET
idvmmigration.projects.locations.targetProjects.list
parameterOrder
  • parent
parameters
filter
descriptionOptional. The filter request.
locationquery
typestring
orderBy
descriptionOptional. the order by fields for the result.
locationquery
typestring
pageSize
descriptionOptional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionRequired. A page token, received from a previous `ListTargets` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListTargets` must match the call that provided the page token.
locationquery
typestring
parent
descriptionRequired. The parent, which owns this collection of targets.
locationpath
pattern^projects/[^/]+/locations/[^/]+$
requiredTrue
typestring
pathv1alpha1/{+parent}/targetProjects
response
$refListTargetProjectsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates the parameters of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
flatPathv1alpha1/projects/{projectsId}/locations/{locationsId}/targetProjects/{targetProjectsId}
httpMethodPATCH
idvmmigration.projects.locations.targetProjects.patch
parameterOrder
  • name
parameters
name
descriptionOutput only. The name of the target project.
locationpath
pattern^projects/[^/]+/locations/[^/]+/targetProjects/[^/]+$
requiredTrue
typestring
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
locationquery
typestring
updateMask
descriptionField mask is used to specify the fields to be overwritten in the TargetProject resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
formatgoogle-fieldmask
locationquery
typestring
pathv1alpha1/{+name}
request
$refTargetProject
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
revision20250224
rootUrlhttps://staging-vmmigration.sandbox.googleapis.com/
schemas
AccessKeyCredentials
descriptionMessage describing AWS Credentials using access key id and secret.
idAccessKeyCredentials
properties
accessKeyId
descriptionAWS access key ID.
typestring
secretAccessKey
descriptionInput only. AWS secret access key.
typestring
sessionToken
descriptionInput only. AWS session token. Used only when AWS security token service (STS) is responsible for creating the temporary credentials.
typestring
typeobject
AdaptingOSStep
descriptionAdaptingOSStep contains specific step details.
idAdaptingOSStep
properties
typeobject
AddGroupMigrationRequest
descriptionRequest message for 'AddGroupMigration' request.
idAddGroupMigrationRequest
properties
migratingVm
descriptionThe full path name of the MigratingVm to add.
typestring
typeobject
ApplianceVersion
descriptionDescribes an appliance version.
idApplianceVersion
properties
critical
descriptionDetermine whether it's critical to upgrade the appliance to this version.
typeboolean
releaseNotesUri
descriptionLink to a page that contains the version release notes.
typestring
uri
descriptionA link for downloading the version.
typestring
version
descriptionThe appliance version.
typestring
typeobject
AppliedLicense
descriptionAppliedLicense holds the license data returned by adaptation module report.
idAppliedLicense
properties
osLicense
descriptionThe OS license returned from the adaptation module's report.
typestring
type
descriptionThe license type that was used in OS adaptation.
enum
  • TYPE_UNSPECIFIED
  • NONE
  • PAYG
  • BYOL
enumDescriptions
  • Unspecified license for the OS.
  • No license available for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
typeobject
AvailableUpdates
descriptionHolds information about the available versions for upgrade.
idAvailableUpdates
properties
inPlaceUpdate
$refApplianceVersion
descriptionThe latest version for in place update. The current appliance can be updated to this version using the API or m4c CLI.
newDeployableAppliance
$refApplianceVersion
descriptionThe newest deployable version of the appliance. The current appliance can't be updated into this version, and the owner must manually deploy this OVA to a new appliance.
typeobject
AwsDiskDetails
descriptionThe details of an AWS instance disk.
idAwsDiskDetails
properties
diskNumber
descriptionOutput only. The ordinal number of the disk.
formatint32
readOnlyTrue
typeinteger
sizeGb
descriptionOutput only. Size in GB.
formatint64
readOnlyTrue
typestring
volumeId
descriptionOutput only. AWS volume ID.
readOnlyTrue
typestring
typeobject
AwsSecurityGroup
descriptionAwsSecurityGroup describes a security group of an AWS VM.
idAwsSecurityGroup
properties
id
descriptionThe AWS security group id.
typestring
name
descriptionThe AWS security group name.
typestring
typeobject
AwsSourceDetails
descriptionAwsSourceDetails message describes a specific source details for the AWS source type.
idAwsSourceDetails
properties
accessKeyCreds
$refAccessKeyCredentials
descriptionAWS Credentials using access key id and secret.
awsRegion
descriptionImmutable. The AWS region that the source VMs will be migrated from.
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the Source in case of an error.
readOnlyTrue
inventorySecurityGroupNames
descriptionAWS security group names to limit the scope of the source inventory.
items
typestring
typearray
inventoryTagList
descriptionAWS resource tags to limit the scope of the source inventory.
items
$refTag
typearray
migrationResourcesUserTags
additionalProperties
typestring
descriptionUser specified tags to add to every M2VM generated resource in AWS. These tags will be set in addition to the default tags that are set as part of the migration process. The tags must not begin with the reserved prefix `m2vm`.
typeobject
publicIp
descriptionOutput only. The source's public IP. All communication initiated by this source will originate from this IP.
readOnlyTrue
typestring
state
descriptionOutput only. State of the source as determined by the health check.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • FAILED
  • ACTIVE
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The state was not sampled by the health checks yet.
  • The source is available but might not be usable yet due to invalid credentials or another reason. The error message will contain further details.
  • The source exists and its credentials were verified.
readOnlyTrue
typestring
typeobject
AwsSourceVmDetails
descriptionRepresent the source AWS VM details.
idAwsSourceVmDetails
properties
architecture
descriptionOutput only. The VM architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
committedStorageBytes
descriptionOutput only. The total size of the disks being migrated in bytes.
formatint64
readOnlyTrue
typestring
disks
descriptionOutput only. The disks attached to the source VM.
items
$refAwsDiskDetails
readOnlyTrue
typearray
firmware
descriptionOutput only. The firmware type of the source VM.
enum
  • FIRMWARE_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The firmware is unknown.
  • The firmware is EFI.
  • The firmware is BIOS.
readOnlyTrue
typestring
vmCapabilitiesInfo
$refVmCapabilities
descriptionOutput only. Information about VM capabilities needed for some Compute Engine features.
readOnlyTrue
typeobject
AwsVmDetails
descriptionAwsVmDetails describes a VM in AWS.
idAwsVmDetails
properties
architecture
descriptionThe CPU architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • I386
  • X86_64
  • ARM64
  • X86_64_MAC
enumDescriptions
  • The architecture is unknown.
  • The architecture is I386.
  • The architecture is X86_64.
  • The architecture is ARM64.
  • The architecture is X86_64_MAC.
typestring
bootOption
descriptionThe VM Boot Option.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is UEFI.
  • The boot option is LEGACY-BIOS.
typestring
committedStorageMb
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
cpuCount
descriptionThe number of cpus the VM has.
formatint32
typeinteger
diskCount
descriptionThe number of disks the VM has.
formatint32
typeinteger
displayName
descriptionThe display name of the VM. Note that this value is not necessarily unique.
typestring
instanceType
descriptionThe instance type of the VM.
typestring
memoryMb
descriptionThe memory size of the VM in MB.
formatint32
typeinteger
osDescription
descriptionThe VM's OS.
typestring
powerState
descriptionOutput only. The power state of the VM at the moment list was taken.
enum
  • POWER_STATE_UNSPECIFIED
  • ON
  • OFF
  • SUSPENDED
  • PENDING
enumDescriptions
  • Power state is not specified.
  • The VM is turned on.
  • The VM is turned off.
  • The VM is suspended. This is similar to hibernation or sleep mode.
  • The VM is starting.
readOnlyTrue
typestring
securityGroups
descriptionThe security groups the VM belongs to.
items
$refAwsSecurityGroup
typearray
sourceDescription
descriptionThe descriptive name of the AWS's source this VM is connected to.
typestring
sourceId
descriptionThe id of the AWS's source this VM is connected to.
typestring
tags
additionalProperties
typestring
descriptionThe tags of the VM.
typeobject
virtualizationType
descriptionThe virtualization type.
enum
  • VM_VIRTUALIZATION_TYPE_UNSPECIFIED
  • HVM
  • PARAVIRTUAL
enumDescriptions
  • The virtualization type is unknown.
  • The virtualziation type is HVM.
  • The virtualziation type is PARAVIRTUAL.
typestring
vmId
descriptionThe VM ID in AWS.
typestring
vpcId
descriptionThe VPC ID the VM belongs to.
typestring
zone
descriptionThe AWS zone of the VM.
typestring
typeobject
AwsVmsDetails
descriptionAWSVmsDetails describes VMs in AWS.
idAwsVmsDetails
properties
details
descriptionThe details of the AWS VMs.
items
$refAwsVmDetails
typearray
typeobject
AzureDiskDetails
descriptionThe details of an Azure VM disk.
idAzureDiskDetails
properties
diskId
descriptionOutput only. Azure disk ID.
readOnlyTrue
typestring
diskNumber
descriptionOutput only. The ordinal number of the disk.
formatint32
readOnlyTrue
typeinteger
sizeGb
descriptionOutput only. Size in GB.
formatint64
readOnlyTrue
typestring
typeobject
AzureSourceDetails
descriptionAzureSourceDetails message describes a specific source details for the Azure source type.
idAzureSourceDetails
properties
azureLocation
descriptionImmutable. The Azure location (region) that the source VMs will be migrated from.
typestring
clientSecretCreds
$refClientSecretCredentials
descriptionAzure Credentials using tenant ID, client ID and secret.
error
$refStatus
descriptionOutput only. Provides details on the state of the Source in case of an error.
readOnlyTrue
migrationResourcesUserTags
additionalProperties
typestring
descriptionUser specified tags to add to every M2VM generated resource in Azure. These tags will be set in addition to the default tags that are set as part of the migration process. The tags must not begin with the reserved prefix `m4ce` or `m2vm`.
typeobject
resourceGroupId
descriptionOutput only. The ID of the Azure resource group that contains all resources related to the migration process of this source.
readOnlyTrue
typestring
state
descriptionOutput only. State of the source as determined by the health check.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • FAILED
  • ACTIVE
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The state was not sampled by the health checks yet.
  • The source is available but might not be usable yet due to invalid credentials or another reason. The error message will contain further details.
  • The source exists and its credentials were verified.
readOnlyTrue
typestring
subscriptionId
descriptionImmutable. Azure subscription ID.
typestring
typeobject
AzureSourceVmDetails
descriptionRepresent the source Azure VM details.
idAzureSourceVmDetails
properties
architecture
descriptionOutput only. The VM architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
committedStorageBytes
descriptionOutput only. The total size of the disks being migrated in bytes.
formatint64
readOnlyTrue
typestring
disks
descriptionOutput only. The disks attached to the source VM.
items
$refAzureDiskDetails
readOnlyTrue
typearray
firmware
descriptionOutput only. The firmware type of the source VM.
enum
  • FIRMWARE_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The firmware is unknown.
  • The firmware is EFI.
  • The firmware is BIOS.
readOnlyTrue
typestring
vmCapabilitiesInfo
$refVmCapabilities
descriptionOutput only. Information about VM capabilities needed for some Compute Engine features.
readOnlyTrue
typeobject
AzureVmDetails
descriptionAzureVmDetails describes a VM in Azure.
idAzureVmDetails
properties
architecture
descriptionThe CPU architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
typestring
bootOption
descriptionThe VM Boot Option.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is UEFI.
  • The boot option is BIOS.
typestring
committedStorageMb
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
computerName
descriptionThe VM's ComputerName.
typestring
cpuCount
descriptionThe number of cpus the VM has.
formatint32
typeinteger
diskCount
descriptionThe number of disks the VM has, including OS disk.
formatint32
typeinteger
disks
descriptionDescription of the data disks.
items
$refDisk
typearray
memoryMb
descriptionThe memory size of the VM in MB.
formatint32
typeinteger
osDescription
$refOSDescription
descriptionDescription of the OS.
osDisk
$refOSDisk
descriptionDescription of the OS disk.
powerState
descriptionThe power state of the VM at the moment list was taken.
enum
  • POWER_STATE_UNSPECIFIED
  • STARTING
  • RUNNING
  • STOPPING
  • STOPPED
  • DEALLOCATING
  • DEALLOCATED
  • UNKNOWN
enumDescriptions
  • Power state is not specified.
  • The VM is starting.
  • The VM is running.
  • The VM is stopping.
  • The VM is stopped.
  • The VM is deallocating.
  • The VM is deallocated.
  • The VM's power state is unknown.
typestring
tags
additionalProperties
typestring
descriptionThe tags of the VM.
typeobject
vmId
descriptionThe VM full path in Azure.
typestring
vmSize
descriptionVM size as configured in Azure. Determines the VM's hardware spec.
typestring
typeobject
AzureVmsDetails
descriptionAzureVmsDetails describes VMs in Azure.
idAzureVmsDetails
properties
details
descriptionThe details of the Azure VMs.
items
$refAzureVmDetails
typearray
typeobject
BootDiskDefaults
descriptionBootDiskDefaults hold information about the boot disk of a VM.
idBootDiskDefaults
properties
deviceName
descriptionOptional. Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
typestring
diskName
descriptionOptional. The name of the disk.
typestring
diskType
descriptionOptional. The type of disk provisioning to use for the VM.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
encryption
$refEncryption
descriptionOptional. The encryption to apply to the boot disk.
image
$refDiskImageDefaults
descriptionThe image to use when creating the disk.
typeobject
CancelCloneJobRequest
descriptionRequest message for 'CancelCloneJob' request.
idCancelCloneJobRequest
properties
typeobject
CancelCutoverJobRequest
descriptionRequest message for 'CancelCutoverJob' request.
idCancelCutoverJobRequest
properties
typeobject
CancelImageImportJobRequest
descriptionRequest message for 'CancelImageImportJob' request.
idCancelImageImportJobRequest
properties
typeobject
CancelOperationRequest
descriptionThe request message for Operations.CancelOperation.
idCancelOperationRequest
properties
typeobject
ClientSecretCredentials
descriptionMessage describing Azure Credentials using tenant ID, client ID and secret.
idClientSecretCredentials
properties
clientId
descriptionAzure client ID.
typestring
clientSecret
descriptionInput only. Azure client secret.
typestring
tenantId
descriptionAzure tenant ID.
typestring
typeobject
CloneJob
descriptionCloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
idCloneJob
properties
computeEngineDisksTargetDetails
$refComputeEngineDisksTargetDetails
descriptionOutput only. Details of the target Persistent Disks in Compute Engine.
readOnlyTrue
computeEngineTargetDetails
$refComputeEngineTargetDetails
descriptionOutput only. Details of the target VM in Compute Engine.
readOnlyTrue
computeEngineVmDetails
$refTargetVMDetails
deprecatedTrue
descriptionOutput only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
readOnlyTrue
createTime
descriptionOutput only. The time the clone job was created (as an API call, not when it was actually created in the target).
formatgoogle-datetime
readOnlyTrue
typestring
endTime
descriptionOutput only. The time the clone job was ended.
formatgoogle-datetime
readOnlyTrue
typestring
error
$refStatus
descriptionOutput only. Provides details for the errors that led to the Clone Job's state.
readOnlyTrue
name
descriptionOutput only. The name of the clone.
readOnlyTrue
typestring
state
descriptionOutput only. State of the clone job.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • ACTIVE
  • FAILED
  • SUCCEEDED
  • CANCELLED
  • CANCELLING
  • ADAPTING_OS
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The clone job has not yet started.
  • The clone job is active and running.
  • The clone job finished with errors.
  • The clone job finished successfully.
  • The clone job was cancelled.
  • The clone job is being cancelled.
  • OS adaptation is running as part of the clone job to generate license.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last updated.
formatgoogle-datetime
readOnlyTrue
typestring
steps
descriptionOutput only. The clone steps list representing its progress.
items
$refCloneStep
readOnlyTrue
typearray
targetDetails
$refTargetVMDetails
deprecatedTrue
descriptionOutput only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
readOnlyTrue
typeobject
CloneStep
descriptionCloneStep holds information about the clone step progress.
idCloneStep
properties
adaptingOs
$refAdaptingOSStep
descriptionAdapting OS step.
endTime
descriptionThe time the step has ended.
formatgoogle-datetime
typestring
instantiatingMigratedVm
$refInstantiatingMigratedVMStep
descriptionInstantiating migrated VM step.
preparingVmDisks
$refPreparingVMDisksStep
descriptionPreparing VM disks step.
startTime
descriptionThe time the step has started.
formatgoogle-datetime
typestring
typeobject
ComputeEngineDisksTargetDefaults
descriptionComputeEngineDisksTargetDefaults is a collection of details for creating Persistent Disks in a target Compute Engine project.
idComputeEngineDisksTargetDefaults
properties
disks
descriptionThe details of each Persistent Disk to create.
items
$refPersistentDiskDefaults
typearray
disksTargetDefaults
$refDisksMigrationDisksTargetDefaults
descriptionDetails of the disk only migration target.
targetProject
descriptionThe full path of the resource of type TargetProject which represents the Compute Engine project in which to create the Persistent Disks.
typestring
vmTargetDefaults
$refDisksMigrationVmTargetDefaults
descriptionDetails of the VM migration target.
zone
descriptionThe zone in which to create the Persistent Disks.
typestring
typeobject
ComputeEngineDisksTargetDetails
descriptionComputeEngineDisksTargetDetails is a collection of created Persistent Disks details.
idComputeEngineDisksTargetDetails
properties
disks
descriptionThe details of each created Persistent Disk.
items
$refPersistentDisk
typearray
disksTargetDetails
$refDisksMigrationDisksTargetDetails
descriptionDetails of the disks-only migration target.
vmTargetDetails
$refDisksMigrationVmTargetDetails
descriptionDetails for the VM the migrated data disks are attached to.
typeobject
ComputeEngineTargetDefaults
descriptionComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project.
idComputeEngineTargetDefaults
properties
additionalLicenses
descriptionAdditional licenses to assign to the VM.
items
typestring
typearray
appliedLicense
$refAppliedLicense
descriptionOutput only. The OS license returned from the adaptation module report.
readOnlyTrue
bootConversion
descriptionOptional. By default the virtual machine will keep its existing boot option. Setting this property will trigger an internal process which will convert the virtual machine from using the existing boot option to another.
enum
  • BOOT_CONVERSION_UNSPECIFIED
  • NONE
  • BIOS_TO_EFI
enumDescriptions
  • Unspecified conversion type.
  • No conversion.
  • Convert from BIOS to EFI.
typestring
bootOption
descriptionOutput only. The VM Boot Option, as set in the source VM.
enum
  • COMPUTE_ENGINE_BOOT_OPTION_UNSPECIFIED
  • COMPUTE_ENGINE_BOOT_OPTION_EFI
  • COMPUTE_ENGINE_BOOT_OPTION_BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
readOnlyTrue
typestring
computeScheduling
$refComputeScheduling
descriptionCompute instance scheduling information (if empty default is used).
diskType
descriptionThe disk type to use in the VM.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance has integrity monitoring enabled. This can be set to true only if the VM boot option is EFI, and vTPM is enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance has vTPM enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
encryption
$refEncryption
descriptionOptional. Immutable. The encryption to apply to the VM disks.
hostname
descriptionThe hostname to assign to the VM.
typestring
labels
additionalProperties
typestring
descriptionA map of labels to associate with the VM.
typeobject
licenseType
descriptionThe license type to use in OS adaptation.
enum
  • COMPUTE_ENGINE_LICENSE_TYPE_DEFAULT
  • COMPUTE_ENGINE_LICENSE_TYPE_PAYG
  • COMPUTE_ENGINE_LICENSE_TYPE_BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
machineType
descriptionThe machine type to create the VM with.
typestring
machineTypeSeries
descriptionThe machine type series to create the VM with.
typestring
metadata
additionalProperties
typestring
descriptionThe metadata key/value pairs to assign to the VM.
typeobject
networkInterfaces
descriptionList of NICs connected to this VM.
items
$refNetworkInterface
typearray
networkTags
descriptionA list of network tags to associate with the VM.
items
typestring
typearray
secureBoot
descriptionDefines whether the instance has Secure Boot enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
serviceAccount
descriptionThe service account to associate the VM with.
typestring
targetProject
descriptionThe full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
typestring
vmName
descriptionThe name of the VM to create.
typestring
zone
descriptionThe zone in which to create the VM.
typestring
typeobject
ComputeEngineTargetDetails
descriptionComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project.
idComputeEngineTargetDetails
properties
additionalLicenses
descriptionAdditional licenses to assign to the VM.
items
typestring
typearray
appliedLicense
$refAppliedLicense
descriptionThe OS license returned from the adaptation module report.
bootConversion
descriptionOptional. By default the virtual machine will keep its existing boot option. Setting this property will trigger an internal process which will convert the virtual machine from using the existing boot option to another.
enum
  • BOOT_CONVERSION_UNSPECIFIED
  • NONE
  • BIOS_TO_EFI
enumDescriptions
  • Unspecified conversion type.
  • No conversion.
  • Convert from BIOS to EFI.
typestring
bootOption
descriptionThe VM Boot Option, as set in the source VM.
enum
  • COMPUTE_ENGINE_BOOT_OPTION_UNSPECIFIED
  • COMPUTE_ENGINE_BOOT_OPTION_EFI
  • COMPUTE_ENGINE_BOOT_OPTION_BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
typestring
computeScheduling
$refComputeScheduling
descriptionCompute instance scheduling information (if empty default is used).
diskType
descriptionThe disk type to use in the VM.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance has integrity monitoring enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance has vTPM enabled.
typeboolean
encryption
$refEncryption
descriptionOptional. The encryption to apply to the VM disks.
hostname
descriptionThe hostname to assign to the VM.
typestring
labels
additionalProperties
typestring
descriptionA map of labels to associate with the VM.
typeobject
licenseType
descriptionThe license type to use in OS adaptation.
enum
  • COMPUTE_ENGINE_LICENSE_TYPE_DEFAULT
  • COMPUTE_ENGINE_LICENSE_TYPE_PAYG
  • COMPUTE_ENGINE_LICENSE_TYPE_BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
machineType
descriptionThe machine type to create the VM with.
typestring
machineTypeSeries
descriptionThe machine type series to create the VM with.
typestring
metadata
additionalProperties
typestring
descriptionThe metadata key/value pairs to assign to the VM.
typeobject
networkInterfaces
descriptionList of NICs connected to this VM.
items
$refNetworkInterface
typearray
networkTags
descriptionA list of network tags to associate with the VM.
items
typestring
typearray
project
descriptionThe Google Cloud target project ID or project name.
typestring
secureBoot
descriptionDefines whether the instance has Secure Boot enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
serviceAccount
descriptionThe service account to associate the VM with.
typestring
vmName
descriptionThe name of the VM to create.
typestring
zone
descriptionThe zone in which to create the VM.
typestring
typeobject
ComputeScheduling
descriptionScheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. Options for instance behavior when the host machine undergoes maintenance that may temporarily impact instance performance.
idComputeScheduling
properties
automaticRestart
deprecatedTrue
typeboolean
minNodeCpus
descriptionThe minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
formatint32
typeinteger
nodeAffinities
descriptionA set of node affinity and anti-affinity configurations for sole tenant nodes.
items
$refSchedulingNodeAffinity
typearray
onHostMaintenance
descriptionHow the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
enum
  • ON_HOST_MAINTENANCE_UNSPECIFIED
  • TERMINATE
  • MIGRATE
enumDescriptions
  • An unknown, unexpected behavior.
  • Terminate the instance when the host machine undergoes maintenance.
  • Migrate the instance when the host machine undergoes maintenance.
typestring
restartType
descriptionWhether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
enum
  • RESTART_TYPE_UNSPECIFIED
  • AUTOMATIC_RESTART
  • NO_AUTOMATIC_RESTART
enumDescriptions
  • Unspecified behavior. This will use the default.
  • The Instance should be automatically restarted whenever it is terminated by Compute Engine.
  • The Instance isn't automatically restarted whenever it is terminated by Compute Engine.
typestring
typeobject
CreatingImageStep
descriptionCreatingImageStep contains specific step details.
idCreatingImageStep
properties
typeobject
CutoverForecast
descriptionCutoverForecast holds information about future CutoverJobs of a MigratingVm.
idCutoverForecast
properties
estimatedCutoverJobDuration
descriptionOutput only. Estimation of the CutoverJob duration.
formatgoogle-duration
readOnlyTrue
typestring
typeobject
CutoverJob
descriptionCutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and cloning the VM using the replicated snapshot.
idCutoverJob
properties
computeEngineDisksTargetDetails
$refComputeEngineDisksTargetDetails
descriptionOutput only. Details of the target Persistent Disks in Compute Engine.
readOnlyTrue
computeEngineTargetDetails
$refComputeEngineTargetDetails
descriptionOutput only. Details of the target VM in Compute Engine.
readOnlyTrue
computeEngineVmDetails
$refTargetVMDetails
deprecatedTrue
descriptionOutput only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
readOnlyTrue
createTime
descriptionOutput only. The time the cutover job was created (as an API call, not when it was actually created in the target).
formatgoogle-datetime
readOnlyTrue
typestring
endTime
descriptionOutput only. The time the cutover job had finished.
formatgoogle-datetime
readOnlyTrue
typestring
error
$refStatus
descriptionOutput only. Provides details for the errors that led to the Cutover Job's state.
readOnlyTrue
name
descriptionOutput only. The name of the cutover job.
readOnlyTrue
typestring
progress
deprecatedTrue
descriptionOutput only. The current progress in percentage of the cutover job.
formatint32
readOnlyTrue
typeinteger
progressPercent
descriptionOutput only. The current progress in percentage of the cutover job.
formatint32
readOnlyTrue
typeinteger
state
descriptionOutput only. State of the cutover job.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • FAILED
  • SUCCEEDED
  • CANCELLED
  • CANCELLING
  • ACTIVE
  • ADAPTING_OS
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The cutover job has not yet started.
  • The cutover job finished with errors.
  • The cutover job finished successfully.
  • The cutover job was cancelled.
  • The cutover job is being cancelled.
  • The cutover job is active and running.
  • OS adaptation is running as part of the cutover job to generate license.
readOnlyTrue
typestring
stateMessage
descriptionOutput only. A message providing possible extra details about the current state.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last updated.
formatgoogle-datetime
readOnlyTrue
typestring
steps
descriptionOutput only. The cutover steps list representing its progress.
items
$refCutoverStep
readOnlyTrue
typearray
targetDetails
$refTargetVMDetails
deprecatedTrue
descriptionOutput only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
readOnlyTrue
typeobject
CutoverStep
descriptionCutoverStep holds information about the cutover step progress.
idCutoverStep
properties
endTime
descriptionThe time the step has ended.
formatgoogle-datetime
typestring
finalSync
$refReplicationCycle
descriptionFinal sync step.
instantiatingMigratedVm
$refInstantiatingMigratedVMStep
descriptionInstantiating migrated VM step.
preparingVmDisks
$refPreparingVMDisksStep
descriptionPreparing VM disks step.
previousReplicationCycle
$refReplicationCycle
descriptionA replication cycle prior cutover step.
shuttingDownSourceVm
$refShuttingDownSourceVMStep
descriptionShutting down VM step.
startTime
descriptionThe time the step has started.
formatgoogle-datetime
typestring
typeobject
CycleStep
descriptionCycleStep holds information about a step progress.
idCycleStep
properties
endTime
descriptionThe time the cycle step has ended.
formatgoogle-datetime
typestring
initializingReplication
$refInitializingReplicationStep
descriptionInitializing replication step.
postProcessing
$refPostProcessingStep
descriptionPost processing step.
replicating
$refReplicatingStep
descriptionReplicating step.
startTime
descriptionThe time the cycle step has started.
formatgoogle-datetime
typestring
typeobject
DataDiskImageImport
descriptionMentions that the image import is not using OS adaptation process.
idDataDiskImageImport
properties
typeobject
DatacenterConnector
descriptionDatacenterConnector message describes a connector between the Source and Google Cloud, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to Google Cloud and support vm migration data transfer.
idDatacenterConnector
properties
applianceInfrastructureVersion
descriptionOutput only. Appliance OVA version. This is the OVA which is manually installed by the user and contains the infrastructure for the automatically updatable components on the appliance.
readOnlyTrue
typestring
applianceSoftwareVersion
descriptionOutput only. Appliance last installed update bundle version. This is the version of the automatically updatable components on the appliance.
readOnlyTrue
typestring
availableVersions
$refAvailableUpdates
descriptionOutput only. The available versions for updating this appliance.
readOnlyTrue
bucket
descriptionOutput only. The communication channel between the datacenter connector and Google Cloud.
readOnlyTrue
typestring
createTime
descriptionOutput only. The time the connector was created (as an API call, not when it was actually installed).
formatgoogle-datetime
readOnlyTrue
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the Datacenter Connector in case of an error.
readOnlyTrue
name
descriptionOutput only. The connector's name.
readOnlyTrue
typestring
registrationId
descriptionImmutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
typestring
serviceAccount
descriptionThe service account to use in the connector when communicating with the cloud.
typestring
state
descriptionOutput only. State of the DatacenterConnector, as determined by the health checks.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • OFFLINE
  • FAILED
  • ACTIVE
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The state was not sampled by the health checks yet.
  • The source was sampled by health checks and is not available.
  • The source is available but might not be usable yet due to unvalidated credentials or another reason. The credentials referred to are the ones to the Source. The error message will contain further details.
  • The source exists and its credentials were verified.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last set.
formatgoogle-datetime
readOnlyTrue
typestring
updateTime
descriptionOutput only. The last time the connector was updated with an API call.
formatgoogle-datetime
readOnlyTrue
typestring
upgradeStatus
$refUpgradeStatus
descriptionOutput only. The status of the current / last upgradeAppliance operation.
readOnlyTrue
version
descriptionThe version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
typestring
typeobject
Disk
descriptionA message describing a data disk.
idDisk
properties
lun
descriptionThe disk's Logical Unit Number (LUN).
formatint32
typeinteger
name
descriptionThe disk name.
typestring
sizeGb
descriptionThe disk size in GB.
formatint32
typeinteger
typeobject
DiskImageDefaults
descriptionContains details about the image source used to create the disk.
idDiskImageDefaults
properties
sourceImage
descriptionRequired. The Image resource used when creating the disk.
typestring
typeobject
DiskImageTargetDetails
descriptionThe target details of the image resource that will be created by the import job.
idDiskImageTargetDetails
properties
additionalLicenses
descriptionOptional. Additional licenses to assign to the image. Format: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/licenses/LICENSE_NAME Or https://www.googleapis.com/compute/beta/projects/PROJECT_ID/global/licenses/LICENSE_NAME
items
typestring
typearray
dataDiskImageImport
$refDataDiskImageImport
descriptionOptional. Use to skip OS adaptation process.
description
descriptionOptional. An optional description of the image.
typestring
encryption
$refEncryption
descriptionImmutable. The encryption to apply to the image.
familyName
descriptionOptional. The name of the image family to which the new image belongs.
typestring
imageName
descriptionRequired. The name of the image to be created.
typestring
labels
additionalProperties
typestring
descriptionOptional. A map of labels to associate with the image.
typeobject
osAdaptationParameters
$refImageImportOsAdaptationParameters
descriptionOptional. Use to set the parameters relevant for the OS adaptation process.
singleRegionStorage
descriptionOptional. Set to true to set the image storageLocations to the single region of the import job. When false, the closest multi-region is selected.
typeboolean
targetProject
descriptionRequired. Reference to the TargetProject resource that represents the target project in which the imported image will be created.
typestring
typeobject
DisksMigrationDisksTargetDefaults
descriptionDetails for a disk only migration.
idDisksMigrationDisksTargetDefaults
properties
typeobject
DisksMigrationDisksTargetDetails
descriptionDetails for a disks-only migration.
idDisksMigrationDisksTargetDetails
properties
typeobject
DisksMigrationVmTargetDefaults
descriptionDetails for creation of a VM that migrated data disks will be attached to.
idDisksMigrationVmTargetDefaults
properties
additionalLicenses
descriptionOptional. Additional licenses to assign to the VM.
items
typestring
typearray
bootDiskDefaults
$refBootDiskDefaults
descriptionOptional. Details of the boot disk of the VM.
computeScheduling
$refComputeScheduling
descriptionOptional. Compute instance scheduling information (if empty default is used).
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance has integrity monitoring enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance has vTPM enabled.
typeboolean
encryption
$refEncryption
descriptionOptional. The encryption to apply to the VM.
hostname
descriptionOptional. The hostname to assign to the VM.
typestring
labels
additionalProperties
typestring
descriptionOptional. A map of labels to associate with the VM.
typeobject
machineType
descriptionRequired. The machine type to create the VM with.
typestring
machineTypeSeries
descriptionOptional. The machine type series to create the VM with. For presentation only.
typestring
metadata
additionalProperties
typestring
descriptionOptional. The metadata key/value pairs to assign to the VM.
typeobject
networkInterfaces
descriptionOptional. NICs to attach to the VM.
items
$refNetworkInterface
typearray
networkTags
descriptionOptional. A list of network tags to associate with the VM.
items
typestring
typearray
secureBoot
descriptionOptional. Defines whether the instance has Secure Boot enabled. This can be set to true only if the VM boot option is EFI.
typeboolean
serviceAccount
descriptionOptional. The service account to associate the VM with.
typestring
vmName
descriptionRequired. The name of the VM to create.
typestring
typeobject
DisksMigrationVmTargetDetails
descriptionDetails for the VM created VM as part of disks migration.
idDisksMigrationVmTargetDetails
properties
vmUri
descriptionOutput only. The URI of the Compute Engine VM.
readOnlyTrue
typestring
typeobject
Empty
descriptionA generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
idEmpty
properties
typeobject
Encryption
descriptionEncryption message describes the details of the applied encryption.
idEncryption
properties
kmsKey
descriptionRequired. The name of the encryption key that is stored in Google Cloud KMS.
typestring
typeobject
FetchInventoryResponse
descriptionResponse message for fetchInventory.
idFetchInventoryResponse
properties
awsVms
$refAwsVmsDetails
descriptionThe description of the VMs in a Source of type AWS.
azureVms
$refAzureVmsDetails
descriptionThe description of the VMs in a Source of type Azure.
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
updateTime
descriptionOutput only. The timestamp when the source was last queried (if the result is from the cache).
formatgoogle-datetime
readOnlyTrue
typestring
vmwareVms
$refVmwareVmsDetails
descriptionThe description of the VMs in a Source of type Vmware.
typeobject
FinalizeMigrationRequest
descriptionRequest message for 'FinalizeMigration' request.
idFinalizeMigrationRequest
properties
typeobject
Group
descriptionDescribes message for 'Group' resource. The Group is a collections of several MigratingVms.
idGroup
properties
createTime
descriptionOutput only. The create time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionUser-provided description of the group.
typestring
displayName
descriptionDisplay name is a user defined name for this group which can be updated.
typestring
migrationTargetType
descriptionImmutable. The target type of this group.
enum
  • MIGRATION_TARGET_TYPE_UNSPECIFIED
  • MIGRATION_TARGET_TYPE_GCE
  • MIGRATION_TARGET_TYPE_DISKS
enumDescriptions
  • Group type is not specified. This defaults to Compute Engine targets.
  • All MigratingVMs in the group must have Compute Engine targets.
  • All MigratingVMs in the group must have Compute Engine Disks targets.
typestring
name
descriptionOutput only. The Group name.
readOnlyTrue
typestring
updateTime
descriptionOutput only. The update time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
ImageImport
descriptionImageImport describes the configuration of the image import to run.
idImageImport
properties
cloudStorageUri
descriptionImmutable. The path to the Cloud Storage file from which the image should be imported.
typestring
createTime
descriptionOutput only. The time the image import was created.
formatgoogle-datetime
readOnlyTrue
typestring
diskImageTargetDefaults
$refDiskImageTargetDetails
descriptionImmutable. Target details for importing a disk image, will be used by ImageImportJob.
encryption
$refEncryption
descriptionImmutable. The encryption details used by the image import process during the image adaptation for Compute Engine.
machineImageTargetDefaults
$refMachineImageTargetDetails
descriptionImmutable. Target details for importing a machine image, will be used by ImageImportJob.
name
descriptionOutput only. The resource path of the ImageImport.
readOnlyTrue
typestring
recentImageImportJobs
descriptionOutput only. The result of the most recent runs for this ImageImport. All jobs for this ImageImport can be listed via ListImageImportJobs.
items
$refImageImportJob
readOnlyTrue
typearray
typeobject
ImageImportJob
descriptionImageImportJob describes the progress and result of an image import.
idImageImportJob
properties
cloudStorageUri
descriptionOutput only. The path to the Cloud Storage file from which the image should be imported.
readOnlyTrue
typestring
createTime
descriptionOutput only. The time the image import was created (as an API call, not when it was actually created in the target).
formatgoogle-datetime
readOnlyTrue
typestring
createdResources
descriptionOutput only. The resource paths of the resources created by the image import job.
items
typestring
readOnlyTrue
typearray
diskImageTargetDetails
$refDiskImageTargetDetails
descriptionOutput only. Target details used to import a disk image.
readOnlyTrue
endTime
descriptionOutput only. The time the image import was ended.
formatgoogle-datetime
readOnlyTrue
typestring
errors
descriptionOutput only. Provides details on the error that led to the image import state in case of an error.
items
$refStatus
readOnlyTrue
typearray
machineImageTargetDetails
$refMachineImageTargetDetails
descriptionOutput only. Target details used to import a machine image.
readOnlyTrue
name
descriptionOutput only. The resource path of the ImageImportJob.
readOnlyTrue
typestring
state
descriptionOutput only. The state of the image import.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • RUNNING
  • SUCCEEDED
  • FAILED
  • CANCELLING
  • CANCELLED
enumDescriptions
  • The state is unknown.
  • The image import has not yet started.
  • The image import is active and running.
  • The image import has finished successfully.
  • The image import has finished with errors.
  • The image import is being cancelled.
  • The image import was cancelled.
readOnlyTrue
typestring
steps
descriptionOutput only. The image import steps list representing its progress.
items
$refImageImportStep
readOnlyTrue
typearray
warnings
descriptionOutput only. Warnings that occurred during the image import.
items
$refMigrationWarning
readOnlyTrue
typearray
typeobject
ImageImportOsAdaptationParameters
descriptionParameters affecting the OS adaptation process.
idImageImportOsAdaptationParameters
properties
generalize
descriptionOptional. Set to true in order to generalize the imported image. The generalization process enables co-existence of multiple VMs created from the same image. For Windows, generalizing the image removes computer-specific information such as installed drivers and the computer security identifier (SID).
typeboolean
licenseType
descriptionOptional. Choose which type of license to apply to the imported image.
enum
  • COMPUTE_ENGINE_LICENSE_TYPE_DEFAULT
  • COMPUTE_ENGINE_LICENSE_TYPE_PAYG
  • COMPUTE_ENGINE_LICENSE_TYPE_BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
typeobject
ImageImportStep
descriptionImageImportStep holds information about the image import step progress.
idImageImportStep
properties
adaptingOs
$refAdaptingOSStep
descriptionAdapting OS step.
creatingImage
$refCreatingImageStep
descriptionCreating image step.
endTime
descriptionOutput only. The time the step has ended.
formatgoogle-datetime
readOnlyTrue
typestring
initializing
$refInitializingImageImportStep
descriptionInitializing step.
loadingSourceFiles
$refLoadingImageSourceFilesStep
descriptionLoading source files step.
startTime
descriptionOutput only. The time the step has started.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
InitializingImageImportStep
descriptionInitializingImageImportStep contains specific step details.
idInitializingImageImportStep
properties
typeobject
InitializingReplicationStep
descriptionInitializingReplicationStep contains specific step details.
idInitializingReplicationStep
properties
typeobject
InstantiatingMigratedVMStep
descriptionInstantiatingMigratedVMStep contains specific step details.
idInstantiatingMigratedVMStep
properties
typeobject
Link
descriptionDescribes a URL link.
idLink
properties
description
descriptionDescribes what the link offers.
typestring
url
descriptionThe URL of the link.
typestring
typeobject
ListCloneJobsResponse
descriptionResponse message for 'ListCloneJobs' request.
idListCloneJobsResponse
properties
cloneJobs
descriptionOutput only. The list of clone jobs response.
items
$refCloneJob
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListCutoverJobsResponse
descriptionResponse message for 'ListCutoverJobs' request.
idListCutoverJobsResponse
properties
cutoverJobs
descriptionOutput only. The list of cutover jobs response.
items
$refCutoverJob
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListDatacenterConnectorsResponse
descriptionResponse message for 'ListDatacenterConnectors' request.
idListDatacenterConnectorsResponse
properties
datacenterConnectors
descriptionOutput only. The list of sources response.
items
$refDatacenterConnector
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListGroupsResponse
descriptionResponse message for 'ListGroups' request.
idListGroupsResponse
properties
groups
descriptionOutput only. The list of groups response.
items
$refGroup
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListImageImportJobsResponse
descriptionResponse message for 'ListImageImportJobs' call.
idListImageImportJobsResponse
properties
imageImportJobs
descriptionOutput only. The list of target response.
items
$refImageImportJob
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListImageImportsResponse
descriptionResponse message for 'ListImageImports' call.
idListImageImportsResponse
properties
imageImports
descriptionOutput only. The list of target response.
items
$refImageImport
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListLocationsResponse
descriptionThe response message for Locations.ListLocations.
idListLocationsResponse
properties
locations
descriptionA list of locations that matches the specified filter in the request.
items
$refLocation
typearray
nextPageToken
descriptionThe standard List next-page token.
typestring
typeobject
ListMigratingVmsResponse
descriptionResponse message for 'ListMigratingVms' request.
idListMigratingVmsResponse
properties
migratingVms
descriptionOutput only. The list of Migrating VMs response.
items
$refMigratingVm
readOnlyTrue
typearray
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListOperationsResponse
descriptionThe response message for Operations.ListOperations.
idListOperationsResponse
properties
nextPageToken
descriptionThe standard List next-page token.
typestring
operations
descriptionA list of operations that matches the specified filter in the request.
items
$refOperation
typearray
typeobject
ListReplicationCyclesResponse
descriptionResponse message for 'ListReplicationCycles' request.
idListReplicationCyclesResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
replicationCycles
descriptionOutput only. The list of replication cycles response.
items
$refReplicationCycle
readOnlyTrue
typearray
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListSourcesResponse
descriptionResponse message for 'ListSources' request.
idListSourcesResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
sources
descriptionOutput only. The list of sources response.
items
$refSource
readOnlyTrue
typearray
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListTargetProjectsResponse
descriptionResponse message for 'ListTargetProjects' call.
idListTargetProjectsResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
targetProjects
descriptionOutput only. The list of target response.
items
$refTargetProject
readOnlyTrue
typearray
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
typeobject
ListUtilizationReportsResponse
descriptionResponse message for 'ListUtilizationReports' request.
idListUtilizationReportsResponse
properties
nextPageToken
descriptionOutput only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
readOnlyTrue
typestring
unreachable
descriptionOutput only. Locations that could not be reached.
items
typestring
readOnlyTrue
typearray
utilizationReports
descriptionOutput only. The list of reports.
items
$refUtilizationReport
readOnlyTrue
typearray
typeobject
LoadingImageSourceFilesStep
descriptionLoadingImageSourceFilesStep contains specific step details.
idLoadingImageSourceFilesStep
properties
typeobject
LocalizedMessage
descriptionProvides a localized error message that is safe to return to the user which can be attached to an RPC error.
idLocalizedMessage
properties
locale
descriptionThe locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX"
typestring
message
descriptionThe localized error message in the above locale.
typestring
typeobject
Location
descriptionA resource that represents a Google Cloud location.
idLocation
properties
displayName
descriptionThe friendly name for this location, typically a nearby city name. For example, "Tokyo".
typestring
labels
additionalProperties
typestring
descriptionCross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
typeobject
locationId
descriptionThe canonical id for this location. For example: `"us-east1"`.
typestring
metadata
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionService-specific metadata. For example the available capacity at the given location.
typeobject
name
descriptionResource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
typestring
typeobject
MachineImageParametersOverrides
descriptionParameters overriding decisions based on the source machine image configurations.
idMachineImageParametersOverrides
properties
machineType
descriptionOptional. The machine type to create the MachineImage with. If empty, the service will choose a relevant machine type based on the information from the source image. For more information about machine types, please refer to https://cloud.google.com/compute/docs/machine-resource.
typestring
typeobject
MachineImageTargetDetails
descriptionThe target details of the machine image resource that will be created by the image import job.
idMachineImageTargetDetails
properties
additionalLicenses
descriptionOptional. Additional licenses to assign to the instance created by the machine image. Format: https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/licenses/LICENSE_NAME Or https://www.googleapis.com/compute/beta/projects/PROJECT_ID/global/licenses/LICENSE_NAME
items
typestring
typearray
description
descriptionOptional. An optional description of the machine image.
typestring
encryption
$refEncryption
descriptionImmutable. The encryption to apply to the machine image.
labels
additionalProperties
typestring
descriptionOptional. The labels to apply to the instance created by the machine image.
typeobject
machineImageName
descriptionRequired. The name of the machine image to be created.
typestring
machineImageParametersOverrides
$refMachineImageParametersOverrides
descriptionOptional. Parameters overriding decisions based on the source machine image configurations.
networkInterfaces
descriptionOptional. The network interfaces to create with the instance created by the machine image. Internal and external IP addresses are ignored for machine image import.
items
$refNetworkInterface
typearray
osAdaptationParameters
$refImageImportOsAdaptationParameters
descriptionOptional. Use to set the parameters relevant for the OS adaptation process.
serviceAccount
$refServiceAccount
descriptionOptional. The service account to assign to the instance created by the machine image.
shieldedInstanceConfig
$refShieldedInstanceConfig
descriptionOptional. Shielded instance configuration.
singleRegionStorage
descriptionOptional. Set to true to set the machine image storageLocations to the single region of the import job. When false, the closest multi-region is selected.
typeboolean
skipOsAdaptation
$refSkipOsAdaptation
descriptionOptional. Use to skip OS adaptation process.
tags
descriptionOptional. The tags to apply to the instance created by the machine image.
items
typestring
typearray
targetProject
descriptionRequired. Reference to the TargetProject resource that represents the target project in which the imported machine image will be created.
typestring
typeobject
MigratingVm
descriptionMigratingVm describes the VM that will be migrated from a Source environment and its replication state.
idMigratingVm
properties
awsSourceVmDetails
$refAwsSourceVmDetails
descriptionOutput only. Details of the VM from an AWS source.
readOnlyTrue
azureSourceVmDetails
$refAzureSourceVmDetails
descriptionOutput only. Details of the VM from an Azure source.
readOnlyTrue
computeEngineDisksTargetDefaults
$refComputeEngineDisksTargetDefaults
descriptionDetails of the target Persistent Disks in Compute Engine.
computeEngineTargetDefaults
$refComputeEngineTargetDefaults
descriptionDetails of the target VM in Compute Engine.
computeEngineVmDefaults
$refTargetVMDetails
deprecatedTrue
descriptionDetails of the VM in Compute Engine. Deprecated: Use compute_engine_target_defaults instead.
createTime
descriptionOutput only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
formatgoogle-datetime
readOnlyTrue
typestring
currentSyncInfo
$refReplicationCycle
descriptionOutput only. Details of the current running replication cycle.
readOnlyTrue
cutoverForecast
$refCutoverForecast
descriptionOutput only. Provides details of future CutoverJobs of a MigratingVm. Set to empty when cutover forecast is unavailable.
readOnlyTrue
description
descriptionThe description attached to the migrating VM by the user.
typestring
displayName
descriptionThe display name attached to the MigratingVm by the user.
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the Migrating VM in case of an error in replication.
readOnlyTrue
group
descriptionOutput only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
readOnlyTrue
typestring
labels
additionalProperties
typestring
descriptionThe labels of the migrating VM.
typeobject
lastReplicationCycle
$refReplicationCycle
descriptionOutput only. Details of the last replication cycle. This will be updated whenever a replication cycle is finished and is not to be confused with last_sync which is only updated on successful replication cycles.
readOnlyTrue
lastSync
$refReplicationSync
descriptionOutput only. The most updated snapshot created time in the source that finished replication.
readOnlyTrue
name
descriptionOutput only. The identifier of the MigratingVm.
readOnlyTrue
typestring
policy
$refSchedulePolicy
descriptionThe replication schedule policy.
recentCloneJobs
descriptionOutput only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
items
$refCloneJob
readOnlyTrue
typearray
recentCutoverJobs
descriptionOutput only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
items
$refCutoverJob
readOnlyTrue
typearray
sourceVmId
descriptionThe unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
typestring
state
descriptionOutput only. State of the MigratingVm.
enum
  • STATE_UNSPECIFIED
  • PENDING
  • READY
  • FIRST_SYNC
  • ACTIVE
  • CUTTING_OVER
  • CUTOVER
  • FINAL_SYNC
  • PAUSED
  • FINALIZING
  • FINALIZED
  • ERROR
enumDescriptions
  • The state was not sampled by the health checks yet.
  • The VM in the source is being verified.
  • The source VM was verified, and it's ready to start replication.
  • Migration is going through the first sync cycle.
  • The replication is active, and it's running or scheduled to run.
  • The source VM is being turned off, and a final replication is currently running.
  • The source VM was stopped and replicated. The replication is currently paused.
  • A cutover job is active and replication cycle is running the final sync.
  • The replication was paused by the user and no cycles are scheduled to run.
  • The migrating VM is being finalized and migration resources are being removed.
  • The replication process is done. The migrating VM is finalized and no longer consumes billable resources.
  • The replication process encountered an unrecoverable error and was aborted.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The last time the migrating VM state was updated.
formatgoogle-datetime
readOnlyTrue
typestring
targetDefaults
$refTargetVMDetails
deprecatedTrue
descriptionThe default configuration of the target VM that will be created in Google Cloud as a result of the migration. Deprecated: Use compute_engine_target_defaults instead.
updateTime
descriptionOutput only. The last time the migrating VM resource was updated.
formatgoogle-datetime
readOnlyTrue
typestring
vmwareSourceVmDetails
$refVmwareSourceVmDetails
descriptionOutput only. Details of the VM from a Vmware source.
readOnlyTrue
typeobject
MigrationError
descriptionRepresents migration resource error information that can be used with google.rpc.Status message. MigrationError is used to present the user with error information in migration operations.
idMigrationError
properties
actionItem
$refLocalizedMessage
descriptionOutput only. Suggested action for solving the error.
readOnlyTrue
code
descriptionOutput only. The error code.
enum
  • ERROR_CODE_UNSPECIFIED
  • UNKNOWN_ERROR
  • SOURCE_VALIDATION_ERROR
  • SOURCE_REPLICATION_ERROR
  • TARGET_REPLICATION_ERROR
  • OS_ADAPTATION_ERROR
  • CLONE_ERROR
  • CUTOVER_ERROR
  • UTILIZATION_REPORT_ERROR
  • APPLIANCE_UPGRADE_ERROR
  • IMAGE_IMPORT_ERROR
enumDescriptions
  • Default value. This value is not used.
  • Migrate to Virtual Machines encountered an unknown error.
  • Migrate to Virtual Machines encountered an error while validating replication source health.
  • Migrate to Virtual Machines encountered an error during source data operation.
  • Migrate to Virtual Machines encountered an error during target data operation.
  • Migrate to Virtual Machines encountered an error during OS adaptation.
  • Migrate to Virtual Machines encountered an error in clone operation.
  • Migrate to Virtual Machines encountered an error in cutover operation.
  • Migrate to Virtual Machines encountered an error during utilization report creation.
  • Migrate to Virtual Machines encountered an error during appliance upgrade.
  • Migrate to Virtual Machines encountered an error in image import operation.
readOnlyTrue
typestring
errorMessage
$refLocalizedMessage
descriptionOutput only. The localized error message.
readOnlyTrue
errorTime
descriptionOutput only. The time the error occurred.
formatgoogle-datetime
readOnlyTrue
typestring
helpLinks
descriptionOutput only. URL(s) pointing to additional information on handling the current error.
items
$refLink
readOnlyTrue
typearray
typeobject
MigrationWarning
descriptionRepresents migration resource warning information that can be used with google.rpc.Status message. MigrationWarning is used to present the user with warning information in migration operations.
idMigrationWarning
properties
actionItem
$refLocalizedMessage
descriptionOutput only. Suggested action for solving the warning.
readOnlyTrue
code
descriptionThe warning code.
enum
  • WARNING_CODE_UNSPECIFIED
  • ADAPTATION_WARNING
enumDescriptions
  • Default value. This value is not used.
  • A warning originated from OS Adaptation.
typestring
helpLinks
descriptionOutput only. URL(s) pointing to additional information on handling the current warning.
items
$refLink
readOnlyTrue
typearray
warningMessage
$refLocalizedMessage
descriptionOutput only. The localized warning message.
readOnlyTrue
warningTime
descriptionThe time the warning occurred.
formatgoogle-datetime
typestring
typeobject
NetworkInterface
descriptionNetworkInterface represents a NIC of a VM.
idNetworkInterface
properties
externalIp
descriptionOptional. The external IP to define in the NIC.
typestring
internalIp
descriptionOptional. The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
typestring
network
descriptionThe network to connect the NIC to.
typestring
networkTier
descriptionOptional. The networking tier used for optimizing connectivity between instances and systems on the internet. Applies only for external ephemeral IP addresses. If left empty, will default to PREMIUM.
enum
  • COMPUTE_ENGINE_NETWORK_TIER_UNSPECIFIED
  • NETWORK_TIER_STANDARD
  • NETWORK_TIER_PREMIUM
enumDescriptions
  • An unspecified network tier. Will be used as PREMIUM.
  • A standard network tier.
  • A premium network tier.
typestring
subnetwork
descriptionOptional. The subnetwork to connect the NIC to.
typestring
typeobject
OSDescription
descriptionA message describing the VM's OS. Including OS, Publisher, Offer and Plan if applicable.
idOSDescription
properties
offer
descriptionOS offer.
typestring
plan
descriptionOS plan.
typestring
publisher
descriptionOS publisher.
typestring
type
descriptionOS type.
typestring
typeobject
OSDisk
descriptionA message describing the OS disk.
idOSDisk
properties
name
descriptionThe disk's full name.
typestring
sizeGb
descriptionThe disk's size in GB.
formatint32
typeinteger
type
descriptionThe disk's type.
typestring
typeobject
Operation
descriptionThis resource represents a long-running operation that is the result of a network API call.
idOperation
properties
done
descriptionIf the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
typeboolean
error
$refStatus
descriptionThe error result of the operation in case of failure or cancellation.
metadata
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
typeobject
name
descriptionThe server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
typestring
response
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
typeobject
typeobject
OperationMetadata
descriptionRepresents the metadata of the long-running operation.
idOperationMetadata
properties
apiVersion
descriptionOutput only. API version used to start the operation.
readOnlyTrue
typestring
createTime
descriptionOutput only. The time the operation was created.
formatgoogle-datetime
readOnlyTrue
typestring
endTime
descriptionOutput only. The time the operation finished running.
formatgoogle-datetime
readOnlyTrue
typestring
requestedCancellation
descriptionOutput only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
readOnlyTrue
typeboolean
statusMessage
descriptionOutput only. Human-readable status of the operation, if any.
readOnlyTrue
typestring
target
descriptionOutput only. Server-defined resource path for the target of the operation.
readOnlyTrue
typestring
verb
descriptionOutput only. Name of the verb executed by the operation.
readOnlyTrue
typestring
typeobject
PauseMigrationRequest
descriptionRequest message for 'PauseMigration' request.
idPauseMigrationRequest
properties
typeobject
PersistentDisk
descriptionDetails of a created Persistent Disk.
idPersistentDisk
properties
diskUri
descriptionThe URI of the Persistent Disk.
typestring
sourceDiskNumber
descriptionThe ordinal number of the source VM disk.
formatint32
typeinteger
typeobject
PersistentDiskDefaults
descriptionDetails for creation of a Persistent Disk.
idPersistentDiskDefaults
properties
additionalLabels
additionalProperties
typestring
descriptionA map of labels to associate with the Persistent Disk.
typeobject
diskName
descriptionOptional. The name of the Persistent Disk to create.
typestring
diskType
descriptionThe disk type to use.
enum
  • COMPUTE_ENGINE_DISK_TYPE_UNSPECIFIED
  • COMPUTE_ENGINE_DISK_TYPE_STANDARD
  • COMPUTE_ENGINE_DISK_TYPE_SSD
  • COMPUTE_ENGINE_DISK_TYPE_BALANCED
  • COMPUTE_ENGINE_DISK_TYPE_HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • SSD hard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • Hyperdisk balanced disk type.
typestring
encryption
$refEncryption
descriptionOptional. The encryption to apply to the disk.
sourceDiskNumber
descriptionRequired. The ordinal number of the source VM disk.
formatint32
typeinteger
vmAttachmentDetails
$refVmAttachmentDetails
descriptionOptional. Details for attachment of the disk to a VM. Used when the disk is set to be attached to a target VM.
typeobject
PostProcessingStep
descriptionPostProcessingStep contains specific step details.
idPostProcessingStep
properties
typeobject
PreparingVMDisksStep
descriptionPreparingVMDisksStep contains specific step details.
idPreparingVMDisksStep
properties
typeobject
RemoveGroupMigrationRequest
descriptionRequest message for 'RemoveMigration' request.
idRemoveGroupMigrationRequest
properties
migratingVm
descriptionThe MigratingVm to remove.
typestring
typeobject
ReplicatingStep
descriptionReplicatingStep contains specific step details.
idReplicatingStep
properties
lastThirtyMinutesAverageBytesPerSecond
descriptionThe source disks replication rate for the last 30 minutes in bytes per second.
formatint64
typestring
lastTwoMinutesAverageBytesPerSecond
descriptionThe source disks replication rate for the last 2 minutes in bytes per second.
formatint64
typestring
replicatedBytes
descriptionReplicated bytes in the step.
formatint64
typestring
totalBytes
descriptionTotal bytes to be handled in the step.
formatint64
typestring
typeobject
ReplicationCycle
descriptionReplicationCycle contains information about the current replication cycle status.
idReplicationCycle
properties
cycleNumber
descriptionThe cycle's ordinal number.
formatint32
typeinteger
endTime
descriptionThe time the replication cycle has ended.
formatgoogle-datetime
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the cycle in case of an error.
readOnlyTrue
name
descriptionThe identifier of the ReplicationCycle.
typestring
progress
deprecatedTrue
descriptionThe current progress in percentage of this cycle.
formatint32
typeinteger
progressPercent
deprecatedTrue
descriptionThe current progress in percentage of this cycle. Was replaced by 'steps' field, which breaks down the cycle progression more accurately.
formatint32
typeinteger
startTime
descriptionThe time the replication cycle has started.
formatgoogle-datetime
typestring
state
descriptionState of the ReplicationCycle.
enum
  • STATE_UNSPECIFIED
  • RUNNING
  • PAUSED
  • FAILED
  • SUCCEEDED
enumDescriptions
  • The state is unknown. This is used for API compatibility only and is not used by the system.
  • The replication cycle is running.
  • The replication cycle is paused.
  • The replication cycle finished with errors.
  • The replication cycle finished successfully.
typestring
steps
descriptionThe cycle's steps list representing its progress.
items
$refCycleStep
typearray
totalPauseDuration
descriptionThe accumulated duration the replication cycle was paused.
formatgoogle-duration
typestring
warnings
descriptionOutput only. Warnings that occurred during the cycle.
items
$refMigrationWarning
readOnlyTrue
typearray
typeobject
ReplicationSync
descriptionReplicationSync contain information about the last replica sync to the cloud.
idReplicationSync
properties
lastSyncTime
descriptionThe most updated snapshot created time in the source that finished replication.
formatgoogle-datetime
typestring
typeobject
ResumeMigrationRequest
descriptionRequest message for 'ResumeMigration' request.
idResumeMigrationRequest
properties
typeobject
SchedulePolicy
descriptionA policy for scheduling replications.
idSchedulePolicy
properties
idleDuration
descriptionThe idle duration between replication stages.
formatgoogle-duration
typestring
skipOsAdaptation
descriptionA flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
typeboolean
typeobject
SchedulingNodeAffinity
descriptionNode Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
idSchedulingNodeAffinity
properties
key
descriptionThe label key of Node resource to reference.
typestring
operator
descriptionThe operator to use for the node resources specified in the `values` parameter.
enum
  • OPERATOR_UNSPECIFIED
  • IN
  • NOT_IN
enumDescriptions
  • An unknown, unexpected behavior.
  • The node resource group should be in these resources affinity.
  • The node resource group should not be in these resources affinity.
typestring
values
descriptionCorresponds to the label values of Node resource.
items
typestring
typearray
typeobject
ServiceAccount
descriptionService account to assign to the instance created by the machine image.
idServiceAccount
properties
email
descriptionRequired. The email address of the service account.
typestring
scopes
descriptionOptional. The list of scopes to be made available for this service account.
items
typestring
typearray
typeobject
ShieldedInstanceConfig
descriptionShielded instance configuration.
idShieldedInstanceConfig
properties
enableIntegrityMonitoring
descriptionOptional. Defines whether the instance created by the machine image has integrity monitoring enabled. This can be set to true only if the image boot option is EFI, and vTPM is enabled.
typeboolean
enableVtpm
descriptionOptional. Defines whether the instance created by the machine image has vTPM enabled. This can be set to true only if the image boot option is EFI.
typeboolean
secureBoot
descriptionOptional. Defines whether the instance created by the machine image has Secure Boot enabled. This can be set to true only if the image boot option is EFI.
enum
  • SECURE_BOOT_UNSPECIFIED
  • TRUE
  • FALSE
enumDescriptions
  • No explicit value is selected. Will use the configuration of the source (if exists, otherwise the default will be false).
  • Use secure boot. This can be set to true only if the image boot option is EFI.
  • Do not use secure boot.
typestring
typeobject
ShuttingDownSourceVMStep
descriptionShuttingDownSourceVMStep contains specific step details.
idShuttingDownSourceVMStep
properties
typeobject
SkipOsAdaptation
descriptionMentions that the machine image import is not using OS adaptation process.
idSkipOsAdaptation
properties
typeobject
Source
descriptionSource message describes a specific vm migration Source resource. It contains the source environment information.
idSource
properties
aws
$refAwsSourceDetails
descriptionAWS type source details.
azure
$refAzureSourceDetails
descriptionAzure type source details.
createTime
descriptionOutput only. The create time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionUser-provided description of the source.
typestring
encryption
$refEncryption
descriptionOptional. Immutable. The encryption details of the source data stored by the service.
error
$refStatus
deprecatedTrue
descriptionOutput only. Provides details on the state of the Source in case of an error.
readOnlyTrue
labels
additionalProperties
typestring
descriptionThe labels of the source.
typeobject
name
descriptionOutput only. The Source name.
readOnlyTrue
typestring
updateTime
descriptionOutput only. The update time timestamp.
formatgoogle-datetime
readOnlyTrue
typestring
vmware
$refVmwareSourceDetails
descriptionVmware type source details.
typeobject
StartMigrationRequest
descriptionRequest message for 'StartMigrationRequest' request.
idStartMigrationRequest
properties
typeobject
Status
descriptionThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).
idStatus
properties
code
descriptionThe status code, which should be an enum value of google.rpc.Code.
formatint32
typeinteger
details
descriptionA list of messages that carry the error details. There is a common set of message types for APIs to use.
items
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
typeobject
typearray
message
descriptionA developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
typestring
typeobject
Tag
descriptionTag is an AWS tag representation.
idTag
properties
key
descriptionRequired. Key of tag.
typestring
value
descriptionRequired. Value of tag.
typestring
typeobject
TargetProject
descriptionTargetProject message represents a target Compute Engine project for a migration or a clone.
idTargetProject
properties
createTime
descriptionOutput only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionThe target project's description.
typestring
name
descriptionOutput only. The name of the target project.
readOnlyTrue
typestring
project
descriptionRequired. The target project ID (number) or project name.
typestring
updateTime
descriptionOutput only. The last time the target project resource was updated.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
TargetVMDetails
deprecatedTrue
descriptionTargetVMDetails is a collection of details for creating a VM in a target Compute Engine project.
idTargetVMDetails
properties
appliedLicense
$refAppliedLicense
descriptionOutput only. The OS license returned from the adaptation module report.
readOnlyTrue
bootOption
descriptionOutput only. The VM Boot Option, as set in the source VM.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
readOnlyTrue
typestring
computeScheduling
$refComputeScheduling
descriptionCompute instance scheduling information (if empty default is used).
diskType
descriptionThe disk type to use in the VM.
enum
  • DISK_TYPE_UNSPECIFIED
  • STANDARD
  • BALANCED
  • SSD
  • HYPERDISK_BALANCED
enumDescriptions
  • An unspecified disk type. Will be used as STANDARD.
  • A Standard disk type.
  • An alternative to SSD persistent disks that balance performance and cost.
  • SSD hard disk type.
  • Hyperdisk balanced disk type.
typestring
externalIp
descriptionThe external IP to define in the VM.
typestring
internalIp
descriptionThe internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
typestring
labels
additionalProperties
typestring
descriptionA map of labels to associate with the VM.
typeobject
licenseType
descriptionThe license type to use in OS adaptation.
enum
  • DEFAULT
  • PAYG
  • BYOL
enumDescriptions
  • The license type is the default for the OS.
  • The license type is Pay As You Go license type.
  • The license type is Bring Your Own License type.
typestring
machineType
descriptionThe machine type to create the VM with.
typestring
machineTypeSeries
descriptionThe machine type series to create the VM with.
typestring
metadata
additionalProperties
typestring
descriptionThe metadata key/value pairs to assign to the VM.
typeobject
name
descriptionThe name of the VM to create.
typestring
network
descriptionThe network to connect the VM to.
typestring
networkInterfaces
descriptionList of NICs connected to this VM.
items
$refNetworkInterface
typearray
networkTags
descriptionA list of network tags to associate with the VM.
items
typestring
typearray
project
deprecatedTrue
descriptionOutput only. The project in which to create the VM.
readOnlyTrue
typestring
secureBoot
descriptionDefines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
typeboolean
serviceAccount
descriptionThe service account to associate the VM with.
typestring
subnetwork
descriptionThe subnetwork to connect the VM to.
typestring
targetProject
descriptionThe full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
typestring
zone
descriptionThe zone in which to create the VM.
typestring
typeobject
UpgradeApplianceRequest
descriptionRequest message for 'UpgradeAppliance' request.
idUpgradeApplianceRequest
properties
requestId
descriptionA request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
typestring
typeobject
UpgradeStatus
descriptionUpgradeStatus contains information about upgradeAppliance operation.
idUpgradeStatus
properties
error
$refStatus
descriptionOutput only. Provides details on the state of the upgrade operation in case of an error.
readOnlyTrue
previousVersion
descriptionThe version from which we upgraded.
typestring
startTime
descriptionThe time the operation was started.
formatgoogle-datetime
typestring
state
descriptionThe state of the upgradeAppliance operation.
enum
  • STATE_UNSPECIFIED
  • RUNNING
  • FAILED
  • SUCCEEDED
enumDescriptions
  • The state was not sampled by the health checks yet.
  • The upgrade has started.
  • The upgrade failed.
  • The upgrade finished successfully.
typestring
version
descriptionThe version to upgrade to.
typestring
typeobject
UtilizationReport
descriptionUtilization report details the utilization (CPU, memory, etc.) of selected source VMs.
idUtilizationReport
properties
createTime
descriptionOutput only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
formatgoogle-datetime
readOnlyTrue
typestring
displayName
descriptionThe report display name, as assigned by the user.
typestring
error
$refStatus
descriptionOutput only. Provides details on the state of the report in case of an error.
readOnlyTrue
frameEndTime
descriptionOutput only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
formatgoogle-datetime
readOnlyTrue
typestring
name
descriptionOutput only. The report unique name.
readOnlyTrue
typestring
state
descriptionOutput only. Current state of the report.
enum
  • STATE_UNSPECIFIED
  • CREATING
  • SUCCEEDED
  • FAILED
enumDescriptions
  • The state is unknown. This value is not in use.
  • The report is in the making.
  • Report creation completed successfully.
  • Report creation failed.
readOnlyTrue
typestring
stateTime
descriptionOutput only. The time the state was last set.
formatgoogle-datetime
readOnlyTrue
typestring
timeFrame
descriptionTime frame of the report.
enum
  • TIME_FRAME_UNSPECIFIED
  • WEEK
  • MONTH
  • YEAR
enumDescriptions
  • The time frame was not specified and will default to WEEK.
  • One week.
  • One month.
  • One year.
typestring
vmCount
descriptionOutput only. Total number of VMs included in the report.
formatint32
readOnlyTrue
typeinteger
vms
descriptionList of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
items
$refVmUtilizationInfo
typearray
vmsCount
deprecatedTrue
descriptionOutput only. Total number of VMs included in the report.
formatint32
readOnlyTrue
typeinteger
typeobject
VmAttachmentDetails
descriptionDetails for attachment of the disk to a VM.
idVmAttachmentDetails
properties
deviceName
descriptionOptional. Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
typestring
typeobject
VmCapabilities
descriptionMigrating VM source information about the VM capabilities needed for some Compute Engine features.
idVmCapabilities
properties
lastOsCapabilitiesUpdateTime
descriptionOutput only. The last time OS capabilities list was updated.
formatgoogle-datetime
readOnlyTrue
typestring
osCapabilities
descriptionOutput only. Unordered list. List of certain VM OS capabilities needed for some Compute Engine features.
items
enum
  • OS_CAPABILITY_UNSPECIFIED
  • OS_CAPABILITY_NVME_STORAGE_ACCESS
  • OS_CAPABILITY_GVNIC_NETWORK_INTERFACE
  • OS_CAPABILITY_IDPF_NETWORK_INTERFACE
enumDescriptions
  • This is for API compatibility only and is not in use.
  • NVMe driver installed and the VM can use NVMe PD or local SSD.
  • gVNIC virtual NIC driver supported.
  • IDPF virtual NIC driver supported.
typestring
readOnlyTrue
typearray
typeobject
VmUtilizationInfo
descriptionUtilization information of a single VM.
idVmUtilizationInfo
properties
utilization
$refVmUtilizationMetrics
descriptionUtilization metrics for this VM.
vmId
descriptionThe VM's ID in the source.
typestring
vmwareVmDetails
$refVmwareVmDetails
descriptionThe description of the VM in a Source of type Vmware.
typeobject
VmUtilizationMetrics
descriptionUtilization metrics values for a single VM.
idVmUtilizationMetrics
properties
cpuAverage
deprecatedTrue
descriptionAverage CPU usage, percent.
formatint32
typeinteger
cpuAveragePercent
descriptionAverage CPU usage, percent.
formatint32
typeinteger
cpuMax
deprecatedTrue
descriptionMax CPU usage, percent.
formatint32
typeinteger
cpuMaxPercent
descriptionMax CPU usage, percent.
formatint32
typeinteger
diskIoRateAverage
deprecatedTrue
descriptionAverage disk IO rate, in kilobytes per second.
formatint64
typestring
diskIoRateAverageKbps
descriptionAverage disk IO rate, in kilobytes per second.
formatint64
typestring
diskIoRateMax
deprecatedTrue
descriptionMax disk IO rate, in kilobytes per second.
formatint64
typestring
diskIoRateMaxKbps
descriptionMax disk IO rate, in kilobytes per second.
formatint64
typestring
memoryAverage
deprecatedTrue
descriptionAverage memory usage, percent.
formatint32
typeinteger
memoryAveragePercent
descriptionAverage memory usage, percent.
formatint32
typeinteger
memoryMax
deprecatedTrue
descriptionMax memory usage, percent.
formatint32
typeinteger
memoryMaxPercent
descriptionMax memory usage, percent.
formatint32
typeinteger
networkThroughputAverage
deprecatedTrue
descriptionAverage network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
formatint64
typestring
networkThroughputAverageKbps
descriptionAverage network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
formatint64
typestring
networkThroughputMax
deprecatedTrue
descriptionMax network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
formatint64
typestring
networkThroughputMaxKbps
descriptionMax network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
formatint64
typestring
typeobject
VmwareDiskDetails
descriptionThe details of a Vmware VM disk.
idVmwareDiskDetails
properties
diskNumber
descriptionOutput only. The ordinal number of the disk.
formatint32
readOnlyTrue
typeinteger
label
descriptionOutput only. The disk label.
readOnlyTrue
typestring
sizeGb
descriptionOutput only. Size in GB.
formatint64
readOnlyTrue
typestring
typeobject
VmwareSourceDetails
descriptionVmwareSourceDetails message describes a specific source details for the vmware source type.
idVmwareSourceDetails
properties
password
descriptionInput only. The credentials password. This is write only and can not be read in a GET operation.
typestring
resolvedVcenterHost
descriptionThe hostname of the vcenter.
typestring
thumbprint
descriptionThe thumbprint representing the certificate for the vcenter.
typestring
username
descriptionThe credentials username.
typestring
vcenterIp
descriptionThe ip address of the vcenter this Source represents.
typestring
typeobject
VmwareSourceVmDetails
descriptionRepresent the source Vmware VM details.
idVmwareSourceVmDetails
properties
architecture
descriptionOutput only. The VM architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
committedStorageBytes
descriptionOutput only. The total size of the disks being migrated in bytes.
formatint64
readOnlyTrue
typestring
disks
descriptionOutput only. The disks attached to the source VM.
items
$refVmwareDiskDetails
readOnlyTrue
typearray
firmware
descriptionOutput only. The firmware type of the source VM.
enum
  • FIRMWARE_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The firmware is unknown.
  • The firmware is EFI.
  • The firmware is BIOS.
readOnlyTrue
typestring
vmCapabilitiesInfo
$refVmCapabilities
descriptionOutput only. Information about VM capabilities needed for some Compute Engine features.
readOnlyTrue
typeobject
VmwareVmDetails
descriptionVmwareVmDetails describes a VM in vCenter.
idVmwareVmDetails
properties
architecture
descriptionOutput only. The CPU architecture.
enum
  • VM_ARCHITECTURE_UNSPECIFIED
  • VM_ARCHITECTURE_X86_FAMILY
  • VM_ARCHITECTURE_ARM64
enumDescriptions
  • The architecture is unknown.
  • The architecture is one of the x86 architectures.
  • The architecture is ARM64.
readOnlyTrue
typestring
bootOption
descriptionOutput only. The VM Boot Option.
enum
  • BOOT_OPTION_UNSPECIFIED
  • EFI
  • BIOS
enumDescriptions
  • The boot option is unknown.
  • The boot option is EFI.
  • The boot option is BIOS.
readOnlyTrue
typestring
committedStorage
deprecatedTrue
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
committedStorageMb
descriptionThe total size of the storage allocated to the VM in MB.
formatint64
typestring
cpuCount
descriptionThe number of cpus in the VM.
formatint32
typeinteger
datacenterDescription
descriptionThe descriptive name of the vCenter's datacenter this VM is contained in.
typestring
datacenterId
descriptionThe id of the vCenter's datacenter this VM is contained in.
typestring
diskCount
descriptionThe number of disks the VM has.
formatint32
typeinteger
displayName
descriptionThe display name of the VM. Note that this is not necessarily unique.
typestring
guestDescription
descriptionThe VM's OS. See for example https://vdc-repo.vmware.com/vmwb-repository/dcr-public/da47f910-60ac-438b-8b9b-6122f4d14524/16b7274a-bf8b-4b4c-a05e-746f2aa93c8c/doc/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
typestring
memoryMb
descriptionThe size of the memory of the VM in MB.
formatint32
typeinteger
powerState
descriptionThe power state of the VM at the moment list was taken.
enum
  • POWER_STATE_UNSPECIFIED
  • ON
  • OFF
  • SUSPENDED
enumDescriptions
  • Power state is not specified.
  • The VM is turned ON.
  • The VM is turned OFF.
  • The VM is suspended. This is similar to hibernation or sleep mode.
typestring
uuid
descriptionThe unique identifier of the VM in vCenter.
typestring
vmId
descriptionThe VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
typestring
typeobject
VmwareVmsDetails
descriptionVmwareVmsDetails describes VMs in vCenter.
idVmwareVmsDetails
properties
details
descriptionThe details of the vmware VMs.
items
$refVmwareVmDetails
typearray
typeobject
servicePath
titlevmmigration API (staging)
versionv1alpha1
version_moduleTrue
old_value
error
code403
details
  • @typetype.googleapis.com/google.rpc.Help
  • @typetype.googleapis.com/google.rpc.ErrorInfo
    domaingoogleapis.com
    metadata
    consumerprojects/448220722672
    servicestaging-vmmigration.sandbox.googleapis.com
    reasonSERVICE_DISABLED
messagevmmigration API (staging) has not been used in project 448220722672 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/staging-vmmigration.sandbox.googleapis.com/overview?project=448220722672 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
statusPERMISSION_DENIED
sandbox/staging-workflow-
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-workflow-v1
values_changed
root['revision']
new_value20250223
old_value20250221
sandbox/staging-wrenchworks-
values_changed
root['revision']
new_value20250223
old_value20250221
root['schemas']['ExecuteBatchDmlRequest']['properties']['lastStatements']['description']
new_valueOptional. If set to `true`, this request marks the end of the transaction. After these statements execute, you must commit or abort the transaction. Attempts to execute any other requests against this transaction (including reads and queries) are rejected. Setting this option might cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of statements shouldn't be assumed until a subsequent `Commit` call completes successfully.
old_valueOptional. If set to `true`, this request marks the end of the transaction. The transaction should be committed or aborted after these statements execute, and attempts to execute any other requests against this transaction (including reads and queries) are rejected. Setting this option can cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of statements should not be assumed until a subsequent `Commit` call completes successfully.
root['schemas']['ExecuteSqlRequest']['properties']['lastStatement']['description']
new_valueOptional. If set to `true`, this statement marks the end of the transaction. After this statement executes, you must commit or abort the transaction. Attempts to execute any other requests against this transaction (including reads and queries) are rejected. For DML statements, setting this option might cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of a DML statement shouldn't be assumed until a subsequent `Commit` call completes successfully.
old_valueOptional. If set to `true`, this statement marks the end of the transaction. The transaction should be committed or aborted after this statement executes, and attempts to execute any other requests against this transaction (including reads and queries) is rejected. For DML statements, setting this option can cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of a DML statement shouldn't be assumed until a subsequent `Commit` call completes successfully.
root['schemas']['PartialResultSet']['properties']['last']['description']
new_valueOptional. Indicates whether this is the last `PartialResultSet` in the stream. The server might optionally set this field. Clients shouldn't rely on this field being set in all cases.
old_valueOptional. Indicates whether this is the last PartialResultSet in the stream. This field may be optionally set by the server. Clients should not rely on this field being set in all cases.
root['schemas']['PartialResultSet']['properties']['values']['description']
new_valueA streamed result set consists of a stream of values, which might be split into many `PartialResultSet` messages to accommodate large rows and/or large values. Every N complete values defines a row, where N is equal to the number of entries in metadata.row_type.fields. Most values are encoded based on type as described here. It's possible that the last value in values is "chunked", meaning that the rest of the value is sent in subsequent `PartialResultSet`(s). This is denoted by the chunked_value field. Two or more chunked values can be merged to form a complete value as follows: * `bool/number/null`: can't be chunked * `string`: concatenate the strings * `list`: concatenate the lists. If the last element in a list is a `string`, `list`, or `object`, merge it with the first element in the next list by applying these rules recursively. * `object`: concatenate the (field name, field value) pairs. If a field name is duplicated, then apply these rules recursively to merge the field values. Some examples of merging: Strings are concatenated. "foo", "bar" => "foobar" Lists of non-strings are concatenated. [2, 3], [4] => [2, 3, 4] Lists are concatenated, but the last and first elements are merged because they are strings. ["a", "b"], ["c", "d"] => ["a", "bc", "d"] Lists are concatenated, but the last and first elements are merged because they are lists. Recursively, the last and first elements of the inner lists are merged because they are strings. ["a", ["b", "c"]], [["d"], "e"] => ["a", ["b", "cd"], "e"] Non-overlapping object fields are combined. {"a": "1"}, {"b": "2"} => {"a": "1", "b": 2"} Overlapping object fields are merged. {"a": "1"}, {"a": "2"} => {"a": "12"} Examples of merging objects containing lists of strings. {"a": ["1"]}, {"a": ["2"]} => {"a": ["12"]} For a more complete example, suppose a streaming SQL query is yielding a result set whose rows contain a single string field. The following `PartialResultSet`s might be yielded: { "metadata": { ... } "values": ["Hello", "W"] "chunked_value": true "resume_token": "Af65..." } { "values": ["orl"] "chunked_value": true } { "values": ["d"] "resume_token": "Zx1B..." } This sequence of `PartialResultSet`s encodes two rows, one containing the field value `"Hello"`, and a second containing the field value `"World" = "W" + "orl" + "d"`. Not all `PartialResultSet`s contain a `resume_token`. Execution can only be resumed from a previously yielded `resume_token`. For the above sequence of `PartialResultSet`s, resuming the query with `"resume_token": "Af65..."` yields results from the `PartialResultSet` with value "orl".
old_valueA streamed result set consists of a stream of values, which might be split into many `PartialResultSet` messages to accommodate large rows and/or large values. Every N complete values defines a row, where N is equal to the number of entries in metadata.row_type.fields. Most values are encoded based on type as described here. It's possible that the last value in values is "chunked", meaning that the rest of the value is sent in subsequent `PartialResultSet`(s). This is denoted by the chunked_value field. Two or more chunked values can be merged to form a complete value as follows: * `bool/number/null`: can't be chunked * `string`: concatenate the strings * `list`: concatenate the lists. If the last element in a list is a `string`, `list`, or `object`, merge it with the first element in the next list by applying these rules recursively. * `object`: concatenate the (field name, field value) pairs. If a field name is duplicated, then apply these rules recursively to merge the field values. Some examples of merging: Strings are concatenated. "foo", "bar" => "foobar" Lists of non-strings are concatenated. [2, 3], [4] => [2, 3, 4] Lists are concatenated, but the last and first elements are merged because they are strings. ["a", "b"], ["c", "d"] => ["a", "bc", "d"] Lists are concatenated, but the last and first elements are merged because they are lists. Recursively, the last and first elements of the inner lists are merged because they are strings. ["a", ["b", "c"]], [["d"], "e"] => ["a", ["b", "cd"], "e"] Non-overlapping object fields are combined. {"a": "1"}, {"b": "2"} => {"a": "1", "b": 2"} Overlapping object fields are merged. {"a": "1"}, {"a": "2"} => {"a": "12"} Examples of merging objects containing lists of strings. {"a": ["1"]}, {"a": ["2"]} => {"a": ["12"]} For a more complete example, suppose a streaming SQL query is yielding a result set whose rows contain a single string field. The following `PartialResultSet`s might be yielded: { "metadata": { ... } "values": ["Hello", "W"] "chunked_value": true "resume_token": "Af65..." } { "values": ["orl"] "chunked_value": true } { "values": ["d"] "resume_token": "Zx1B..." } This sequence of `PartialResultSet`s encodes two rows, one containing the field value `"Hello"`, and a second containing the field value `"World" = "W" + "orl" + "d"`. Not all `PartialResultSet`s contain a `resume_token`. Execution can only be resumed from a previously yielded `resume_token`. For the above sequence of `PartialResultSet`s, resuming the query with `"resume_token": "Af65..."` yields results from the PartialResultSet with value "orl".
root['schemas']['ReadRequest']['properties']['lockHint']['enumDescriptions'][2]
new_valueAcquire exclusive locks. Requesting exclusive locks is beneficial if you observe high write contention, which means you notice that multiple transactions are concurrently trying to read and write to the same data, resulting in a large number of aborts. This problem occurs when two transactions initially acquire shared locks and then both try to upgrade to exclusive locks at the same time. In this situation both transactions are waiting for the other to give up their lock, resulting in a deadlocked situation. Spanner is able to detect this occurring and force one of the transactions to abort. However, this is a slow and expensive operation and results in lower performance. In this case it makes sense to acquire exclusive locks at the start of the transaction because then when multiple transactions try to act on the same data, they automatically get serialized. Each transaction waits its turn to acquire the lock and avoids getting into deadlock situations. Because the exclusive lock hint is just a hint, it shouldn't be considered equivalent to a mutex. In other words, you shouldn't use Spanner exclusive locks as a mutual exclusion mechanism for the execution of code outside of Spanner. **Note:** Request exclusive locks judiciously because they block others from reading that data for the entire transaction, rather than just when the writes are being performed. Unless you observe high write contention, you should use the default of shared read locks so you don't prematurely block other clients from reading the data that you're writing to.
old_valueAcquire exclusive locks. Requesting exclusive locks is beneficial if you observe high write contention, which means you notice that multiple transactions are concurrently trying to read and write to the same data, resulting in a large number of aborts. This problem occurs when two transactions initially acquire shared locks and then both try to upgrade to exclusive locks at the same time. In this situation both transactions are waiting for the other to give up their lock, resulting in a deadlocked situation. Spanner is able to detect this occurring and force one of the transactions to abort. However, this is a slow and expensive operation and results in lower performance. In this case it makes sense to acquire exclusive locks at the start of the transaction because then when multiple transactions try to act on the same data, they automatically get serialized. Each transaction waits its turn to acquire the lock and avoids getting into deadlock situations. Because the exclusive lock hint is just a hint, it should not be considered equivalent to a mutex. In other words, you should not use Spanner exclusive locks as a mutual exclusion mechanism for the execution of code outside of Spanner. **Note:** Request exclusive locks judiciously because they block others from reading that data for the entire transaction, rather than just when the writes are being performed. Unless you observe high write contention, you should use the default of shared read locks so you don't prematurely block other clients from reading the data that you're writing to.
sandbox/staging-wrenchworks-v1
values_changed
root['revision']
new_value20250223
old_value20250221
root['schemas']['ExecuteBatchDmlRequest']['properties']['lastStatements']['description']
new_valueOptional. If set to `true`, this request marks the end of the transaction. After these statements execute, you must commit or abort the transaction. Attempts to execute any other requests against this transaction (including reads and queries) are rejected. Setting this option might cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of statements shouldn't be assumed until a subsequent `Commit` call completes successfully.
old_valueOptional. If set to `true`, this request marks the end of the transaction. The transaction should be committed or aborted after these statements execute, and attempts to execute any other requests against this transaction (including reads and queries) are rejected. Setting this option can cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of statements should not be assumed until a subsequent `Commit` call completes successfully.
root['schemas']['ExecuteSqlRequest']['properties']['lastStatement']['description']
new_valueOptional. If set to `true`, this statement marks the end of the transaction. After this statement executes, you must commit or abort the transaction. Attempts to execute any other requests against this transaction (including reads and queries) are rejected. For DML statements, setting this option might cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of a DML statement shouldn't be assumed until a subsequent `Commit` call completes successfully.
old_valueOptional. If set to `true`, this statement marks the end of the transaction. The transaction should be committed or aborted after this statement executes, and attempts to execute any other requests against this transaction (including reads and queries) is rejected. For DML statements, setting this option can cause some error reporting to be deferred until commit time (for example, validation of unique constraints). Given this, successful execution of a DML statement shouldn't be assumed until a subsequent `Commit` call completes successfully.
root['schemas']['PartialResultSet']['properties']['last']['description']
new_valueOptional. Indicates whether this is the last `PartialResultSet` in the stream. The server might optionally set this field. Clients shouldn't rely on this field being set in all cases.
old_valueOptional. Indicates whether this is the last PartialResultSet in the stream. This field may be optionally set by the server. Clients should not rely on this field being set in all cases.
root['schemas']['PartialResultSet']['properties']['values']['description']
new_valueA streamed result set consists of a stream of values, which might be split into many `PartialResultSet` messages to accommodate large rows and/or large values. Every N complete values defines a row, where N is equal to the number of entries in metadata.row_type.fields. Most values are encoded based on type as described here. It's possible that the last value in values is "chunked", meaning that the rest of the value is sent in subsequent `PartialResultSet`(s). This is denoted by the chunked_value field. Two or more chunked values can be merged to form a complete value as follows: * `bool/number/null`: can't be chunked * `string`: concatenate the strings * `list`: concatenate the lists. If the last element in a list is a `string`, `list`, or `object`, merge it with the first element in the next list by applying these rules recursively. * `object`: concatenate the (field name, field value) pairs. If a field name is duplicated, then apply these rules recursively to merge the field values. Some examples of merging: Strings are concatenated. "foo", "bar" => "foobar" Lists of non-strings are concatenated. [2, 3], [4] => [2, 3, 4] Lists are concatenated, but the last and first elements are merged because they are strings. ["a", "b"], ["c", "d"] => ["a", "bc", "d"] Lists are concatenated, but the last and first elements are merged because they are lists. Recursively, the last and first elements of the inner lists are merged because they are strings. ["a", ["b", "c"]], [["d"], "e"] => ["a", ["b", "cd"], "e"] Non-overlapping object fields are combined. {"a": "1"}, {"b": "2"} => {"a": "1", "b": 2"} Overlapping object fields are merged. {"a": "1"}, {"a": "2"} => {"a": "12"} Examples of merging objects containing lists of strings. {"a": ["1"]}, {"a": ["2"]} => {"a": ["12"]} For a more complete example, suppose a streaming SQL query is yielding a result set whose rows contain a single string field. The following `PartialResultSet`s might be yielded: { "metadata": { ... } "values": ["Hello", "W"] "chunked_value": true "resume_token": "Af65..." } { "values": ["orl"] "chunked_value": true } { "values": ["d"] "resume_token": "Zx1B..." } This sequence of `PartialResultSet`s encodes two rows, one containing the field value `"Hello"`, and a second containing the field value `"World" = "W" + "orl" + "d"`. Not all `PartialResultSet`s contain a `resume_token`. Execution can only be resumed from a previously yielded `resume_token`. For the above sequence of `PartialResultSet`s, resuming the query with `"resume_token": "Af65..."` yields results from the `PartialResultSet` with value "orl".
old_valueA streamed result set consists of a stream of values, which might be split into many `PartialResultSet` messages to accommodate large rows and/or large values. Every N complete values defines a row, where N is equal to the number of entries in metadata.row_type.fields. Most values are encoded based on type as described here. It's possible that the last value in values is "chunked", meaning that the rest of the value is sent in subsequent `PartialResultSet`(s). This is denoted by the chunked_value field. Two or more chunked values can be merged to form a complete value as follows: * `bool/number/null`: can't be chunked * `string`: concatenate the strings * `list`: concatenate the lists. If the last element in a list is a `string`, `list`, or `object`, merge it with the first element in the next list by applying these rules recursively. * `object`: concatenate the (field name, field value) pairs. If a field name is duplicated, then apply these rules recursively to merge the field values. Some examples of merging: Strings are concatenated. "foo", "bar" => "foobar" Lists of non-strings are concatenated. [2, 3], [4] => [2, 3, 4] Lists are concatenated, but the last and first elements are merged because they are strings. ["a", "b"], ["c", "d"] => ["a", "bc", "d"] Lists are concatenated, but the last and first elements are merged because they are lists. Recursively, the last and first elements of the inner lists are merged because they are strings. ["a", ["b", "c"]], [["d"], "e"] => ["a", ["b", "cd"], "e"] Non-overlapping object fields are combined. {"a": "1"}, {"b": "2"} => {"a": "1", "b": 2"} Overlapping object fields are merged. {"a": "1"}, {"a": "2"} => {"a": "12"} Examples of merging objects containing lists of strings. {"a": ["1"]}, {"a": ["2"]} => {"a": ["12"]} For a more complete example, suppose a streaming SQL query is yielding a result set whose rows contain a single string field. The following `PartialResultSet`s might be yielded: { "metadata": { ... } "values": ["Hello", "W"] "chunked_value": true "resume_token": "Af65..." } { "values": ["orl"] "chunked_value": true } { "values": ["d"] "resume_token": "Zx1B..." } This sequence of `PartialResultSet`s encodes two rows, one containing the field value `"Hello"`, and a second containing the field value `"World" = "W" + "orl" + "d"`. Not all `PartialResultSet`s contain a `resume_token`. Execution can only be resumed from a previously yielded `resume_token`. For the above sequence of `PartialResultSet`s, resuming the query with `"resume_token": "Af65..."` yields results from the PartialResultSet with value "orl".
root['schemas']['ReadRequest']['properties']['lockHint']['enumDescriptions'][2]
new_valueAcquire exclusive locks. Requesting exclusive locks is beneficial if you observe high write contention, which means you notice that multiple transactions are concurrently trying to read and write to the same data, resulting in a large number of aborts. This problem occurs when two transactions initially acquire shared locks and then both try to upgrade to exclusive locks at the same time. In this situation both transactions are waiting for the other to give up their lock, resulting in a deadlocked situation. Spanner is able to detect this occurring and force one of the transactions to abort. However, this is a slow and expensive operation and results in lower performance. In this case it makes sense to acquire exclusive locks at the start of the transaction because then when multiple transactions try to act on the same data, they automatically get serialized. Each transaction waits its turn to acquire the lock and avoids getting into deadlock situations. Because the exclusive lock hint is just a hint, it shouldn't be considered equivalent to a mutex. In other words, you shouldn't use Spanner exclusive locks as a mutual exclusion mechanism for the execution of code outside of Spanner. **Note:** Request exclusive locks judiciously because they block others from reading that data for the entire transaction, rather than just when the writes are being performed. Unless you observe high write contention, you should use the default of shared read locks so you don't prematurely block other clients from reading the data that you're writing to.
old_valueAcquire exclusive locks. Requesting exclusive locks is beneficial if you observe high write contention, which means you notice that multiple transactions are concurrently trying to read and write to the same data, resulting in a large number of aborts. This problem occurs when two transactions initially acquire shared locks and then both try to upgrade to exclusive locks at the same time. In this situation both transactions are waiting for the other to give up their lock, resulting in a deadlocked situation. Spanner is able to detect this occurring and force one of the transactions to abort. However, this is a slow and expensive operation and results in lower performance. In this case it makes sense to acquire exclusive locks at the start of the transaction because then when multiple transactions try to act on the same data, they automatically get serialized. Each transaction waits its turn to acquire the lock and avoids getting into deadlock situations. Because the exclusive lock hint is just a hint, it should not be considered equivalent to a mutex. In other words, you should not use Spanner exclusive locks as a mutual exclusion mechanism for the execution of code outside of Spanner. **Note:** Request exclusive locks judiciously because they block others from reading that data for the entire transaction, rather than just when the writes are being performed. Unless you observe high write contention, you should use the default of shared read locks so you don't prematurely block other clients from reading the data that you're writing to.
sandbox/tasks-pa-
values_changed
root['revision']
new_value20250223
old_value20250216
sandbox/tasks-pa-v1
values_changed
root['revision']
new_value20250223
old_value20250216
sandbox/test-accessapproval-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/test-accessapproval-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/test-bigqueryconnection-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-bigqueryconnection-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-bigqueryconnection-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-bigquerydatatransfer-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-bigquerydatatransfer-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-bigqueryreservation-
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/test-bigqueryreservation-v1
values_changed
root['revision']
new_value20250224
old_value20250221
sandbox/test-cloudasset-v1
dictionary_item_added
  • root['resources']['effectiveIamDenyPolicies']
  • root['resources']['otherCloudConnections']
  • root['resources']['assets']['methods']['batchGet']
  • root['resources']['assets']['methods']['list']['parameters']['cloudProvider']
  • root['resources']['v1']['methods']['collectAggregatedValues']
  • root['resources']['v1']['methods']['precreate']
  • root['resources']['v1']['methods']['traverseGraph']
  • root['resources']['v1']['methods']['analyzeIamPolicy']['parameters']['analysisQuery.options.includeDenyPolicyAnalysis']
  • root['resources']['v1']['methods']['analyzeIamPolicy']['parameters']['analysisQuery.options.maxTuplesForDenyPolicyAnalysis']
  • root['resources']['v1']['methods']['collectIamPolicyStats']['parameters']['cloudProvider']
  • root['resources']['v1']['methods']['collectResourceDiffStats']['parameters']['cloudProvider']
  • root['resources']['v1']['methods']['collectResourceStats']['parameters']['cloudProvider']
  • root['resources']['v1']['methods']['searchAllIamPolicies']['parameters']['cloudProvider']
  • root['resources']['v1']['methods']['searchAllResources']['parameters']['cloudProvider']
  • root['resources']['v1']['methods']['searchAllResources']['parameters']['versionId']
  • root['schemas']['AWSDetails']
  • root['schemas']['AWSInfo']
  • root['schemas']['AdditionalAssetAttributes']
  • root['schemas']['AdditionalInfo']
  • root['schemas']['AppHub']
  • root['schemas']['AppHubApplicationInfo']
  • root['schemas']['AppHubServiceInfo']
  • root['schemas']['AppHubWorkloadInfo']
  • root['schemas']['AssetKey']
  • root['schemas']['AwsResourceFacets']
  • root['schemas']['AzureInfo']
  • root['schemas']['AzureResourceFacets']
  • root['schemas']['BatchGetAssetsRequest']
  • root['schemas']['BatchGetAssetsResponse']
  • root['schemas']['Channel']
  • root['schemas']['CloudAssetResourceOwners']
  • root['schemas']['CollectAggregatedValuesResponse']
  • root['schemas']['CollectAwsAssetSetting']
  • root['schemas']['CollectAzureAssetSetting']
  • root['schemas']['ContactInfo']
  • root['schemas']['Content']
  • root['schemas']['Criticality']
  • root['schemas']['DataCollector']
  • root['schemas']['DenyAnalysisResult']
  • root['schemas']['Edge']
  • root['schemas']['EffectiveTags']
  • root['schemas']['Environment']
  • root['schemas']['ExcludedSubscriptionIds']
  • root['schemas']['FeatureEnablement']
  • root['schemas']['GoogleCloudAssetV1AnalyzerOrgPolicyConstraintCustomConstraintParameter']
  • root['schemas']['GoogleCloudAssetV1AnalyzerOrgPolicyConstraintCustomConstraintParameterMetadata']
  • root['schemas']['GoogleCloudAssetV1CustomConstraintDefinition']
  • root['schemas']['GoogleCloudAssetV1DenyAnalysisResultAccess']
  • root['schemas']['GoogleCloudAssetV1DenyAnalysisResultAccessTuple']
  • root['schemas']['GoogleCloudAssetV1DenyAnalysisResultDenyDetail']
  • root['schemas']['GoogleCloudAssetV1DenyAnalysisResultIdentity']
  • root['schemas']['GoogleCloudAssetV1DenyAnalysisResultResource']
  • root['schemas']['GoogleCloudAssetV1Metadata']
  • root['schemas']['GoogleCloudAssetV1Parameter']
  • root['schemas']['GoogleCloudOrgpolicyV2ResourceTypes']
  • root['schemas']['GoogleIamV2AccessBoundaryRule']
  • root['schemas']['GoogleIamV2DenyRule']
  • root['schemas']['GoogleIamV2Policy']
  • root['schemas']['GoogleIamV2PolicyRule']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1RiskType']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UserManagedRisk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['GraphElement']
  • root['schemas']['IamDenyPolicyInfo']
  • root['schemas']['IncludedSubscriptionIds']
  • root['schemas']['InvalidCollectorAccount']
  • root['schemas']['ListEffectiveIamDenyPoliciesResponse']
  • root['schemas']['ListOtherCloudConnectionsResponse']
  • root['schemas']['ManagementGroupInfo']
  • root['schemas']['Node']
  • root['schemas']['OtherCloudAssetEvent']
  • root['schemas']['OtherCloudAssetId']
  • root['schemas']['OtherCloudConnection']
  • root['schemas']['OtherCloudProperties']
  • root['schemas']['PrecreateOtherCloudConnectionRequest']
  • root['schemas']['PrecreateOtherCloudConnectionResponse']
  • root['schemas']['Product']
  • root['schemas']['ResourceGroupInfo']
  • root['schemas']['ResourceOwners']
  • root['schemas']['SbomItem']
  • root['schemas']['ScanSensitiveDataSetting']
  • root['schemas']['Scope']
  • root['schemas']['SensitiveDataProtectionDiscoveryAzureSetting']
  • root['schemas']['SensitiveDataProtectionDiscoverySetting']
  • root['schemas']['ServiceDirectoryInfo']
  • root['schemas']['ServiceDirectoryTagEntry']
  • root['schemas']['ServiceReference']
  • root['schemas']['SubscriptionInfo']
  • root['schemas']['SystemLabelValues']
  • root['schemas']['TargetConnection']
  • root['schemas']['TenantInfo']
  • root['schemas']['TraverseGraphResponse']
  • root['schemas']['ValidationResult']
  • root['schemas']['VerifyOtherCloudConnectionRequest']
  • root['schemas']['VerifyOtherCloudConnectionResponse']
  • root['schemas']['WorkloadReference']
  • root['schemas']['AdditionalFacets']['properties']['awsResourceFacets']
  • root['schemas']['AdditionalFacets']['properties']['azureResourceFacets']
  • root['schemas']['AnalyzeIamPolicyLongrunningRequest']['properties']['executionTimeout']
  • root['schemas']['Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['Asset']['properties']['otherCloudProperties']
  • root['schemas']['Asset']['properties']['relatedAssets']['deprecated']
  • root['schemas']['CloudAuditOptions']['properties']['permissionType']
  • root['schemas']['CollectResourceStatsResponse']['properties']['statsSource']['deprecated']
  • root['schemas']['DataAccessOptions']['properties']['isDirectAuth']
  • root['schemas']['ExportAssetsRequest']['properties']['cloudProvider']
  • root['schemas']['Feed']['properties']['cloudProvider']
  • root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['assetType']
  • root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['assetType']
  • root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['effectiveTags']
  • root['schemas']['GoogleCloudAssetV1BooleanConstraint']['properties']['customConstraintDefinition']
  • root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['parameters']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['effectiveTags']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['folders']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['organization']
  • root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['project']
  • root['schemas']['GoogleCloudAssetV1Rule']['properties']['conditionEvaluation']
  • root['schemas']['GoogleCloudAssetV1Rule']['properties']['parameters']
  • root['schemas']['GoogleCloudAssetV1p7beta1Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['GoogleCloudOrgpolicyV2Policy']['properties']['etag']
  • root['schemas']['GoogleCloudOrgpolicyV2Policy']['properties']['alternate']['deprecated']
  • root['schemas']['GoogleCloudOrgpolicyV2PolicyRule']['properties']['parameters']
  • root['schemas']['GoogleCloudOrgpolicyV2PolicyRule']['properties']['resourceTypes']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['accessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['createTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['updateTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['unsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
  • root['schemas']['IamPolicyAnalysis']['properties']['denyAnalysisResults']
  • root['schemas']['Inventory']['properties']['sbomItems']
  • root['schemas']['Options']['properties']['includeDenyPolicyAnalysis']
  • root['schemas']['Options']['properties']['maxTuplesForDenyPolicyAnalysis']
  • root['schemas']['OrgPolicyResult']['properties']['folders']
  • root['schemas']['OrgPolicyResult']['properties']['organization']
  • root['schemas']['OrgPolicyResult']['properties']['project']
  • root['schemas']['ReachabilityInfo']['properties']['forwardReachable']['deprecated']
  • root['schemas']['ReachabilityInfo']['properties']['roundTripReachable']['deprecated']
  • root['schemas']['ReachabilityReport']['properties']['instanceUri']['deprecated']
  • root['schemas']['RelatedAsset']['properties']['relationshipPath']
  • root['schemas']['RelatedAssets']['deprecated']
  • root['schemas']['RelationshipAttributes']['deprecated']
  • root['schemas']['Resource']['properties']['product']
  • root['schemas']['Resource']['properties']['internalData']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['resourceLabels']
  • root['schemas']['ResourceSearchResult']['properties']['resourceOwners']
  • root['schemas']['ResourceSearchResult']['properties']['sccSecurityMarks']
  • root['schemas']['ResourceSearchResult']['properties']['systemLabels']
  • root['schemas']['ResourceSearchResult']['properties']['enrichments']['description']
  • root['schemas']['ResourceSearchResult']['properties']['kmsKey']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagKeyIds']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagKeys']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagValueIds']['deprecated']
  • root['schemas']['ResourceSearchResult']['properties']['tagValues']['deprecated']
  • root['schemas']['Tag']['properties']['tagKeyId']['description']
dictionary_item_removed
  • root['resources']['v1']['methods']['analyzeOrgPolicyGovernedResources']
  • root['schemas']['AnalyzeOrgPolicyGovernedResourcesResponse']
  • root['schemas']['AssetEvent']
  • root['schemas']['AssetId']
  • root['schemas']['Folder']
  • root['schemas']['GoogleCloudAssetV1GovernedResource']
  • root['schemas']['ResourceSearchResult']['properties']['policyBlob']
values_changed
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['description']
new_valueOptional. The enrichment type to output. Applies only if [content_type] is ENRICHMENT. At most one element can be specified.
old_valueOptional. A list of enrichment types to output. Applies only if [content_type] is ENRICHMENT.
root['resources']['effectiveIamPolicies']['methods']['batchGet']['parameters']['names']['description']
new_valueRequired. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch.
old_valueRequired. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). A maximum of 20 resources' effective policies can be retrieved in a batch.
root['resources']['effectiveIamPolicies']['methods']['batchGet']['parameters']['scope']['description']
new_valueRequired. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. Only IAM policies on or below the scope will be returned. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['resources']['operations']['methods']['cancel']['description']
new_valueStarts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.
old_valueStarts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
root['resources']['operations']['methods']['list']['description']
new_valueLists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.
old_valueLists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
root['resources']['v1']['methods']['analyzeIamPolicy']['parameters']['savedAnalysisQuery']['description']
new_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
old_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
root['resources']['v1']['methods']['analyzeIamPolicy']['parameters']['scope']['description']
new_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['resources']['v1']['methods']['analyzeIamPolicyLongrunning']['parameters']['scope']['description']
new_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['resources']['v1']['methods']['analyzeMove']['parameters']['destinationParent']['description']
new_valueRequired. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified destination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123").
old_valueRequired. Name of the Google Cloud folder or organization to reparent the target resource. The analysis will be performed against hypothetically moving the resource to this specified desitination parent. This can only be a folder number (such as "folders/123") or an organization number (such as "organizations/123").
root['resources']['v1']['methods']['analyzeOrgPolicies']['parameters']['filter']['description']
new_valueThe expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. Filtering is currently available for bare literal values and the following fields: * consolidated_policy.attached_resource * consolidated_policy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return all the Organization Policy results attached to "folders/001".
old_valueThe expression to filter AnalyzeOrgPoliciesResponse.org_policy_results. The only supported field is `consolidated_policy.attached_resource`, and the only supported operator is `=`. Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" will return the org policy results of"folders/001".
root['resources']['v1']['methods']['analyzeOrgPolicyGovernedAssets']['description']
new_valueAnalyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following canned constraints: * constraints/ainotebooks.accessMode * constraints/ainotebooks.disableFileDownloads * constraints/ainotebooks.disableRootAccess * constraints/ainotebooks.disableTerminal * constraints/ainotebooks.environmentOptions * constraints/ainotebooks.requireAutoUpgradeSchedule * constraints/ainotebooks.restrictVpcNetworks * constraints/compute.disableGuestAttributesAccess * constraints/compute.disableInstanceDataAccessApis * constraints/compute.disableNestedVirtualization * constraints/compute.disableSerialPortAccess * constraints/compute.disableSerialPortLogging * constraints/compute.disableVpcExternalIpv6 * constraints/compute.requireOsLogin * constraints/compute.requireShieldedVm * constraints/compute.restrictLoadBalancerCreationForTypes * constraints/compute.restrictProtocolForwardingCreationForTypes * constraints/compute.restrictXpnProjectLienRemoval * constraints/compute.setNewProjectDefaultToZonalDNSOnly * constraints/compute.skipDefaultNetworkCreation * constraints/compute.trustedImageProjects * constraints/compute.vmCanIpForward * constraints/compute.vmExternalIpAccess * constraints/gcp.detailedAuditLoggingMode * constraints/gcp.resourceLocations * constraints/iam.allowedPolicyMemberDomains * constraints/iam.automaticIamGrantsForDefaultServiceAccounts * constraints/iam.disableServiceAccountCreation * constraints/iam.disableServiceAccountKeyCreation * constraints/iam.disableServiceAccountKeyUpload * constraints/iam.restrictCrossProjectServiceAccountLienRemoval * constraints/iam.serviceAccountKeyExpiryHours * constraints/resourcemanager.accessBoundaries * constraints/resourcemanager.allowedExportDestinations * constraints/sql.restrictAuthorizedNetworks * constraints/sql.restrictNoncompliantDiagnosticDataAccess * constraints/sql.restrictNoncompliantResourceCreation * constraints/sql.restrictPublicIp * constraints/storage.publicAccessPrevention * constraints/storage.restrictAuthTypes * constraints/storage.uniformBucketLevelAccess This RPC only returns either resources of types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) or IAM policies.
old_valueAnalyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types), or IAM policies.
root['resources']['v1']['methods']['analyzeOrgPolicyGovernedAssets']['parameters']['filter']['description']
new_valueThe expression to filter AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets. For governed resources, filtering is currently available for bare literal values and the following fields: * governed_resource.project * governed_resource.folders * consolidated_policy.rules.enforce When filtering by `governed_resource.project` or `consolidated_policy.rules.enforce`, the only supported operator is `=`. When filtering by `governed_resource.folders`, the supported operators are `=` and `:`. For example, filtering by `governed_resource.project="projects/12345678"` will return all the governed resources under "projects/12345678", including the project itself if applicable. For governed IAM policies, filtering is currently available for bare literal values and the following fields: * governed_iam_policy.project * governed_iam_policy.folders * consolidated_policy.rules.enforce When filtering by `governed_iam_policy.project` or `consolidated_policy.rules.enforce`, the only supported operator is `=`. When filtering by `governed_iam_policy.folders`, the supported operators are `=` and `:`. For example, filtering by `governed_iam_policy.folders:"folders/12345678"` will return all the governed IAM policies under "folders/001".
old_valueThe expression to filter the governed assets in result. The only supported fields for governed resources are `governed_resource.project` and `governed_resource.folders`. The only supported fields for governed iam policies are `governed_iam_policy.project` and `governed_iam_policy.folders`. The only supported operator is `=`. Example 1: governed_resource.project="projects/12345678" filter will return all governed resources under projects/12345678 including the project ifself, if applicable. Example 2: governed_iam_policy.folders="folders/12345678" filter will return all governed iam policies under folders/12345678, if applicable.
root['resources']['v1']['methods']['analyzeOrgPolicyGovernedContainers']['parameters']['filter']['description']
new_valueThe expression to filter AnalyzeOrgPolicyGovernedContainersResponse.governed_containers. Filtering is currently available for bare literal values and the following fields: * parent * consolidated_policy.rules.enforce When filtering by a specific field, the only supported operator is `=`. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" will return all the containers under "folders/001".
old_valueThe expression to filter the governed containers in result. The only supported field is `parent`, and the only supported operator is `=`. Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all containers under "folders/001".
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['description']
new_valueOptional. The enrichment type to output. Applies only if [content_type] is ENRICHMENT. At most one element can be specified.
old_valueOptional. A list of enrichment types to output. Applies only if [content_type] is ENRICHMENT.
root['resources']['v1']['methods']['collectIamPolicyStats']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types).
old_valueOptional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
root['resources']['v1']['methods']['collectResourceDiffStats']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types).
old_valueOptional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
root['resources']['v1']['methods']['collectResourceStats']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types).
old_valueOptional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
root['resources']['v1']['methods']['collectResourceStats']['parameters']['groupBy']['description']
new_valueRequired. A field that statistics are grouped by. Supported fields are `assetType`, `project`, `location`, `computeInstanceMachineType`, `awsAccountId` and `azureSubscriptionId`. Fields not listed in `group_by` will not be populated in ResourceStats. 1 and only 1 field in group_by must be provided. Example: `asset_type`. Only asset_type in response will be populated.
old_valueRequired. A field that statistics are grouped by. Supported fields are `assetType`, `project`, and `location`. Fields not listed in `group_by` will not be populated in ResourceStats. 1 and only 1 field in group_by must be provided. Example: `asset_type`. Only asset_type in response will be populated.
root['resources']['v1']['methods']['ingestAsset']['parameters']['closestCrmAncestor']['description']
new_valueThe closest Google Cloud Resource Manager ancestor of the other-cloud connection through which this asset is collected. The format will be: organizations/, or folders/, or projects/
old_valueRequired. Resource name for the closest parent Resource Manager of this asset. e.g. folders/xxx;
root['resources']['v1']['methods']['queryAssets']['description']
new_valueIssue a job that queries assets using a SQL statement compatible with [BigQuery SQL](https://cloud.google.com/bigquery/docs/introduction-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by [BigQuery](https://cloud.google.com/bigquery/docs/best-practices-performance-output). Queries return larger results will result in errors.
old_valueIssue a job that queries assets using a SQL statement compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql). If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the `QueryAssetsResponse`. Otherwise, full query results can be obtained by issuing extra requests with the `job_reference` from the a previous `QueryAssets` call. Note, the query result has approximately 10 GB limitation enforced by BigQuery https://cloud.google.com/bigquery/docs/best-practices-performance-output, queries return larger results will result in errors.
root['resources']['v1']['methods']['searchAllIamPolicies']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies attached to asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
old_valueOptional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots IAM policies attached to asset type starts with "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies attached to asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
root['resources']['v1']['methods']['searchAllIamPolicies']['parameters']['pageSize']['description']
new_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
old_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
root['resources']['v1']['methods']['searchAllResources']['parameters']['assetTypes']['description']
new_valueOptional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
old_valueOptional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). Regular expressions are also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
root['resources']['v1']['methods']['searchAllResources']['parameters']['facetOptions']['description']
new_valueOptional. You can optionally request the distributions of field values by providing a list of facet options. Each facet option is a field name, and results in one `FacetResult`. For each facet option, we will divide the entire range of search results into buckets based on the field values and count how many search results fall into each bucket. Currently we only support string fields where each distinct string value is a bucket. The counts are based on all the search results matching the query, not the current page. We will only return the top 200 largest buckets based on heuristics, and any smaller buckets will be truncated. Currently, supported fields include `assetType`, `project`, `location`, `state`, and `awsAccountId`. NOTE: If there are more than 50,000 resources matching the query, we will count at least 50,000 but not all the resources. When the number of matched resources (estimated_total_resource_count) equals the number of counted resources (num_resources_counted), the counts are accurate. Otherwise, the counts can be smaller than actual. WARNING: This is an alpha feature. Use it with caution as we may modify or delete it without guaranteeing backward compatibility.
old_valueOptional. You can optionally request the distributions of field values by providing a list of facet options. Each facet option is a field name, and results in one `FacetResult`. For each facet option, we will divide the entire range of search results into buckets based on the field values and count how many search results fall into each bucket. Currently we only support string fields where each distinct string value is a bucket. The counts are based on all the search results matching the query, not the current page. We will only return the top 200 largest buckets based on heuristics, and any smaller buckets will be truncated. Currently, supported fields include `assetType`, `project`, `location` and `state`. NOTE: If there are more than 50,000 resources matching the query, we will count at least 50,000 but not all the resources. When the number of matched resources (estimated_total_resource_count) equals the number of counted resources (num_resources_counted), the counts are accurate. Otherwise, the counts can be smaller than actual. WARNING: This is an alpha feature. Use it with caution as we may modify or delete it without guaranteeing backward compatibility.
root['resources']['v1']['methods']['searchAllResources']['parameters']['orderBy']['description']
new_valueOptional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only the following fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType
old_valueOptional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only singular primitive fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType All the other fields such as repeated fields (e.g., `networkTags`, `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`) are not supported.
root['resources']['v1']['methods']['searchAllResources']['parameters']['pageSize']['description']
new_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
old_valueOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
root['resources']['v1']['methods']['searchAllResources']['parameters']['query']['description']
new_valueOptional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Google Cloud resources whose name contains `Important` as a word. * `name=Important` to find the Google Cloud resource whose name is exactly `Important`. * `displayName:Impor*` to find Google Cloud resources whose display name contains `Impor` as a prefix of any word in the field. * `location:us-west*` to find Google Cloud resources whose location contains both `us` and `west` as prefixes. * `labels:prod` to find Google Cloud resources whose labels contain `prod` as a key or value. * `labels.env:prod` to find Google Cloud resources that have a label `env` and its value is `prod`. * `labels.env:*` to find Google Cloud resources that have a label `env`. * `tagKeys:env` to find Google Cloud resources that have directly attached tags where the [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey) contains `env`. * `tagValues:prod*` to find Google Cloud resources that have directly attached tags where the [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) contains a word prefixed by `prod`. * `tagValueIds=tagValues/123` to find Google Cloud resources that have directly attached tags where the [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) is exactly `tagValues/123`. * `effectiveTagKeys:env` to find Google Cloud resources that have directly attached or inherited tags where the [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey) contains `env`. * `effectiveTagValues:prod*` to find Google Cloud resources that have directly attached or inherited tags where the [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) contains a word prefixed by `prod`. * `effectiveTagValueIds=tagValues/123` to find Google Cloud resources that have directly attached or inherited tags where the [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue) is exactly `tagValues/123`. * `kmsKey:key` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains `key` as a word. This field is deprecated. Use the `kmsKeys` field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word `key`. * `relationships:instance-group-1` to find Google Cloud resources that have relationships with `instance-group-1` in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine instances that have relationships of type `INSTANCE_TO_INSTANCEGROUP`. * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine instances that have relationships with `instance-group-1` in the Compute Engine instance group resource name, for relationship type `INSTANCE_TO_INSTANCEGROUP`. * `sccSecurityMarks.key=value` to find Cloud resources that are attached with security marks whose key is `key` and value is `value`. * `sccSecurityMarks.key:*` to find Cloud resources that are attached with security marks whose key is `key`. * `state:ACTIVE` to find Google Cloud resources whose state contains `ACTIVE` as a word. * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain `ACTIVE` as a word. * `createTime<1609459200` to find Google Cloud resources that were created before `2021-01-01 00:00:00 UTC`. `1609459200` is the epoch timestamp of `2021-01-01 00:00:00 UTC` in seconds. * `updateTime>1609459200` to find Google Cloud resources that were updated after `2021-01-01 00:00:00 UTC`. `1609459200` is the epoch timestamp of `2021-01-01 00:00:00 UTC` in seconds. * `Important` to find Google Cloud resources that contain `Important` as a word in any of the searchable fields. * `Impor*` to find Google Cloud resources that contain `Impor` as a prefix of any word in any of the searchable fields. * `Important location:(us-west1 OR global)` to find Google Cloud resources that contain `Important` as a word in any of the searchable fields and are also located in the `us-west1` region or the `global` location.
old_valueOptional. The query statement. See [how to construct a query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query) for more information. If not specified or empty, it will search all the resources within the specified `scope`. Examples: * `name:Important` to find Google Cloud resources whose name contains "Important" as a word. * `name=Important` to find the Google Cloud resource whose name is exactly "Important". * `displayName:Impor*` to find Google Cloud resources whose display name contains "Impor" as a prefix of any word in the field. * `location:us-west*` to find Google Cloud resources whose location contains both "us" and "west" as prefixes. * `labels:prod` to find Google Cloud resources whose labels contain "prod" as a key or value. * `labels.env:prod` to find Google Cloud resources that have a label "env" and its value is "prod". * `labels.env:*` to find Google Cloud resources that have a label "env". * `kmsKey:key` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains "key" as a word. This field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS key information. * `kmsKeys:key` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word "key". * `relationships:instance-group-1` to find Google Cloud resources that have relationships with "instance-group-1" in the related resource name. * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP". * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine instances that have relationships with "instance-group-1" in the Compute Engine instance group resource name, for relationship type "INSTANCE_TO_INSTANCEGROUP". * `state:ACTIVE` to find Google Cloud resources whose state contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain "ACTIVE" as a word. * `createTime<1609459200` to find Google Cloud resources that were created before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `updateTime>1609459200` to find Google Cloud resources that were updated after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. * `Important` to find Google Cloud resources that contain "Important" as a word in any of the searchable fields. * `Impor*` to find Google Cloud resources that contain "Impor" as a prefix of any word in any of the searchable fields. * `Important location:(us-west1 OR global)` to find Google Cloud resources that contain "Important" as a word in any of the searchable fields and are also located in the "us-west1" region or the "global" location.
root['resources']['v1']['methods']['searchAllResources']['parameters']['readMask']['description']
new_valueOptional. A comma-separated list of fields that you want returned in the results. The following fields are returned by default if not specified: * `name` * `assetType` * `project` * `folders` * `organization` * `displayName` * `description` * `location` * `labels` * `tags` * `effectiveTags` * `networkTags` * `kmsKeys` * `createTime` * `updateTime` * `state` * `additionalAttributes` * `parentFullResourceName` * `parentAssetType` Some fields of large size, such as `versionedResources`, `attachedResources`, `effectiveTags` etc., are not returned by default, but you can specify them in the `read_mask` parameter if you want to include them. If `"*"` is specified, all [available fields](https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/searchAllResources#resourcesearchresult) are returned. Examples: `"name,location"`, `"name,versionedResources"`, `"*"`. Any invalid field path will trigger INVALID_ARGUMENT error.
old_valueOptional. A comma-separated list of fields specifying which fields to be returned in ResourceSearchResult. Only '*' or combination of top level fields can be specified. Field names of both snake_case and camelCase are supported. Examples: `"*"`, `"name,location"`, `"name,versionedResources"`. The read_mask paths must be valid field paths listed but not limited to (both snake_case and camelCase are supported): * name * assetType * project * displayName * description * location * tagKeys * tagValues * tagValueIds * labels * networkTags * kmsKey (This field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS key information.) * kmsKeys * createTime * updateTime * state * additionalAttributes * versionedResources If read_mask is not specified, all fields except versionedResources will be returned. If only '*' is specified, all fields including versionedResources will be returned. Any invalid field path will trigger INVALID_ARGUMENT error.
root['revision']
new_value20250225
old_value20230224
root['schemas']['AdditionalFacets']['description']
new_valueAdditional Facets that apply to a specific asset_type. Currently only supports machine_type for `compute.googleapis.com/Instance` and aws_account_id for AWS asset_types.
old_valueAdditional Facets that apply to a specific asset_type. Currently only supports machine_type for `compute.googleapis.com/Instance`.
root['schemas']['AnalyzeIamPolicyLongrunningRequest']['properties']['savedAnalysisQuery']['description']
new_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
old_valueOptional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
root['schemas']['AnalyzeIamPolicyResponse']['properties']['serviceAccountImpersonationAnalysis']['description']
new_valueThe service account impersonation analysis if IamPolicyAnalysisQuery.Options.analyze_service_account_impersonation is enabled.
old_valueThe service account impersonation analysis if AnalyzeIamPolicyRequest.analyze_service_account_impersonation is enabled.
root['schemas']['Asset']['properties']['accessLevel']['description']
new_valueAlso refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
old_valuePlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
root['schemas']['Asset']['properties']['accessPolicy']['description']
new_valueAlso refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
old_valuePlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
root['schemas']['Asset']['properties']['servicePerimeter']['description']
new_valueAlso refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
old_valuePlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
root['schemas']['AssetEnrichment']['properties']
new_value
additionalAssetAttributes
$refAdditionalAssetAttributes
deprecatedTrue
appHub
$refAppHub
descriptionThe Apphub info for the app hub enriched resource. (See go/service-calculator-proof-of-concept-discussion)
cloudassetResourceOwners
$refCloudAssetResourceOwners
descriptionThe list of resource owners for a resource, this field is not searchable. Note that this field only contains the members that have "roles/owner" role in the resource's IAM Policy.
effectiveTags
$refEffectiveTags
descriptionThe effective tags for a resource.
reachabilityInfo
$refReachabilityReport
descriptionThe reachability from VM to a remote endpoint from a specific network.
resourceOwners
$refResourceOwners
descriptionThe resource owners for a resource. Note that this field only contains the members that have "roles/owner" role in the resource's IAM Policy.
serviceDirectoryInfo
$refServiceDirectoryInfo
descriptionThe metadata for the Service Directory tag for the resource.
old_value
reachablityInfo
$refReachabilityReport
descriptionThe reachability from VM to a remote endpoint from a specific network.
root['schemas']['AttachedResource']['properties']['assetType']['description']
new_valueThe type of this attached resource. Example: `osconfig.googleapis.com/Inventory` You can find the supported attached asset types of each resource in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types`
old_valueThe type of this attached resource. Example: `osconfig.googleapis.com/Inventory` You can find the supported attached asset types of each resource in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['CloudAuditOptions']['properties']['authorizationLoggingOptions']['description']
new_valueInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
old_valueInformation used by the Cloud Audit Logging pipeline.
root['schemas']['ConditionEvaluation']['description']
new_valueThe condition evaluation.
old_valueThe Condition evaluation.
root['schemas']['EffectiveTagDetails']['properties']['attachedResource']['description']
new_valueThe [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which effective_tags are inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance).
old_valueThe [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which an effective_tag is inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance).
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['description']
new_valueOptional. The enrichment type to export, for example: `ENRICHMENT_TYPE_NETWORK_REACHABILITY`. This field should only be specified if content_type=ENRICHMENT, and can not have more than one element. * If specified: It identifies the type of enrichment for a resource. It returns an error if any of the [enrichment_types] is not supported by any of the [asset_types]. * Otherwise: it snapshots the supported enrichments for all [asset_types] or returns an error if any of the [asset_types] has no enrichments support.
old_valueOptional. A list of enrichment types to output. Applies only if [content_type] is ENRICHMENT.
root['schemas']['Feed']['properties']['enrichmentTypes']['description']
new_valueOptional. The enrichment type to output. Applies only if [content_type] is ENRICHMENT. At most one element can be specified.
old_valueOptional. A list of enrichment types to output. Applies only if [content_type] is ENRICHMENT.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedAsset']['properties']['policyBundle']['description']
new_valueThe ordered list of all organization policies from the consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
old_valueThe ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['attachedResource']['description']
new_valueThe full resource name of the resource on which this IAM policy is set. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information.
old_valueThe full resource name of the resource associated with this IAM policy. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more information.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['folders']['description']
new_valueThe folder(s) that this IAM policy belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to one or more folders.
old_valueThe folder(s) that this IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs(directly or cascadingly) to one or more folders.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['organization']['description']
new_valueThe organization that this IAM policy belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to an organization.
old_valueThe organization that this IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs(directly or cascadingly) to an organization.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy']['properties']['project']['description']
new_valueThe project that this IAM policy belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the IAM policy belongs to a project.
old_valueThe project that this IAM policy belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the IAM policy belongs to a project.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['folders']['description']
new_valueThe folder(s) that this resource belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to one or more folders.
old_valueThe folder(s) that this resource belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the resource belongs(directly or cascadingly) to one or more folders.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['organization']['description']
new_valueThe organization that this resource belongs to, in the format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization.
old_valueThe organization that this resource belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs(directly or cascadingly) to an organization.
root['schemas']['GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource']['properties']['project']['description']
new_valueThe project that this resource belongs to, in the format of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project.
old_valueThe project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project.
root['schemas']['GoogleCloudAssetV1GovernedContainer']['properties']['policyBundle']['description']
new_valueThe ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
old_valueThe ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
root['schemas']['GoogleCloudAssetV1Identity']['properties']['name']['description']
new_valueThe identity of members, formatted as appear in an [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). For example, they might be formatted like the following: - user:foo@google.com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id - domain:google.com - allUsers
old_valueThe identity name in any form of members appear in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding), such as: - user:foo@google.com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id - domain:google.com - allUsers - etc.
root['schemas']['GoogleCloudAssetV1Rule']['description']
new_valueThis rule message is a customized version of the one defined in the Organization Policy system. In addition to the fields defined in the original organization policy, it contains additional field(s) under specific circumstances to support analysis results.
old_valueRepresents a rule defined in an organization policy
root['schemas']['GoogleCloudAssetV1Rule']['properties']['values']['description']
new_valueList of values to be used for this policy rule. This field can be set only in policies for list constraints.
old_valueList of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
root['schemas']['GoogleCloudOrgpolicyV2AlternatePolicySpec']['description']
new_valueSimilar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run.
old_valueSimilar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch.
root['schemas']['GoogleCloudOrgpolicyV2Policy']['properties']['name']['description']
new_valueImmutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
old_valueImmutable. The resource name of the policy. Must be one of the following forms, where constraint_name is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
root['schemas']['GoogleCloudOrgpolicyV2Policy']['properties']['spec']['description']
new_valueBasic information about the organization policy.
old_valueBasic information about the Organization Policy.
root['schemas']['GoogleCloudOrgpolicyV2PolicySpec']['properties']['etag']['description']
new_valueAn opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
old_valueAn opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
root['schemas']['GoogleCloudOrgpolicyV2PolicySpec']['properties']['rules']['description']
new_valueIn policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.
old_valueUp to 10 policy rules are allowed. In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.
root['schemas']['GoogleCloudOrgpolicyV2StringValues']['description']
new_valueA message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.
old_valueA message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['IamPolicyAnalysis']['properties']['internalStats']['description']
new_valueThe stats of how the analysis has been explored.
old_valueOptional. The stats of how the analysis has been explored.
root['schemas']['IamPolicyAnalysisQuery']['properties']['scope']['description']
new_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project ID, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
old_valueRequired. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
root['schemas']['IamPolicySearchResult']['properties']['project']['description']
new_valueThe project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or organization, this field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request.
old_valueThe project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the `project`: * specify the `scope` field as this project in your search request.
root['schemas']['IngestAssetRequest']['description']
new_valueRequest to ingest an other-cloud asset.
old_valueRequest to ingest a 3rd party asset.
root['schemas']['IngestAssetRequest']['properties']['asset']['$ref']
new_valueOtherCloudAssetEvent
old_valueAssetEvent
root['schemas']['IngestAssetRequest']['properties']['asset']['description']
new_valueThe other-cloud asset to be ingested.
old_valueThe 3rd party asset to be ingested.
root['schemas']['IngestAssetResponse']['description']
new_valueResponse of ingesting an other-cloud asset.
old_valueResponse of ingesting a 3rd party asset.
root['schemas']['IngestAssetResponse']['properties']['name']['description']
new_valueIt is the original name of the resource. For AWS assets, use [ARN](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html)
old_valueFull asset name in Google Cloud format.
root['schemas']['NetworkReachability']['properties']['ipv6EgressReachabilities']['description']
new_valueIPv6 Reachability from the entity to the remote endpoint.
old_valueIPv6 Reachability from the entity to the remote end point.
root['schemas']['NetworkReachability']['properties']['ipv6IngressReachabilities']['description']
new_valueIPv6 Reachability from the remote endpoint to the entity.
old_valueIPv6 Reachability from the entity to the remote end point.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['OrgPolicyResult']['properties']['consolidatedPolicy']['description']
new_valueThe consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
old_valueThe consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating AnalyzeOrgPoliciesResponse.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
root['schemas']['OrgPolicyResult']['properties']['policyBundle']['description']
new_valueThe ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
old_valueThe ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['QueryAssetsRequest']['properties']['statement']['description']
new_valueOptional. A SQL statement that's compatible with [BigQuery SQL](https://cloud.google.com/bigquery/docs/introduction-sql).
old_valueOptional. A SQL statement that's compatible with [BigQuery Standard SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
root['schemas']['QueryAssetsResponse']['properties']['done']['description']
new_valueThe query response, which can be either an `error` or a valid `response`. If `done` == `false` and the query result is being saved in an output, the output_config field will be set. If `done` == `true`, exactly one of `error`, `query_result` or `output_config` will be set. [done] is unset unless the [QueryAssetsResponse] contains a [QueryAssetsResponse.job_reference].
old_valueThe query response, which can be either an `error` or a valid `response`. If `done` == `false` and the query result is being saved in a output, the output_config field will be set. If `done` == `true`, exactly one of `error`, `query_result` or `output_config` will be set.
root['schemas']['QueryAssetsResponse']['properties']['outputConfig']['description']
new_valueOutput configuration, which indicates that instead of being returned in an API response on the fly, the query result will be saved in a specific output.
old_valueOutput configuration which indicates instead of being returned in API response on the fly, the query result will be saved in a specific output.
root['schemas']['Resource']['properties']['parent']['description']
new_valueThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123`
old_valueThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
root['schemas']['ResourceDiffStats']['properties']['additionalFacets']['description']
new_valueAny additional facets of the resources. Only populated when specific facet within additional facets is specified in group_by in ResourceDiffStatsRequest. Currently only supports machine_type for `compute.googleapis.com/Instance` and aws_account_id for AWS asset_types. When request group_bys machine_type, the request should filter asset type to only compute.googleapis.com/Instance. When request group_bys aws_account_id, the request should filter asset type to only AWS asset types. Otherwise the response will include other resource types with machine_type = NULL or aws_account_id = NULL.
old_valueAny additional facets of the resources. Only populated when specific facet within additional facets is specified in group_by in ResourceDiffStatsRequest. Currently only supports machine_type for `compute.googleapis.com/Instance`. When request group_bys machine_type, the request should filter asset type to only compute.googleapis.com/Instance. Otherwise the response will include other resource types with machine_type = NULL.
root['schemas']['ResourceSearchResult']['description']
new_valueA result of Resource Search, containing information of a cloud resource.
old_valueA result of Resource Search, containing information of a cloud resource. Next ID: 32
root['schemas']['ResourceSearchResult']['properties']['additionalAttributes']['description']
new_valueThe additional searchable attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding Google Cloud service (e.g., Compute Engine). see [API references and supported searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types) to see which fields are included. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the Google Cloud service updates to a new incompatible API version. To search against the `additional_attributes`: * Use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `foobar`.
old_valueThe additional searchable attributes of this resource. The attributes may vary from one resource type to another. Examples: `projectId` for Project, `dnsName` for DNS ManagedZone. This field contains a subset of the resource metadata fields that are returned by the List or Get APIs provided by the corresponding Google Cloud service (e.g., Compute Engine). see [API references and supported searchable attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types) to see which fields are included. You can search values of these fields through free text search. However, you should not consume the field programically as the field names and values may change as the Google Cloud service updates to a new incompatible API version. To search against the `additional_attributes`: * Use a free text query to match the attributes values. Example: to search `additional_attributes = { dnsName: "foobar" }`, you can issue a query `foobar`.
root['schemas']['ResourceSearchResult']['properties']['effectiveTags']['description']
new_valueThe effective tags on this resource. All of the tags that are both attached to and inherited by a resource are collectively called the effective tags. For more information, see [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). To search against the `effective_tags`: * Use a field query. Example: - `effectiveTagKeys:"123456789/env*"` - `effectiveTagKeys="123456789/env"` - `effectiveTagKeys:"env"` - `effectiveTagKeyIds="tagKeys/123"` - `effectiveTagValues:"env"` - `effectiveTagValues:"env/prod"` - `effectiveTagValues:"123456789/env/prod*"` - `effectiveTagValues="123456789/env/prod"` - `effectiveTagValueIds="tagValues/456"`
old_valueThe effective tags on this resource. All of the tags that are both attached to and inherited by a resource are collectively called the effective tags. For more information, see [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). To search against the `effective_tags`: * Use a field query. Example: - `effectiveTagKeys:"123456789/env*"` - `effectiveTagKeys="123456789/env"` - `effectiveTagKeys:"env"` - `effectiveTagValues:"env"` - `effectiveTagValues:"env/prod"` - `effectiveTagValues:"123456789/env/prod*"` - `effectiveTagValues="123456789/env/prod"` - `effectiveTagValueIds:"456"` - `effectiveTagValueIds="tagValues/456"` * Use a free text query. Example: - `env/prod`
root['schemas']['ResourceSearchResult']['properties']['kmsKey']['description']
new_valueThe Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose of backward compatibility. Use the `kms_keys` field to retrieve Cloud KMS key information. This field is available only when the resource's Protobuf contains it and will only be populated for [these resource types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible purposes. To search against the `kms_key`: * Use a field query. Example: `kmsKey:key` * Use a free text query. Example: `key`
old_valueThe Cloud KMS [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) name or [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) name. This field only presents for the purpose of backward compatibility. Please use the `kms_keys` field to retrieve Cloud KMS key information. This field is available only when the resource's Protobuf contains it and will only be populated for [these resource types](https://cloud.google.com/asset-inventory/docs/legacy-field-names#resource_types_with_the_to_be_deprecated_kmskey_field) for backward compatible purposes. To search against the `kms_key`: * Use a field query. Example: `kmsKey:key` * Use a free text query. Example: `key`
root['schemas']['ResourceSearchResult']['properties']['labels']['description']
new_valueUser labels associated with this resource. See [Labelling and grouping Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `labels`: * Use a field query: - query on any label's key or value. Example: `labels:prod` - query by a given label. Example: `labels.env:prod` - query by a given label's existence. Example: `labels.env:*` * Use a free text query. Example: `prod`
old_valueLabels associated with this resource. See [Labelling and grouping Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information. This field is available only when the resource's Protobuf contains it. To search against the `labels`: * Use a field query: - query on any label's key or value. Example: `labels:prod` - query by a given label. Example: `labels.env:prod` - query by a given label's existence. Example: `labels.env:*` * Use a free text query. Example: `prod`
root['schemas']['ResourceSearchResult']['properties']['sccAssetAttributes']['description']
new_valueSCC Asset Attributes for this resource. To search against SCC Asset Attribute fields: * `consistent_id` - `sccAssetAttributes.consistentId=`. The read_mask path must be specified in order to have the field value returned. This is for SCC internal use and should not be used by any other clients. * scc_asset_attributes
old_valueSCC Asset Attributes for this resource. To search against SCC Asset Attribute fields: * `consistent_id` - `sccAssetAttributes.consistentId=`. * `resource_type` - `sccAssetAttributes.resourceType=`. - `sccAssetAttributes.resourceType:`. * `resource_name - `sccAssetAttributes.resourceName=`. - `sccAssetAttributes.resourceName:`. * `resource_display_name - `sccAssetAttributes.resourceDisplayName=`. - `sccAssetAttributes.resourceDisplayName:`. * `resource_parent - `sccAssetAttributes.resourceParent=`. - `sccAssetAttributes.resourceParent:`. * `resource_owners - `sccAssetAttributes.resourceOwners=`. - `sccAssetAttributes.resourceOwners:`. * `resource_parent_display_name - `sccAssetAttributes.resourceParentDisplayName=`. - `sccAssetAttributes.resourceParentDisplayName:`. * `folders.resourceFolder or `folders.resourceFolderDisplayName - not searchable. * `security_marks Note that Both staging & prod SecurityMarks will be ingested to CAS preprod/prod and join with prod resources. The `security_marks` map may consist of both staging and prod marks. In that case, the prefix "staging." will be added to the keys of all the staging marks. * Prod examples: - `sccAssetAttributes.securityMarks.=foo` - `sccAssetAttributes.securityMarks.:*foo*` - `sccAssetAttributes.securityMarks.:*` * Staging examples: - `sccAssetAttributes.securityMarks.staging.=foo` - `sccAssetAttributes.securityMarks.staging.:*foo*` - `sccAssetAttributes.securityMarks.staging.:*` The read_mask path must be specified in order to have the field value returned. * scc_asset_attributes
root['schemas']['ResourceSearchResult']['properties']['tagKeys']['description']
new_valueThis field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the `tagKeys`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` * Use a free text query. Example: - `env`
old_valueTagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the `tagKeys`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` * Use a free text query. Example: - `env`
root['schemas']['ResourceSearchResult']['properties']['tagValueIds']['description']
new_valueThis field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the `tagValueIds`: * Use a field query. Example: - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `456`
old_valueTagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the `tagValueIds`: * Use a field query. Example: - `tagValueIds:"456"` - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `456`
root['schemas']['ResourceSearchResult']['properties']['tagValues']['description']
new_valueThis field is only present for the purpose of backward compatibility. Use the `tags` field instead. TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the `tagValues`: * Use a field query. Example: - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` * Use a free text query. Example: - `prod`
old_valueTagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the `tagValues`: * Use a field query. Example: - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` * Use a free text query. Example: - `prod`
root['schemas']['ResourceSearchResult']['properties']['tags']['description']
new_valueThe tags directly attached to this resource. To search against the `tags`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` - `tagKeyIds="tagKeys/123"` - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `env/prod`
old_valueThe tags directly attached to this resource. To search against the `tags`: * Use a field query. Example: - `tagKeys:"123456789/env*"` - `tagKeys="123456789/env"` - `tagKeys:"env"` - `tagValues:"env"` - `tagValues:"env/prod"` - `tagValues:"123456789/env/prod*"` - `tagValues="123456789/env/prod"` - `tagValueIds:"456"` - `tagValueIds="tagValues/456"` * Use a free text query. Example: - `env/prod`
root['schemas']['ResourceStats']['properties']['additionalFacets']['description']
new_valueAny additional facets of the resources. Only populated when specific facet within additional facets is specified in group_by in ResourceDiffStatsRequest. Currently only supports machine_type for `compute.googleapis.com/Instance` and aws_account_id for AWS asset_types. When request group_bys machine_type, the request should filter asset type to only compute.googleapis.com/Instance. When request group_bys aws_account_id, the request should filter asset type to only AWS asset types. Otherwise the response will include other resource types with machine_type = NULL or aws_account_id = NULL.
old_valueAny additional facets of the resources. Only populated when specific facet within additional facets is specified in group_by in ResourceStatsRequest. Currently only supports machine_type for `compute.googleapis.com/Instance`. When request group_bys machine_type, the request should filter asset type to only compute.googleapis.com/Instance. Otherwise the response will include other resource types with machine_type = NULL.
root['schemas']['SccAssetAttributes']['properties']
new_value
consistentId
descriptionSCC consistent_id, which is the numeric hash value (farmhash) of the full resource name in CAI format. It's used to construct the SCC Asset [name](http://google3/google/cloud/securitycenter/v1/asset.proto;l=40;rcl=448855448) and [canonical_name](http://google3/google/cloud/securitycenter/v1/asset.proto;rcl=448855448;l=197). It's Note that CAI format full resource name and Search full resource name have slight differences (e.g., project, service_account), the discrepancies are addressed by `alt_name` field. See go/ncon-scc-consistent-id for more information.
typestring
old_value
consistentId
descriptionSCC consistent_id, which is the numeric hash value (farmhash) of the full resource name in CAI format. It's used to construct the SCC Asset [name](http://google3/google/cloud/securitycenter/v1/asset.proto;l=40;rcl=448855448) and [canonical_name](http://google3/google/cloud/securitycenter/v1/asset.proto;rcl=448855448;l=197). It's Note that CAI format full resource name and Search full resource name have slight differences (e.g., project, service_account), the discrepancies are addressed by `alt_name` field. See go/ncon-scc-consistent-id for more information.
typestring
folders
descriptionFolders ancestry of the resource. Maps to SCC [folders](http://google3/google/cloud/securitycenter/v1/asset.proto;l=124;rcl=448855448) field. Note that the first folder is the deepest nested folder, and the last folder is the folder directly under the organization. This field is ingested through a separate checkpoint only, so the data could be several hours stale.
items
$refFolder
typearray
resourceDisplayName
descriptionThe user defined display name for this resource in SCC format. Maps to SCC [resource_display_name](http://google3/google/cloud/securitycenter/v1/asset.proto;l=94;rcl=448855448) field. Note that both SCC and Search display names are generated from certain resource metadata fields. But some resource types are using different metadata fields to generate the display_name. See cl/431970997 for more information about SCC display_name.
typestring
resourceName
descriptionImmutable. The full resource name of the Google Cloud resource in SCC format. SCC implemented its customized logic to convert between SCC resource name and CAIS resource name. See go/scc-cai-resource-fields-design. Example: `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`. Maps to SCC [resource_name](http://google3/google/cloud/securitycenter/v1/asset.proto;l=55;rcl=448855448) field. Note that SCC full resource name is derived from CAI full resource name. The discrepancies are documented in go/scc-cai-naming-differences-g3doc. CAI format full resource name and Search full resource name also have slight differences (e.g., project, service_account).
typestring
resourceOwners
descriptionSCC ownership of the resource. Maps to SCC [resource_owners](http://google3/google/cloud/securitycenter/v1/asset.proto;l=87;rcl=448855448) field. Note that SCC ownership only contains the members that have "roles/owner" role in the IAM Policy of the resource's project. This field is ingested through a separate checkpoint only, so the data could be several hours stale.
items
typestring
typearray
resourceParent
descriptionSCC format parent resource name. Maps to SCC [resource_parent](http://google3/google/cloud/securitycenter/v1/asset.proto;l=72;rcl=448855448) field. Note that SCC resource name is derived from CAI. Compared to CAI full resource name, it has the discrepancies specified in go/scc-cai-naming-differences-g3doc. CAI format full resource name and Search full resource name also have slight differences (e.g., project, service_account). See [Cloud Asset Inventory & Search Resource Name Format](https://cloud.google.com/asset-inventory/docs/resource-name-format) for more details.
typestring
resourceParentDisplayName
descriptionSCC format human-readable parent display name. Maps to SCC [resource_parent_display_name](http://google3/google/cloud/securitycenter/v1/asset.proto;l=101;rcl=448855448) field. Note that this field is ingested through a separate checkpoint only, so the data could be several hours stale.
typestring
resourceType
descriptionImmutable. The type of the Google Cloud resource in SCC format. This is a case insensitive field defined by Security Command Center (https://source.corp.google.com/piper///depot/google3/java/com/google/cloud/security/riskdashboard/common/AssetTypes.java) and/or the producer of the resource. SCC resource_type format: `google.{data_provider}.{Resource}`. Example: `google.cloud.resourcemanager.Project`. Maps to SCC [resource_type](http://google3/google/cloud/securitycenter/v1/asset.proto;l=65;rcl=448855448) field. Note that SCC and CAI asset type 1:1 mapping is configured in cl/431970997. However, Search asset types are slightly different from CAI asset types on regional/global compute types.
typestring
securityMarks
additionalProperties
typestring
descriptionThe actual content of SCC SecurityMarks associated with the asset. Maps to SCC [security_marks](http://google3/google/cloud/securitycenter/v1/asset.proto;l=141;rcl=448855448) field. Note that both staging & prod SecurityMarks are attached on prod resources. In CAS preprod/prod, both staging & prod SecurityMarks are ingested and returned in the following `security_marks` map. In that case, the prefix "staging." will be added to the keys of all the staging marks. See go/security-marks-onboarding for more details.
typeobject
root['schemas']['SearchAllIamPoliciesResponse']['properties']['estimatedTotalResultCount']['description']
new_valueWARNING: contact nephonomicon-dev@google.com before using the field. Estimated count of all results matching this search request. This number might be approximate.
old_valueWARNING: please contact nephonomicon-dev@google.com before using the field. Estimated count of all results matching this search request. This number might be approximate.
root['schemas']['SearchAllIamPoliciesResponse']['properties']['facetCountedResultCount']['description']
new_valueWARNING: contact nephonomicon-dev@google.com before using the field. The actual number of results counted during facet search. If this number equals estimated_total_result_count, then all the results matching the query are counted and the facet result is accurate. This number is at least the sum of all facet bucket counts. If this number equals the sum, the facet result represents all the counted results. Otherwise, it indicates there are more than 200 buckets under a facet, and only the top 200 are returned.
old_valueWARNING: please contact nephonomicon-dev@google.com before using the field. The actual number of results counted during facet search. If this number equals estimated_total_result_count, then all the results matching the query are counted and the facet result is accurate. This number is at least the sum of all facet bucket counts. If this number equals the sum, the facet result represents all the counted results. Otherwise, it indicates there are more than 200 buckets under a facet, and only the top 200 are returned.
root['schemas']['SearchAllIamPoliciesResponse']['properties']['filtered']['description']
new_valueWARNING: contact nephonomicon-dev@google.com before using the field. This field indicates whether the Query server applied user query to filter results. It happens after receiving results from ST-BTI. If true, the `facet_results` may be inaccurate, and the actual counts may be more or less than the returned ones. Some queries, for example containing permission terms, will trigger Query server's post filtering process, and some results may be removed from the search results returned from ST-BTI, which makes `facet_results` no longer accurate.
old_valueWARNING: please contact nephonomicon-dev@google.com before using the field. This field indicates whether the Query server applied user query to filter results. It happens after receiving results from ST-BTI. If true, the `facet_results` may be inaccurate, and the actual counts may be more or less than the returned ones. Some queries, for example containing permission terms, will trigger Query server's post filtering process, and some results may be removed from the search results returned from ST-BTI, which makes `facet_results` no longer accurate.
root['schemas']['SearchAllResourcesResponse']['properties']['estimatedTotalResourceCount']['description']
new_valueWARNING: contact nephonomicon-dev@google.com before using the field. Estimated count of all resources matching this search request. This number might be approximate, if exceeding `total_resource_count_min_accuracy`.
old_valueWARNING: please contact nephonomicon-dev@google.com before using the field. Estimated count of all resources matching this search request. This number might be approximate, if exceeding `total_resource_count_min_accuracy`.
root['schemas']['SearchAllResourcesResponse']['properties']['numResourcesCounted']['description']
new_valueThe actual number of resources counted during facet search. If this number equals estimated_total_resource_count, then all the resources matching the query are counted and the facet result is accurate. Otherwise it's an approximation based on a sampled data scan.
old_valueThe actual number of resources counted during facet search. If this number equals estimated_total_resource_count, then all the resources matching the query are counted and the facet result is accurate. This number is at least the sum of all facet bucket counts. If this number equals the sum, the facet result represents all the counted resources. Otherwise, it indicates there are more than 200 buckets under a facet, and only the top 200 are returned.
root['schemas']['Tag']['description']
new_valueThe key and value for a [tag](https://cloud.google.com/resource-manager/docs/tags/tags-overview).
old_valueThe key and value for a [tag](https://cloud.google.com/resource-manager/docs/tags/tags-overview),
root['schemas']['TimeOfDay']['properties']['hours']['description']
new_valueHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
old_valueHours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
root['schemas']['TimeOfDay']['properties']['minutes']['description']
new_valueMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
old_valueMinutes of hour of day. Must be from 0 to 59.
root['schemas']['TimeOfDay']['properties']['nanos']['description']
new_valueFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
old_valueFractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
root['schemas']['TimeOfDay']['properties']['seconds']['description']
new_valueSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
old_valueSeconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
root['schemas']['VersionedResource']['properties']['resource']['description']
new_valueJSON representation of the resource as defined by the corresponding service providing this resource. Example: If the resource is an instance provided by Compute Engine, this field will contain the JSON representation of the instance as defined by Compute Engine: `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. You can find the resource definition for each supported resource type in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types`
old_valueJSON representation of the resource as defined by the corresponding service providing this resource. Example: If the resource is an instance provided by Compute Engine, this field will contain the JSON representation of the instance as defined by Compute Engine: `https://cloud.google.com/compute/docs/reference/rest/v1/instances`. You can find the resource definition for each supported resource type in this table: `https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][3]
new_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['PartitionSpec']['properties']['partitionKey']['enumDescriptions'][1]
new_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitioned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
old_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitoned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
root['schemas']['Item']['properties']['type']['enumDescriptions'][0]
new_valueInvalid. A type must be specified.
old_valueInvalid. An type must be specified.
root['schemas']['ConditionEvaluation']['properties']['evaluationValue']['enumDescriptions'][3]
new_valueThe evaluation result is `conditional` when the condition expression contains variables that are either missing input values or have not been supported by Policy Analyzer yet.
old_valueThe evaluation result is `conditional` when the condition expression contains variables that are either missing input values or have not been supported by Analyzer yet.
root['schemas']['PartitionSpec']['properties']['partitionKey']['enumDescriptions'][2]
new_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitioned by the requestTime column, an additional timestamp column representing when the request was received.
old_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitoned by the requestTime column, an additional timestamp column representing when the request was received.
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][7]
new_valueProperties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['GoogleCloudAssetV1BigQueryDestination']['properties']['partitionKey']['enumDescriptions'][1]
new_valueThe time when the request is received. If specified as partition key, the result table(s) is partitioned by the RequestTime column, an additional timestamp column representing when the request was received.
old_valueThe time when the request is received. If specified as partition key, the result table(s) is partitoned by the RequestTime column, an additional timestamp column representing when the request was received.
iterable_item_added
root['resources']['assets']['methods']['list']['parameters']['contentType']['enum'][9]ASSET_RELATIONSHIP
root['resources']['assets']['methods']['list']['parameters']['contentType']['enumDescriptions'][9]Asset relationships being validated by service providers. Internal use only for GCA S&T's use case.
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enum'][2]ENRICHMENT_TYPE_SERVICE_DIRECTORY_INFO
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enum'][3]ENRICHMENT_TYPE_RESOURCE_OWNERS
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enum'][4]ENRICHMENT_TYPE_APP_HUB
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enum'][5]ENRICHMENT_TYPE_EFFECTIVE_TAGS
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enumDescriptions'][2]The metadata for the Service Directory tag for the resource. (see go/service-calculator-proof-of-concept-discussion)
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enumDescriptions'][3]Resource owners. Contains the members that have "roles/owner" role in the resource's IAM Policy. This data is updated at most once a day.
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enumDescriptions'][4]The Apphub info for the app hub enriched resource. (See go/service-calculator-proof-of-concept-discussion)
root['resources']['assets']['methods']['list']['parameters']['enrichmentTypes']['enumDescriptions'][5]The effective tags for a resource. Contains all the tags attached to or inherited by the resource. This enrichment type is for the Inventory APIs only. For the Search APIs, please refer to the`effective_tags` field in `ResourceSearchResult`.
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['contentType']['enum'][9]ASSET_RELATIONSHIP
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['contentType']['enumDescriptions'][9]Asset relationships being validated by service providers. Internal use only for GCA S&T's use case.
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enum'][2]ENRICHMENT_TYPE_SERVICE_DIRECTORY_INFO
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enum'][3]ENRICHMENT_TYPE_RESOURCE_OWNERS
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enum'][4]ENRICHMENT_TYPE_APP_HUB
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enum'][5]ENRICHMENT_TYPE_EFFECTIVE_TAGS
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enumDescriptions'][2]The metadata for the Service Directory tag for the resource. (see go/service-calculator-proof-of-concept-discussion)
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enumDescriptions'][3]Resource owners. Contains the members that have "roles/owner" role in the resource's IAM Policy. This data is updated at most once a day.
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enumDescriptions'][4]The Apphub info for the app hub enriched resource. (See go/service-calculator-proof-of-concept-discussion)
root['resources']['v1']['methods']['batchGetAssetsHistory']['parameters']['enrichmentTypes']['enumDescriptions'][5]The effective tags for a resource. Contains all the tags attached to or inherited by the resource. This enrichment type is for the Inventory APIs only. For the Search APIs, please refer to the`effective_tags` field in `ResourceSearchResult`.
root['schemas']['ExportAssetsRequest']['properties']['contentType']['enum'][9]ASSET_RELATIONSHIP
root['schemas']['ExportAssetsRequest']['properties']['contentType']['enumDescriptions'][9]Asset relationships being validated by service providers. Internal use only for GCA S&T's use case.
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enum'][2]ENRICHMENT_TYPE_SERVICE_DIRECTORY_INFO
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enum'][3]ENRICHMENT_TYPE_RESOURCE_OWNERS
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enum'][4]ENRICHMENT_TYPE_APP_HUB
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enum'][5]ENRICHMENT_TYPE_EFFECTIVE_TAGS
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enumDescriptions'][2]The metadata for the Service Directory tag for the resource. (see go/service-calculator-proof-of-concept-discussion)
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enumDescriptions'][3]Resource owners. Contains the members that have "roles/owner" role in the resource's IAM Policy. This data is updated at most once a day.
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enumDescriptions'][4]The Apphub info for the app hub enriched resource. (See go/service-calculator-proof-of-concept-discussion)
root['schemas']['ExportAssetsRequest']['properties']['enrichmentTypes']['items']['enumDescriptions'][5]The effective tags for a resource. Contains all the tags attached to or inherited by the resource. This enrichment type is for the Inventory APIs only. For the Search APIs, please refer to the`effective_tags` field in `ResourceSearchResult`.
root['schemas']['Feed']['properties']['contentType']['enum'][9]ASSET_RELATIONSHIP
root['schemas']['Feed']['properties']['contentType']['enumDescriptions'][9]Asset relationships being validated by service providers. Internal use only for GCA S&T's use case.
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enum'][2]ENRICHMENT_TYPE_SERVICE_DIRECTORY_INFO
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enum'][3]ENRICHMENT_TYPE_RESOURCE_OWNERS
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enum'][4]ENRICHMENT_TYPE_APP_HUB
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enum'][5]ENRICHMENT_TYPE_EFFECTIVE_TAGS
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enumDescriptions'][2]The metadata for the Service Directory tag for the resource. (see go/service-calculator-proof-of-concept-discussion)
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enumDescriptions'][3]Resource owners. Contains the members that have "roles/owner" role in the resource's IAM Policy. This data is updated at most once a day.
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enumDescriptions'][4]The Apphub info for the app hub enriched resource. (See go/service-calculator-proof-of-concept-discussion)
root['schemas']['Feed']['properties']['enrichmentTypes']['items']['enumDescriptions'][5]The effective tags for a resource. Contains all the tags attached to or inherited by the resource. This enrichment type is for the Inventory APIs only. For the Search APIs, please refer to the`effective_tags` field in `ResourceSearchResult`.
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enum'][4]REMOVE_GRANT
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enum'][5]GOVERN_TAGS
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enumDescriptions'][4]Constraint applied when removing an IAM grant.
root['schemas']['GoogleCloudAssetV1CustomConstraint']['properties']['methodTypes']['items']['enumDescriptions'][5]Constraint applied when enforcing forced tagging.
sandbox/test-cloudasset-v1beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1RiskType']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UserManagedRisk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['SbomItem']
  • root['schemas']['Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['CloudAuditOptions']['properties']['permissionType']
  • root['schemas']['DataAccessOptions']['properties']['isDirectAuth']
  • root['schemas']['GoogleCloudAssetV1p7beta1Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['accessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['createTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['updateTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['unsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
  • root['schemas']['Inventory']['properties']['sbomItems']
values_changed
root['revision']
new_value20250225
old_value20230224
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['CloudAuditOptions']['properties']['authorizationLoggingOptions']['description']
new_valueInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
old_valueInformation used by the Cloud Audit Logging pipeline.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['TimeOfDay']['properties']['hours']['description']
new_valueHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
old_valueHours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
root['schemas']['TimeOfDay']['properties']['minutes']['description']
new_valueMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
old_valueMinutes of hour of day. Must be from 0 to 59.
root['schemas']['TimeOfDay']['properties']['nanos']['description']
new_valueFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
old_valueFractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
root['schemas']['TimeOfDay']['properties']['seconds']['description']
new_valueSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
old_valueSeconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][3]
new_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][7]
new_valueProperties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Item']['properties']['type']['enumDescriptions'][0]
new_valueInvalid. A type must be specified.
old_valueInvalid. An type must be specified.
sandbox/test-cloudasset-v1p1beta1
values_changed
root
new_value
auth
oauth2
scopes
https://www.googleapis.com/auth/cloud-platform
descriptionSee, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
basePath
baseUrlhttps://test-cloudasset.sandbox.googleapis.com/
batchPathbatch
canonicalNameCloud Asset
descriptionThe Cloud Asset API manages the history and inventory of Google Cloud resources.
discoveryVersionv1
documentationLinkhttps://cloud.google.com/asset-inventory/docs/quickstart
fullyEncodeReservedExpansionTrue
icons
x16http://www.google.com/images/icons/product/search-16.gif
x32http://www.google.com/images/icons/product/search-32.gif
idcloudasset:v1p1beta1
kinddiscovery#restDescription
mtlsRootUrlhttps://test-cloudasset.mtls.sandbox.googleapis.com/
namecloudasset
ownerDomaingoogle.com
ownerNameGoogle
parameters
$.xgafv
descriptionV1 error format.
enum
  • 1
  • 2
enumDescriptions
  • v1 error format
  • v2 error format
locationquery
typestring
access_token
descriptionOAuth access token.
locationquery
typestring
alt
defaultjson
descriptionData format for response.
enum
  • json
  • media
  • proto
enumDescriptions
  • Responses with Content-Type of application/json
  • Media download with context-dependent Content-Type
  • Responses with Content-Type of application/x-protobuf
locationquery
typestring
callback
descriptionJSONP
locationquery
typestring
fields
descriptionSelector specifying which fields to include in a partial response.
locationquery
typestring
key
descriptionAPI key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
locationquery
typestring
oauth_token
descriptionOAuth 2.0 token for the current user.
locationquery
typestring
prettyPrint
defaulttrue
descriptionReturns response with indentations and line breaks.
locationquery
typeboolean
quotaUser
descriptionAvailable to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
locationquery
typestring
uploadType
descriptionLegacy upload protocol for media (e.g. "media", "multipart").
locationquery
typestring
upload_protocol
descriptionUpload protocol for media (e.g. "raw", "multipart").
locationquery
typestring
protocolrest
resources
iamPolicies
methods
searchAll
descriptionSearches all the IAM policies within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the IAM policies within a scope, even if they don't have `.getIamPolicy` permission of all the IAM policies. Callers should have `cloudasset.assets.searchAllIamPolicies` permission on the requested scope, otherwise the request will be rejected.
flatPathv1p1beta1/{v1p1beta1Id}/{v1p1beta1Id1}/iamPolicies:searchAll
httpMethodGET
idcloudasset.iamPolicies.searchAll
parameterOrder
  • scope
parameters
pageSize
descriptionOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
formatint32
locationquery
typeinteger
pageToken
descriptionOptional. If present, retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters must be identical to those in the previous call.
locationquery
typestring
query
descriptionOptional. The query statement. Examples: * "policy:myuser@mydomain.com" * "policy:(myuser@mydomain.com viewer)"
locationquery
typestring
scope
descriptionRequired. The relative name of an asset. The search is limited to the resources within the `scope`. The allowed value must be: * Organization number (such as "organizations/123") * Folder number (such as "folders/1234") * Project number (such as "projects/12345") * Project ID (such as "projects/abc")
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p1beta1/{+scope}/iamPolicies:searchAll
response
$refSearchAllIamPoliciesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
methods
searchAll
descriptionSearches all the resources within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the resources within a scope, even if they don't have `.get` permission of all the resources. Callers should have `cloudasset.assets.searchAllResources` permission on the requested scope, otherwise the request will be rejected.
flatPathv1p1beta1/{v1p1beta1Id}/{v1p1beta1Id1}/resources:searchAll
httpMethodGET
idcloudasset.resources.searchAll
parameterOrder
  • scope
parameters
assetTypes
descriptionOptional. A list of asset types that this request searches for. If empty, it will search all the supported asset types.
locationquery
repeatedTrue
typestring
orderBy
descriptionOptional. A comma separated list of fields specifying the sorting order of the results. The default order is ascending. Add ` DESC` after the field name to indicate descending order. Redundant space characters are ignored. For example, ` location DESC , name `.
locationquery
typestring
pageSize
descriptionOptional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `next_page_token` is returned.
formatint32
locationquery
typeinteger
pageToken
descriptionOptional. If present, then retrieve the next batch of results from the preceding call to this method. `page_token` must be the value of `next_page_token` from the previous response. The values of all other method parameters, must be identical to those in the previous call.
locationquery
typestring
query
descriptionOptional. The query statement.
locationquery
typestring
scope
descriptionRequired. The relative name of an asset. The search is limited to the resources within the `scope`. The allowed value must be: * Organization number (such as "organizations/123") * Folder number (such as "folders/1234") * Project number (such as "projects/12345") * Project ID (such as "projects/abc")
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p1beta1/{+scope}/resources:searchAll
response
$refSearchAllResourcesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
revision20250225
rootUrlhttps://test-cloudasset.sandbox.googleapis.com/
schemas
AnalyzeIamPolicyLongrunningMetadata
descriptionRepresents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning RPC.
idAnalyzeIamPolicyLongrunningMetadata
properties
createTime
descriptionOutput only. The time the operation was created.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
AnalyzeIamPolicyLongrunningResponse
descriptionA response message for AssetService.AnalyzeIamPolicyLongrunning.
idAnalyzeIamPolicyLongrunningResponse
properties
typeobject
AuditConfig
descriptionSpecifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
idAuditConfig
properties
auditLogConfigs
descriptionThe configuration for logging of each type of permission.
items
$refAuditLogConfig
typearray
service
descriptionSpecifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
typestring
typeobject
AuditLogConfig
descriptionProvides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
idAuditLogConfig
properties
exemptedMembers
descriptionSpecifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
items
typestring
typearray
ignoreChildExemptions
typeboolean
logType
descriptionThe log type that this config enables.
enum
  • LOG_TYPE_UNSPECIFIED
  • ADMIN_READ
  • DATA_WRITE
  • DATA_READ
enumDescriptions
  • Default case. Should never be this.
  • Admin reads. Example: CloudIAM getIamPolicy
  • Data writes. Example: CloudSQL Users create
  • Data reads. Example: CloudSQL Users list
typestring
typeobject
AuthorizationLoggingOptions
descriptionAuthorization-related information used by Cloud Audit Logging.
idAuthorizationLoggingOptions
properties
permissionType
descriptionThe type of the permission that was checked.
enum
  • PERMISSION_TYPE_UNSPECIFIED
  • ADMIN_READ
  • ADMIN_WRITE
  • DATA_READ
  • DATA_WRITE
enumDescriptions
  • Default. Should not be used.
  • A read of admin (meta) data.
  • A write of admin (meta) data.
  • A read of standard data.
  • A write of standard data.
typestring
typeobject
Binding
descriptionAssociates `members`, or principals, with a `role`.
idBinding
properties
bindingId
typestring
condition
$refExpr
descriptionThe condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
members
descriptionSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
items
typestring
typearray
role
descriptionRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
typestring
typeobject
CloudAuditOptions
descriptionWrite a Cloud Audit log
idCloudAuditOptions
properties
authorizationLoggingOptions
$refAuthorizationLoggingOptions
descriptionInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
logName
descriptionThe log_name to populate in the Cloud Audit Record.
enum
  • UNSPECIFIED_LOG_NAME
  • ADMIN_ACTIVITY
  • DATA_ACCESS
enumDescriptions
  • Default. Should not be used.
  • Corresponds to "cloudaudit.googleapis.com/activity"
  • Corresponds to "cloudaudit.googleapis.com/data_access"
typestring
permissionType
descriptionThe type associated with the permission.
enum
  • PERMISSION_TYPE_UNSPECIFIED
  • ADMIN_READ
  • ADMIN_WRITE
  • DATA_READ
  • DATA_WRITE
enumDescriptions
  • Default. Should not be used.
  • Permissions that gate reading resource configuration or metadata.
  • Permissions that gate modification of resource configuration or metadata.
  • Permissions that gate reading user-provided data.
  • Permissions that gate writing user-provided data.
typestring
typeobject
Condition
descriptionA condition to be met.
idCondition
properties
iam
descriptionTrusted attributes supplied by the IAM system.
enum
  • NO_ATTR
  • AUTHORITY
  • ATTRIBUTION
  • SECURITY_REALM
  • APPROVER
  • JUSTIFICATION_TYPE
  • CREDENTIALS_TYPE
  • CREDS_ASSERTION
enumDescriptions
  • Default non-attribute.
  • Either principal or (if present) authority selector.
  • The principal (even if an authority selector is present), which must only be used for attribution, not authorization.
  • Any of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
  • An approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
  • What types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the *absence* of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
  • What type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the *absence* of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
  • Properties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
typestring
op
descriptionAn operator to apply the subject with.
enum
  • NO_OP
  • EQUALS
  • NOT_EQUALS
  • IN
  • NOT_IN
  • DISCHARGED
enumDescriptions
  • Default no-op.
  • DEPRECATED. Use IN instead.
  • DEPRECATED. Use NOT_IN instead.
  • The condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
  • The condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
  • Subject is discharged
typestring
svc
descriptionTrusted attributes discharged by the service.
typestring
sys
descriptionTrusted attributes supplied by any service that owns resources and uses the IAM system for access control.
enum
  • NO_ATTR
  • REGION
  • SERVICE
  • NAME
  • IP
enumDescriptions
  • Default non-attribute type
  • Region of the resource
  • Service name
  • Resource name
  • IP address of the caller
typestring
values
descriptionThe objects of the condition.
items
typestring
typearray
typeobject
CounterOptions
descriptionIncrement a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. Supported field names: - "authority", which is "[token]" if IAMContext.token is present, otherwise the value of IAMContext.authority_selector if present, and otherwise a representation of IAMContext.principal; or - "iam_principal", a representation of IAMContext.principal even if a token or authority selector is present; or - "" (empty string), resulting in a counter with no fields. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/debug_access_count {iam_principal=[value of IAMContext.principal]}
idCounterOptions
properties
customFields
descriptionCustom fields.
items
$refCustomField
typearray
field
descriptionThe field value to attribute.
typestring
metric
descriptionThe metric to update.
typestring
typeobject
CustomField
descriptionCustom fields. These can be used to create a counter with arbitrary field/value pairs. See: go/rpcsp-custom-fields.
idCustomField
properties
name
descriptionName is the field name.
typestring
value
descriptionValue is the field value. It is important that in contrast to the CounterOptions.field, the value here is a constant that is not derived from the IAMContext.
typestring
typeobject
DataAccessOptions
descriptionWrite a Data Access (Gin) log
idDataAccessOptions
properties
isDirectAuth
descriptionIndicates that access was granted by a regular grant policy
typeboolean
logMode
enum
  • LOG_MODE_UNSPECIFIED
  • LOG_FAIL_CLOSED
enumDescriptions
  • Client is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
  • The application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
typestring
typeobject
Date
descriptionRepresents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp
idDate
properties
day
descriptionDay of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.
formatint32
typeinteger
month
descriptionMonth of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
formatint32
typeinteger
year
descriptionYear of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
formatint32
typeinteger
typeobject
Explanation
descriptionExplanation about the IAM policy search result.
idExplanation
properties
matchedPermissions
additionalProperties
$refPermissions
descriptionThe map from roles to their included permission matching the permission query (e.g. containing `policy.role.permissions:`). Example role string: "roles/compute.instanceAdmin". The roles can also be found in the returned `policy` bindings. Note that the map is populated only if requesting with a permission query.
typeobject
typeobject
Expr
descriptionRepresents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
idExpr
properties
description
descriptionOptional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
typestring
expression
descriptionTextual representation of an expression in Common Expression Language syntax.
typestring
location
descriptionOptional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
typestring
title
descriptionOptional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
typestring
typeobject
GoogleCloudAssetV1p7beta1Asset
descriptionAn asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1Asset
properties
accessLevel
$refGoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionPlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
accessPolicy
$refGoogleIdentityAccesscontextmanagerV1AccessPolicy
descriptionPlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
ancestors
descriptionThe ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
authorizedOrgsDesc
$refGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
descriptionPlease also refer to the [authorized organizations descriptions user guide](https://cloud.google.com/access-context-manager/docs/overview#authorizedOrgsDescs).
deleted
descriptionWhether the asset has been deleted or not.
typeboolean
iamPolicy
$refPolicy
descriptionA representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information.
iamPolicyName
descriptionThe name of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource.
formatbyte
typestring
name
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
orgPolicy
descriptionA representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource.
items
$refGoogleCloudOrgpolicyV1Policy
typearray
osInventory
$refInventory
descriptionA representation of runtime OS Inventory information. See [this topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) for more information.
relatedAssets
$refGoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe related assets of the asset of one relationship type. One asset only represents one type of relationship.
resource
$refGoogleCloudAssetV1p7beta1Resource
descriptionA representation of the resource.
servicePerimeter
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeter
descriptionPlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
updateTime
descriptionThe last update timestamp of an asset. update_time is updated when create/update/delete operation is performed.
formatgoogle-datetime
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAsset
descriptionAn asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1RelatedAsset
properties
ancestors
descriptionThe ancestors of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
asset
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe detailed related assets with the `relationship_type`.
idGoogleCloudAssetV1p7beta1RelatedAssets
properties
assets
descriptionThe peer resources of the relationship.
items
$refGoogleCloudAssetV1p7beta1RelatedAsset
typearray
relationshipAttributes
$refGoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe detailed relation attributes.
typeobject
GoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe relationship attributes which include `type`, `source_resource_type`, `target_resource_type` and `action`.
idGoogleCloudAssetV1p7beta1RelationshipAttributes
properties
action
descriptionThe detail of the relationship, e.g. `contains`, `attaches`
typestring
sourceResourceType
descriptionThe source asset type. Example: `compute.googleapis.com/Instance`
typestring
targetResourceType
descriptionThe target asset type. Example: `compute.googleapis.com/Disk`
typestring
type
descriptionThe unique identifier of the relationship type. Example: `INSTANCE_TO_INSTANCEGROUP`
typestring
typeobject
GoogleCloudAssetV1p7beta1Resource
descriptionA representation of a Google Cloud resource.
idGoogleCloudAssetV1p7beta1Resource
properties
data
additionalProperties
descriptionProperties of the object.
typeany
descriptionThe content of the resource, in which some sensitive fields are removed and may not be present.
typeobject
discoveryDocumentUri
descriptionThe URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
discoveryName
descriptionThe JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
internalData
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe actual metadata content for the resource, only visible for internal users.
typeobject
location
descriptionThe location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/.
typestring
parent
descriptionThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
typestring
resourceUrl
descriptionThe REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
typestring
version
descriptionThe API version. Example: `v1`
typestring
typeobject
GoogleCloudOrgpolicyV1BooleanPolicy
descriptionUsed in `policy_type` to specify how `boolean_policy` will behave at this resource.
idGoogleCloudOrgpolicyV1BooleanPolicy
properties
enforced
descriptionIf `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`.
typeboolean
typeobject
GoogleCloudOrgpolicyV1ListPolicy
descriptionUsed in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset.
idGoogleCloudOrgpolicyV1ListPolicy
properties
allValues
descriptionThe policy all_values state.
enum
  • ALL_VALUES_UNSPECIFIED
  • ALLOW
  • DENY
enumDescriptions
  • Indicates that allowed_values or denied_values must be set.
  • A policy with this set allows all values.
  • A policy with this set denies all values.
typestring
allowedValues
descriptionList of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
deniedValues
descriptionList of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
inheritFromParent
descriptionDetermines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`.
typeboolean
suggestedValue
descriptionOptional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
typestring
typeobject
GoogleCloudOrgpolicyV1Policy
descriptionDefines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.
idGoogleCloudOrgpolicyV1Policy
properties
booleanPolicy
$refGoogleCloudOrgpolicyV1BooleanPolicy
descriptionFor boolean `Constraints`, whether to enforce the `Constraint` or not.
constraint
descriptionThe name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation.
typestring
etag
descriptionAn opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`.
formatbyte
typestring
listPolicy
$refGoogleCloudOrgpolicyV1ListPolicy
descriptionList of values either allowed or disallowed.
restoreDefault
$refGoogleCloudOrgpolicyV1RestoreDefault
descriptionRestores the default behavior of the constraint; independent of `Constraint` type.
updateTime
descriptionThe time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored.
formatgoogle-datetime
typestring
version
descriptionVersion of the `Policy`. Default version is 0;
formatint32
typeinteger
typeobject
GoogleCloudOrgpolicyV1RestoreDefault
descriptionIgnores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated.
idGoogleCloudOrgpolicyV1RestoreDefault
properties
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionAn `AccessLevel` is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.
idGoogleIdentityAccesscontextmanagerV1AccessLevel
properties
accessLevelFeatures
$refGoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
descriptionOutput only. Access level features that are used to determine the behavior of the access level.
readOnlyTrue
basic
$refGoogleIdentityAccesscontextmanagerV1BasicLevel
descriptionA `BasicLevel` composed of `Conditions`.
createTime
descriptionOutput only. Time the `AccessLevel` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
custom
$refGoogleIdentityAccesscontextmanagerV1CustomLevel
descriptionA `CustomLevel` written in the Common Expression Language.
description
descriptionDescription of the `AccessLevel` and its use. Does not affect behavior.
typestring
name
descriptionIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
typestring
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
updateTime
descriptionOutput only. Time the `AccessLevel` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
descriptionFields capturing features about the access level. Output only.
idGoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
properties
canBeNested
descriptionOutput only. Indicates that the access level is able to be nested in other access levels.
readOnlyTrue
typeboolean
hasRemediations
descriptionOutput only. Indicates whether there is a remediation defined within access level conditions. Set to false if deny is the only configured result for all conditions.
readOnlyTrue
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1AccessPolicy
description`AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use Google Cloud services) and `ServicePerimeters` (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
idGoogleIdentityAccesscontextmanagerV1AccessPolicy
properties
createTime
descriptionOutput only. Time the `AccessPolicy` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
etag
descriptionOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
readOnlyTrue
typestring
name
descriptionOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
typestring
parent
descriptionRequired. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
typestring
scopes
descriptionThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
items
typestring
typearray
title
descriptionRequired. Human readable title. Does not affect behavior.
typestring
updateTime
descriptionOutput only. Time the `AccessPolicy` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1ApiOperation
descriptionIdentification for an API Operation.
idGoogleIdentityAccesscontextmanagerV1ApiOperation
properties
methodSelectors
descriptionAPI methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
items
$refGoogleIdentityAccesscontextmanagerV1MethodSelector
typearray
serviceName
descriptionThe name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
description`AuthorizedOrgsDesc` contains data for an organization's authorization policy.
idGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
properties
assetType
descriptionThe asset type of this authorized orgs desc. Valid values are `ASSET_TYPE_DEVICE`, and `ASSET_TYPE_CREDENTIAL_STRENGTH`.
enum
  • ASSET_TYPE_UNSPECIFIED
  • ASSET_TYPE_DEVICE
  • ASSET_TYPE_CREDENTIAL_STRENGTH
enumDescriptions
  • No asset type specified.
  • Device asset type.
  • Credential strength asset type.
typestring
authorizationDirection
descriptionThe direction of the authorization relationship between this organization and the organizations listed in the `orgs` field. The valid values for this field include the following: `AUTHORIZATION_DIRECTION_FROM`: Allows this organization to evaluate traffic in the organizations listed in the `orgs` field. `AUTHORIZATION_DIRECTION_TO`: Allows the organizations listed in the `orgs` field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying `AUTHORIZATION_DIRECTION_TO` as the authorization direction, organizations B and C must specify `AUTHORIZATION_DIRECTION_FROM` as the authorization direction in their `AuthorizedOrgsDesc` resource.
enum
  • AUTHORIZATION_DIRECTION_UNSPECIFIED
  • AUTHORIZATION_DIRECTION_TO
  • AUTHORIZATION_DIRECTION_FROM
enumDescriptions
  • No direction specified.
  • The specified organizations are authorized to evaluate traffic in this organization.
  • The traffic of the specified organizations can be evaluated by this organization.
typestring
authorizationType
descriptionA granular control type for authorization levels. Valid value is `AUTHORIZATION_TYPE_TRUST`.
enum
  • AUTHORIZATION_TYPE_UNSPECIFIED
  • AUTHORIZATION_TYPE_TRUST
enumDescriptions
  • No authorization type specified.
  • This authorization relationship is "trust".
typestring
createTime
descriptionOutput only. Time the `AuthorizedOrgsDesc` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
name
descriptionIdentifier. Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.
typestring
orgs
descriptionThe list of organization ids in this AuthorizedOrgsDesc. Format: `organizations/` Example: `organizations/123456`
items
typestring
typearray
updateTime
descriptionOutput only. Time the `AuthorizedOrgsDesc` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1BasicLevel
description`BasicLevel` is an `AccessLevel` using a set of recommended features.
idGoogleIdentityAccesscontextmanagerV1BasicLevel
properties
combiningFunction
descriptionHow the `conditions` list should be combined to determine if a request is granted this `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. Default behavior is AND.
enum
  • AND
  • OR
enumDescriptions
  • All `Conditions` must be true for the `BasicLevel` to be true.
  • If at least one `Condition` is true, then the `BasicLevel` is true.
typestring
conditions
descriptionRequired. A list of requirements for the `AccessLevel` to be granted.
items
$refGoogleIdentityAccesscontextmanagerV1Condition
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1Condition
descriptionA condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
idGoogleIdentityAccesscontextmanagerV1Condition
properties
dateTimeRestriction
$refGoogleIdentityAccesscontextmanagerV1DateTimeRestriction
descriptionSpecification for when requests are allowed by this Condition. If not specified, a request may be made at any time.
devicePolicy
$refGoogleIdentityAccesscontextmanagerV1DevicePolicy
descriptionDevice specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks
descriptionCIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
items
typestring
typearray
members
descriptionThe request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may come from any user.
items
typestring
typearray
negate
descriptionWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
typeboolean
regions
descriptionThe request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
items
typestring
typearray
requiredAccessLevels
descriptionA list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
items
typestring
typearray
risk
$refGoogleIdentityAccesscontextmanagerV1Risk
descriptionThe request must have acceptable risk profile. Following constraints apply to its use: - It cannot be negated and cannot be nested. - If set, no other attributes can be applied within a Condition. - If set, you may optionally specify a remediation result.
unsatisfiedResult
$refGoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
descriptionThe result to apply if the condition is not met.
vpcNetworkSources
descriptionThe request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
items
$refGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1CustomLevel
description`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec
idGoogleIdentityAccesscontextmanagerV1CustomLevel
properties
expr
$refExpr
descriptionRequired. A Cloud CEL expression evaluating to a boolean.
typeobject
GoogleIdentityAccesscontextmanagerV1DateTimeRestriction
description`DateTimeRestriction` describes a requirement for when requests are allowed. For example, `{allowed_days: MONDAY earliest_time {hours: 7} }` would only be true for requests sent on Monday after 7:00am UTC.
idGoogleIdentityAccesscontextmanagerV1DateTimeRestriction
properties
allowedDays
descriptionThe days when the parent `AccessLevel` can be granted. If not specified, all days are allowed.
items
enum
  • DAY_OF_WEEK_UNSPECIFIED
  • MONDAY
  • TUESDAY
  • WEDNESDAY
  • THURSDAY
  • FRIDAY
  • SATURDAY
  • SUNDAY
enumDescriptions
  • The day of the week is unspecified.
  • Monday
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
  • Sunday
typestring
typearray
earliestTime
$refTimeOfDay
descriptionThe earliest time in the day that a request can be granted the parent `AccessLevel`, inclusive. Currently only respects up to minute specificity. If not specified, defaults to 0:00. Example: if the hours field is set to 6, a request at 5:45am would not satisfy the DateTimeRestriction.
latestTime
$refTimeOfDay
descriptionThe latest time in the day that a request can be granted the parent `AccessLevel`, inclusive. Currently only respects up to minute specificity. If not specified, defaults to 24:00. Example: if the hours field is set to 19, a request at 7:15pm would not satisfy the DateTimeRestriction.
timeZone
descriptionA time zone ID, specified as in the [IANA timezone database](https://www.iana.org/time-zones). Defaults to UTC. Examples: `"America/Los_Angeles"`, `"Etc/UTC"`, '"Europe/London"`.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1DevicePolicy
description`DevicePolicy` specifies device specific restrictions necessary to acquire a given access level. A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.
idGoogleIdentityAccesscontextmanagerV1DevicePolicy
properties
allowedDeviceManagementLevels
descriptionAllowed device management levels, an empty list allows all management levels.
items
enum
  • MANAGEMENT_UNSPECIFIED
  • NONE
  • BASIC
  • COMPLETE
enumDescriptions
  • The device's management level is not specified or not known.
  • The device is not managed.
  • Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
  • Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
typestring
typearray
allowedEncryptionStatuses
descriptionAllowed encryptions statuses, an empty list allows all statuses.
items
enum
  • ENCRYPTION_UNSPECIFIED
  • ENCRYPTION_UNSUPPORTED
  • UNENCRYPTED
  • ENCRYPTED
enumDescriptions
  • The encryption status of the device is not specified or not known.
  • The device does not support encryption.
  • The device supports encryption, but is currently unencrypted.
  • The device is encrypted.
typestring
typearray
osConstraints
descriptionAllowed OS versions, an empty list allows all types and all versions.
items
$refGoogleIdentityAccesscontextmanagerV1OsConstraint
typearray
requireAdminApproval
descriptionWhether the device needs to be approved by the customer admin.
typeboolean
requireCorpOwned
descriptionWhether the device needs to be corp owned.
typeboolean
requireManagedBrowserProfile
descriptionWhether the device needs to have managed browser profile.
typeboolean
requireScreenlock
descriptionWhether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.
idGoogleIdentityAccesscontextmanagerV1EgressFrom
properties
identities
descriptionA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sourceRestriction
descriptionWhether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.
enum
  • SOURCE_RESTRICTION_UNSPECIFIED
  • SOURCE_RESTRICTION_ENABLED
  • SOURCE_RESTRICTION_DISABLED
enumDescriptions
  • Enforcement preference unspecified, will not enforce traffic restrictions based on `sources` in EgressFrom.
  • Enforcement preference enabled, traffic restrictions will be enforced based on `sources` in EgressFrom.
  • Enforcement preference disabled, will not enforce traffic restrictions based on `sources` in EgressFrom.
typestring
sources
descriptionSources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`.
items
$refGoogleIdentityAccesscontextmanagerV1EgressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1EgressPolicy
descriptionPolicy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the *resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.
idGoogleIdentityAccesscontextmanagerV1EgressPolicy
properties
egressFrom
$refGoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines conditions on the source of a request causing this EgressPolicy to apply.
egressTo
$refGoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
title
descriptionOptional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressSource
descriptionThe source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.
idGoogleIdentityAccesscontextmanagerV1EgressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource from the service perimeter that you want to allow to access data outside the perimeter. This field supports only projects. The project format is `projects/{project_number}`. You can't use `*` in this field to allow all Google Cloud resources.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter.
idGoogleIdentityAccesscontextmanagerV1EgressTo
properties
externalResources
descriptionA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
items
typestring
typearray
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
items
typestring
typearray
roles
descriptionIAM roles that represent the set of operations that the sources specified in the corresponding EgressFrom. are allowed to perform in this ServicePerimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressFrom
properties
identities
descriptionA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sources
descriptionSources that this IngressPolicy authorizes access from.
items
$refGoogleIdentityAccesscontextmanagerV1IngressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressPolicy
descriptionPolicy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match, both the `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/or actions they match using the `ingress_to` field.
idGoogleIdentityAccesscontextmanagerV1IngressPolicy
properties
ingressFrom
$refGoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions on the source of a request causing this IngressPolicy to apply.
ingressTo
$refGoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
title
descriptionOptional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressSource
descriptionThe source that IngressPolicy authorizes access from.
idGoogleIdentityAccesscontextmanagerV1IngressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressTo
properties
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
items
typestring
typearray
roles
descriptionIAM roles that represent the set of operations that the sources specified in the corresponding IngressFrom are allowed to perform in this ServicePerimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1MethodSelector
descriptionAn allowed method or permission of a service specified in ApiOperation.
idGoogleIdentityAccesscontextmanagerV1MethodSelector
properties
method
descriptionA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
typestring
permission
descriptionA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1OsConstraint
descriptionA restriction on the OS type and version of devices making requests.
idGoogleIdentityAccesscontextmanagerV1OsConstraint
properties
minimumVersion
descriptionThe minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
typestring
osType
descriptionRequired. The allowed OS type.
enum
  • OS_UNSPECIFIED
  • DESKTOP_MAC
  • DESKTOP_WINDOWS
  • DESKTOP_LINUX
  • DESKTOP_CHROME_OS
  • ANDROID
  • IOS
enumDescriptions
  • The operating system of the device is not specified or not known.
  • A desktop Mac operating system.
  • A desktop Windows operating system.
  • A desktop Linux operating system.
  • A desktop ChromeOS operating system.
  • An Android operating system.
  • An iOS operating system.
typestring
requireComplianceWithEmmPolicy
descriptionWhether the device needs to adhere to the Enterprise Mobility Management (EMM) security policies.
typeboolean
requireVerifiedChromeOs
descriptionOnly allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1Risk
descriptionRisk-based access level.
idGoogleIdentityAccesscontextmanagerV1Risk
properties
userManagedRisk
$refGoogleIdentityAccesscontextmanagerV1UserManagedRisk
descriptionThe user managed risk associated with the access level.
typeobject
GoogleIdentityAccesscontextmanagerV1RiskType
descriptionThe type of the risk used to calculate the access level risk score.
idGoogleIdentityAccesscontextmanagerV1RiskType
properties
atypicalLocation
descriptionThe request is from an identity that has issued requests from atypical locations.
typeboolean
identityReputation
descriptionThe request is from an identity that has a low reputation (e.g. due to dormancy).
typeboolean
maliciousActivity
descriptionThe request is from an identity that has performed potentially malicious activity (e.g. mass deletion of backups).
typeboolean
maliciousSource
descriptionThe request is associated with signals (e.g. network) that indicate a malicious source.
typeboolean
repeatAction
descriptionThe request is from an identity that has issued repeated, suspicious requests (e.g. too many requests with permission denied).
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeter
description`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeter
properties
createTime
descriptionOutput only. Time the `ServicePerimeter` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionDescription of the `ServicePerimeter` and its use. Does not affect behavior.
typestring
etag
descriptionOptional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.
typestring
name
descriptionIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
typestring
perimeterType
descriptionPerimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
enum
  • PERIMETER_TYPE_REGULAR
  • PERIMETER_TYPE_BRIDGE
enumDescriptions
  • Regular Perimeter. When no value is specified, the perimeter uses this type.
  • Perimeter Bridge.
typestring
spec
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionProposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
status
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionCurrent ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
updateTime
descriptionOutput only. Time the `ServicePerimeter` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
useExplicitDryRunSpec
descriptionUse explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
typeboolean
weakenedForTesting
descriptionIndicates this Perimeter is intentionally weakened for Google internal testing. This will cause the Perimeter to accept non-prod P4 accounts as if they were prod accounts.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
description`ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
properties
accessLevels
descriptionA list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.
items
typestring
typearray
egressPolicies
descriptionList of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1EgressPolicy
typearray
ingressPolicies
descriptionList of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1IngressPolicy
typearray
resources
descriptionA list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
items
typestring
typearray
restrictedServices
descriptionGoogle Cloud services that are subject to the Service Perimeter restrictions. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
items
typestring
typearray
vpcAccessibleServices
$refGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionConfiguration for APIs allowed within Perimeter.
typeobject
GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
descriptionThe result to apply if the condition is not met. By default, the result is deny.
idGoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
properties
remediations
descriptionList of remediations to apply if the condition is not met. If ALL remediations are satisfied, the condition is as well. For example, a successful user reauthentication may resolve a failing risk condition. - It applies only when result_type == REMEDIATION - Only a single remediation i.e. "remediation.reauth" is allowed today.
items
typestring
typearray
resultType
descriptionThe type of result to apply if the condition is not met.
enum
  • DENY
  • REMEDIATION
enumDescriptions
  • Default type of result.
  • The result is remediation. Currently, the only supported remediation is reauth.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1UserManagedRisk
descriptionUser managed risk associated with the access level.
idGoogleIdentityAccesscontextmanagerV1UserManagedRisk
properties
riskType
$refGoogleIdentityAccesscontextmanagerV1RiskType
descriptionThe type of the risks associated with the access level.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionSpecifies how APIs are allowed to communicate within the Service Perimeter.
idGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
properties
allowedServices
descriptionThe list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
items
typestring
typearray
enableRestriction
descriptionWhether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1VpcNetworkSource
descriptionThe originating network source in Google Cloud.
idGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
properties
project
descriptionA Google Cloud project. Format: `projects/{project_number}`. Example: `projects/123456789`
typestring
vpcSubnetwork
$refGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges of a VPC network.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges inside of a VPC Network.
idGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
properties
network
descriptionRequired. Network name. If the network is not part of the organization, the `compute.network.get` permission must be granted to the caller. Format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME}` Example: `//compute.googleapis.com/projects/my-project/global/networks/network-1`
typestring
vpcIpSubnetworks
descriptionCIDR block IP subnetwork specification. The IP address must be an IPv4 address and can be a public or private IP address. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. If empty, all IP addresses are allowed.
items
typestring
typearray
typeobject
IamPolicySearchResult
descriptionThe result for an IAM policy search.
idIamPolicySearchResult
properties
explanation
$refExplanation
descriptionExplanation about the IAM policy search result. It contains additional information that explains why the search result matches the query.
policy
$refPolicy
descriptionThe IAM policy attached to the specified resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constraint on policies (e.g. an empty query), this contains all the bindings.
project
descriptionThe project that the associated Google Cloud resource belongs to, in the form of `projects/{project_number}`. If an IAM policy is set on a resource -- such as a Compute Engine instance or a Cloud Storage bucket -- the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or organization, the project field will be empty.
typestring
resource
descriptionThe [full resource name](https://cloud.google.com/apis/design/resource_names#full_resource_name) of the resource associated with this IAM policy.
typestring
typeobject
Inventory
descriptionThis API resource represents the available inventory data for a Compute Engine virtual machine (VM) instance at a given point in time. You can use this API resource to determine the inventory data of your VM. For more information, see [Information provided by OS inventory management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
idInventory
properties
items
additionalProperties
$refItem
descriptionInventory items related to the VM keyed by an opaque unique identifier for each inventory item. The identifier is unique to each distinct and addressable inventory item and will change, when there is a new package version.
typeobject
name
descriptionOutput only. The `Inventory` API resource name. Format: `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
readOnlyTrue
typestring
osInfo
$refOsInfo
descriptionBase level operating system information for the VM.
sbomItems
additionalProperties
$refSbomItem
descriptionOptional. Sbom items related to the VM, keyed by an opaque unique identifier for each sbom item. The identifier is unique to each distinct addressable sbom item and will change, when there is a new item version.
typeobject
updateTime
descriptionOutput only. Timestamp of the last reported inventory for the VM.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
Item
descriptionA single piece of inventory on a VM.
idItem
properties
availablePackage
$refSoftwarePackage
descriptionSoftware package available to be installed on the VM instance.
createTime
descriptionWhen this inventory item was first detected.
formatgoogle-datetime
typestring
id
descriptionIdentifier for this item, unique across items for this VM.
typestring
installedPackage
$refSoftwarePackage
descriptionSoftware package present on the VM instance.
originType
descriptionThe origin of this inventory item.
enum
  • ORIGIN_TYPE_UNSPECIFIED
  • INVENTORY_REPORT
enumDescriptions
  • Invalid. An origin type must be specified.
  • This inventory item was discovered as the result of the agent reporting inventory via the reporting API.
typestring
type
descriptionThe specific type of inventory, correlating to its specific details.
enum
  • TYPE_UNSPECIFIED
  • INSTALLED_PACKAGE
  • AVAILABLE_PACKAGE
enumDescriptions
  • Invalid. A type must be specified.
  • This represents a package that is installed on the VM.
  • This represents an update that is available for a package.
typestring
updateTime
descriptionWhen this inventory item was last modified.
formatgoogle-datetime
typestring
typeobject
LogConfig
descriptionSpecifies what kind of log the caller must write
idLogConfig
properties
cloudAudit
$refCloudAuditOptions
descriptionCloud audit options.
counter
$refCounterOptions
descriptionCounter options.
dataAccess
$refDataAccessOptions
descriptionData access options.
typeobject
OsInfo
descriptionOperating system information for the VM.
idOsInfo
properties
architecture
descriptionThe system architecture of the operating system.
typestring
hostname
descriptionThe VM hostname.
typestring
kernelRelease
descriptionThe kernel release of the operating system.
typestring
kernelVersion
descriptionThe kernel version of the operating system.
typestring
longName
descriptionThe operating system long name. For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 Datacenter'.
typestring
osconfigAgentVersion
descriptionThe current version of the OS Config agent running on the VM.
typestring
shortName
descriptionThe operating system short name. For example, 'windows' or 'debian'.
typestring
version
descriptionThe version of the operating system.
typestring
typeobject
Permissions
descriptionIAM permissions.
idPermissions
properties
permissions
descriptionA list of permissions. Example permission string: "compute.disk.get".
items
typestring
typearray
typeobject
Policy
descriptionAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
idPolicy
properties
auditConfigs
descriptionSpecifies cloud audit logging configuration for this policy.
items
$refAuditConfig
typearray
bindings
descriptionAssociates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
items
$refBinding
typearray
etag
description`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
formatbyte
typestring
rules
descriptionIf more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
items
$refRule
typearray
version
descriptionSpecifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
formatint32
typeinteger
typeobject
Rule
descriptionA rule to be applied in a Policy.
idRule
properties
action
descriptionRequired
enum
  • NO_ACTION
  • ALLOW
  • ALLOW_WITH_LOG
  • DENY
  • DENY_WITH_LOG
  • LOG
enumDescriptions
  • Default no action.
  • Matching 'Entries' grant access.
  • Matching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
  • Matching 'Entries' deny access.
  • Matching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
  • Matching 'Entries' tell IAM.Check callers to generate logs.
typestring
conditions
descriptionAdditional restrictions that must be met. All conditions must pass for the rule to match.
items
$refCondition
typearray
description
descriptionHuman-readable description of the rule.
typestring
in
descriptionIf one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
items
typestring
typearray
logConfig
descriptionThe config returned to callers of CheckPolicy for any entries that match the LOG action.
items
$refLogConfig
typearray
notIn
descriptionIf one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
items
typestring
typearray
permissions
descriptionA permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
items
typestring
typearray
typeobject
SbomItem
descriptionA single piece of sbom inventory for the VM.
idSbomItem
properties
id
descriptionIdentifier for this item, unique across sbom items for this VM.
typestring
locations
descriptionPaths or source of files related to the package.
items
typestring
typearray
name
descriptionHuman-readable name of the software, to be used for things like logging.
typestring
type
descriptionPackage type, e.g. "maven, npm, pypi".
typestring
version
descriptionVersion of the package.
typestring
typeobject
SearchAllIamPoliciesResponse
descriptionSearch all IAM policies response.
idSearchAllIamPoliciesResponse
properties
nextPageToken
descriptionSet if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the `page_token`.
typestring
results
descriptionA list of IAM policies that match the search query. Related information such as the associated resource is returned along with the policy.
items
$refIamPolicySearchResult
typearray
typeobject
SearchAllResourcesResponse
descriptionSearch all resources response.
idSearchAllResourcesResponse
properties
estimatedTotalResourceCount
deprecatedTrue
descriptionEstimated count of all resources matching this search request. This number might be approximate, if exceeding `min_accuracy_of_total_resource_count`.
formatint64
typestring
nextPageToken
descriptionIf there are more results than those appearing in this response, then `next_page_token` is included. To get the next set of results, call this method again using the value of `next_page_token` as `page_token`.
typestring
results
descriptionA list of resource that match the search query.
items
$refStandardResourceMetadata
typearray
typeobject
SoftwarePackage
descriptionSoftware package information of the operating system.
idSoftwarePackage
properties
aptPackage
$refVersionedPackage
descriptionDetails of an APT package. For details about the apt package manager, see https://wiki.debian.org/Apt.
cosPackage
$refVersionedPackage
descriptionDetails of a COS package.
googetPackage
$refVersionedPackage
descriptionDetails of a Googet package. For details about the googet package manager, see https://github.com/google/googet.
qfePackage
$refWindowsQuickFixEngineeringPackage
descriptionDetails of a Windows Quick Fix engineering package. See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering for info in Windows Quick Fix Engineering.
windowsApplication
$refWindowsApplication
descriptionDetails of Windows Application.
wuaPackage
$refWindowsUpdatePackage
descriptionDetails of a Windows Update package. See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for information about Windows Update.
yumPackage
$refVersionedPackage
descriptionYum package info. For details about the yum package manager, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum.
zypperPackage
$refVersionedPackage
descriptionDetails of a Zypper package. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual.
zypperPatch
$refZypperPatch
descriptionDetails of a Zypper patch. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual.
typeobject
StandardResourceMetadata
descriptionThe standard metadata of a cloud resource.
idStandardResourceMetadata
properties
additionalAttributes
descriptionAdditional searchable attributes of this resource. Informational only. The exact set of attributes is subject to change. For example: project id, DNS name etc.
items
typestring
typearray
assetType
descriptionThe type of this resource. For example: "compute.googleapis.com/Disk".
typestring
description
descriptionOne or more paragraphs of text description of this resource. Maximum length could be up to 1M bytes.
typestring
displayName
descriptionThe display name of this resource.
typestring
labels
additionalProperties
typestring
descriptionLabels associated with this resource. See [Labelling and grouping Google Cloud resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information.
typeobject
location
descriptionLocation can be "global", regional like "us-east1", or zonal like "us-west1-b".
typestring
name
descriptionThe full resource name. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
networkTags
descriptionNetwork tags associated with this resource. Like labels, network tags are a type of annotations used to group Google Cloud resources. See [Labelling Google Cloud resources](lhttps://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) for more information.
items
typestring
typearray
parentAssetType
descriptionThe type of this resource's immediate parent.
typestring
parentUniqueId
descriptionThe unique ID of this resource's immediate parent.
typestring
project
descriptionThe project that this resource belongs to, in the form of `projects/{project_number}`.
typestring
uniqueId
descriptionThe unique ID of this resource.
typestring
typeobject
TimeOfDay
descriptionRepresents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`.
idTimeOfDay
properties
hours
descriptionHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
formatint32
typeinteger
minutes
descriptionMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
formatint32
typeinteger
nanos
descriptionFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
formatint32
typeinteger
seconds
descriptionSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
formatint32
typeinteger
typeobject
VersionedPackage
descriptionInformation related to the a standard versioned package. This includes package info for APT, Yum, Zypper, and Googet package managers.
idVersionedPackage
properties
architecture
descriptionThe system architecture this package is intended for.
typestring
packageName
descriptionThe name of the package.
typestring
version
descriptionThe version of the package.
typestring
typeobject
WindowsApplication
descriptionContains information about a Windows application that is retrieved from the Windows Registry. For more information about these fields, see: https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
idWindowsApplication
properties
displayName
descriptionThe name of the application or product.
typestring
displayVersion
descriptionThe version of the product or application in string format.
typestring
helpLink
descriptionThe internet address for technical support.
typestring
installDate
$refDate
descriptionThe last time this product received service. The value of this property is replaced each time a patch is applied or removed from the product or the command-line option is used to repair the product.
publisher
descriptionThe name of the manufacturer for the product or application.
typestring
typeobject
WindowsQuickFixEngineeringPackage
descriptionInformation related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngineering Interface and match the source names: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
idWindowsQuickFixEngineeringPackage
properties
caption
descriptionA short textual description of the QFE update.
typestring
description
descriptionA textual description of the QFE update.
typestring
hotFixId
descriptionUnique identifier associated with a particular QFE update.
typestring
installTime
descriptionDate that the QFE update was installed. Mapped from installed_on field.
formatgoogle-datetime
typestring
typeobject
WindowsUpdateCategory
descriptionCategories specified by the Windows Update.
idWindowsUpdateCategory
properties
id
descriptionThe identifier of the windows update category.
typestring
name
descriptionThe name of the windows update category.
typestring
typeobject
WindowsUpdatePackage
descriptionDetails related to a Windows Update package. Field data and names are taken from Windows Update API IUpdate Interface: https://docs.microsoft.com/en-us/windows/win32/api/_wua/ Descriptive fields like title, and description are localized based on the locale of the VM being updated.
idWindowsUpdatePackage
properties
categories
descriptionThe categories that are associated with this update package.
items
$refWindowsUpdateCategory
typearray
description
descriptionThe localized description of the update package.
typestring
kbArticleIds
descriptionA collection of Microsoft Knowledge Base article IDs that are associated with the update package.
items
typestring
typearray
lastDeploymentChangeTime
descriptionThe last published date of the update, in (UTC) date and time.
formatgoogle-datetime
typestring
moreInfoUrls
descriptionA collection of URLs that provide more information about the update package.
items
typestring
typearray
revisionNumber
descriptionThe revision number of this update package.
formatint32
typeinteger
supportUrl
descriptionA hyperlink to the language-specific support information for the update.
typestring
title
descriptionThe localized title of the update package.
typestring
updateId
descriptionGets the identifier of an update package. Stays the same across revisions.
typestring
typeobject
ZypperPatch
descriptionDetails related to a Zypper Patch.
idZypperPatch
properties
category
descriptionThe category of the patch.
typestring
patchName
descriptionThe name of the patch.
typestring
severity
descriptionThe severity specified for this patch
typestring
summary
descriptionAny summary information provided about this patch.
typestring
typeobject
servicePath
titleCloud Asset API (Test)
versionv1p1beta1
version_moduleTrue
old_value
error
code403
details
  • @typetype.googleapis.com/google.rpc.Help
    links
    descriptionurl
    Google developers console API activationhttps://console.developers.google.com/apis/api/test-cloudasset.sandbox.googleapis.com/overview?project=648364020234
  • @typetype.googleapis.com/google.rpc.ErrorInfo
    domaingoogleapis.com
    metadata
    consumerprojects/648364020234
    servicetest-cloudasset.sandbox.googleapis.com
    reasonSERVICE_DISABLED
messageCloud Asset API (Test) has not been used in project 648364020234 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/test-cloudasset.sandbox.googleapis.com/overview?project=648364020234 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
statusPERMISSION_DENIED
sandbox/test-cloudasset-v1p2alpha1
values_changed
root
new_value
auth
oauth2
scopes
https://www.googleapis.com/auth/cloud-platform
descriptionSee, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
basePath
baseUrlhttps://test-cloudasset.sandbox.googleapis.com/
batchPathbatch
canonicalNameCloud Asset
descriptionThe Cloud Asset API manages the history and inventory of Google Cloud resources.
discoveryVersionv1
documentationLinkhttps://cloud.google.com/asset-inventory/docs/quickstart
fullyEncodeReservedExpansionTrue
icons
x16http://www.google.com/images/icons/product/search-16.gif
x32http://www.google.com/images/icons/product/search-32.gif
idcloudasset:v1p2alpha1
kinddiscovery#restDescription
mtlsRootUrlhttps://test-cloudasset.mtls.sandbox.googleapis.com/
namecloudasset
ownerDomaingoogle.com
ownerNameGoogle
parameters
$.xgafv
descriptionV1 error format.
enum
  • 1
  • 2
enumDescriptions
  • v1 error format
  • v2 error format
locationquery
typestring
access_token
descriptionOAuth access token.
locationquery
typestring
alt
defaultjson
descriptionData format for response.
enum
  • json
  • media
  • proto
enumDescriptions
  • Responses with Content-Type of application/json
  • Media download with context-dependent Content-Type
  • Responses with Content-Type of application/x-protobuf
locationquery
typestring
callback
descriptionJSONP
locationquery
typestring
fields
descriptionSelector specifying which fields to include in a partial response.
locationquery
typestring
key
descriptionAPI key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
locationquery
typestring
oauth_token
descriptionOAuth 2.0 token for the current user.
locationquery
typestring
prettyPrint
defaulttrue
descriptionReturns response with indentations and line breaks.
locationquery
typeboolean
quotaUser
descriptionAvailable to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
locationquery
typestring
uploadType
descriptionLegacy upload protocol for media (e.g. "media", "multipart").
locationquery
typestring
upload_protocol
descriptionUpload protocol for media (e.g. "raw", "multipart").
locationquery
typestring
protocolrest
resources
feeds
methods
create
descriptionCreates a feed in a parent project/folder/organization to listen to its asset updates.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}/feeds
httpMethodPOST
idcloudasset.feeds.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. The name of the project/folder/organization where this feed should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p2alpha1/{+parent}/feeds
request
$refCreateFeedRequest
response
$refFeed
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes an asset feed.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}/feeds/{feedsId}
httpMethodDELETE
idcloudasset.feeds.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
locationpath
pattern^[^/]+/[^/]+/feeds/[^/]+$
requiredTrue
typestring
pathv1p2alpha1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details about an asset feed.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}/feeds/{feedsId}
httpMethodGET
idcloudasset.feeds.get
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the Feed and it must be in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
locationpath
pattern^[^/]+/[^/]+/feeds/[^/]+$
requiredTrue
typestring
pathv1p2alpha1/{+name}
response
$refFeed
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists all asset feeds in a parent project/folder/organization.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}/feeds
httpMethodGET
idcloudasset.feeds.list
parameterOrder
  • parent
parameters
parent
descriptionRequired. The parent project/folder/organization whose feeds are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p2alpha1/{+parent}/feeds
response
$refListFeedsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates an asset feed configuration.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}/feeds/{feedsId}
httpMethodPATCH
idcloudasset.feeds.patch
parameterOrder
  • name
parameters
name
descriptionRequired. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier} The client-assigned feed identifier must be unique within the parent project/folder/organization.
locationpath
pattern^[^/]+/[^/]+/feeds/[^/]+$
requiredTrue
typestring
pathv1p2alpha1/{+name}
request
$refUpdateFeedRequest
response
$refFeed
scopes
  • https://www.googleapis.com/auth/cloud-platform
operations
methods
get
descriptionGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}/operations/{operationsId}/{operationsId1}
httpMethodGET
idcloudasset.operations.get
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource.
locationpath
pattern^[^/]+/[^/]+/operations/[^/]+/.*$
requiredTrue
typestring
pathv1p2alpha1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
v1p2alpha1
methods
batchGetAssetsHistory
descriptionBatch gets the update history of assets that overlap a time window. For IAM_POLICY content, this API outputs history when the asset and its attached IAM_POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}:batchGetAssetsHistory
httpMethodGET
idcloudasset.batchGetAssetsHistory
parameterOrder
  • parent
parameters
assetNames
descriptionA list of the full names of the assets. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.
locationquery
repeatedTrue
typestring
contentType
descriptionRequired. The content type.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
  • IAM_POLICY_NAME
  • ORG_POLICY
  • ACCESS_POLICY
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
  • The IAM policy name for the IAM policy set on a resource.
  • The organization policy set on an asset.
  • The Access Context Manager policy set on an asset.
locationquery
typestring
parent
descriptionRequired. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
readTimeWindow.endTime
descriptionEnd time of the time window (inclusive). If not specified, the current timestamp is used instead.
formatgoogle-datetime
locationquery
typestring
readTimeWindow.startTime
descriptionStart time of the time window (exclusive).
formatgoogle-datetime
locationquery
typestring
pathv1p2alpha1/{+parent}:batchGetAssetsHistory
response
$refBatchGetAssetsHistoryResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
exportAssets
descriptionExports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1p2alpha1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset Protobuf as columns. This API implements the google.longrunning.Operation API, which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.
flatPathv1p2alpha1/{v1p2alpha1Id}/{v1p2alpha1Id1}:exportAssets
httpMethodPOST
idcloudasset.exportAssets
parameterOrder
  • parent
parameters
parent
descriptionRequired. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p2alpha1/{+parent}:exportAssets
request
$refExportAssetsRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
revision20250225
rootUrlhttps://test-cloudasset.sandbox.googleapis.com/
schemas
AnalyzeIamPolicyLongrunningMetadata
descriptionRepresents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning RPC.
idAnalyzeIamPolicyLongrunningMetadata
properties
createTime
descriptionOutput only. The time the operation was created.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
AnalyzeIamPolicyLongrunningResponse
descriptionA response message for AssetService.AnalyzeIamPolicyLongrunning.
idAnalyzeIamPolicyLongrunningResponse
properties
typeobject
Asset
descriptionAn asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idAsset
properties
accessLevel
$refGoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionPlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
accessPolicy
$refGoogleIdentityAccesscontextmanagerV1AccessPolicy
descriptionPlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
authorizedOrgsDesc
$refGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
descriptionPlease also refer to the [authorized organizations descriptions user guide](https://cloud.google.com/access-context-manager/docs/overview#authorizedOrgsDescs).
iamPolicy
$refPolicy
descriptionA representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information.
iamPolicyName
descriptionThe name of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource.
formatbyte
typestring
name
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
orgPolicy
descriptionA representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource.
items
$refGoogleCloudOrgpolicyV1Policy
typearray
resource
$refResource
descriptionA representation of the resource.
servicePerimeter
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeter
descriptionPlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
typeobject
AuditConfig
descriptionSpecifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
idAuditConfig
properties
auditLogConfigs
descriptionThe configuration for logging of each type of permission.
items
$refAuditLogConfig
typearray
service
descriptionSpecifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
typestring
typeobject
AuditLogConfig
descriptionProvides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
idAuditLogConfig
properties
exemptedMembers
descriptionSpecifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
items
typestring
typearray
ignoreChildExemptions
typeboolean
logType
descriptionThe log type that this config enables.
enum
  • LOG_TYPE_UNSPECIFIED
  • ADMIN_READ
  • DATA_WRITE
  • DATA_READ
enumDescriptions
  • Default case. Should never be this.
  • Admin reads. Example: CloudIAM getIamPolicy
  • Data writes. Example: CloudSQL Users create
  • Data reads. Example: CloudSQL Users list
typestring
typeobject
AuthorizationLoggingOptions
descriptionAuthorization-related information used by Cloud Audit Logging.
idAuthorizationLoggingOptions
properties
permissionType
descriptionThe type of the permission that was checked.
enum
  • PERMISSION_TYPE_UNSPECIFIED
  • ADMIN_READ
  • ADMIN_WRITE
  • DATA_READ
  • DATA_WRITE
enumDescriptions
  • Default. Should not be used.
  • A read of admin (meta) data.
  • A write of admin (meta) data.
  • A read of standard data.
  • A write of standard data.
typestring
typeobject
BatchGetAssetsHistoryResponse
descriptionBatch get assets history response.
idBatchGetAssetsHistoryResponse
properties
assets
descriptionA list of assets with valid time windows.
items
$refTemporalAsset
typearray
typeobject
BigQueryDestination
descriptionA BigQuery destination.
idBigQueryDestination
properties
dataset
descriptionRequired. The BigQuery dataset in format "projects/projectId/datasets/datasetId", to which the snapshot result should be exported. If this dataset does not exist, the export call returns an error.
typestring
force
descriptionIf the destination table already exists and this flag is `TRUE`, the table will be overwritten by the contents of assets snapshot. If the flag is not set and the destination table already exists, the export call returns an error.
typeboolean
table
descriptionRequired. The BigQuery table to which the snapshot result should be written. If this table does not exist, a new table with the given name will be created.
typestring
typeobject
Binding
descriptionAssociates `members`, or principals, with a `role`.
idBinding
properties
bindingId
typestring
condition
$refExpr
descriptionThe condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
members
descriptionSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
items
typestring
typearray
role
descriptionRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
typestring
typeobject
CloudAuditOptions
descriptionWrite a Cloud Audit log
idCloudAuditOptions
properties
authorizationLoggingOptions
$refAuthorizationLoggingOptions
descriptionInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
logName
descriptionThe log_name to populate in the Cloud Audit Record.
enum
  • UNSPECIFIED_LOG_NAME
  • ADMIN_ACTIVITY
  • DATA_ACCESS
enumDescriptions
  • Default. Should not be used.
  • Corresponds to "cloudaudit.googleapis.com/activity"
  • Corresponds to "cloudaudit.googleapis.com/data_access"
typestring
permissionType
descriptionThe type associated with the permission.
enum
  • PERMISSION_TYPE_UNSPECIFIED
  • ADMIN_READ
  • ADMIN_WRITE
  • DATA_READ
  • DATA_WRITE
enumDescriptions
  • Default. Should not be used.
  • Permissions that gate reading resource configuration or metadata.
  • Permissions that gate modification of resource configuration or metadata.
  • Permissions that gate reading user-provided data.
  • Permissions that gate writing user-provided data.
typestring
typeobject
Condition
descriptionA condition to be met.
idCondition
properties
iam
descriptionTrusted attributes supplied by the IAM system.
enum
  • NO_ATTR
  • AUTHORITY
  • ATTRIBUTION
  • SECURITY_REALM
  • APPROVER
  • JUSTIFICATION_TYPE
  • CREDENTIALS_TYPE
  • CREDS_ASSERTION
enumDescriptions
  • Default non-attribute.
  • Either principal or (if present) authority selector.
  • The principal (even if an authority selector is present), which must only be used for attribution, not authorization.
  • Any of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
  • An approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
  • What types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the *absence* of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
  • What type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the *absence* of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
  • Properties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
typestring
op
descriptionAn operator to apply the subject with.
enum
  • NO_OP
  • EQUALS
  • NOT_EQUALS
  • IN
  • NOT_IN
  • DISCHARGED
enumDescriptions
  • Default no-op.
  • DEPRECATED. Use IN instead.
  • DEPRECATED. Use NOT_IN instead.
  • The condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
  • The condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
  • Subject is discharged
typestring
svc
descriptionTrusted attributes discharged by the service.
typestring
sys
descriptionTrusted attributes supplied by any service that owns resources and uses the IAM system for access control.
enum
  • NO_ATTR
  • REGION
  • SERVICE
  • NAME
  • IP
enumDescriptions
  • Default non-attribute type
  • Region of the resource
  • Service name
  • Resource name
  • IP address of the caller
typestring
values
descriptionThe objects of the condition.
items
typestring
typearray
typeobject
CounterOptions
descriptionIncrement a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. Supported field names: - "authority", which is "[token]" if IAMContext.token is present, otherwise the value of IAMContext.authority_selector if present, and otherwise a representation of IAMContext.principal; or - "iam_principal", a representation of IAMContext.principal even if a token or authority selector is present; or - "" (empty string), resulting in a counter with no fields. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/debug_access_count {iam_principal=[value of IAMContext.principal]}
idCounterOptions
properties
customFields
descriptionCustom fields.
items
$refCustomField
typearray
field
descriptionThe field value to attribute.
typestring
metric
descriptionThe metric to update.
typestring
typeobject
CreateFeedRequest
descriptionCreate asset feed request.
idCreateFeedRequest
properties
feed
$refFeed
descriptionRequired. The feed details. The field `name` must be empty and it will be generated in the format of: projects/project_number/feeds/feed_id folders/folder_number/feeds/feed_id organizations/organization_number/feeds/feed_id
feedId
descriptionRequired. This is the client-assigned asset feed identifier and it needs to be unique under a specific parent project/folder/organization.
typestring
typeobject
CustomField
descriptionCustom fields. These can be used to create a counter with arbitrary field/value pairs. See: go/rpcsp-custom-fields.
idCustomField
properties
name
descriptionName is the field name.
typestring
value
descriptionValue is the field value. It is important that in contrast to the CounterOptions.field, the value here is a constant that is not derived from the IAMContext.
typestring
typeobject
DataAccessOptions
descriptionWrite a Data Access (Gin) log
idDataAccessOptions
properties
isDirectAuth
descriptionIndicates that access was granted by a regular grant policy
typeboolean
logMode
enum
  • LOG_MODE_UNSPECIFIED
  • LOG_FAIL_CLOSED
enumDescriptions
  • Client is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
  • The application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
typestring
typeobject
Date
descriptionRepresents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp
idDate
properties
day
descriptionDay of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.
formatint32
typeinteger
month
descriptionMonth of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
formatint32
typeinteger
year
descriptionYear of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
formatint32
typeinteger
typeobject
Empty
descriptionA generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
idEmpty
properties
typeobject
ExportAssetsRequest
descriptionExport asset request.
idExportAssetsRequest
properties
assetTypes
descriptionA list of asset types of which to take a snapshot for. For example: "compute.googleapis.com/Disk". If specified, only matching assets will be returned. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) for all supported asset types.
items
typestring
typearray
contentType
descriptionAsset content type. If not specified, no content but the asset name will be returned.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
  • IAM_POLICY_NAME
  • ORG_POLICY
  • ACCESS_POLICY
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
  • The IAM policy name for the IAM policy set on a resource.
  • The organization policy set on an asset.
  • The Access Context Manager policy set on an asset.
typestring
outputConfig
$refOutputConfig
descriptionRequired. Output configuration indicating where the results will be output to.
readTime
descriptionTimestamp to take an asset snapshot. This can only be set to a timestamp between 2018-10-02 UTC (inclusive) and the current time. If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
formatgoogle-datetime
typestring
typeobject
Expr
descriptionRepresents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
idExpr
properties
description
descriptionOptional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
typestring
expression
descriptionTextual representation of an expression in Common Expression Language syntax.
typestring
location
descriptionOptional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
typestring
title
descriptionOptional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
typestring
typeobject
Feed
descriptionAn asset feed used to export asset updates to a destinations. An asset feed filter controls what updates are exported. The asset feed must be created within a project, organization, or folder. Supported destinations are: Pub/Sub topics.
idFeed
properties
assetNames
descriptionA list of the full names of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info.
items
typestring
typearray
assetTypes
descriptionA list of types of the assets to receive updates. You must specify either or both of asset_names and asset_types. Only asset updates matching specified asset_names or asset_types are exported to the feed. For example: "compute.googleapis.com/Disk" See [Introduction to Cloud Asset Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) for all supported asset types.
items
typestring
typearray
contentType
descriptionAsset content type.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
  • IAM_POLICY_NAME
  • ORG_POLICY
  • ACCESS_POLICY
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
  • The IAM policy name for the IAM policy set on a resource.
  • The organization policy set on an asset.
  • The Access Context Manager policy set on an asset.
typestring
feedOutputConfig
$refFeedOutputConfig
descriptionRequired. Feed output configuration defining where the asset updates are published to.
name
descriptionRequired. The format will be projects/{project_number}/feeds/{client-assigned_feed_identifier} or folders/{folder_number}/feeds/{client-assigned_feed_identifier} or organizations/{organization_number}/feeds/{client-assigned_feed_identifier} The client-assigned feed identifier must be unique within the parent project/folder/organization.
typestring
typeobject
FeedOutputConfig
descriptionOutput configuration for asset feed destination.
idFeedOutputConfig
properties
pubsubDestination
$refPubsubDestination
descriptionDestination on Pub/Sub.
typeobject
GcsDestination
descriptionA Cloud Storage location.
idGcsDestination
properties
uri
descriptionThe URI of the Cloud Storage object. It's the same URI that is used by gsutil. For example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information.
typestring
uriPrefix
descriptionThe URI prefix of all generated Cloud Storage objects. For example: "gs://bucket_name/object_name_prefix". Each object URI is in format: "gs://bucket_name/object_name_prefix// and only contains assets for that type. starts from 0. For example: "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is the first shard of output objects containing all compute.googleapis.com/Disk assets.
typestring
typeobject
GoogleCloudAssetV1p7beta1Asset
descriptionAn asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1Asset
properties
accessLevel
$refGoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionPlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
accessPolicy
$refGoogleIdentityAccesscontextmanagerV1AccessPolicy
descriptionPlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
ancestors
descriptionThe ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
authorizedOrgsDesc
$refGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
descriptionPlease also refer to the [authorized organizations descriptions user guide](https://cloud.google.com/access-context-manager/docs/overview#authorizedOrgsDescs).
deleted
descriptionWhether the asset has been deleted or not.
typeboolean
iamPolicy
$refPolicy
descriptionA representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information.
iamPolicyName
descriptionThe name of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource.
formatbyte
typestring
name
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
orgPolicy
descriptionA representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource.
items
$refGoogleCloudOrgpolicyV1Policy
typearray
osInventory
$refInventory
descriptionA representation of runtime OS Inventory information. See [this topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) for more information.
relatedAssets
$refGoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe related assets of the asset of one relationship type. One asset only represents one type of relationship.
resource
$refGoogleCloudAssetV1p7beta1Resource
descriptionA representation of the resource.
servicePerimeter
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeter
descriptionPlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
updateTime
descriptionThe last update timestamp of an asset. update_time is updated when create/update/delete operation is performed.
formatgoogle-datetime
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAsset
descriptionAn asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1RelatedAsset
properties
ancestors
descriptionThe ancestors of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
asset
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe detailed related assets with the `relationship_type`.
idGoogleCloudAssetV1p7beta1RelatedAssets
properties
assets
descriptionThe peer resources of the relationship.
items
$refGoogleCloudAssetV1p7beta1RelatedAsset
typearray
relationshipAttributes
$refGoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe detailed relation attributes.
typeobject
GoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe relationship attributes which include `type`, `source_resource_type`, `target_resource_type` and `action`.
idGoogleCloudAssetV1p7beta1RelationshipAttributes
properties
action
descriptionThe detail of the relationship, e.g. `contains`, `attaches`
typestring
sourceResourceType
descriptionThe source asset type. Example: `compute.googleapis.com/Instance`
typestring
targetResourceType
descriptionThe target asset type. Example: `compute.googleapis.com/Disk`
typestring
type
descriptionThe unique identifier of the relationship type. Example: `INSTANCE_TO_INSTANCEGROUP`
typestring
typeobject
GoogleCloudAssetV1p7beta1Resource
descriptionA representation of a Google Cloud resource.
idGoogleCloudAssetV1p7beta1Resource
properties
data
additionalProperties
descriptionProperties of the object.
typeany
descriptionThe content of the resource, in which some sensitive fields are removed and may not be present.
typeobject
discoveryDocumentUri
descriptionThe URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
discoveryName
descriptionThe JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
internalData
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe actual metadata content for the resource, only visible for internal users.
typeobject
location
descriptionThe location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/.
typestring
parent
descriptionThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
typestring
resourceUrl
descriptionThe REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
typestring
version
descriptionThe API version. Example: `v1`
typestring
typeobject
GoogleCloudOrgpolicyV1BooleanPolicy
descriptionUsed in `policy_type` to specify how `boolean_policy` will behave at this resource.
idGoogleCloudOrgpolicyV1BooleanPolicy
properties
enforced
descriptionIf `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`.
typeboolean
typeobject
GoogleCloudOrgpolicyV1ListPolicy
descriptionUsed in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset.
idGoogleCloudOrgpolicyV1ListPolicy
properties
allValues
descriptionThe policy all_values state.
enum
  • ALL_VALUES_UNSPECIFIED
  • ALLOW
  • DENY
enumDescriptions
  • Indicates that allowed_values or denied_values must be set.
  • A policy with this set allows all values.
  • A policy with this set denies all values.
typestring
allowedValues
descriptionList of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
deniedValues
descriptionList of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
inheritFromParent
descriptionDetermines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`.
typeboolean
suggestedValue
descriptionOptional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
typestring
typeobject
GoogleCloudOrgpolicyV1Policy
descriptionDefines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.
idGoogleCloudOrgpolicyV1Policy
properties
booleanPolicy
$refGoogleCloudOrgpolicyV1BooleanPolicy
descriptionFor boolean `Constraints`, whether to enforce the `Constraint` or not.
constraint
descriptionThe name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation.
typestring
etag
descriptionAn opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`.
formatbyte
typestring
listPolicy
$refGoogleCloudOrgpolicyV1ListPolicy
descriptionList of values either allowed or disallowed.
restoreDefault
$refGoogleCloudOrgpolicyV1RestoreDefault
descriptionRestores the default behavior of the constraint; independent of `Constraint` type.
updateTime
descriptionThe time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored.
formatgoogle-datetime
typestring
version
descriptionVersion of the `Policy`. Default version is 0;
formatint32
typeinteger
typeobject
GoogleCloudOrgpolicyV1RestoreDefault
descriptionIgnores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated.
idGoogleCloudOrgpolicyV1RestoreDefault
properties
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionAn `AccessLevel` is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.
idGoogleIdentityAccesscontextmanagerV1AccessLevel
properties
accessLevelFeatures
$refGoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
descriptionOutput only. Access level features that are used to determine the behavior of the access level.
readOnlyTrue
basic
$refGoogleIdentityAccesscontextmanagerV1BasicLevel
descriptionA `BasicLevel` composed of `Conditions`.
createTime
descriptionOutput only. Time the `AccessLevel` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
custom
$refGoogleIdentityAccesscontextmanagerV1CustomLevel
descriptionA `CustomLevel` written in the Common Expression Language.
description
descriptionDescription of the `AccessLevel` and its use. Does not affect behavior.
typestring
name
descriptionIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
typestring
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
updateTime
descriptionOutput only. Time the `AccessLevel` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
descriptionFields capturing features about the access level. Output only.
idGoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
properties
canBeNested
descriptionOutput only. Indicates that the access level is able to be nested in other access levels.
readOnlyTrue
typeboolean
hasRemediations
descriptionOutput only. Indicates whether there is a remediation defined within access level conditions. Set to false if deny is the only configured result for all conditions.
readOnlyTrue
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1AccessPolicy
description`AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use Google Cloud services) and `ServicePerimeters` (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
idGoogleIdentityAccesscontextmanagerV1AccessPolicy
properties
createTime
descriptionOutput only. Time the `AccessPolicy` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
etag
descriptionOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
readOnlyTrue
typestring
name
descriptionOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
typestring
parent
descriptionRequired. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
typestring
scopes
descriptionThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
items
typestring
typearray
title
descriptionRequired. Human readable title. Does not affect behavior.
typestring
updateTime
descriptionOutput only. Time the `AccessPolicy` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1ApiOperation
descriptionIdentification for an API Operation.
idGoogleIdentityAccesscontextmanagerV1ApiOperation
properties
methodSelectors
descriptionAPI methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
items
$refGoogleIdentityAccesscontextmanagerV1MethodSelector
typearray
serviceName
descriptionThe name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
description`AuthorizedOrgsDesc` contains data for an organization's authorization policy.
idGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
properties
assetType
descriptionThe asset type of this authorized orgs desc. Valid values are `ASSET_TYPE_DEVICE`, and `ASSET_TYPE_CREDENTIAL_STRENGTH`.
enum
  • ASSET_TYPE_UNSPECIFIED
  • ASSET_TYPE_DEVICE
  • ASSET_TYPE_CREDENTIAL_STRENGTH
enumDescriptions
  • No asset type specified.
  • Device asset type.
  • Credential strength asset type.
typestring
authorizationDirection
descriptionThe direction of the authorization relationship between this organization and the organizations listed in the `orgs` field. The valid values for this field include the following: `AUTHORIZATION_DIRECTION_FROM`: Allows this organization to evaluate traffic in the organizations listed in the `orgs` field. `AUTHORIZATION_DIRECTION_TO`: Allows the organizations listed in the `orgs` field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying `AUTHORIZATION_DIRECTION_TO` as the authorization direction, organizations B and C must specify `AUTHORIZATION_DIRECTION_FROM` as the authorization direction in their `AuthorizedOrgsDesc` resource.
enum
  • AUTHORIZATION_DIRECTION_UNSPECIFIED
  • AUTHORIZATION_DIRECTION_TO
  • AUTHORIZATION_DIRECTION_FROM
enumDescriptions
  • No direction specified.
  • The specified organizations are authorized to evaluate traffic in this organization.
  • The traffic of the specified organizations can be evaluated by this organization.
typestring
authorizationType
descriptionA granular control type for authorization levels. Valid value is `AUTHORIZATION_TYPE_TRUST`.
enum
  • AUTHORIZATION_TYPE_UNSPECIFIED
  • AUTHORIZATION_TYPE_TRUST
enumDescriptions
  • No authorization type specified.
  • This authorization relationship is "trust".
typestring
createTime
descriptionOutput only. Time the `AuthorizedOrgsDesc` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
name
descriptionIdentifier. Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.
typestring
orgs
descriptionThe list of organization ids in this AuthorizedOrgsDesc. Format: `organizations/` Example: `organizations/123456`
items
typestring
typearray
updateTime
descriptionOutput only. Time the `AuthorizedOrgsDesc` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1BasicLevel
description`BasicLevel` is an `AccessLevel` using a set of recommended features.
idGoogleIdentityAccesscontextmanagerV1BasicLevel
properties
combiningFunction
descriptionHow the `conditions` list should be combined to determine if a request is granted this `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. Default behavior is AND.
enum
  • AND
  • OR
enumDescriptions
  • All `Conditions` must be true for the `BasicLevel` to be true.
  • If at least one `Condition` is true, then the `BasicLevel` is true.
typestring
conditions
descriptionRequired. A list of requirements for the `AccessLevel` to be granted.
items
$refGoogleIdentityAccesscontextmanagerV1Condition
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1Condition
descriptionA condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
idGoogleIdentityAccesscontextmanagerV1Condition
properties
dateTimeRestriction
$refGoogleIdentityAccesscontextmanagerV1DateTimeRestriction
descriptionSpecification for when requests are allowed by this Condition. If not specified, a request may be made at any time.
devicePolicy
$refGoogleIdentityAccesscontextmanagerV1DevicePolicy
descriptionDevice specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks
descriptionCIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
items
typestring
typearray
members
descriptionThe request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may come from any user.
items
typestring
typearray
negate
descriptionWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
typeboolean
regions
descriptionThe request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
items
typestring
typearray
requiredAccessLevels
descriptionA list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
items
typestring
typearray
risk
$refGoogleIdentityAccesscontextmanagerV1Risk
descriptionThe request must have acceptable risk profile. Following constraints apply to its use: - It cannot be negated and cannot be nested. - If set, no other attributes can be applied within a Condition. - If set, you may optionally specify a remediation result.
unsatisfiedResult
$refGoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
descriptionThe result to apply if the condition is not met.
vpcNetworkSources
descriptionThe request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
items
$refGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1CustomLevel
description`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec
idGoogleIdentityAccesscontextmanagerV1CustomLevel
properties
expr
$refExpr
descriptionRequired. A Cloud CEL expression evaluating to a boolean.
typeobject
GoogleIdentityAccesscontextmanagerV1DateTimeRestriction
description`DateTimeRestriction` describes a requirement for when requests are allowed. For example, `{allowed_days: MONDAY earliest_time {hours: 7} }` would only be true for requests sent on Monday after 7:00am UTC.
idGoogleIdentityAccesscontextmanagerV1DateTimeRestriction
properties
allowedDays
descriptionThe days when the parent `AccessLevel` can be granted. If not specified, all days are allowed.
items
enum
  • DAY_OF_WEEK_UNSPECIFIED
  • MONDAY
  • TUESDAY
  • WEDNESDAY
  • THURSDAY
  • FRIDAY
  • SATURDAY
  • SUNDAY
enumDescriptions
  • The day of the week is unspecified.
  • Monday
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
  • Sunday
typestring
typearray
earliestTime
$refTimeOfDay
descriptionThe earliest time in the day that a request can be granted the parent `AccessLevel`, inclusive. Currently only respects up to minute specificity. If not specified, defaults to 0:00. Example: if the hours field is set to 6, a request at 5:45am would not satisfy the DateTimeRestriction.
latestTime
$refTimeOfDay
descriptionThe latest time in the day that a request can be granted the parent `AccessLevel`, inclusive. Currently only respects up to minute specificity. If not specified, defaults to 24:00. Example: if the hours field is set to 19, a request at 7:15pm would not satisfy the DateTimeRestriction.
timeZone
descriptionA time zone ID, specified as in the [IANA timezone database](https://www.iana.org/time-zones). Defaults to UTC. Examples: `"America/Los_Angeles"`, `"Etc/UTC"`, '"Europe/London"`.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1DevicePolicy
description`DevicePolicy` specifies device specific restrictions necessary to acquire a given access level. A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.
idGoogleIdentityAccesscontextmanagerV1DevicePolicy
properties
allowedDeviceManagementLevels
descriptionAllowed device management levels, an empty list allows all management levels.
items
enum
  • MANAGEMENT_UNSPECIFIED
  • NONE
  • BASIC
  • COMPLETE
enumDescriptions
  • The device's management level is not specified or not known.
  • The device is not managed.
  • Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
  • Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
typestring
typearray
allowedEncryptionStatuses
descriptionAllowed encryptions statuses, an empty list allows all statuses.
items
enum
  • ENCRYPTION_UNSPECIFIED
  • ENCRYPTION_UNSUPPORTED
  • UNENCRYPTED
  • ENCRYPTED
enumDescriptions
  • The encryption status of the device is not specified or not known.
  • The device does not support encryption.
  • The device supports encryption, but is currently unencrypted.
  • The device is encrypted.
typestring
typearray
osConstraints
descriptionAllowed OS versions, an empty list allows all types and all versions.
items
$refGoogleIdentityAccesscontextmanagerV1OsConstraint
typearray
requireAdminApproval
descriptionWhether the device needs to be approved by the customer admin.
typeboolean
requireCorpOwned
descriptionWhether the device needs to be corp owned.
typeboolean
requireManagedBrowserProfile
descriptionWhether the device needs to have managed browser profile.
typeboolean
requireScreenlock
descriptionWhether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.
idGoogleIdentityAccesscontextmanagerV1EgressFrom
properties
identities
descriptionA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sourceRestriction
descriptionWhether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.
enum
  • SOURCE_RESTRICTION_UNSPECIFIED
  • SOURCE_RESTRICTION_ENABLED
  • SOURCE_RESTRICTION_DISABLED
enumDescriptions
  • Enforcement preference unspecified, will not enforce traffic restrictions based on `sources` in EgressFrom.
  • Enforcement preference enabled, traffic restrictions will be enforced based on `sources` in EgressFrom.
  • Enforcement preference disabled, will not enforce traffic restrictions based on `sources` in EgressFrom.
typestring
sources
descriptionSources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`.
items
$refGoogleIdentityAccesscontextmanagerV1EgressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1EgressPolicy
descriptionPolicy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the *resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.
idGoogleIdentityAccesscontextmanagerV1EgressPolicy
properties
egressFrom
$refGoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines conditions on the source of a request causing this EgressPolicy to apply.
egressTo
$refGoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
title
descriptionOptional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressSource
descriptionThe source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.
idGoogleIdentityAccesscontextmanagerV1EgressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource from the service perimeter that you want to allow to access data outside the perimeter. This field supports only projects. The project format is `projects/{project_number}`. You can't use `*` in this field to allow all Google Cloud resources.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter.
idGoogleIdentityAccesscontextmanagerV1EgressTo
properties
externalResources
descriptionA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
items
typestring
typearray
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
items
typestring
typearray
roles
descriptionIAM roles that represent the set of operations that the sources specified in the corresponding EgressFrom. are allowed to perform in this ServicePerimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressFrom
properties
identities
descriptionA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sources
descriptionSources that this IngressPolicy authorizes access from.
items
$refGoogleIdentityAccesscontextmanagerV1IngressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressPolicy
descriptionPolicy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match, both the `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/or actions they match using the `ingress_to` field.
idGoogleIdentityAccesscontextmanagerV1IngressPolicy
properties
ingressFrom
$refGoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions on the source of a request causing this IngressPolicy to apply.
ingressTo
$refGoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
title
descriptionOptional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressSource
descriptionThe source that IngressPolicy authorizes access from.
idGoogleIdentityAccesscontextmanagerV1IngressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressTo
properties
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
items
typestring
typearray
roles
descriptionIAM roles that represent the set of operations that the sources specified in the corresponding IngressFrom are allowed to perform in this ServicePerimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1MethodSelector
descriptionAn allowed method or permission of a service specified in ApiOperation.
idGoogleIdentityAccesscontextmanagerV1MethodSelector
properties
method
descriptionA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
typestring
permission
descriptionA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1OsConstraint
descriptionA restriction on the OS type and version of devices making requests.
idGoogleIdentityAccesscontextmanagerV1OsConstraint
properties
minimumVersion
descriptionThe minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
typestring
osType
descriptionRequired. The allowed OS type.
enum
  • OS_UNSPECIFIED
  • DESKTOP_MAC
  • DESKTOP_WINDOWS
  • DESKTOP_LINUX
  • DESKTOP_CHROME_OS
  • ANDROID
  • IOS
enumDescriptions
  • The operating system of the device is not specified or not known.
  • A desktop Mac operating system.
  • A desktop Windows operating system.
  • A desktop Linux operating system.
  • A desktop ChromeOS operating system.
  • An Android operating system.
  • An iOS operating system.
typestring
requireComplianceWithEmmPolicy
descriptionWhether the device needs to adhere to the Enterprise Mobility Management (EMM) security policies.
typeboolean
requireVerifiedChromeOs
descriptionOnly allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1Risk
descriptionRisk-based access level.
idGoogleIdentityAccesscontextmanagerV1Risk
properties
userManagedRisk
$refGoogleIdentityAccesscontextmanagerV1UserManagedRisk
descriptionThe user managed risk associated with the access level.
typeobject
GoogleIdentityAccesscontextmanagerV1RiskType
descriptionThe type of the risk used to calculate the access level risk score.
idGoogleIdentityAccesscontextmanagerV1RiskType
properties
atypicalLocation
descriptionThe request is from an identity that has issued requests from atypical locations.
typeboolean
identityReputation
descriptionThe request is from an identity that has a low reputation (e.g. due to dormancy).
typeboolean
maliciousActivity
descriptionThe request is from an identity that has performed potentially malicious activity (e.g. mass deletion of backups).
typeboolean
maliciousSource
descriptionThe request is associated with signals (e.g. network) that indicate a malicious source.
typeboolean
repeatAction
descriptionThe request is from an identity that has issued repeated, suspicious requests (e.g. too many requests with permission denied).
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeter
description`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeter
properties
createTime
descriptionOutput only. Time the `ServicePerimeter` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionDescription of the `ServicePerimeter` and its use. Does not affect behavior.
typestring
etag
descriptionOptional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.
typestring
name
descriptionIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
typestring
perimeterType
descriptionPerimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
enum
  • PERIMETER_TYPE_REGULAR
  • PERIMETER_TYPE_BRIDGE
enumDescriptions
  • Regular Perimeter. When no value is specified, the perimeter uses this type.
  • Perimeter Bridge.
typestring
spec
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionProposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
status
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionCurrent ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
updateTime
descriptionOutput only. Time the `ServicePerimeter` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
useExplicitDryRunSpec
descriptionUse explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
typeboolean
weakenedForTesting
descriptionIndicates this Perimeter is intentionally weakened for Google internal testing. This will cause the Perimeter to accept non-prod P4 accounts as if they were prod accounts.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
description`ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
properties
accessLevels
descriptionA list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.
items
typestring
typearray
egressPolicies
descriptionList of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1EgressPolicy
typearray
ingressPolicies
descriptionList of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1IngressPolicy
typearray
resources
descriptionA list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
items
typestring
typearray
restrictedServices
descriptionGoogle Cloud services that are subject to the Service Perimeter restrictions. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
items
typestring
typearray
vpcAccessibleServices
$refGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionConfiguration for APIs allowed within Perimeter.
typeobject
GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
descriptionThe result to apply if the condition is not met. By default, the result is deny.
idGoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
properties
remediations
descriptionList of remediations to apply if the condition is not met. If ALL remediations are satisfied, the condition is as well. For example, a successful user reauthentication may resolve a failing risk condition. - It applies only when result_type == REMEDIATION - Only a single remediation i.e. "remediation.reauth" is allowed today.
items
typestring
typearray
resultType
descriptionThe type of result to apply if the condition is not met.
enum
  • DENY
  • REMEDIATION
enumDescriptions
  • Default type of result.
  • The result is remediation. Currently, the only supported remediation is reauth.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1UserManagedRisk
descriptionUser managed risk associated with the access level.
idGoogleIdentityAccesscontextmanagerV1UserManagedRisk
properties
riskType
$refGoogleIdentityAccesscontextmanagerV1RiskType
descriptionThe type of the risks associated with the access level.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionSpecifies how APIs are allowed to communicate within the Service Perimeter.
idGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
properties
allowedServices
descriptionThe list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
items
typestring
typearray
enableRestriction
descriptionWhether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1VpcNetworkSource
descriptionThe originating network source in Google Cloud.
idGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
properties
project
descriptionA Google Cloud project. Format: `projects/{project_number}`. Example: `projects/123456789`
typestring
vpcSubnetwork
$refGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges of a VPC network.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges inside of a VPC Network.
idGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
properties
network
descriptionRequired. Network name. If the network is not part of the organization, the `compute.network.get` permission must be granted to the caller. Format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME}` Example: `//compute.googleapis.com/projects/my-project/global/networks/network-1`
typestring
vpcIpSubnetworks
descriptionCIDR block IP subnetwork specification. The IP address must be an IPv4 address and can be a public or private IP address. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. If empty, all IP addresses are allowed.
items
typestring
typearray
typeobject
Inventory
descriptionThis API resource represents the available inventory data for a Compute Engine virtual machine (VM) instance at a given point in time. You can use this API resource to determine the inventory data of your VM. For more information, see [Information provided by OS inventory management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
idInventory
properties
items
additionalProperties
$refItem
descriptionInventory items related to the VM keyed by an opaque unique identifier for each inventory item. The identifier is unique to each distinct and addressable inventory item and will change, when there is a new package version.
typeobject
name
descriptionOutput only. The `Inventory` API resource name. Format: `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
readOnlyTrue
typestring
osInfo
$refOsInfo
descriptionBase level operating system information for the VM.
sbomItems
additionalProperties
$refSbomItem
descriptionOptional. Sbom items related to the VM, keyed by an opaque unique identifier for each sbom item. The identifier is unique to each distinct addressable sbom item and will change, when there is a new item version.
typeobject
updateTime
descriptionOutput only. Timestamp of the last reported inventory for the VM.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
Item
descriptionA single piece of inventory on a VM.
idItem
properties
availablePackage
$refSoftwarePackage
descriptionSoftware package available to be installed on the VM instance.
createTime
descriptionWhen this inventory item was first detected.
formatgoogle-datetime
typestring
id
descriptionIdentifier for this item, unique across items for this VM.
typestring
installedPackage
$refSoftwarePackage
descriptionSoftware package present on the VM instance.
originType
descriptionThe origin of this inventory item.
enum
  • ORIGIN_TYPE_UNSPECIFIED
  • INVENTORY_REPORT
enumDescriptions
  • Invalid. An origin type must be specified.
  • This inventory item was discovered as the result of the agent reporting inventory via the reporting API.
typestring
type
descriptionThe specific type of inventory, correlating to its specific details.
enum
  • TYPE_UNSPECIFIED
  • INSTALLED_PACKAGE
  • AVAILABLE_PACKAGE
enumDescriptions
  • Invalid. A type must be specified.
  • This represents a package that is installed on the VM.
  • This represents an update that is available for a package.
typestring
updateTime
descriptionWhen this inventory item was last modified.
formatgoogle-datetime
typestring
typeobject
ListFeedsResponse
idListFeedsResponse
properties
feeds
descriptionA list of feeds.
items
$refFeed
typearray
typeobject
LogConfig
descriptionSpecifies what kind of log the caller must write
idLogConfig
properties
cloudAudit
$refCloudAuditOptions
descriptionCloud audit options.
counter
$refCounterOptions
descriptionCounter options.
dataAccess
$refDataAccessOptions
descriptionData access options.
typeobject
Operation
descriptionThis resource represents a long-running operation that is the result of a network API call.
idOperation
properties
done
descriptionIf the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
typeboolean
error
$refStatus
descriptionThe error result of the operation in case of failure or cancellation.
metadata
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
typeobject
name
descriptionThe server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
typestring
response
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
typeobject
typeobject
OsInfo
descriptionOperating system information for the VM.
idOsInfo
properties
architecture
descriptionThe system architecture of the operating system.
typestring
hostname
descriptionThe VM hostname.
typestring
kernelRelease
descriptionThe kernel release of the operating system.
typestring
kernelVersion
descriptionThe kernel version of the operating system.
typestring
longName
descriptionThe operating system long name. For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 Datacenter'.
typestring
osconfigAgentVersion
descriptionThe current version of the OS Config agent running on the VM.
typestring
shortName
descriptionThe operating system short name. For example, 'windows' or 'debian'.
typestring
version
descriptionThe version of the operating system.
typestring
typeobject
OutputConfig
descriptionOutput configuration for export assets destination.
idOutputConfig
properties
bigqueryDestination
$refBigQueryDestination
descriptionDestination on BigQuery. The output table stores the fields in asset Protobuf as columns in BigQuery. The resource/iam_policy field is converted to a record with each field to a column, except metadata to a single JSON string.
gcsDestination
$refGcsDestination
descriptionDestination on Cloud Storage.
typeobject
Policy
descriptionAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
idPolicy
properties
auditConfigs
descriptionSpecifies cloud audit logging configuration for this policy.
items
$refAuditConfig
typearray
bindings
descriptionAssociates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
items
$refBinding
typearray
etag
description`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
formatbyte
typestring
rules
descriptionIf more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
items
$refRule
typearray
version
descriptionSpecifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
formatint32
typeinteger
typeobject
PubsubDestination
descriptionA Pub/Sub destination.
idPubsubDestination
properties
topic
descriptionThe name of the Pub/Sub topic to publish to. For example: `projects/PROJECT_ID/topics/TOPIC_ID`.
typestring
typeobject
Resource
descriptionA representation of a Google Cloud resource.
idResource
properties
data
additionalProperties
descriptionProperties of the object.
typeany
descriptionThe content of the resource, in which some sensitive fields are removed and may not be present.
typeobject
discoveryDocumentUri
descriptionThe URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
discoveryName
descriptionThe JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
internalData
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe actual metadata content for the resource, only visible for internal users.
typeobject
parent
descriptionThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
typestring
resourceUrl
descriptionThe REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
typestring
version
descriptionThe API version. Example: `v1`
typestring
typeobject
Rule
descriptionA rule to be applied in a Policy.
idRule
properties
action
descriptionRequired
enum
  • NO_ACTION
  • ALLOW
  • ALLOW_WITH_LOG
  • DENY
  • DENY_WITH_LOG
  • LOG
enumDescriptions
  • Default no action.
  • Matching 'Entries' grant access.
  • Matching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
  • Matching 'Entries' deny access.
  • Matching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
  • Matching 'Entries' tell IAM.Check callers to generate logs.
typestring
conditions
descriptionAdditional restrictions that must be met. All conditions must pass for the rule to match.
items
$refCondition
typearray
description
descriptionHuman-readable description of the rule.
typestring
in
descriptionIf one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
items
typestring
typearray
logConfig
descriptionThe config returned to callers of CheckPolicy for any entries that match the LOG action.
items
$refLogConfig
typearray
notIn
descriptionIf one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
items
typestring
typearray
permissions
descriptionA permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
items
typestring
typearray
typeobject
SbomItem
descriptionA single piece of sbom inventory for the VM.
idSbomItem
properties
id
descriptionIdentifier for this item, unique across sbom items for this VM.
typestring
locations
descriptionPaths or source of files related to the package.
items
typestring
typearray
name
descriptionHuman-readable name of the software, to be used for things like logging.
typestring
type
descriptionPackage type, e.g. "maven, npm, pypi".
typestring
version
descriptionVersion of the package.
typestring
typeobject
SoftwarePackage
descriptionSoftware package information of the operating system.
idSoftwarePackage
properties
aptPackage
$refVersionedPackage
descriptionDetails of an APT package. For details about the apt package manager, see https://wiki.debian.org/Apt.
cosPackage
$refVersionedPackage
descriptionDetails of a COS package.
googetPackage
$refVersionedPackage
descriptionDetails of a Googet package. For details about the googet package manager, see https://github.com/google/googet.
qfePackage
$refWindowsQuickFixEngineeringPackage
descriptionDetails of a Windows Quick Fix engineering package. See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering for info in Windows Quick Fix Engineering.
windowsApplication
$refWindowsApplication
descriptionDetails of Windows Application.
wuaPackage
$refWindowsUpdatePackage
descriptionDetails of a Windows Update package. See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for information about Windows Update.
yumPackage
$refVersionedPackage
descriptionYum package info. For details about the yum package manager, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum.
zypperPackage
$refVersionedPackage
descriptionDetails of a Zypper package. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual.
zypperPatch
$refZypperPatch
descriptionDetails of a Zypper patch. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual.
typeobject
Status
descriptionThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).
idStatus
properties
code
descriptionThe status code, which should be an enum value of google.rpc.Code.
formatint32
typeinteger
details
descriptionA list of messages that carry the error details. There is a common set of message types for APIs to use.
items
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
typeobject
typearray
message
descriptionA developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
typestring
typeobject
TemporalAsset
descriptionAn asset in Google Cloud and its temporal metadata, including the time window when it was observed and its status during that window.
idTemporalAsset
properties
asset
$refAsset
descriptionAn asset in Google Cloud.
deleted
descriptionWhether the asset has been deleted or not.
typeboolean
window
$refTimeWindow
descriptionThe time window when the asset data and state was observed.
typeobject
TimeOfDay
descriptionRepresents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`.
idTimeOfDay
properties
hours
descriptionHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
formatint32
typeinteger
minutes
descriptionMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
formatint32
typeinteger
nanos
descriptionFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
formatint32
typeinteger
seconds
descriptionSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
formatint32
typeinteger
typeobject
TimeWindow
descriptionA time window specified by its `start_time` and `end_time`.
idTimeWindow
properties
endTime
descriptionEnd time of the time window (inclusive). If not specified, the current timestamp is used instead.
formatgoogle-datetime
typestring
startTime
descriptionStart time of the time window (exclusive).
formatgoogle-datetime
typestring
typeobject
UpdateFeedRequest
descriptionUpdate asset feed request.
idUpdateFeedRequest
properties
feed
$refFeed
descriptionRequired. The new values of feed details. It must match an existing feed and the field `name` must be in the format of: projects/project_number/feeds/feed_id or folders/folder_number/feeds/feed_id or organizations/organization_number/feeds/feed_id.
updateMask
descriptionRequired. Only updates the `feed` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
formatgoogle-fieldmask
typestring
typeobject
VersionedPackage
descriptionInformation related to the a standard versioned package. This includes package info for APT, Yum, Zypper, and Googet package managers.
idVersionedPackage
properties
architecture
descriptionThe system architecture this package is intended for.
typestring
packageName
descriptionThe name of the package.
typestring
version
descriptionThe version of the package.
typestring
typeobject
WindowsApplication
descriptionContains information about a Windows application that is retrieved from the Windows Registry. For more information about these fields, see: https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
idWindowsApplication
properties
displayName
descriptionThe name of the application or product.
typestring
displayVersion
descriptionThe version of the product or application in string format.
typestring
helpLink
descriptionThe internet address for technical support.
typestring
installDate
$refDate
descriptionThe last time this product received service. The value of this property is replaced each time a patch is applied or removed from the product or the command-line option is used to repair the product.
publisher
descriptionThe name of the manufacturer for the product or application.
typestring
typeobject
WindowsQuickFixEngineeringPackage
descriptionInformation related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngineering Interface and match the source names: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
idWindowsQuickFixEngineeringPackage
properties
caption
descriptionA short textual description of the QFE update.
typestring
description
descriptionA textual description of the QFE update.
typestring
hotFixId
descriptionUnique identifier associated with a particular QFE update.
typestring
installTime
descriptionDate that the QFE update was installed. Mapped from installed_on field.
formatgoogle-datetime
typestring
typeobject
WindowsUpdateCategory
descriptionCategories specified by the Windows Update.
idWindowsUpdateCategory
properties
id
descriptionThe identifier of the windows update category.
typestring
name
descriptionThe name of the windows update category.
typestring
typeobject
WindowsUpdatePackage
descriptionDetails related to a Windows Update package. Field data and names are taken from Windows Update API IUpdate Interface: https://docs.microsoft.com/en-us/windows/win32/api/_wua/ Descriptive fields like title, and description are localized based on the locale of the VM being updated.
idWindowsUpdatePackage
properties
categories
descriptionThe categories that are associated with this update package.
items
$refWindowsUpdateCategory
typearray
description
descriptionThe localized description of the update package.
typestring
kbArticleIds
descriptionA collection of Microsoft Knowledge Base article IDs that are associated with the update package.
items
typestring
typearray
lastDeploymentChangeTime
descriptionThe last published date of the update, in (UTC) date and time.
formatgoogle-datetime
typestring
moreInfoUrls
descriptionA collection of URLs that provide more information about the update package.
items
typestring
typearray
revisionNumber
descriptionThe revision number of this update package.
formatint32
typeinteger
supportUrl
descriptionA hyperlink to the language-specific support information for the update.
typestring
title
descriptionThe localized title of the update package.
typestring
updateId
descriptionGets the identifier of an update package. Stays the same across revisions.
typestring
typeobject
ZypperPatch
descriptionDetails related to a Zypper Patch.
idZypperPatch
properties
category
descriptionThe category of the patch.
typestring
patchName
descriptionThe name of the patch.
typestring
severity
descriptionThe severity specified for this patch
typestring
summary
descriptionAny summary information provided about this patch.
typestring
typeobject
servicePath
titleCloud Asset API (Test)
versionv1p2alpha1
version_moduleTrue
old_value
error
code403
details
  • @typetype.googleapis.com/google.rpc.Help
    links
    descriptionurl
    Google developers console API activationhttps://console.developers.google.com/apis/api/test-cloudasset.sandbox.googleapis.com/overview?project=648364020234
  • @typetype.googleapis.com/google.rpc.ErrorInfo
    domaingoogleapis.com
    metadata
    consumerprojects/648364020234
    servicetest-cloudasset.sandbox.googleapis.com
    reasonSERVICE_DISABLED
messageCloud Asset API (Test) has not been used in project 648364020234 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/test-cloudasset.sandbox.googleapis.com/overview?project=648364020234 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
statusPERMISSION_DENIED
sandbox/test-cloudasset-v1p2beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1RiskType']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UserManagedRisk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['SbomItem']
  • root['schemas']['Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['CloudAuditOptions']['properties']['permissionType']
  • root['schemas']['DataAccessOptions']['properties']['isDirectAuth']
  • root['schemas']['GoogleCloudAssetV1p7beta1Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['accessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['createTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['updateTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['unsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
  • root['schemas']['Inventory']['properties']['sbomItems']
values_changed
root['revision']
new_value20250225
old_value20230224
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['CloudAuditOptions']['properties']['authorizationLoggingOptions']['description']
new_valueInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
old_valueInformation used by the Cloud Audit Logging pipeline.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['TimeOfDay']['properties']['hours']['description']
new_valueHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
old_valueHours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
root['schemas']['TimeOfDay']['properties']['minutes']['description']
new_valueMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
old_valueMinutes of hour of day. Must be from 0 to 59.
root['schemas']['TimeOfDay']['properties']['nanos']['description']
new_valueFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
old_valueFractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
root['schemas']['TimeOfDay']['properties']['seconds']['description']
new_valueSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
old_valueSeconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][3]
new_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][7]
new_valueProperties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Item']['properties']['type']['enumDescriptions'][0]
new_valueInvalid. A type must be specified.
old_valueInvalid. An type must be specified.
sandbox/test-cloudasset-v1p5alpha1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1RiskType']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UserManagedRisk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['SbomItem']
  • root['schemas']['Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['CloudAuditOptions']['properties']['permissionType']
  • root['schemas']['DataAccessOptions']['properties']['isDirectAuth']
  • root['schemas']['GoogleCloudAssetV1p7beta1Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['accessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['createTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['updateTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['unsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
  • root['schemas']['Inventory']['properties']['sbomItems']
values_changed
root['revision']
new_value20250225
old_value20230224
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['CloudAuditOptions']['properties']['authorizationLoggingOptions']['description']
new_valueInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
old_valueInformation used by the Cloud Audit Logging pipeline.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['TimeOfDay']['properties']['hours']['description']
new_valueHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
old_valueHours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
root['schemas']['TimeOfDay']['properties']['minutes']['description']
new_valueMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
old_valueMinutes of hour of day. Must be from 0 to 59.
root['schemas']['TimeOfDay']['properties']['nanos']['description']
new_valueFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
old_valueFractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
root['schemas']['TimeOfDay']['properties']['seconds']['description']
new_valueSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
old_valueSeconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][3]
new_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][7]
new_valueProperties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Item']['properties']['type']['enumDescriptions'][0]
new_valueInvalid. A type must be specified.
old_valueInvalid. An type must be specified.
sandbox/test-cloudasset-v1p5beta1
values_changed
root
new_value
auth
oauth2
scopes
https://www.googleapis.com/auth/cloud-platform
descriptionSee, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
basePath
baseUrlhttps://test-cloudasset.sandbox.googleapis.com/
batchPathbatch
canonicalNameCloud Asset
descriptionThe Cloud Asset API manages the history and inventory of Google Cloud resources.
discoveryVersionv1
documentationLinkhttps://cloud.google.com/asset-inventory/docs/quickstart
fullyEncodeReservedExpansionTrue
icons
x16http://www.google.com/images/icons/product/search-16.gif
x32http://www.google.com/images/icons/product/search-32.gif
idcloudasset:v1p5beta1
kinddiscovery#restDescription
mtlsRootUrlhttps://test-cloudasset.mtls.sandbox.googleapis.com/
namecloudasset
ownerDomaingoogle.com
ownerNameGoogle
parameters
$.xgafv
descriptionV1 error format.
enum
  • 1
  • 2
enumDescriptions
  • v1 error format
  • v2 error format
locationquery
typestring
access_token
descriptionOAuth access token.
locationquery
typestring
alt
defaultjson
descriptionData format for response.
enum
  • json
  • media
  • proto
enumDescriptions
  • Responses with Content-Type of application/json
  • Media download with context-dependent Content-Type
  • Responses with Content-Type of application/x-protobuf
locationquery
typestring
callback
descriptionJSONP
locationquery
typestring
fields
descriptionSelector specifying which fields to include in a partial response.
locationquery
typestring
key
descriptionAPI key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
locationquery
typestring
oauth_token
descriptionOAuth 2.0 token for the current user.
locationquery
typestring
prettyPrint
defaulttrue
descriptionReturns response with indentations and line breaks.
locationquery
typeboolean
quotaUser
descriptionAvailable to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
locationquery
typestring
uploadType
descriptionLegacy upload protocol for media (e.g. "media", "multipart").
locationquery
typestring
upload_protocol
descriptionUpload protocol for media (e.g. "raw", "multipart").
locationquery
typestring
protocolrest
resources
assets
methods
list
descriptionLists assets with time and resource types and returns paged results in response.
flatPathv1p5beta1/{v1p5beta1Id}/{v1p5beta1Id1}/assets
httpMethodGET
idcloudasset.assets.list
parameterOrder
  • parent
parameters
assetTypes
descriptionA list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all supported asset types.
locationquery
repeatedTrue
typestring
contentType
descriptionAsset content type. If not specified, no content but the asset name will be returned.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
  • IAM_POLICY_NAME
  • ORG_POLICY
  • ACCESS_POLICY
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
  • The IAM policy name for the IAM policy set on a resource.
  • The organization policy set on an asset.
  • The Access Context Manager policy set on an asset.
locationquery
typestring
pageSize
descriptionThe maximum number of assets to be returned in a single response. Default is 100, minimum is 1, and maximum is 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionThe `next_page_token` returned from the previous `ListAssetsResponse`, or unspecified for the first `ListAssetsRequest`. It is a continuation of a prior `ListAssets` call, and the API should return the next page of assets.
locationquery
typestring
parent
descriptionRequired. Name of the organization or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), or "projects/[project-number]" (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
readTime
descriptionTimestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
formatgoogle-datetime
locationquery
typestring
pathv1p5beta1/{+parent}/assets
response
$refListAssetsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
revision20250225
rootUrlhttps://test-cloudasset.sandbox.googleapis.com/
schemas
AnalyzeIamPolicyLongrunningMetadata
descriptionRepresents the metadata of the longrunning operation for the AnalyzeIamPolicyLongrunning RPC.
idAnalyzeIamPolicyLongrunningMetadata
properties
createTime
descriptionOutput only. The time the operation was created.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
AnalyzeIamPolicyLongrunningResponse
descriptionA response message for AssetService.AnalyzeIamPolicyLongrunning.
idAnalyzeIamPolicyLongrunningResponse
properties
typeobject
Asset
descriptionAn asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idAsset
properties
accessLevel
$refGoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionPlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
accessPolicy
$refGoogleIdentityAccesscontextmanagerV1AccessPolicy
descriptionPlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
ancestors
descriptionThe ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
authorizedOrgsDesc
$refGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
descriptionPlease also refer to the [authorized organizations descriptions user guide](https://cloud.google.com/access-context-manager/docs/overview#authorizedOrgsDescs).
iamPolicy
$refPolicy
descriptionA representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information.
iamPolicyName
descriptionThe name of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource.
formatbyte
typestring
name
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
orgPolicy
descriptionA representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource.
items
$refGoogleCloudOrgpolicyV1Policy
typearray
resource
$refResource
descriptionA representation of the resource.
servicePerimeter
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeter
descriptionPlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
typeobject
AuditConfig
descriptionSpecifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
idAuditConfig
properties
auditLogConfigs
descriptionThe configuration for logging of each type of permission.
items
$refAuditLogConfig
typearray
service
descriptionSpecifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
typestring
typeobject
AuditLogConfig
descriptionProvides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
idAuditLogConfig
properties
exemptedMembers
descriptionSpecifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
items
typestring
typearray
ignoreChildExemptions
typeboolean
logType
descriptionThe log type that this config enables.
enum
  • LOG_TYPE_UNSPECIFIED
  • ADMIN_READ
  • DATA_WRITE
  • DATA_READ
enumDescriptions
  • Default case. Should never be this.
  • Admin reads. Example: CloudIAM getIamPolicy
  • Data writes. Example: CloudSQL Users create
  • Data reads. Example: CloudSQL Users list
typestring
typeobject
AuthorizationLoggingOptions
descriptionAuthorization-related information used by Cloud Audit Logging.
idAuthorizationLoggingOptions
properties
permissionType
descriptionThe type of the permission that was checked.
enum
  • PERMISSION_TYPE_UNSPECIFIED
  • ADMIN_READ
  • ADMIN_WRITE
  • DATA_READ
  • DATA_WRITE
enumDescriptions
  • Default. Should not be used.
  • A read of admin (meta) data.
  • A write of admin (meta) data.
  • A read of standard data.
  • A write of standard data.
typestring
typeobject
Binding
descriptionAssociates `members`, or principals, with a `role`.
idBinding
properties
bindingId
typestring
condition
$refExpr
descriptionThe condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
members
descriptionSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
items
typestring
typearray
role
descriptionRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
typestring
typeobject
CloudAuditOptions
descriptionWrite a Cloud Audit log
idCloudAuditOptions
properties
authorizationLoggingOptions
$refAuthorizationLoggingOptions
descriptionInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
logName
descriptionThe log_name to populate in the Cloud Audit Record.
enum
  • UNSPECIFIED_LOG_NAME
  • ADMIN_ACTIVITY
  • DATA_ACCESS
enumDescriptions
  • Default. Should not be used.
  • Corresponds to "cloudaudit.googleapis.com/activity"
  • Corresponds to "cloudaudit.googleapis.com/data_access"
typestring
permissionType
descriptionThe type associated with the permission.
enum
  • PERMISSION_TYPE_UNSPECIFIED
  • ADMIN_READ
  • ADMIN_WRITE
  • DATA_READ
  • DATA_WRITE
enumDescriptions
  • Default. Should not be used.
  • Permissions that gate reading resource configuration or metadata.
  • Permissions that gate modification of resource configuration or metadata.
  • Permissions that gate reading user-provided data.
  • Permissions that gate writing user-provided data.
typestring
typeobject
Condition
descriptionA condition to be met.
idCondition
properties
iam
descriptionTrusted attributes supplied by the IAM system.
enum
  • NO_ATTR
  • AUTHORITY
  • ATTRIBUTION
  • SECURITY_REALM
  • APPROVER
  • JUSTIFICATION_TYPE
  • CREDENTIALS_TYPE
  • CREDS_ASSERTION
enumDescriptions
  • Default non-attribute.
  • Either principal or (if present) authority selector.
  • The principal (even if an authority selector is present), which must only be used for attribution, not authorization.
  • Any of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
  • An approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
  • What types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the *absence* of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
  • What type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the *absence* of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
  • Properties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
typestring
op
descriptionAn operator to apply the subject with.
enum
  • NO_OP
  • EQUALS
  • NOT_EQUALS
  • IN
  • NOT_IN
  • DISCHARGED
enumDescriptions
  • Default no-op.
  • DEPRECATED. Use IN instead.
  • DEPRECATED. Use NOT_IN instead.
  • The condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
  • The condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
  • Subject is discharged
typestring
svc
descriptionTrusted attributes discharged by the service.
typestring
sys
descriptionTrusted attributes supplied by any service that owns resources and uses the IAM system for access control.
enum
  • NO_ATTR
  • REGION
  • SERVICE
  • NAME
  • IP
enumDescriptions
  • Default non-attribute type
  • Region of the resource
  • Service name
  • Resource name
  • IP address of the caller
typestring
values
descriptionThe objects of the condition.
items
typestring
typearray
typeobject
CounterOptions
descriptionIncrement a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. Supported field names: - "authority", which is "[token]" if IAMContext.token is present, otherwise the value of IAMContext.authority_selector if present, and otherwise a representation of IAMContext.principal; or - "iam_principal", a representation of IAMContext.principal even if a token or authority selector is present; or - "" (empty string), resulting in a counter with no fields. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/debug_access_count {iam_principal=[value of IAMContext.principal]}
idCounterOptions
properties
customFields
descriptionCustom fields.
items
$refCustomField
typearray
field
descriptionThe field value to attribute.
typestring
metric
descriptionThe metric to update.
typestring
typeobject
CustomField
descriptionCustom fields. These can be used to create a counter with arbitrary field/value pairs. See: go/rpcsp-custom-fields.
idCustomField
properties
name
descriptionName is the field name.
typestring
value
descriptionValue is the field value. It is important that in contrast to the CounterOptions.field, the value here is a constant that is not derived from the IAMContext.
typestring
typeobject
DataAccessOptions
descriptionWrite a Data Access (Gin) log
idDataAccessOptions
properties
isDirectAuth
descriptionIndicates that access was granted by a regular grant policy
typeboolean
logMode
enum
  • LOG_MODE_UNSPECIFIED
  • LOG_FAIL_CLOSED
enumDescriptions
  • Client is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
  • The application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
typestring
typeobject
Date
descriptionRepresents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp
idDate
properties
day
descriptionDay of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.
formatint32
typeinteger
month
descriptionMonth of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
formatint32
typeinteger
year
descriptionYear of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
formatint32
typeinteger
typeobject
Expr
descriptionRepresents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
idExpr
properties
description
descriptionOptional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
typestring
expression
descriptionTextual representation of an expression in Common Expression Language syntax.
typestring
location
descriptionOptional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
typestring
title
descriptionOptional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
typestring
typeobject
GoogleCloudAssetV1p7beta1Asset
descriptionAn asset in Google Cloud. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1Asset
properties
accessLevel
$refGoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionPlease also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels).
accessPolicy
$refGoogleIdentityAccesscontextmanagerV1AccessPolicy
descriptionPlease also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies).
ancestors
descriptionThe ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
authorizedOrgsDesc
$refGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
descriptionPlease also refer to the [authorized organizations descriptions user guide](https://cloud.google.com/access-context-manager/docs/overview#authorizedOrgsDescs).
deleted
descriptionWhether the asset has been deleted or not.
typeboolean
iamPolicy
$refPolicy
descriptionA representation of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource. In addition, IAM policies inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for more information.
iamPolicyName
descriptionThe name of the IAM policy set on a Google Cloud resource. There can be a maximum of one IAM policy set on any given resource.
formatbyte
typestring
name
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
orgPolicy
descriptionA representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one organization policy with different constraints set on a given resource.
items
$refGoogleCloudOrgpolicyV1Policy
typearray
osInventory
$refInventory
descriptionA representation of runtime OS Inventory information. See [this topic](https://cloud.google.com/compute/docs/instances/os-inventory-management) for more information.
relatedAssets
$refGoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe related assets of the asset of one relationship type. One asset only represents one type of relationship.
resource
$refGoogleCloudAssetV1p7beta1Resource
descriptionA representation of the resource.
servicePerimeter
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeter
descriptionPlease also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview).
updateTime
descriptionThe last update timestamp of an asset. update_time is updated when create/update/delete operation is performed.
formatgoogle-datetime
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAsset
descriptionAn asset identify in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
idGoogleCloudAssetV1p7beta1RelatedAsset
properties
ancestors
descriptionThe ancestors of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
items
typestring
typearray
asset
descriptionThe full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
typestring
assetType
descriptionThe type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.
typestring
typeobject
GoogleCloudAssetV1p7beta1RelatedAssets
descriptionThe detailed related assets with the `relationship_type`.
idGoogleCloudAssetV1p7beta1RelatedAssets
properties
assets
descriptionThe peer resources of the relationship.
items
$refGoogleCloudAssetV1p7beta1RelatedAsset
typearray
relationshipAttributes
$refGoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe detailed relation attributes.
typeobject
GoogleCloudAssetV1p7beta1RelationshipAttributes
descriptionThe relationship attributes which include `type`, `source_resource_type`, `target_resource_type` and `action`.
idGoogleCloudAssetV1p7beta1RelationshipAttributes
properties
action
descriptionThe detail of the relationship, e.g. `contains`, `attaches`
typestring
sourceResourceType
descriptionThe source asset type. Example: `compute.googleapis.com/Instance`
typestring
targetResourceType
descriptionThe target asset type. Example: `compute.googleapis.com/Disk`
typestring
type
descriptionThe unique identifier of the relationship type. Example: `INSTANCE_TO_INSTANCEGROUP`
typestring
typeobject
GoogleCloudAssetV1p7beta1Resource
descriptionA representation of a Google Cloud resource.
idGoogleCloudAssetV1p7beta1Resource
properties
data
additionalProperties
descriptionProperties of the object.
typeany
descriptionThe content of the resource, in which some sensitive fields are removed and may not be present.
typeobject
discoveryDocumentUri
descriptionThe URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
discoveryName
descriptionThe JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
internalData
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe actual metadata content for the resource, only visible for internal users.
typeobject
location
descriptionThe location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/.
typestring
parent
descriptionThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
typestring
resourceUrl
descriptionThe REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
typestring
version
descriptionThe API version. Example: `v1`
typestring
typeobject
GoogleCloudOrgpolicyV1BooleanPolicy
descriptionUsed in `policy_type` to specify how `boolean_policy` will behave at this resource.
idGoogleCloudOrgpolicyV1BooleanPolicy
properties
enforced
descriptionIf `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`.
typeboolean
typeobject
GoogleCloudOrgpolicyV1ListPolicy
descriptionUsed in `policy_type` to specify how `list_policy` behaves at this resource. `ListPolicy` can define specific values and subtrees of Cloud Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied by setting the `allowed_values` and `denied_values` fields. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - "projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. You can set `allowed_values` and `denied_values` in the same `Policy` if `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values` and `denied_values` must be unset.
idGoogleCloudOrgpolicyV1ListPolicy
properties
allValues
descriptionThe policy all_values state.
enum
  • ALL_VALUES_UNSPECIFIED
  • ALLOW
  • DENY
enumDescriptions
  • Indicates that allowed_values or denied_values must be set.
  • A policy with this set allows all values.
  • A policy with this set denies all values.
typestring
allowedValues
descriptionList of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
deniedValues
descriptionList of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`.
items
typestring
typearray
inheritFromParent
descriptionDetermines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values: {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`.
typeboolean
suggestedValue
descriptionOptional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
typestring
typeobject
GoogleCloudOrgpolicyV1Policy
descriptionDefines a Cloud Organization `Policy` which is used to specify `Constraints` for configurations of Cloud Platform resources.
idGoogleCloudOrgpolicyV1Policy
properties
booleanPolicy
$refGoogleCloudOrgpolicyV1BooleanPolicy
descriptionFor boolean `Constraints`, whether to enforce the `Constraint` or not.
constraint
descriptionThe name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation.
typestring
etag
descriptionAn opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`.
formatbyte
typestring
listPolicy
$refGoogleCloudOrgpolicyV1ListPolicy
descriptionList of values either allowed or disallowed.
restoreDefault
$refGoogleCloudOrgpolicyV1RestoreDefault
descriptionRestores the default behavior of the constraint; independent of `Constraint` type.
updateTime
descriptionThe time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that `Policy`. Any value set by the client will be ignored.
formatgoogle-datetime
typestring
version
descriptionVersion of the `Policy`. Default version is 0;
formatint32
typeinteger
typeobject
GoogleCloudOrgpolicyV1RestoreDefault
descriptionIgnores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. Suppose that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. Suppose that organization foo.com sets a `Policy` at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a `Policy` with the `policy_type` `restore_default` on several experimental projects, restoring the `constraint_default` enforcement of the `Constraint` for only those projects, allowing those projects to have all services activated.
idGoogleCloudOrgpolicyV1RestoreDefault
properties
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevel
descriptionAn `AccessLevel` is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.
idGoogleIdentityAccesscontextmanagerV1AccessLevel
properties
accessLevelFeatures
$refGoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
descriptionOutput only. Access level features that are used to determine the behavior of the access level.
readOnlyTrue
basic
$refGoogleIdentityAccesscontextmanagerV1BasicLevel
descriptionA `BasicLevel` composed of `Conditions`.
createTime
descriptionOutput only. Time the `AccessLevel` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
custom
$refGoogleIdentityAccesscontextmanagerV1CustomLevel
descriptionA `CustomLevel` written in the Common Expression Language.
description
descriptionDescription of the `AccessLevel` and its use. Does not affect behavior.
typestring
name
descriptionIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
typestring
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
updateTime
descriptionOutput only. Time the `AccessLevel` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
descriptionFields capturing features about the access level. Output only.
idGoogleIdentityAccesscontextmanagerV1AccessLevelFeatures
properties
canBeNested
descriptionOutput only. Indicates that the access level is able to be nested in other access levels.
readOnlyTrue
typeboolean
hasRemediations
descriptionOutput only. Indicates whether there is a remediation defined within access level conditions. Set to false if deny is the only configured result for all conditions.
readOnlyTrue
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1AccessPolicy
description`AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use Google Cloud services) and `ServicePerimeters` (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
idGoogleIdentityAccesscontextmanagerV1AccessPolicy
properties
createTime
descriptionOutput only. Time the `AccessPolicy` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
etag
descriptionOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
readOnlyTrue
typestring
name
descriptionOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
typestring
parent
descriptionRequired. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
typestring
scopes
descriptionThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
items
typestring
typearray
title
descriptionRequired. Human readable title. Does not affect behavior.
typestring
updateTime
descriptionOutput only. Time the `AccessPolicy` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1ApiOperation
descriptionIdentification for an API Operation.
idGoogleIdentityAccesscontextmanagerV1ApiOperation
properties
methodSelectors
descriptionAPI methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
items
$refGoogleIdentityAccesscontextmanagerV1MethodSelector
typearray
serviceName
descriptionThe name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
description`AuthorizedOrgsDesc` contains data for an organization's authorization policy.
idGoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc
properties
assetType
descriptionThe asset type of this authorized orgs desc. Valid values are `ASSET_TYPE_DEVICE`, and `ASSET_TYPE_CREDENTIAL_STRENGTH`.
enum
  • ASSET_TYPE_UNSPECIFIED
  • ASSET_TYPE_DEVICE
  • ASSET_TYPE_CREDENTIAL_STRENGTH
enumDescriptions
  • No asset type specified.
  • Device asset type.
  • Credential strength asset type.
typestring
authorizationDirection
descriptionThe direction of the authorization relationship between this organization and the organizations listed in the `orgs` field. The valid values for this field include the following: `AUTHORIZATION_DIRECTION_FROM`: Allows this organization to evaluate traffic in the organizations listed in the `orgs` field. `AUTHORIZATION_DIRECTION_TO`: Allows the organizations listed in the `orgs` field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying `AUTHORIZATION_DIRECTION_TO` as the authorization direction, organizations B and C must specify `AUTHORIZATION_DIRECTION_FROM` as the authorization direction in their `AuthorizedOrgsDesc` resource.
enum
  • AUTHORIZATION_DIRECTION_UNSPECIFIED
  • AUTHORIZATION_DIRECTION_TO
  • AUTHORIZATION_DIRECTION_FROM
enumDescriptions
  • No direction specified.
  • The specified organizations are authorized to evaluate traffic in this organization.
  • The traffic of the specified organizations can be evaluated by this organization.
typestring
authorizationType
descriptionA granular control type for authorization levels. Valid value is `AUTHORIZATION_TYPE_TRUST`.
enum
  • AUTHORIZATION_TYPE_UNSPECIFIED
  • AUTHORIZATION_TYPE_TRUST
enumDescriptions
  • No authorization type specified.
  • This authorization relationship is "trust".
typestring
createTime
descriptionOutput only. Time the `AuthorizedOrgsDesc` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
name
descriptionIdentifier. Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.
typestring
orgs
descriptionThe list of organization ids in this AuthorizedOrgsDesc. Format: `organizations/` Example: `organizations/123456`
items
typestring
typearray
updateTime
descriptionOutput only. Time the `AuthorizedOrgsDesc` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1BasicLevel
description`BasicLevel` is an `AccessLevel` using a set of recommended features.
idGoogleIdentityAccesscontextmanagerV1BasicLevel
properties
combiningFunction
descriptionHow the `conditions` list should be combined to determine if a request is granted this `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. Default behavior is AND.
enum
  • AND
  • OR
enumDescriptions
  • All `Conditions` must be true for the `BasicLevel` to be true.
  • If at least one `Condition` is true, then the `BasicLevel` is true.
typestring
conditions
descriptionRequired. A list of requirements for the `AccessLevel` to be granted.
items
$refGoogleIdentityAccesscontextmanagerV1Condition
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1Condition
descriptionA condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
idGoogleIdentityAccesscontextmanagerV1Condition
properties
dateTimeRestriction
$refGoogleIdentityAccesscontextmanagerV1DateTimeRestriction
descriptionSpecification for when requests are allowed by this Condition. If not specified, a request may be made at any time.
devicePolicy
$refGoogleIdentityAccesscontextmanagerV1DevicePolicy
descriptionDevice specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.
ipSubnetworks
descriptionCIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
items
typestring
typearray
members
descriptionThe request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may come from any user.
items
typestring
typearray
negate
descriptionWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
typeboolean
regions
descriptionThe request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.
items
typestring
typearray
requiredAccessLevels
descriptionA list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
items
typestring
typearray
risk
$refGoogleIdentityAccesscontextmanagerV1Risk
descriptionThe request must have acceptable risk profile. Following constraints apply to its use: - It cannot be negated and cannot be nested. - If set, no other attributes can be applied within a Condition. - If set, you may optionally specify a remediation result.
unsatisfiedResult
$refGoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
descriptionThe result to apply if the condition is not met.
vpcNetworkSources
descriptionThe request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with `ip_subnetworks`.
items
$refGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1CustomLevel
description`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec
idGoogleIdentityAccesscontextmanagerV1CustomLevel
properties
expr
$refExpr
descriptionRequired. A Cloud CEL expression evaluating to a boolean.
typeobject
GoogleIdentityAccesscontextmanagerV1DateTimeRestriction
description`DateTimeRestriction` describes a requirement for when requests are allowed. For example, `{allowed_days: MONDAY earliest_time {hours: 7} }` would only be true for requests sent on Monday after 7:00am UTC.
idGoogleIdentityAccesscontextmanagerV1DateTimeRestriction
properties
allowedDays
descriptionThe days when the parent `AccessLevel` can be granted. If not specified, all days are allowed.
items
enum
  • DAY_OF_WEEK_UNSPECIFIED
  • MONDAY
  • TUESDAY
  • WEDNESDAY
  • THURSDAY
  • FRIDAY
  • SATURDAY
  • SUNDAY
enumDescriptions
  • The day of the week is unspecified.
  • Monday
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
  • Sunday
typestring
typearray
earliestTime
$refTimeOfDay
descriptionThe earliest time in the day that a request can be granted the parent `AccessLevel`, inclusive. Currently only respects up to minute specificity. If not specified, defaults to 0:00. Example: if the hours field is set to 6, a request at 5:45am would not satisfy the DateTimeRestriction.
latestTime
$refTimeOfDay
descriptionThe latest time in the day that a request can be granted the parent `AccessLevel`, inclusive. Currently only respects up to minute specificity. If not specified, defaults to 24:00. Example: if the hours field is set to 19, a request at 7:15pm would not satisfy the DateTimeRestriction.
timeZone
descriptionA time zone ID, specified as in the [IANA timezone database](https://www.iana.org/time-zones). Defaults to UTC. Examples: `"America/Los_Angeles"`, `"Etc/UTC"`, '"Europe/London"`.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1DevicePolicy
description`DevicePolicy` specifies device specific restrictions necessary to acquire a given access level. A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.
idGoogleIdentityAccesscontextmanagerV1DevicePolicy
properties
allowedDeviceManagementLevels
descriptionAllowed device management levels, an empty list allows all management levels.
items
enum
  • MANAGEMENT_UNSPECIFIED
  • NONE
  • BASIC
  • COMPLETE
enumDescriptions
  • The device's management level is not specified or not known.
  • The device is not managed.
  • Basic management is enabled, which is generally limited to monitoring and wiping the corporate account.
  • Complete device management. This includes more thorough monitoring and the ability to directly manage the device (such as remote wiping). This can be enabled through the Android Enterprise Platform.
typestring
typearray
allowedEncryptionStatuses
descriptionAllowed encryptions statuses, an empty list allows all statuses.
items
enum
  • ENCRYPTION_UNSPECIFIED
  • ENCRYPTION_UNSUPPORTED
  • UNENCRYPTED
  • ENCRYPTED
enumDescriptions
  • The encryption status of the device is not specified or not known.
  • The device does not support encryption.
  • The device supports encryption, but is currently unencrypted.
  • The device is encrypted.
typestring
typearray
osConstraints
descriptionAllowed OS versions, an empty list allows all types and all versions.
items
$refGoogleIdentityAccesscontextmanagerV1OsConstraint
typearray
requireAdminApproval
descriptionWhether the device needs to be approved by the customer admin.
typeboolean
requireCorpOwned
descriptionWhether the device needs to be corp owned.
typeboolean
requireManagedBrowserProfile
descriptionWhether the device needs to have managed browser profile.
typeboolean
requireScreenlock
descriptionWhether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.
idGoogleIdentityAccesscontextmanagerV1EgressFrom
properties
identities
descriptionA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sourceRestriction
descriptionWhether to enforce traffic restrictions based on `sources` field. If the `sources` fields is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.
enum
  • SOURCE_RESTRICTION_UNSPECIFIED
  • SOURCE_RESTRICTION_ENABLED
  • SOURCE_RESTRICTION_DISABLED
enumDescriptions
  • Enforcement preference unspecified, will not enforce traffic restrictions based on `sources` in EgressFrom.
  • Enforcement preference enabled, traffic restrictions will be enforced based on `sources` in EgressFrom.
  • Enforcement preference disabled, will not enforce traffic restrictions based on `sources` in EgressFrom.
typestring
sources
descriptionSources that this EgressPolicy authorizes access from. If this field is not empty, then `source_restriction` must be set to `SOURCE_RESTRICTION_ENABLED`.
items
$refGoogleIdentityAccesscontextmanagerV1EgressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1EgressPolicy
descriptionPolicy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the *resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.
idGoogleIdentityAccesscontextmanagerV1EgressPolicy
properties
egressFrom
$refGoogleIdentityAccesscontextmanagerV1EgressFrom
descriptionDefines conditions on the source of a request causing this EgressPolicy to apply.
egressTo
$refGoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
title
descriptionOptional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressSource
descriptionThe source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.
idGoogleIdentityAccesscontextmanagerV1EgressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource from the service perimeter that you want to allow to access data outside the perimeter. This field supports only projects. The project format is `projects/{project_number}`. You can't use `*` in this field to allow all Google Cloud resources.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1EgressTo
descriptionDefines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter.
idGoogleIdentityAccesscontextmanagerV1EgressTo
properties
externalResources
descriptionA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
items
typestring
typearray
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
items
typestring
typearray
roles
descriptionIAM roles that represent the set of operations that the sources specified in the corresponding EgressFrom. are allowed to perform in this ServicePerimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressFrom
properties
identities
descriptionA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
items
typestring
typearray
identityType
descriptionSpecifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
enum
  • IDENTITY_TYPE_UNSPECIFIED
  • ANY_IDENTITY
  • ANY_USER_ACCOUNT
  • ANY_SERVICE_ACCOUNT
enumDescriptions
  • No blanket identity group specified.
  • Authorize access from all identities outside the perimeter.
  • Authorize access from all human users outside the perimeter.
  • Authorize access from all service accounts outside the perimeter.
typestring
sources
descriptionSources that this IngressPolicy authorizes access from.
items
$refGoogleIdentityAccesscontextmanagerV1IngressSource
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1IngressPolicy
descriptionPolicy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match, both the `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/or actions they match using the `ingress_to` field.
idGoogleIdentityAccesscontextmanagerV1IngressPolicy
properties
ingressFrom
$refGoogleIdentityAccesscontextmanagerV1IngressFrom
descriptionDefines the conditions on the source of a request causing this IngressPolicy to apply.
ingressTo
$refGoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
title
descriptionOptional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressSource
descriptionThe source that IngressPolicy authorizes access from.
idGoogleIdentityAccesscontextmanagerV1IngressSource
properties
accessLevel
descriptionAn AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.
typestring
resource
descriptionA Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1IngressTo
descriptionDefines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match.
idGoogleIdentityAccesscontextmanagerV1IngressTo
properties
operations
descriptionA list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
items
$refGoogleIdentityAccesscontextmanagerV1ApiOperation
typearray
resources
descriptionA list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
items
typestring
typearray
roles
descriptionIAM roles that represent the set of operations that the sources specified in the corresponding IngressFrom are allowed to perform in this ServicePerimeter.
items
typestring
typearray
typeobject
GoogleIdentityAccesscontextmanagerV1MethodSelector
descriptionAn allowed method or permission of a service specified in ApiOperation.
idGoogleIdentityAccesscontextmanagerV1MethodSelector
properties
method
descriptionA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
typestring
permission
descriptionA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1OsConstraint
descriptionA restriction on the OS type and version of devices making requests.
idGoogleIdentityAccesscontextmanagerV1OsConstraint
properties
minimumVersion
descriptionThe minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
typestring
osType
descriptionRequired. The allowed OS type.
enum
  • OS_UNSPECIFIED
  • DESKTOP_MAC
  • DESKTOP_WINDOWS
  • DESKTOP_LINUX
  • DESKTOP_CHROME_OS
  • ANDROID
  • IOS
enumDescriptions
  • The operating system of the device is not specified or not known.
  • A desktop Mac operating system.
  • A desktop Windows operating system.
  • A desktop Linux operating system.
  • A desktop ChromeOS operating system.
  • An Android operating system.
  • An iOS operating system.
typestring
requireComplianceWithEmmPolicy
descriptionWhether the device needs to adhere to the Enterprise Mobility Management (EMM) security policies.
typeboolean
requireVerifiedChromeOs
descriptionOnly allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1Risk
descriptionRisk-based access level.
idGoogleIdentityAccesscontextmanagerV1Risk
properties
userManagedRisk
$refGoogleIdentityAccesscontextmanagerV1UserManagedRisk
descriptionThe user managed risk associated with the access level.
typeobject
GoogleIdentityAccesscontextmanagerV1RiskType
descriptionThe type of the risk used to calculate the access level risk score.
idGoogleIdentityAccesscontextmanagerV1RiskType
properties
atypicalLocation
descriptionThe request is from an identity that has issued requests from atypical locations.
typeboolean
identityReputation
descriptionThe request is from an identity that has a low reputation (e.g. due to dormancy).
typeboolean
maliciousActivity
descriptionThe request is from an identity that has performed potentially malicious activity (e.g. mass deletion of backups).
typeboolean
maliciousSource
descriptionThe request is associated with signals (e.g. network) that indicate a malicious source.
typeboolean
repeatAction
descriptionThe request is from an identity that has issued repeated, suspicious requests (e.g. too many requests with permission denied).
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeter
description`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeter
properties
createTime
descriptionOutput only. Time the `ServicePerimeter` was created in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
description
descriptionDescription of the `ServicePerimeter` and its use. Does not affect behavior.
typestring
etag
descriptionOptional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.
typestring
name
descriptionIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
typestring
perimeterType
descriptionPerimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
enum
  • PERIMETER_TYPE_REGULAR
  • PERIMETER_TYPE_BRIDGE
enumDescriptions
  • Regular Perimeter. When no value is specified, the perimeter uses this type.
  • Perimeter Bridge.
typestring
spec
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionProposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
status
$refGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
descriptionCurrent ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
title
descriptionHuman readable title. Must be unique within the Policy.
typestring
updateTime
descriptionOutput only. Time the `ServicePerimeter` was updated in UTC.
formatgoogle-datetime
readOnlyTrue
typestring
useExplicitDryRunSpec
descriptionUse explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
typeboolean
weakenedForTesting
descriptionIndicates this Perimeter is intentionally weakened for Google internal testing. This will cause the Perimeter to accept non-prod P4 accounts as if they were prod accounts.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
description`ServicePerimeterConfig` specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.
idGoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
properties
accessLevels
descriptionA list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.
items
typestring
typearray
egressPolicies
descriptionList of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1EgressPolicy
typearray
ingressPolicies
descriptionList of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
items
$refGoogleIdentityAccesscontextmanagerV1IngressPolicy
typearray
resources
descriptionA list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
items
typestring
typearray
restrictedServices
descriptionGoogle Cloud services that are subject to the Service Perimeter restrictions. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
items
typestring
typearray
vpcAccessibleServices
$refGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionConfiguration for APIs allowed within Perimeter.
typeobject
GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
descriptionThe result to apply if the condition is not met. By default, the result is deny.
idGoogleIdentityAccesscontextmanagerV1UnsatisfiedResult
properties
remediations
descriptionList of remediations to apply if the condition is not met. If ALL remediations are satisfied, the condition is as well. For example, a successful user reauthentication may resolve a failing risk condition. - It applies only when result_type == REMEDIATION - Only a single remediation i.e. "remediation.reauth" is allowed today.
items
typestring
typearray
resultType
descriptionThe type of result to apply if the condition is not met.
enum
  • DENY
  • REMEDIATION
enumDescriptions
  • Default type of result.
  • The result is remediation. Currently, the only supported remediation is reauth.
typestring
typeobject
GoogleIdentityAccesscontextmanagerV1UserManagedRisk
descriptionUser managed risk associated with the access level.
idGoogleIdentityAccesscontextmanagerV1UserManagedRisk
properties
riskType
$refGoogleIdentityAccesscontextmanagerV1RiskType
descriptionThe type of the risks associated with the access level.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
descriptionSpecifies how APIs are allowed to communicate within the Service Perimeter.
idGoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
properties
allowedServices
descriptionThe list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
items
typestring
typearray
enableRestriction
descriptionWhether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
typeboolean
typeobject
GoogleIdentityAccesscontextmanagerV1VpcNetworkSource
descriptionThe originating network source in Google Cloud.
idGoogleIdentityAccesscontextmanagerV1VpcNetworkSource
properties
project
descriptionA Google Cloud project. Format: `projects/{project_number}`. Example: `projects/123456789`
typestring
vpcSubnetwork
$refGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges of a VPC network.
typeobject
GoogleIdentityAccesscontextmanagerV1VpcSubNetwork
descriptionSub-segment ranges inside of a VPC Network.
idGoogleIdentityAccesscontextmanagerV1VpcSubNetwork
properties
network
descriptionRequired. Network name. If the network is not part of the organization, the `compute.network.get` permission must be granted to the caller. Format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME}` Example: `//compute.googleapis.com/projects/my-project/global/networks/network-1`
typestring
vpcIpSubnetworks
descriptionCIDR block IP subnetwork specification. The IP address must be an IPv4 address and can be a public or private IP address. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. If empty, all IP addresses are allowed.
items
typestring
typearray
typeobject
Inventory
descriptionThis API resource represents the available inventory data for a Compute Engine virtual machine (VM) instance at a given point in time. You can use this API resource to determine the inventory data of your VM. For more information, see [Information provided by OS inventory management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
idInventory
properties
items
additionalProperties
$refItem
descriptionInventory items related to the VM keyed by an opaque unique identifier for each inventory item. The identifier is unique to each distinct and addressable inventory item and will change, when there is a new package version.
typeobject
name
descriptionOutput only. The `Inventory` API resource name. Format: `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
readOnlyTrue
typestring
osInfo
$refOsInfo
descriptionBase level operating system information for the VM.
sbomItems
additionalProperties
$refSbomItem
descriptionOptional. Sbom items related to the VM, keyed by an opaque unique identifier for each sbom item. The identifier is unique to each distinct addressable sbom item and will change, when there is a new item version.
typeobject
updateTime
descriptionOutput only. Timestamp of the last reported inventory for the VM.
formatgoogle-datetime
readOnlyTrue
typestring
typeobject
Item
descriptionA single piece of inventory on a VM.
idItem
properties
availablePackage
$refSoftwarePackage
descriptionSoftware package available to be installed on the VM instance.
createTime
descriptionWhen this inventory item was first detected.
formatgoogle-datetime
typestring
id
descriptionIdentifier for this item, unique across items for this VM.
typestring
installedPackage
$refSoftwarePackage
descriptionSoftware package present on the VM instance.
originType
descriptionThe origin of this inventory item.
enum
  • ORIGIN_TYPE_UNSPECIFIED
  • INVENTORY_REPORT
enumDescriptions
  • Invalid. An origin type must be specified.
  • This inventory item was discovered as the result of the agent reporting inventory via the reporting API.
typestring
type
descriptionThe specific type of inventory, correlating to its specific details.
enum
  • TYPE_UNSPECIFIED
  • INSTALLED_PACKAGE
  • AVAILABLE_PACKAGE
enumDescriptions
  • Invalid. A type must be specified.
  • This represents a package that is installed on the VM.
  • This represents an update that is available for a package.
typestring
updateTime
descriptionWhen this inventory item was last modified.
formatgoogle-datetime
typestring
typeobject
ListAssetsResponse
descriptionListAssets response.
idListAssetsResponse
properties
assets
descriptionAssets.
items
$refAsset
typearray
nextPageToken
descriptionToken to retrieve the next page of results. It expires 72 hours after the page token for the first page is generated. Set to empty if there are no remaining results.
typestring
readTime
descriptionTime the snapshot was taken.
formatgoogle-datetime
typestring
typeobject
LogConfig
descriptionSpecifies what kind of log the caller must write
idLogConfig
properties
cloudAudit
$refCloudAuditOptions
descriptionCloud audit options.
counter
$refCounterOptions
descriptionCounter options.
dataAccess
$refDataAccessOptions
descriptionData access options.
typeobject
OsInfo
descriptionOperating system information for the VM.
idOsInfo
properties
architecture
descriptionThe system architecture of the operating system.
typestring
hostname
descriptionThe VM hostname.
typestring
kernelRelease
descriptionThe kernel release of the operating system.
typestring
kernelVersion
descriptionThe kernel version of the operating system.
typestring
longName
descriptionThe operating system long name. For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 Datacenter'.
typestring
osconfigAgentVersion
descriptionThe current version of the OS Config agent running on the VM.
typestring
shortName
descriptionThe operating system short name. For example, 'windows' or 'debian'.
typestring
version
descriptionThe version of the operating system.
typestring
typeobject
Policy
descriptionAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
idPolicy
properties
auditConfigs
descriptionSpecifies cloud audit logging configuration for this policy.
items
$refAuditConfig
typearray
bindings
descriptionAssociates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
items
$refBinding
typearray
etag
description`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
formatbyte
typestring
rules
descriptionIf more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
items
$refRule
typearray
version
descriptionSpecifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
formatint32
typeinteger
typeobject
Resource
descriptionA representation of a Google Cloud resource.
idResource
properties
data
additionalProperties
descriptionProperties of the object.
typeany
descriptionThe content of the resource, in which some sensitive fields are removed and may not be present.
typeobject
discoveryDocumentUri
descriptionThe URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
discoveryName
descriptionThe JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as Cloud Bigtable.
typestring
internalData
additionalProperties
descriptionProperties of the object. Contains field @type with type URL.
typeany
descriptionThe actual metadata content for the resource, only visible for internal users.
typeobject
parent
descriptionThe full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google Cloud assets, this value is the parent resource defined in the [IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
typestring
resourceUrl
descriptionThe REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example: `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
typestring
version
descriptionThe API version. Example: "v1".
typestring
typeobject
Rule
descriptionA rule to be applied in a Policy.
idRule
properties
action
descriptionRequired
enum
  • NO_ACTION
  • ALLOW
  • ALLOW_WITH_LOG
  • DENY
  • DENY_WITH_LOG
  • LOG
enumDescriptions
  • Default no action.
  • Matching 'Entries' grant access.
  • Matching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
  • Matching 'Entries' deny access.
  • Matching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
  • Matching 'Entries' tell IAM.Check callers to generate logs.
typestring
conditions
descriptionAdditional restrictions that must be met. All conditions must pass for the rule to match.
items
$refCondition
typearray
description
descriptionHuman-readable description of the rule.
typestring
in
descriptionIf one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
items
typestring
typearray
logConfig
descriptionThe config returned to callers of CheckPolicy for any entries that match the LOG action.
items
$refLogConfig
typearray
notIn
descriptionIf one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
items
typestring
typearray
permissions
descriptionA permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
items
typestring
typearray
typeobject
SbomItem
descriptionA single piece of sbom inventory for the VM.
idSbomItem
properties
id
descriptionIdentifier for this item, unique across sbom items for this VM.
typestring
locations
descriptionPaths or source of files related to the package.
items
typestring
typearray
name
descriptionHuman-readable name of the software, to be used for things like logging.
typestring
type
descriptionPackage type, e.g. "maven, npm, pypi".
typestring
version
descriptionVersion of the package.
typestring
typeobject
SoftwarePackage
descriptionSoftware package information of the operating system.
idSoftwarePackage
properties
aptPackage
$refVersionedPackage
descriptionDetails of an APT package. For details about the apt package manager, see https://wiki.debian.org/Apt.
cosPackage
$refVersionedPackage
descriptionDetails of a COS package.
googetPackage
$refVersionedPackage
descriptionDetails of a Googet package. For details about the googet package manager, see https://github.com/google/googet.
qfePackage
$refWindowsQuickFixEngineeringPackage
descriptionDetails of a Windows Quick Fix engineering package. See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering for info in Windows Quick Fix Engineering.
windowsApplication
$refWindowsApplication
descriptionDetails of Windows Application.
wuaPackage
$refWindowsUpdatePackage
descriptionDetails of a Windows Update package. See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for information about Windows Update.
yumPackage
$refVersionedPackage
descriptionYum package info. For details about the yum package manager, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum.
zypperPackage
$refVersionedPackage
descriptionDetails of a Zypper package. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual.
zypperPatch
$refZypperPatch
descriptionDetails of a Zypper patch. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual.
typeobject
TimeOfDay
descriptionRepresents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`.
idTimeOfDay
properties
hours
descriptionHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
formatint32
typeinteger
minutes
descriptionMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
formatint32
typeinteger
nanos
descriptionFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
formatint32
typeinteger
seconds
descriptionSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
formatint32
typeinteger
typeobject
VersionedPackage
descriptionInformation related to the a standard versioned package. This includes package info for APT, Yum, Zypper, and Googet package managers.
idVersionedPackage
properties
architecture
descriptionThe system architecture this package is intended for.
typestring
packageName
descriptionThe name of the package.
typestring
version
descriptionThe version of the package.
typestring
typeobject
WindowsApplication
descriptionContains information about a Windows application that is retrieved from the Windows Registry. For more information about these fields, see: https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
idWindowsApplication
properties
displayName
descriptionThe name of the application or product.
typestring
displayVersion
descriptionThe version of the product or application in string format.
typestring
helpLink
descriptionThe internet address for technical support.
typestring
installDate
$refDate
descriptionThe last time this product received service. The value of this property is replaced each time a patch is applied or removed from the product or the command-line option is used to repair the product.
publisher
descriptionThe name of the manufacturer for the product or application.
typestring
typeobject
WindowsQuickFixEngineeringPackage
descriptionInformation related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngineering Interface and match the source names: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering
idWindowsQuickFixEngineeringPackage
properties
caption
descriptionA short textual description of the QFE update.
typestring
description
descriptionA textual description of the QFE update.
typestring
hotFixId
descriptionUnique identifier associated with a particular QFE update.
typestring
installTime
descriptionDate that the QFE update was installed. Mapped from installed_on field.
formatgoogle-datetime
typestring
typeobject
WindowsUpdateCategory
descriptionCategories specified by the Windows Update.
idWindowsUpdateCategory
properties
id
descriptionThe identifier of the windows update category.
typestring
name
descriptionThe name of the windows update category.
typestring
typeobject
WindowsUpdatePackage
descriptionDetails related to a Windows Update package. Field data and names are taken from Windows Update API IUpdate Interface: https://docs.microsoft.com/en-us/windows/win32/api/_wua/ Descriptive fields like title, and description are localized based on the locale of the VM being updated.
idWindowsUpdatePackage
properties
categories
descriptionThe categories that are associated with this update package.
items
$refWindowsUpdateCategory
typearray
description
descriptionThe localized description of the update package.
typestring
kbArticleIds
descriptionA collection of Microsoft Knowledge Base article IDs that are associated with the update package.
items
typestring
typearray
lastDeploymentChangeTime
descriptionThe last published date of the update, in (UTC) date and time.
formatgoogle-datetime
typestring
moreInfoUrls
descriptionA collection of URLs that provide more information about the update package.
items
typestring
typearray
revisionNumber
descriptionThe revision number of this update package.
formatint32
typeinteger
supportUrl
descriptionA hyperlink to the language-specific support information for the update.
typestring
title
descriptionThe localized title of the update package.
typestring
updateId
descriptionGets the identifier of an update package. Stays the same across revisions.
typestring
typeobject
ZypperPatch
descriptionDetails related to a Zypper Patch.
idZypperPatch
properties
category
descriptionThe category of the patch.
typestring
patchName
descriptionThe name of the patch.
typestring
severity
descriptionThe severity specified for this patch
typestring
summary
descriptionAny summary information provided about this patch.
typestring
typeobject
servicePath
titleCloud Asset API (Test)
versionv1p5beta1
version_moduleTrue
old_value
error
code403
details
  • @typetype.googleapis.com/google.rpc.Help
    links
    descriptionurl
    Google developers console API activationhttps://console.developers.google.com/apis/api/test-cloudasset.sandbox.googleapis.com/overview?project=648364020234
  • @typetype.googleapis.com/google.rpc.ErrorInfo
    domaingoogleapis.com
    metadata
    consumerprojects/648364020234
    servicetest-cloudasset.sandbox.googleapis.com
    reasonSERVICE_DISABLED
messageCloud Asset API (Test) has not been used in project 648364020234 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/test-cloudasset.sandbox.googleapis.com/overview?project=648364020234 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
statusPERMISSION_DENIED
sandbox/test-cloudasset-v1p7beta1
dictionary_item_added
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AuthorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1RiskType']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UnsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1UserManagedRisk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcNetworkSource']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1VpcSubNetwork']
  • root['schemas']['SbomItem']
  • root['schemas']['CloudAuditOptions']['properties']['permissionType']
  • root['schemas']['DataAccessOptions']['properties']['isDirectAuth']
  • root['schemas']['GoogleCloudAssetV1p7beta1Asset']['properties']['authorizedOrgsDesc']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['accessLevelFeatures']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['createTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['updateTime']['readOnly']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['risk']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['unsatisfiedResult']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['vpcNetworkSources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sourceRestriction']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['sources']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressPolicy']['properties']['title']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressTo']['properties']['roles']
  • root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['etag']
  • root['schemas']['Inventory']['properties']['sbomItems']
dictionary_item_removed
  • root['schemas']['Empty']
  • root['schemas']['GoogleCloudAssetV1p7beta1BigQuerySetting']
  • root['schemas']['GoogleCloudAssetV1p7beta1CreateExportSettingRequest']
  • root['schemas']['GoogleCloudAssetV1p7beta1ExportAssetUpdatesRequest']
  • root['schemas']['GoogleCloudAssetV1p7beta1ExportSetting']
  • root['schemas']['GoogleCloudAssetV1p7beta1GcsSetting']
  • root['schemas']['GoogleCloudAssetV1p7beta1InventorySettings']
  • root['schemas']['GoogleCloudAssetV1p7beta1ListAssetUpdatesResponse']
  • root['schemas']['GoogleCloudAssetV1p7beta1ListAssetsResponse']
  • root['schemas']['GoogleCloudAssetV1p7beta1ListExportSettingsResponse']
  • root['schemas']['GoogleCloudAssetV1p7beta1ScheduleConfig']
  • root['schemas']['GoogleCloudAssetV1p7beta1TimeWindow']
  • root['schemas']['GoogleCloudAssetV1p7beta1UpdateTimeWindow']
values_changed
root['resources']
new_value
operations
methods
get
descriptionGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}/operations/{operationsId}/{operationsId1}
httpMethodGET
idcloudasset.operations.get
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource.
locationpath
pattern^[^/]+/[^/]+/operations/[^/]+/.*$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
v1p7beta1
methods
exportAssets
descriptionExports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1p7beta1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset proto as columns. This API implements the google.longrunning.Operation API , which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}:exportAssets
httpMethodPOST
idcloudasset.exportAssets
parameterOrder
  • parent
parameters
parent
descriptionRequired. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+parent}:exportAssets
request
$refGoogleCloudAssetV1p7beta1ExportAssetsRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
old_value
assetUpdates
methods
list
descriptionLists asset updates within a time window and returns paged results in response.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}/assetUpdates
httpMethodGET
idcloudasset.assetUpdates.list
parameterOrder
  • parent
parameters
assetNames
descriptionA list of the full names of the assets to list the updates for. See: https://cloud.google.com/asset-inventory/docs/resource-name-format Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. If specified, only assets in the list will be returned. At most one of asset_types and asset_names should be specified. If neither is specified, all assets under the parent will be returned.
locationquery
repeatedTrue
typestring
assetTypes
descriptionA list of asset types to list the updates for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned. At most one of asset_types and asset_names should be specified. If neither is specified, all assets under the parent will be returned.
locationquery
repeatedTrue
typestring
contentType
descriptionAsset content type. If not specified, no content but the asset name will be returned.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
  • IAM_POLICY_NAME
  • ORG_POLICY
  • ACCESS_POLICY
  • OS_INVENTORY
  • RELATIONSHIP
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
  • The IAM policy name for the IAM policy set on a resource.
  • The organization policy set on an asset.
  • The Access Context Manager policy set on an asset.
  • The runtime OS Inventory information.
  • The related resources.
locationquery
typestring
pageSize
descriptionThe maximum number of assets to be returned in a single response. Default is 100, minimum is 1, and maximum is 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionThe `next_page_token` returned from the previous `ListAssetsResponse`, or unspecified for the first `ListAssetsRequest`. It is a continuation of a prior `ListAssets` call, and the API should return the next page of assets.
locationquery
typestring
parent
descriptionRequired. Name of the organization or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), or "projects/[project-number]" (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
updateTimeWindow.timeWindow.endTime
descriptionEnd time of the time window (inclusive). If not specified, the current timestamp is used instead.
formatgoogle-datetime
locationquery
typestring
updateTimeWindow.timeWindow.startTime
descriptionStart time of the time window (exclusive).
formatgoogle-datetime
locationquery
typestring
updateTimeWindow.type
descriptionThe type of the time in time_window.
enum
  • TIME_TYPE_UNSPECIFIED
  • UPDATE_TIME
  • CAPTURE_TIME
enumDescriptions
  • If not specified, UPDATE_TIME is used.
  • Update time of the Asset. Assets updated in the window will be returned.
  • Capture time of the Asset update in Asset Inventory. Assets updates captured by Asset Inventory in the window will be returned. This definition should be used when full-fidelity data is required in requests with consecutive time windows.
locationquery
typestring
pathv1p7beta1/{+parent}/assetUpdates
response
$refGoogleCloudAssetV1p7beta1ListAssetUpdatesResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
assets
methods
list
descriptionLists assets with time and resource types and returns paged results in response.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}/assets
httpMethodGET
idcloudasset.assets.list
parameterOrder
  • parent
parameters
assetTypes
descriptionA list of asset types to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular expression is also supported. For example: * "compute.googleapis.com.*" snapshots resources whose asset type starts with "compute.googleapis.com". * ".*Instance" snapshots resources whose asset type ends with "Instance". * ".*Instance.*" snapshots resources whose asset type contains "Instance". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all supported asset types.
locationquery
repeatedTrue
typestring
contentType
descriptionAsset content type. If not specified, no content but the asset name will be returned.
enum
  • CONTENT_TYPE_UNSPECIFIED
  • RESOURCE
  • IAM_POLICY
  • IAM_POLICY_NAME
  • ORG_POLICY
  • ACCESS_POLICY
  • OS_INVENTORY
  • RELATIONSHIP
enumDescriptions
  • Unspecified content type.
  • Resource metadata.
  • The actual IAM policy set on a resource.
  • The IAM policy name for the IAM policy set on a resource.
  • The organization policy set on an asset.
  • The Access Context Manager policy set on an asset.
  • The runtime OS Inventory information.
  • The related resources.
locationquery
typestring
pageSize
descriptionThe maximum number of assets to be returned in a single response. Default is 100, minimum is 1, and maximum is 1000.
formatint32
locationquery
typeinteger
pageToken
descriptionThe `next_page_token` returned from the previous `ListAssetsResponse`, or unspecified for the first `ListAssetsRequest`. It is a continuation of a prior `ListAssets` call, and the API should return the next page of assets.
locationquery
typestring
parent
descriptionRequired. Name of the organization or project the assets belong to. Format: "organizations/[organization-number]" (such as "organizations/123"), "projects/[project-id]" (such as "projects/my-project-id"), or "projects/[project-number]" (such as "projects/12345").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
readTime
descriptionTimestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
formatgoogle-datetime
locationquery
typestring
relationshipTypes
descriptionA list of relationship types to output, for example: `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if content_type=RELATIONSHIP. If specified, it will snapshot [asset_types]' specified relationships, or give errors if any relationship_types' source types are not in [asset_types]. If not specified, it will snapshot all [asset_types]' supported relationships. An unspecified [asset_types] field means all supported asset_types. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all supported asset types and relationship types.
locationquery
repeatedTrue
typestring
pathv1p7beta1/{+parent}/assets
response
$refGoogleCloudAssetV1p7beta1ListAssetsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
folders
methods
getInventorySettings
descriptionGets details about an inventory setting.
flatPathv1p7beta1/folders/{foldersId}/inventorySettings
httpMethodGET
idcloudasset.folders.getInventorySettings
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the [InventorySettings] which has the format of: projects/{PROJECT_NUMBER}/inventorySettings folders/{FOLDER_NUMBER}/inventorySettings organizations/{ORGANIZATION_NUMBER}/inventorySettings
locationpath
pattern^folders/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refGoogleCloudAssetV1p7beta1InventorySettings
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
inventorySettings
resources
exportSettings
methods
create
descriptionCreates an export setting.
flatPathv1p7beta1/folders/{foldersId}/inventorySettings/exportSettings
httpMethodPOST
idcloudasset.folders.inventorySettings.exportSettings.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. Name of the inventory settings where this export setting should be created in. The format will be: projects/{PROJECT_NUMBER}/inventorySettings folders/{FOLDER_NUMBER}/inventorySettings organizations/{ORGANIZATION_NUMBER}/inventorySettings Currently a maximum of 100 export setting can be created under each [InventorySettings].
locationpath
pattern^folders/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+parent}/exportSettings
request
$refGoogleCloudAssetV1p7beta1CreateExportSettingRequest
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes an export setting.
flatPathv1p7beta1/folders/{foldersId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodDELETE
idcloudasset.folders.inventorySettings.exportSettings.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the export setting and it must be in the format of: projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID} folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID} organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID}
locationpath
pattern^folders/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details about an export setting.
flatPathv1p7beta1/folders/{foldersId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodGET
idcloudasset.folders.inventorySettings.exportSettings.get
parameterOrder
  • name
parameters
name
locationpath
pattern^folders/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists all export settings under a [InventorySettings].
flatPathv1p7beta1/folders/{foldersId}/inventorySettings/exportSettings
httpMethodGET
idcloudasset.folders.inventorySettings.exportSettings.list
parameterOrder
  • parent
parameters
pageSize
descriptionThe maximum number of export settings to return. The service may return fewer than this value. If unspecified, at most 100 export settings will be returned. The maximum value is 100, as currently only a maximum of 100 export settings can be created under each parent.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token, received from a previous `ListExportSettings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListExportSettings` must match the call that provided the page token.
locationquery
typestring
parent
locationpath
pattern^folders/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+parent}/exportSettings
response
$refGoogleCloudAssetV1p7beta1ListExportSettingsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates an export setting.
flatPathv1p7beta1/folders/{foldersId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodPATCH
idcloudasset.folders.inventorySettings.exportSettings.patch
parameterOrder
  • name
parameters
name
descriptionThe format will be: organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{exportSetting} or folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{exportSetting} or projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{exportSetting}
locationpath
pattern^folders/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
updateMask
descriptionRequired. Only updates the `export_setting` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
formatgoogle-fieldmask
locationquery
typestring
pathv1p7beta1/{+name}
request
$refGoogleCloudAssetV1p7beta1ExportSetting
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
operations
methods
get
descriptionGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}/operations/{operationsId}/{operationsId1}
httpMethodGET
idcloudasset.operations.get
parameterOrder
  • name
parameters
name
descriptionThe name of the operation resource.
locationpath
pattern^[^/]+/[^/]+/operations/[^/]+/.*$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
organizations
methods
getInventorySettings
descriptionGets details about an inventory setting.
flatPathv1p7beta1/organizations/{organizationsId}/inventorySettings
httpMethodGET
idcloudasset.organizations.getInventorySettings
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the [InventorySettings] which has the format of: projects/{PROJECT_NUMBER}/inventorySettings folders/{FOLDER_NUMBER}/inventorySettings organizations/{ORGANIZATION_NUMBER}/inventorySettings
locationpath
pattern^organizations/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refGoogleCloudAssetV1p7beta1InventorySettings
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
inventorySettings
resources
exportSettings
methods
create
descriptionCreates an export setting.
flatPathv1p7beta1/organizations/{organizationsId}/inventorySettings/exportSettings
httpMethodPOST
idcloudasset.organizations.inventorySettings.exportSettings.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. Name of the inventory settings where this export setting should be created in. The format will be: projects/{PROJECT_NUMBER}/inventorySettings folders/{FOLDER_NUMBER}/inventorySettings organizations/{ORGANIZATION_NUMBER}/inventorySettings Currently a maximum of 100 export setting can be created under each [InventorySettings].
locationpath
pattern^organizations/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+parent}/exportSettings
request
$refGoogleCloudAssetV1p7beta1CreateExportSettingRequest
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes an export setting.
flatPathv1p7beta1/organizations/{organizationsId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodDELETE
idcloudasset.organizations.inventorySettings.exportSettings.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the export setting and it must be in the format of: projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID} folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID} organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID}
locationpath
pattern^organizations/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details about an export setting.
flatPathv1p7beta1/organizations/{organizationsId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodGET
idcloudasset.organizations.inventorySettings.exportSettings.get
parameterOrder
  • name
parameters
name
locationpath
pattern^organizations/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists all export settings under a [InventorySettings].
flatPathv1p7beta1/organizations/{organizationsId}/inventorySettings/exportSettings
httpMethodGET
idcloudasset.organizations.inventorySettings.exportSettings.list
parameterOrder
  • parent
parameters
pageSize
descriptionThe maximum number of export settings to return. The service may return fewer than this value. If unspecified, at most 100 export settings will be returned. The maximum value is 100, as currently only a maximum of 100 export settings can be created under each parent.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token, received from a previous `ListExportSettings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListExportSettings` must match the call that provided the page token.
locationquery
typestring
parent
locationpath
pattern^organizations/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+parent}/exportSettings
response
$refGoogleCloudAssetV1p7beta1ListExportSettingsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates an export setting.
flatPathv1p7beta1/organizations/{organizationsId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodPATCH
idcloudasset.organizations.inventorySettings.exportSettings.patch
parameterOrder
  • name
parameters
name
descriptionThe format will be: organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{exportSetting} or folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{exportSetting} or projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{exportSetting}
locationpath
pattern^organizations/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
updateMask
descriptionRequired. Only updates the `export_setting` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
formatgoogle-fieldmask
locationquery
typestring
pathv1p7beta1/{+name}
request
$refGoogleCloudAssetV1p7beta1ExportSetting
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
projects
methods
getInventorySettings
descriptionGets details about an inventory setting.
flatPathv1p7beta1/projects/{projectsId}/inventorySettings
httpMethodGET
idcloudasset.projects.getInventorySettings
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the [InventorySettings] which has the format of: projects/{PROJECT_NUMBER}/inventorySettings folders/{FOLDER_NUMBER}/inventorySettings organizations/{ORGANIZATION_NUMBER}/inventorySettings
locationpath
pattern^projects/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refGoogleCloudAssetV1p7beta1InventorySettings
scopes
  • https://www.googleapis.com/auth/cloud-platform
resources
inventorySettings
resources
exportSettings
methods
create
descriptionCreates an export setting.
flatPathv1p7beta1/projects/{projectsId}/inventorySettings/exportSettings
httpMethodPOST
idcloudasset.projects.inventorySettings.exportSettings.create
parameterOrder
  • parent
parameters
parent
descriptionRequired. Name of the inventory settings where this export setting should be created in. The format will be: projects/{PROJECT_NUMBER}/inventorySettings folders/{FOLDER_NUMBER}/inventorySettings organizations/{ORGANIZATION_NUMBER}/inventorySettings Currently a maximum of 100 export setting can be created under each [InventorySettings].
locationpath
pattern^projects/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+parent}/exportSettings
request
$refGoogleCloudAssetV1p7beta1CreateExportSettingRequest
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
delete
descriptionDeletes an export setting.
flatPathv1p7beta1/projects/{projectsId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodDELETE
idcloudasset.projects.inventorySettings.exportSettings.delete
parameterOrder
  • name
parameters
name
descriptionRequired. The name of the export setting and it must be in the format of: projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID} folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID} organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{EXPORT_SETTING_ID}
locationpath
pattern^projects/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refEmpty
scopes
  • https://www.googleapis.com/auth/cloud-platform
get
descriptionGets details about an export setting.
flatPathv1p7beta1/projects/{projectsId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodGET
idcloudasset.projects.inventorySettings.exportSettings.get
parameterOrder
  • name
parameters
name
locationpath
pattern^projects/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+name}
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
list
descriptionLists all export settings under a [InventorySettings].
flatPathv1p7beta1/projects/{projectsId}/inventorySettings/exportSettings
httpMethodGET
idcloudasset.projects.inventorySettings.exportSettings.list
parameterOrder
  • parent
parameters
pageSize
descriptionThe maximum number of export settings to return. The service may return fewer than this value. If unspecified, at most 100 export settings will be returned. The maximum value is 100, as currently only a maximum of 100 export settings can be created under each parent.
formatint32
locationquery
typeinteger
pageToken
descriptionA page token, received from a previous `ListExportSettings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListExportSettings` must match the call that provided the page token.
locationquery
typestring
parent
locationpath
pattern^projects/[^/]+/inventorySettings$
requiredTrue
typestring
pathv1p7beta1/{+parent}/exportSettings
response
$refGoogleCloudAssetV1p7beta1ListExportSettingsResponse
scopes
  • https://www.googleapis.com/auth/cloud-platform
patch
descriptionUpdates an export setting.
flatPathv1p7beta1/projects/{projectsId}/inventorySettings/exportSettings/{exportSettingsId}
httpMethodPATCH
idcloudasset.projects.inventorySettings.exportSettings.patch
parameterOrder
  • name
parameters
name
descriptionThe format will be: organizations/{ORGANIZATION_NUMBER}/inventorySettings/exportSettings/{exportSetting} or folders/{FOLDER_NUMBER}/inventorySettings/exportSettings/{exportSetting} or projects/{PROJECT_NUMBER}/inventorySettings/exportSettings/{exportSetting}
locationpath
pattern^projects/[^/]+/inventorySettings/exportSettings/[^/]+$
requiredTrue
typestring
updateMask
descriptionRequired. Only updates the `export_setting` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server.
formatgoogle-fieldmask
locationquery
typestring
pathv1p7beta1/{+name}
request
$refGoogleCloudAssetV1p7beta1ExportSetting
response
$refGoogleCloudAssetV1p7beta1ExportSetting
scopes
  • https://www.googleapis.com/auth/cloud-platform
v1p7beta1
methods
exportAssetUpdates
descriptionExports asset updates within a time window to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1p7beta1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset proto as columns. This API implements the google.longrunning.Operation API , which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}:exportAssetUpdates
httpMethodPOST
idcloudasset.exportAssetUpdates
parameterOrder
  • parent
parameters
parent
descriptionRequired. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+parent}:exportAssetUpdates
request
$refGoogleCloudAssetV1p7beta1ExportAssetUpdatesRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
exportAssets
descriptionExports assets with time and resource types to a given Cloud Storage location/BigQuery table. For Cloud Storage location destinations, the output format is newline-delimited JSON. Each line represents a google.cloud.asset.v1p7beta1.Asset in the JSON format; for BigQuery table destinations, the output table stores the fields in asset proto as columns. This API implements the google.longrunning.Operation API , which allows you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.
flatPathv1p7beta1/{v1p7beta1Id}/{v1p7beta1Id1}:exportAssets
httpMethodPOST
idcloudasset.exportAssets
parameterOrder
  • parent
parameters
parent
descriptionRequired. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"), or a folder number (such as "folders/123").
locationpath
pattern^[^/]+/[^/]+$
requiredTrue
typestring
pathv1p7beta1/{+parent}:exportAssets
request
$refGoogleCloudAssetV1p7beta1ExportAssetsRequest
response
$refOperation
scopes
  • https://www.googleapis.com/auth/cloud-platform
root['revision']
new_value20250225
old_value20230224
root['schemas']['Binding']['properties']['members']['description']
new_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
old_valueSpecifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
root['schemas']['Binding']['properties']['role']['description']
new_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
old_valueRole that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
root['schemas']['CloudAuditOptions']['properties']['authorizationLoggingOptions']['description']
new_valueInformation used by the Cloud Audit Logging pipeline. Will be deprecated once the migration to PermissionType is complete (b/201806118).
old_valueInformation used by the Cloud Audit Logging pipeline.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessLevel']['properties']['name']['description']
new_valueIdentifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
old_valueResource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['etag']['description']
new_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
old_valueOutput only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['name']['description']
new_valueOutput only. Identifier. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
old_valueOutput only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1AccessPolicy']['properties']['scopes']['description']
new_valueThe scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with `scopes=["folders/123"]` has the following behavior: - ServicePerimeter can only restrict projects within `folders/123`. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes `folders/123` will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
old_valueThe scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
root['schemas']['GoogleIdentityAccesscontextmanagerV1Condition']['properties']['negate']['description']
new_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields. Any non-empty field criteria evaluating to false will result in the Condition to be satisfied. Defaults to false.
old_valueWhether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1EgressTo']['properties']['externalResources']['description']
new_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
old_valueA list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1IngressFrom']['properties']['identities']['description']
new_valueA list of identities that are allowed access through [IngressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The `v1` identities that have the prefix `user`, `group`, `serviceAccount`, and `principal` in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
old_valueA list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['method']['description']
new_valueA valid method name for the corresponding `service_name` in ApiOperation. If `*` is used as the value for the `method`, then ALL methods and permissions are allowed.
old_valueValue for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are allowed.
root['schemas']['GoogleIdentityAccesscontextmanagerV1MethodSelector']['properties']['permission']['description']
new_valueA valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
old_valueValue for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation.
root['schemas']['GoogleIdentityAccesscontextmanagerV1ServicePerimeter']['properties']['name']['description']
new_valueIdentifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
old_valueResource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
root['schemas']['Operation']['properties']['response']['description']
new_valueThe normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
old_valueThe normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
root['schemas']['Policy']['description']
new_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
old_valueAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
root['schemas']['TimeOfDay']['properties']['hours']['description']
new_valueHours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
old_valueHours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time.
root['schemas']['TimeOfDay']['properties']['minutes']['description']
new_valueMinutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.
old_valueMinutes of hour of day. Must be from 0 to 59.
root['schemas']['TimeOfDay']['properties']['nanos']['description']
new_valueFractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.
old_valueFractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
root['schemas']['TimeOfDay']['properties']['seconds']['description']
new_valueSeconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.
old_valueSeconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][3]
new_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'cryto_core_guardians' (i.e., allow connections from its crypto core guardian realms. See go/security-realms-glossary#guardian for more information.) Crypto Core coverage is a super-set of Default coverage, containing information about coverage between higher tier data centers (e.g., YAWNs). Most services should use Default coverage and only use Crypto Core coverage if the service is involved in greenfield turnup of new higher tier data centers (e.g., credential infrastructure, machine/job management systems, etc.). - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the *absence* of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
root['schemas']['Item']['properties']['type']['enumDescriptions'][0]
new_valueInvalid. A type must be specified.
old_valueInvalid. An type must be specified.
root['schemas']['GoogleCloudAssetV1p7beta1PartitionSpec']['properties']['partitionKey']['enumDescriptions'][2]
new_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitioned by the requestTime column, an additional timestamp column representing when the request was received.
old_valueThe time when the request is received and started to be processed. If specified as partition key, the result table(s) is partitoned by the requestTime column, an additional timestamp column representing when the request was received.
root['schemas']['GoogleCloudAssetV1p7beta1PartitionSpec']['properties']['partitionKey']['enumDescriptions'][1]
new_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitioned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
old_valueThe time when the snapshot is taken. If specified as partition key, the result table(s) is partitoned by the additional timestamp column, readTime. If [read_time] in ExportAssetsRequest is specified, the readTime column's value will be the same as it. Otherwise, its value will be the current time that is used to take the snapshot.
root['schemas']['Condition']['properties']['iam']['enumDescriptions'][7]
new_valueProperties of the credentials supplied with this request. See http://go/rpcsp-credential-assertions?polyglot=rpcsp-v1-0 The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
old_valueEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
sandbox/test-cloudshell-
values_changed
root['revision']
new_value20250221
old_value20250220
sandbox/test-cloudshell-v1
values_changed
root['revision']
new_value20250221
old_value20250220
sandbox/test-container-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-container-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-container-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-contentmanager-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-contentmanager-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-dataaccessauditlogging-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-dataaccessauditlogging-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-dialogflow-
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-dialogflow-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-dialogflow-v2
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-dialogflow-v2beta1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-dialogflow-v3
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-dialogflow-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-dialogflow-v3beta1
dictionary_item_added
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Handler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerEventHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1HandlerLifecycleHandler']
  • root['schemas']['GoogleCloudDialogflowCxV3beta1Playbook']['properties']['handlers']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-discoveryengine-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-discoveryengine-v1
dictionary_item_added
  • root['schemas']['GoogleCloudDiscoveryengineV1SearchRequest']['properties']['relevanceThreshold']
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-discoveryengine-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-discoveryengine-v1beta
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-firebaserules-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-firebaserules-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-eu-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-eu-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-eu-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-eu-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-us-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-us-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-us-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-us-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-v1beta2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-language-v2
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-logging-
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/test-logging-v1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/test-logging-v1beta3
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/test-logging-v2
values_changed
root['revision']
new_value20250224
old_value20250222
root['schemas']['SortOrderParameter']['properties']['sortOrderDirection']['enum'][3]
new_valueSORT_ORDER_DESCENDING
old_valueDESCENDING
root['schemas']['SortOrderParameter']['properties']['sortOrderDirection']['enum'][0]
new_valueSORT_ORDER_UNSPECIFIED
old_valueSORT_ORDER_DIRECTION_UNSPECIFIED
root['schemas']['SortOrderParameter']['properties']['sortOrderDirection']['enum'][2]
new_valueSORT_ORDER_ASCENDING
old_valueASCENDING
sandbox/test-logging-v2beta1
values_changed
root['revision']
new_value20250224
old_value20250222
sandbox/test-mlengine-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-mlengine-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-monitoring-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-monitoring-v1
dictionary_item_added
  • root['schemas']['SingleViewGroup']['properties']['displayType']
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-monitoring-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-recommendationengine-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-recommendationengine-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-recommendationengine-v1alpha
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-recommendationengine-v1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-retail-
values_changed
root['resources']['projects']['resources']['locations']['resources']['catalogs']['methods']['completeQuery']['parameters']['entity']['description']
new_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results. Also, this entity should be limited to 256 characters, if too long, it will be truncated to 256 characters in both generation and serving time, and may lead to mis-match. To ensure it works, please set the entity with string within 256 characters.
old_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results.
root['revision']
new_value20250225
old_value20250222
sandbox/test-retail-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-retail-v2
values_changed
root['resources']['projects']['resources']['locations']['resources']['catalogs']['methods']['completeQuery']['parameters']['entity']['description']
new_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results. Also, this entity should be limited to 256 characters, if too long, it will be truncated to 256 characters in both generation and serving time, and may lead to mis-match. To ensure it works, please set the entity with string within 256 characters.
old_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results.
root['revision']
new_value20250225
old_value20250222
sandbox/test-retail-v2alpha
values_changed
root['resources']['projects']['resources']['locations']['resources']['catalogs']['methods']['completeQuery']['parameters']['entity']['description']
new_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results. Also, this entity should be limited to 256 characters, if too long, it will be truncated to 256 characters in both generation and serving time, and may lead to mis-match. To ensure it works, please set the entity with string within 256 characters.
old_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results.
root['revision']
new_value20250225
old_value20250222
sandbox/test-retail-v2beta
values_changed
root['resources']['projects']['resources']['locations']['resources']['catalogs']['methods']['completeQuery']['parameters']['entity']['description']
new_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results. Also, this entity should be limited to 256 characters, if too long, it will be truncated to 256 characters in both generation and serving time, and may lead to mis-match. To ensure it works, please set the entity with string within 256 characters.
old_valueThe entity for customers who run multiple entities, domains, sites, or regions, for example, `Google US`, `Google Ads`, `Waymo`, `google.com`, `youtube.com`, etc. If this is set, it must be an exact match with UserEvent.entity to get per-entity autocomplete results.
root['revision']
new_value20250225
old_value20250222
sandbox/test-scone-pa-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-scone-pa-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-storagetransfer-
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-storagetransfer-v1
values_changed
root['revision']
new_value20250225
old_value20250223
sandbox/test-translate-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translate-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translate-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translate-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translate-v3beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translation-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translation-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translation-v3
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translation-v3alpha1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-translation-v3beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-vision-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-vision-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-vision-v1p1beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-vision-v1p2beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-vision-v1p3beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-vision-v1p4beta1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-youtubereporting-
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/test-youtubereporting-v1
values_changed
root['revision']
new_value20250225
old_value20250222
sandbox/us-staging-vision-
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/us-staging-vision-v1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/us-staging-vision-v1p1beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/us-staging-vision-v1p2beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/us-staging-vision-v1p3beta1
values_changed
root['revision']
new_value20250225
old_value20250221
sandbox/us-staging-vision-v1p4beta1
values_changed
root['revision']
new_value20250225
old_value20250221