Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllResources
permission on the desired scope, otherwise the request will be rejected.
Scopes
You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call.
If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform.
You can set the scope for this method like this: cloudasset1 --scope <scope> methods search-all-resources ...
Required Scalar Argument
- <scope> (string)
- Required. A scope can be a project, a folder, or an organization. The search is limited to the resources within the
scope
. The caller must be granted thecloudasset.assets.searchAllResources
permission on the desired scope. The allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-bar") * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
- Required. A scope can be a project, a folder, or an organization. The search is limited to the resources within the
Optional Output Flags
The method's return value a JSON encoded structure, which will be written to standard output by default.
- -o out
- out specifies the destination to which to write the server's result to.
It will be a JSON-encoded structure.
The destination may be
-
to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.
- out specifies the destination to which to write the server's result to.
It will be a JSON-encoded structure.
The destination may be
Optional Method Properties
You may set the following properties to further configure the call. Please note that -p
is followed by one
or more key-value-pairs, and is called like this -p k1=v1 k2=v2
even though the listing below repeats the
-p
for completeness.
-
-p asset-types=string
- Optional. A list of asset types that this request searches for. If empty, it will search all the asset types supported by search APIs. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.
-
-p order-by=string
- Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only the following fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType
-
-p page-size=integer
- Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as
next_page_token
is returned.
- Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as
-
-p page-token=string
- Optional. If present, then retrieve the next batch of results from the preceding call to this method.
page_token
must be the value ofnext_page_token
from the previous response. The values of all other method parameters, must be identical to those in the previous call.
- Optional. If present, then retrieve the next batch of results from the preceding call to this method.
-
-p query=string
- Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the resources within the specified
scope
. Examples: *name:Important
to find Google Cloud resources whose name containsImportant
as a word. *name=Important
to find the Google Cloud resource whose name is exactlyImportant
. *displayName:Impor*
to find Google Cloud resources whose display name containsImpor
as a prefix of any word in the field. *location:us-west*
to find Google Cloud resources whose location contains bothus
andwest
as prefixes. *labels:prod
to find Google Cloud resources whose labels containprod
as a key or value. *labels.env:prod
to find Google Cloud resources that have a labelenv
and its value isprod
. *labels.env:*
to find Google Cloud resources that have a labelenv
. *tagKeys:env
to find Google Cloud resources that have directly attached tags where theTagKey.namespacedName
containsenv
. *tagValues:prod*
to find Google Cloud resources that have directly attached tags where theTagValue.namespacedName
contains a word prefixed byprod
. *tagValueIds=tagValues/123
to find Google Cloud resources that have directly attached tags where theTagValue.name
is exactlytagValues/123
. *effectiveTagKeys:env
to find Google Cloud resources that have directly attached or inherited tags where theTagKey.namespacedName
containsenv
. *effectiveTagValues:prod*
to find Google Cloud resources that have directly attached or inherited tags where theTagValue.namespacedName
contains a word prefixed byprod
. *effectiveTagValueIds=tagValues/123
to find Google Cloud resources that have directly attached or inherited tags where theTagValue.name
is exactlytagValues/123
. *kmsKey:key
to find Google Cloud resources encrypted with a customer-managed encryption key whose name containskey
as a word. This field is deprecated. Use thekmsKeys
field to retrieve Cloud KMS key information. *kmsKeys:key
to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the wordkey
. *relationships:instance-group-1
to find Google Cloud resources that have relationships withinstance-group-1
in the related resource name. *relationships:INSTANCE_TO_INSTANCEGROUP
to find Compute Engine instances that have relationships of typeINSTANCE_TO_INSTANCEGROUP
. *relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1
to find Compute Engine instances that have relationships withinstance-group-1
in the Compute Engine instance group resource name, for relationship typeINSTANCE_TO_INSTANCEGROUP
. *sccSecurityMarks.key=value
to find Cloud resources that are attached with security marks whose key iskey
and value isvalue
. *sccSecurityMarks.key:*
to find Cloud resources that are attached with security marks whose key iskey
. *state:ACTIVE
to find Google Cloud resources whose state containsACTIVE
as a word. *NOT state:ACTIVE
to find Google Cloud resources whose state doesn't containACTIVE
as a word. *createTime<1609459200
to find Google Cloud resources that were created before2021-01-01 00:00:00 UTC
.1609459200
is the epoch timestamp of2021-01-01 00:00:00 UTC
in seconds. *updateTime>1609459200
to find Google Cloud resources that were updated after2021-01-01 00:00:00 UTC
.1609459200
is the epoch timestamp of2021-01-01 00:00:00 UTC
in seconds. *Important
to find Google Cloud resources that containImportant
as a word in any of the searchable fields. *Impor*
to find Google Cloud resources that containImpor
as a prefix of any word in any of the searchable fields. *Important location:(us-west1 OR global)
to find Google Cloud resources that containImportant
as a word in any of the searchable fields and are also located in theus-west1
region or theglobal
location.
- Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the resources within the specified
-
-p read-mask=string
- Optional. A comma-separated list of fields that you want returned in the results. The following fields are returned by default if not specified: *
name
*assetType
*project
*folders
*organization
*displayName
*description
*location
*labels
*tags
*effectiveTags
*networkTags
*kmsKeys
*createTime
*updateTime
*state
*additionalAttributes
*parentFullResourceName
*parentAssetType
Some fields of large size, such asversionedResources
,attachedResources
,effectiveTags
etc., are not returned by default, but you can specify them in theread_mask
parameter if you want to include them. If"*"
is specified, all available fields are returned. Examples:"name,location"
,"name,versionedResources"
,"*"
. Any invalid field path will trigger INVALID_ARGUMENT error.
- Optional. A comma-separated list of fields that you want returned in the results. The following fields are returned by default if not specified: *
Optional General Properties
The following properties can configure any call, and are not specific to this method.
-
-p $-xgafv=string
- V1 error format.
-
-p access-token=string
- OAuth access token.
-
-p alt=string
- Data format for response.
-
-p callback=string
- JSONP
-
-p fields=string
- Selector specifying which fields to include in a partial response.
-
-p key=string
- API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
-
-p oauth-token=string
- OAuth 2.0 token for the current user.
-
-p pretty-print=boolean
- Returns response with indentations and line breaks.
-
-p quota-user=string
- Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
-
-p upload-type=string
- Legacy upload protocol for media (e.g. "media", "multipart").
-
-p upload-protocol=string
- Upload protocol for media (e.g. "raw", "multipart").