Searches all Google Cloud resources within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllResources permission on the desired scope, otherwise the request will be rejected.

Scopes

You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call.

If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform. You can set the scope for this method like this: cloudasset1 --scope <scope> methods search-all-resources ...

Required Scalar Argument

• <scope> (string)
  • Required. A scope can be a project, a folder, or an organization. The search is limited to the resources within the scope. The caller must be granted the cloudasset.assets.searchAllResources permission on the desired scope. The allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-bar") * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")

Optional Output Flags

The method's return value a JSON encoded structure, which will be written to standard output by default.

• -o out
  • out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.

Optional Method Properties

You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness.

• -p asset-types=string

  • Optional. A list of asset types that this request searches for. If empty, it will search all the asset types supported by search APIs. Regular expressions are also supported. For example: * "compute.googleapis.com." snapshots resources whose asset type starts with "compute.googleapis.com". * ".Instance" snapshots resources whose asset type ends with "Instance". * ".Instance." snapshots resources whose asset type contains "Instance". See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.

• -p order-by=string

  • Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "location DESC, name". Only the following fields in the response are sortable: * name * assetType * project * displayName * description * location * createTime * updateTime * state * parentFullResourceName * parentAssetType

• -p page-size=integer

  • Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

• -p page-token=string

  • Optional. If present, then retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters, must be identical to those in the previous call.

• -p query=string

  • Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the resources within the specified scope. Examples: * name:Important to find Google Cloud resources whose name contains Important as a word. * name=Important to find the Google Cloud resource whose name is exactly Important. * displayName:Impor* to find Google Cloud resources whose display name contains Impor as a prefix of any word in the field. * location:us-west* to find Google Cloud resources whose location contains both us and west as prefixes. * labels:prod to find Google Cloud resources whose labels contain prod as a key or value. * labels.env:prod to find Google Cloud resources that have a label env and its value is prod. * labels.env:* to find Google Cloud resources that have a label env. * tagKeys:env to find Google Cloud resources that have directly attached tags where the TagKey.namespacedName contains env. * tagValues:prod* to find Google Cloud resources that have directly attached tags where the TagValue.namespacedName contains a word prefixed by prod. * tagValueIds=tagValues/123 to find Google Cloud resources that have directly attached tags where the TagValue.name is exactly tagValues/123. * effectiveTagKeys:env to find Google Cloud resources that have directly attached or inherited tags where the TagKey.namespacedName contains env. * effectiveTagValues:prod* to find Google Cloud resources that have directly attached or inherited tags where the TagValue.namespacedName contains a word prefixed by prod. * effectiveTagValueIds=tagValues/123 to find Google Cloud resources that have directly attached or inherited tags where the TagValue.name is exactly tagValues/123. * kmsKey:key to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains key as a word. This field is deprecated. Use the kmsKeys field to retrieve Cloud KMS key information. * kmsKeys:key to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains the word key. * relationships:instance-group-1 to find Google Cloud resources that have relationships with instance-group-1 in the related resource name. * relationships:INSTANCE_TO_INSTANCEGROUP to find Compute Engine instances that have relationships of type INSTANCE_TO_INSTANCEGROUP. * relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1 to find Compute Engine instances that have relationships with instance-group-1 in the Compute Engine instance group resource name, for relationship type INSTANCE_TO_INSTANCEGROUP. * sccSecurityMarks.key=value to find Cloud resources that are attached with security marks whose key is key and value is value. * sccSecurityMarks.key:* to find Cloud resources that are attached with security marks whose key is key. * state:ACTIVE to find Google Cloud resources whose state contains ACTIVE as a word. * NOT state:ACTIVE to find Google Cloud resources whose state doesn't contain ACTIVE as a word. * createTime<1609459200 to find Google Cloud resources that were created before 2021-01-01 00:00:00 UTC. 1609459200 is the epoch timestamp of 2021-01-01 00:00:00 UTC in seconds. * updateTime>1609459200 to find Google Cloud resources that were updated after 2021-01-01 00:00:00 UTC. 1609459200 is the epoch timestamp of 2021-01-01 00:00:00 UTC in seconds. * Important to find Google Cloud resources that contain Important as a word in any of the searchable fields. * Impor* to find Google Cloud resources that contain Impor as a prefix of any word in any of the searchable fields. * Important location:(us-west1 OR global) to find Google Cloud resources that contain Important as a word in any of the searchable fields and are also located in the us-west1 region or the global location.

• -p read-mask=string

  • Optional. A comma-separated list of fields that you want returned in the results. The following fields are returned by default if not specified: * name * assetType * project * folders * organization * displayName * description * location * labels * tags * effectiveTags * networkTags * kmsKeys * createTime * updateTime * state * additionalAttributes * parentFullResourceName * parentAssetType Some fields of large size, such as versionedResources, attachedResources, effectiveTags etc., are not returned by default, but you can specify them in the read_mask parameter if you want to include them. If "*" is specified, all available fields are returned. Examples: "name,location", "name,versionedResources", "*". Any invalid field path will trigger INVALID_ARGUMENT error.

Optional General Properties

The following properties can configure any call, and are not specific to this method.

• -p $-xgafv=string

  • V1 error format.

• -p access-token=string

  • OAuth access token.

• -p alt=string

  • Data format for response.

• -p callback=string

  • JSONP

• -p fields=string

  • Selector specifying which fields to include in a partial response.

• -p key=string

  • API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.

• -p oauth-token=string

  • OAuth 2.0 token for the current user.

• -p pretty-print=boolean

  • Returns response with indentations and line breaks.

• -p quota-user=string

  • Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.

• -p upload-type=string

  • Legacy upload protocol for media (e.g. "media", "multipart").

• -p upload-protocol=string

  • Upload protocol for media (e.g. "raw", "multipart").