File: //snap/google-cloud-cli/396/lib/surface/scc/assets/list.yaml
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- release_tracks: [ALPHA, BETA, GA]
deprecate:
is_removed: false
warning: |
Security Command Center Asset APIs are deprecated and will be removed on or after
June 26, 2024. Use Cloud Asset Inventory instead [(gcloud asset)](https://cloud.google.com/sdk/gcloud/reference/asset).
For more information, [see the deprecation notice at Assets Page](https://cloud.google.com/security-command-center/docs/how-to-use-security-command-center#assets_page).
help_text:
brief: List Cloud Security Command Center assets.
description: List Cloud Security Command Center assets.
examples: |
List all assets under organization (123456)
$ {command} 123456
List all assets under project (example-project)
$ {command} projects/example-project
List all assets under folder (456)
$ {command} folders/456
List all assets under organization (123456) that were present as of 2019-01-01T01:00:00 GMT time.
$ {command} 123456 --read-time="2019-01-01T01:00:00Z"
Only list category and resource_name for all assets under organization (123456):
$ {command} 123456 --field-mask="category,resource_name"
List all compute instances under organization (123456):
$ {command} 123456 --filter="security_center_properties.resource_type=\"google.compute.Instance\""
List all firewall rules that have open HTTP Ports:
$ {command} 123456 --filter="security_center_properties.resource_type = \"google.compute.Firewall\" AND resource_properties.name =\"default-allow-http\""
List all assets that belong to either projects: 5678 OR 78910 (project's numeric identifier).
$ {command} 123456 --filter="security_center_properties.resource_parent = \"//cloudresourcemanager.googleapis.com/projects/5678\" OR security_center_properties.resource_parent = "\78910\""
List all projects that are owned by a user:someone@domain.com. Notice the usage of : which enforces partial matching.
$ {command} 123456 --filter="security_center_properties.resource_type = \"google.cloud.resourcemanager.Project\" AND security_center_properties.resource_owners : \"user:someone@domain.com\""
List assets and add a state_change property that indicates if the asset was added, removed, or remained present during the past 24 hours period:
$ {command} 123456 --compare-duration=86400s
request:
collection: securitycenter.organizations.assets
api_version: v1
modify_request_hooks:
- googlecloudsdk.command_lib.scc.assets.request_hooks:ListAssetsReqHook
arguments:
additional_arguments_hook: googlecloudsdk.command_lib.scc.hooks:AppendParentArg
params:
- !REF googlecloudsdk.command_lib.scc.flags:read_time
- !REF googlecloudsdk.command_lib.scc.assets.flags:compare_duration
- arg_name: field-mask
api_field: fieldMask
help_text: |
Field mask to specify the Asset fields to be listed in the response. An empty field mask will list all fields.
Example field mask: "asset.security_center_properties.resource_type,asset.security_center_properties.resource_parent"
- arg_name: order-by
api_field: orderBy
help_text: |
Expression that defines what fields and order to use for sorting.
Example order by: "resource_properties.sort_prop ASC"
- arg_name: page-token
api_field: pageToken
help_text: |
The value returned by the last 'ListAssetsResponse'; indicates
that this is a continuation of a prior 'ListAssets' call, and that the
system should return the next page of data.