googleCloudAssetProjectFeed

Describes a Cloud Asset Inventory feed used to to listen to asset updates.

To get more information about ProjectFeed, see:

• API documentation
• How-to Guides
• Official Documentation

Example Usage - Cloud Asset Project Feed

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googlePubsubTopicFeedOutput = new google.pubsubTopic.PubsubTopic(
  this,
  "feed_output",
  {
    name: "network-updates",
    project: "my-project-name",
  }
);
new google.dataGoogleProject.DataGoogleProject(this, "project", {
  project_id: "my-project-name",
});
new google.cloudAssetProjectFeed.CloudAssetProjectFeed(this, "project_feed", {
  asset_types: [
    "compute.googleapis.com/Subnetwork",
    "compute.googleapis.com/Network",
  ],
  condition: [
    {
      description: "Send notifications on creation events",
      expression:
        "!temporal_asset.deleted &&\ntemporal_asset.prior_asset_state == google.cloud.asset.v1.TemporalAsset.PriorAssetState.DOES_NOT_EXIST\n",
      title: "created",
    },
  ],
  content_type: "RESOURCE",
  feed_id: "network-updates",
  feed_output_config: [
    {
      pubsub_destination: [
        {
          topic: googlePubsubTopicFeedOutput.id,
        },
      ],
    },
  ],
  project: "my-project-name",
});

Argument Reference

The following arguments are supported:

• feedId - (Required) This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.

• feedOutputConfig - (Required) Output configuration for asset feed destination. Structure is documented below.

The feedOutputConfig block supports:

• pubsubDestination - (Required) Destination on Cloud Pubsub. Structure is documented below.

The pubsubDestination block supports:

• topic - (Required) Destination on Cloud Pubsub topic.

• billingProject - (Optional) The project whose identity will be used when sending messages to the destination pubsub topic. It also specifies the project for API enablement check, quota, and billing. If not specified, the resource's project will be used.

• assetNames - (Optional) A list of the full names of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.

• assetTypes - (Optional) A list of types of the assets to receive updates. You must specify either or both of assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to the feed. For example: "compute.googleapis.com/Disk" See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all supported asset types.

• contentType - (Optional) Asset content type. If not specified, no content but the asset name and type will be returned. Possible values are contentTypeUnspecified, resource, iamPolicy, orgPolicy, and accessPolicy.

• condition - (Optional) A condition which determines whether an asset update should be published. If specified, an asset will be returned only when the expression evaluates to true. When set, expression field must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of condition are optional. Structure is documented below.

• project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The condition block supports:

• expression - (Required) Textual representation of an expression in Common Expression Language syntax.

• title - (Optional) Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

• description - (Optional) Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

• location - (Optional) String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format {{name}}

• name - The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.

Timeouts

This resource provides the following Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

ProjectFeed can be imported using any of these accepted formats:

$ terraform import google_cloud_asset_project_feed.default projects/{{project}}/feeds/{{name}}
$ terraform import google_cloud_asset_project_feed.default {{project}}/{{name}}
$ terraform import google_cloud_asset_project_feed.default {{name}}

User Project Overrides

This resource supports User Project Overrides.