google-apis-cloudasset_v1 0.18.0 → 0.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f7aea9e71e398bb4c3e5bce062c8248bdfcacc46f8cd8786236e172037bc0b1
-  data.tar.gz: aa07e8bfcf05fa5860cd82fbbcbf4b66e33ac2b180edb15676ebffa03fa60cce
+  metadata.gz: 3ce8dfe25ab46886cb08e2987553321a3c3ae82229825c8d656dfb7f66817210
+  data.tar.gz: 206d02c703103ce073e5e76a0c23a8c69c8000dbb87844c71afdc5d8e421137f
 SHA512:
-  metadata.gz: 5be3567c5655280736cf5b071665f5d7fd8c54ee1de4b4a2fa6bfcc1f780fc64cb5b4fa524d9abb64e004ef601f4b794de95e077efb827b710c95acba84417df
-  data.tar.gz: d6ce0742fbc4fb953f7e93adba8be27e09db0cede53d14bc9b40a0e9d140831b0cb67b61644bddca0c2c18c1e8b0d0dbfa1c2a146445b95ee2a5d0efb43a26e3
+  metadata.gz: a5cf7ab8a7ab3d720cf321e91fac7f06bab64be6768bf8687f7a91e3a4078b9848f831293832fd5da005448340a370acb2d2cc3ef8d93d7d0800ed0ad123b077
+  data.tar.gz: e07a0c2257d4eec90730e322a05199b887a84f1d76083bc07bb8b01e887a91a8548da2f763d807782a1d60fe303ea7e57804e4c366657ca83576f070735251b2

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Release history for google-apis-cloudasset_v1
 
+### v0.22.0 (2021-12-02)
+
+* Regenerated from discovery document revision 20211125
+
+### v0.21.0 (2021-11-10)
+
+* Regenerated from discovery document revision 20211105
+
+### v0.20.0 (2021-10-27)
+
+* Regenerated from discovery document revision 20211022
+
+### v0.19.0 (2021-09-29)
+
+* Regenerated from discovery document revision 20210924
+
 ### v0.18.0 (2021-09-15)
 
 * Regenerated from discovery document revision 20210910

data/OVERVIEW.md

@@ -60,8 +60,8 @@ See the class reference docs for information on the methods you can call from a
 
 More detailed descriptions of the Google simple REST clients are available in two documents.
 
- *  The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
- *  The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
+ *  The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
+ *  The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
 
 (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Cloudasset service in particular.)
 

data/lib/google/apis/cloudasset_v1/classes.rb

@@ -74,7 +74,7 @@ module Google
       class AnalyzeIamPolicyLongrunningRequest
         include Google::Apis::Core::Hashable
       
-        # ## IAM policy analysis query message.
+        # IAM policy analysis query message.
         # Corresponds to the JSON property `analysisQuery`
         # @return [Google::Apis::CloudassetV1::IamPolicyAnalysisQuery]
         attr_accessor :analysis_query
@@ -84,6 +84,21 @@ module Google
         # @return [Google::Apis::CloudassetV1::IamPolicyAnalysisOutputConfig]
         attr_accessor :output_config
       
+        # Optional. The name of a saved query, which must be in the format of: *
+        # projects/project_number/savedQueries/saved_query_id * folders/folder_number/
+        # savedQueries/saved_query_id * organizations/organization_number/savedQueries/
+        # saved_query_id If both `analysis_query` and `saved_analysis_query` are
+        # provided, they will be merged together with the `saved_analysis_query` as base
+        # and the `analysis_query` as overrides. For more details of the merge behavior,
+        # please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/
+        # docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc.
+        # Note that you cannot override primitive fields with default value, such as 0
+        # or empty string, etc., because we use proto3, which doesn't support field
+        # presence yet.
+        # Corresponds to the JSON property `savedAnalysisQuery`
+        # @return [String]
+        attr_accessor :saved_analysis_query
+      
         def initialize(**args)
            update!(**args)
         end
@@ -92,6 +107,7 @@ module Google
         def update!(**args)
           @analysis_query = args[:analysis_query] if args.key?(:analysis_query)
           @output_config = args[:output_config] if args.key?(:output_config)
+          @saved_analysis_query = args[:saved_analysis_query] if args.key?(:saved_analysis_query)
         end
       end
       
@@ -208,31 +224,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `iamPolicy`
         # @return [Google::Apis::CloudassetV1::Policy]
         attr_accessor :iam_policy
@@ -504,7 +520,7 @@ module Google
         end
       end
       
-      # Associates `members` with a `role`.
+      # Associates `members`, or principals, with a `role`.
       class Binding
         include Google::Apis::Core::Hashable
       
@@ -527,7 +543,7 @@ module Google
         # @return [Google::Apis::CloudassetV1::Expr]
         attr_accessor :condition
       
-        # Specifies the identities requesting access for a Cloud Platform resource. `
+        # Specifies the principals requesting access for a Cloud Platform resource. `
         # members` can have the following values: * `allUsers`: A special identifier
         # that represents anyone who is on the internet; with or without a Google
         # account. * `allAuthenticatedUsers`: A special identifier that represents
@@ -557,8 +573,8 @@ module Google
         # @return [Array<String>]
         attr_accessor :members
       
-        # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
-        # , or `roles/owner`.
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role
@@ -1322,31 +1338,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `iamPolicy`
         # @return [Google::Apis::CloudassetV1::Policy]
         attr_accessor :iam_policy
@@ -1954,6 +1970,21 @@ module Google
         # @return [String]
         attr_accessor :parent
       
+        # The scopes of a policy define which resources an ACM policy can restrict, and
+        # where ACM resources can be referenced. For example, a policy with scopes=["
+        # folders/123"] has the following behavior: - vpcsc perimeters can only restrict
+        # projects within folders/123 - access levels can only be referenced by
+        # resources within folders/123. If empty, there are no limitations on which
+        # resources can be restricted by an ACM policy, and there are no limitations on
+        # where ACM resources can be referenced. Only one policy can include a given
+        # scope (attempting to create a second policy which includes "folders/123" will
+        # result in an error). Currently, scopes cannot be modified after a policy is
+        # created. Currently, policies can only have a single scope. Format: list of `
+        # folders/`folder_number`` or `projects/`project_number``
+        # Corresponds to the JSON property `scopes`
+        # @return [Array<String>]
+        attr_accessor :scopes
+      
         # Required. Human readable title. Does not affect behavior.
         # Corresponds to the JSON property `title`
         # @return [String]
@@ -1968,6 +1999,7 @@ module Google
           @etag = args[:etag] if args.key?(:etag)
           @name = args[:name] if args.key?(:name)
           @parent = args[:parent] if args.key?(:parent)
+          @scopes = args[:scopes] if args.key?(:scopes)
           @title = args[:title] if args.key?(:title)
         end
       end
@@ -2706,7 +2738,7 @@ module Google
       class IamPolicyAnalysis
         include Google::Apis::Core::Hashable
       
-        # ## IAM policy analysis query message.
+        # IAM policy analysis query message.
         # Corresponds to the JSON property `analysisQuery`
         # @return [Google::Apis::CloudassetV1::IamPolicyAnalysisQuery]
         attr_accessor :analysis_query
@@ -2767,7 +2799,7 @@ module Google
         end
       end
       
-      # ## IAM policy analysis query message.
+      # IAM policy analysis query message.
       class IamPolicyAnalysisQuery
         include Google::Apis::Core::Hashable
       
@@ -2854,7 +2886,7 @@ module Google
         attr_accessor :fully_explored
         alias_method :fully_explored?, :fully_explored
       
-        # Associates `members` with a `role`.
+        # Associates `members`, or principals, with a `role`.
         # Corresponds to the JSON property `iamBinding`
         # @return [Google::Apis::CloudassetV1::Binding]
         attr_accessor :iam_binding
@@ -2944,31 +2976,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::CloudassetV1::Policy]
         attr_accessor :policy
@@ -3015,8 +3047,8 @@ module Google
       class IdentitySelector
         include Google::Apis::Core::Hashable
       
-        # Required. The identity appear in the form of members in [IAM policy binding](
-        # https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of
+        # Required. The identity appear in the form of principals in [IAM policy binding]
+        # (https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of
         # supported forms are: "user:mike@example.com", "group:admins@example.com", "
         # domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com".
         # Notice that wildcard characters (such as * and ?) are not supported. You must
@@ -3186,6 +3218,32 @@ module Google
         end
       end
       
+      # Response of listing saved queries.
+      class ListSavedQueriesResponse
+        include Google::Apis::Core::Hashable
+      
+        # A token, which can be sent as `page_token` to retrieve the next page. If this
+        # field is omitted, there are no subsequent pages.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # A list of savedQueries.
+        # Corresponds to the JSON property `savedQueries`
+        # @return [Array<Google::Apis::CloudassetV1::SavedQuery>]
+        attr_accessor :saved_queries
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @saved_queries = args[:saved_queries] if args.key?(:saved_queries)
+        end
+      end
+      
       # A message to group the analysis information.
       class MoveAnalysis
         include Google::Apis::Core::Hashable
@@ -3395,15 +3453,16 @@ module Google
         attr_accessor :expand_roles
         alias_method :expand_roles?, :expand_roles
       
-        # Optional. If true, the result will output group identity edges, starting from
-        # the binding's group members, to any expanded identities. Default is false.
+        # Optional. If true, the result will output the relevant membership
+        # relationships between groups and other groups, and between groups and
+        # principals. Default is false.
         # Corresponds to the JSON property `outputGroupEdges`
         # @return [Boolean]
         attr_accessor :output_group_edges
         alias_method :output_group_edges?, :output_group_edges
       
-        # Optional. If true, the result will output resource edges, starting from the
-        # policy attached resource, to any expanded resources. Default is false.
+        # Optional. If true, the result will output the relevant parent/child
+        # relationships between resources. Default is false.
         # Corresponds to the JSON property `outputResourceEdges`
         # @return [Boolean]
         attr_accessor :output_resource_edges
@@ -3551,31 +3610,31 @@ module Google
       
       # An Identity and Access Management (IAM) policy, which specifies access
       # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members` to a single `role`. Members can be
-      # user accounts, service accounts, Google groups, and domains (such as G Suite).
-      # A `role` is a named list of permissions; each `role` can be an IAM predefined
-      # role or a user-created custom role. For some types of Google Cloud resources,
-      # a `binding` can also specify a `condition`, which is a logical expression that
-      # allows access to a resource only if the expression evaluates to `true`. A
-      # condition can add constraints based on attributes of the request, the resource,
-      # or both. To learn which resources support conditions in their IAM policies,
-      # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-      # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-      # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-      # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-      # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-      # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-      # title": "expirable access", "description": "Does not grant access after Sep
-      # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-      # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-      # members: - user:mike@example.com - group:admins@example.com - domain:google.
-      # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-      # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-      # roles/resourcemanager.organizationViewer condition: title: expirable access
-      # description: Does not grant access after Sep 2020 expression: request.time <
-      # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-      # description of IAM and its features, see the [IAM documentation](https://cloud.
-      # google.com/iam/docs/).
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+      # bindings: - members: - user:mike@example.com - group:admins@example.com -
+      # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+      # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+      # access description: Does not grant access after Sep 2020 expression: request.
+      # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+      # a description of IAM and its features, see the [IAM documentation](https://
+      # cloud.google.com/iam/docs/).
       class Policy
         include Google::Apis::Core::Hashable
       
@@ -3584,9 +3643,14 @@ module Google
         # @return [Array<Google::Apis::CloudassetV1::AuditConfig>]
         attr_accessor :audit_configs
       
-        # Associates a list of `members` to a `role`. Optionally, may specify a `
-        # condition` that determines how and when the `bindings` are applied. Each of
-        # the `bindings` must contain at least one member.
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
         # Corresponds to the JSON property `bindings`
         # @return [Array<Google::Apis::CloudassetV1::Binding>]
         attr_accessor :bindings
@@ -3659,6 +3723,25 @@ module Google
         end
       end
       
+      # The query content.
+      class QueryContent
+        include Google::Apis::Core::Hashable
+      
+        # IAM policy analysis query message.
+        # Corresponds to the JSON property `iamPolicyAnalysisQuery`
+        # @return [Google::Apis::CloudassetV1::IamPolicyAnalysisQuery]
+        attr_accessor :iam_policy_analysis_query
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @iam_policy_analysis_query = args[:iam_policy_analysis_query] if args.key?(:iam_policy_analysis_query)
+        end
+      end
+      
       # An asset identifier in Google Cloud which contains its name, type and
       # ancestors. An asset can be any resource in the Google Cloud [resource
       # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
@@ -4144,6 +4227,74 @@ module Google
         end
       end
       
+      # A saved query which can be shared with others or used later.
+      class SavedQuery
+        include Google::Apis::Core::Hashable
+      
+        # The query content.
+        # Corresponds to the JSON property `content`
+        # @return [Google::Apis::CloudassetV1::QueryContent]
+        attr_accessor :content
+      
+        # Output only. The create time of this saved query.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+      
+        # Output only. The account's email address who has created this saved query.
+        # Corresponds to the JSON property `creator`
+        # @return [String]
+        attr_accessor :creator
+      
+        # The description of this saved query. This value should be fewer than 255
+        # characters.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # Labels applied on the resource. This value should not contain more than 10
+        # entries. The key and value of each entry must be non-empty and fewer than 64
+        # characters.
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+      
+        # Output only. The last update time of this saved query.
+        # Corresponds to the JSON property `lastUpdateTime`
+        # @return [String]
+        attr_accessor :last_update_time
+      
+        # Output only. The account's email address who has updated this saved query most
+        # recently.
+        # Corresponds to the JSON property `lastUpdater`
+        # @return [String]
+        attr_accessor :last_updater
+      
+        # The resource name of the saved query. The format must be: * projects/
+        # project_number/savedQueries/saved_query_id * folders/folder_number/
+        # savedQueries/saved_query_id * organizations/organization_number/savedQueries/
+        # saved_query_id
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @content = args[:content] if args.key?(:content)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @creator = args[:creator] if args.key?(:creator)
+          @description = args[:description] if args.key?(:description)
+          @labels = args[:labels] if args.key?(:labels)
+          @last_update_time = args[:last_update_time] if args.key?(:last_update_time)
+          @last_updater = args[:last_updater] if args.key?(:last_updater)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      
       # Search all IAM policies response.
       class SearchAllIamPoliciesResponse
         include Google::Apis::Core::Hashable
@@ -4229,10 +4380,9 @@ module Google
         # @return [Google::Apis::CloudassetV1::WindowsQuickFixEngineeringPackage]
         attr_accessor :qfe_package
       
-        # Contains information about a Windows application as retrieved from the Windows
-        # Registry. For more information about these fields, see [Windows Installer
-        # Properties for the Uninstall Registry](https://docs.microsoft.com/en-us/
-        # windows/win32/msi/uninstall-registry-key)`: class="external" `
+        # Contains information about a Windows application that is retrieved from the
+        # Windows Registry. For more information about these fields, see: https://docs.
+        # microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
         # Corresponds to the JSON property `windowsApplication`
         # @return [Google::Apis::CloudassetV1::WindowsApplication]
         attr_accessor :windows_application
@@ -4498,10 +4648,9 @@ module Google
         end
       end
       
-      # Contains information about a Windows application as retrieved from the Windows
-      # Registry. For more information about these fields, see [Windows Installer
-      # Properties for the Uninstall Registry](https://docs.microsoft.com/en-us/
-      # windows/win32/msi/uninstall-registry-key)`: class="external" `
+      # Contains information about a Windows application that is retrieved from the
+      # Windows Registry. For more information about these fields, see: https://docs.
+      # microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
       class WindowsApplication
         include Google::Apis::Core::Hashable
       

data/lib/google/apis/cloudasset_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module CloudassetV1
       # Version of the google-apis-cloudasset_v1 gem
-      GEM_VERSION = "0.18.0"
+      GEM_VERSION = "0.22.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.4.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20210910"
+      REVISION = "20211125"
     end
   end
 end

data/lib/google/apis/cloudasset_v1/representations.rb

@@ -448,6 +448,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class ListSavedQueriesResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class MoveAnalysis
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -514,6 +520,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class QueryContent
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class RelatedAsset
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -562,6 +574,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class SavedQuery
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class SearchAllIamPoliciesResponse
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -668,6 +686,7 @@ module Google
       
           property :output_config, as: 'outputConfig', class: Google::Apis::CloudassetV1::IamPolicyAnalysisOutputConfig, decorator: Google::Apis::CloudassetV1::IamPolicyAnalysisOutputConfig::Representation
       
+          property :saved_analysis_query, as: 'savedAnalysisQuery'
         end
       end
       
@@ -1079,6 +1098,7 @@ module Google
           property :etag, as: 'etag'
           property :name, as: 'name'
           property :parent, as: 'parent'
+          collection :scopes, as: 'scopes'
           property :title, as: 'title'
         end
       end
@@ -1383,6 +1403,15 @@ module Google
         end
       end
       
+      class ListSavedQueriesResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :next_page_token, as: 'nextPageToken'
+          collection :saved_queries, as: 'savedQueries', class: Google::Apis::CloudassetV1::SavedQuery, decorator: Google::Apis::CloudassetV1::SavedQuery::Representation
+      
+        end
+      end
+      
       class MoveAnalysis
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -1492,6 +1521,14 @@ module Google
         end
       end
       
+      class QueryContent
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :iam_policy_analysis_query, as: 'iamPolicyAnalysisQuery', class: Google::Apis::CloudassetV1::IamPolicyAnalysisQuery, decorator: Google::Apis::CloudassetV1::IamPolicyAnalysisQuery::Representation
+      
+        end
+      end
+      
       class RelatedAsset
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -1586,6 +1623,21 @@ module Google
         end
       end
       
+      class SavedQuery
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :content, as: 'content', class: Google::Apis::CloudassetV1::QueryContent, decorator: Google::Apis::CloudassetV1::QueryContent::Representation
+      
+          property :create_time, as: 'createTime'
+          property :creator, as: 'creator'
+          property :description, as: 'description'
+          hash :labels, as: 'labels'
+          property :last_update_time, as: 'lastUpdateTime'
+          property :last_updater, as: 'lastUpdater'
+          property :name, as: 'name'
+        end
+      end
+      
       class SearchAllIamPoliciesResponse
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

data/lib/google/apis/cloudasset_v1/service.rb

@@ -331,6 +331,206 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Creates a saved query in a parent project/folder/organization.
+        # @param [String] parent
+        #   Required. The name of the project/folder/organization where this saved_query
+        #   should be created in. It can only be an organization number (such as "
+        #   organizations/123"), a folder number (such as "folders/123"), a project ID (
+        #   such as "projects/my-project-id")", or a project number (such as "projects/
+        #   12345").
+        # @param [Google::Apis::CloudassetV1::SavedQuery] saved_query_object
+        # @param [String] saved_query_id
+        #   Required. The ID to use for the saved query, which must be unique in the
+        #   specified parent. It will become the final component of the saved query's
+        #   resource name. This value should be 4-63 characters, and valid characters are /
+        #   a-z-/. Notice that this field is required in the saved query creation, and the
+        #   `name` field of the `saved_query` will be ignored.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1::SavedQuery] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1::SavedQuery]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def create_saved_query(parent, saved_query_object = nil, saved_query_id: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+parent}/savedQueries', options)
+          command.request_representation = Google::Apis::CloudassetV1::SavedQuery::Representation
+          command.request_object = saved_query_object
+          command.response_representation = Google::Apis::CloudassetV1::SavedQuery::Representation
+          command.response_class = Google::Apis::CloudassetV1::SavedQuery
+          command.params['parent'] = parent unless parent.nil?
+          command.query['savedQueryId'] = saved_query_id unless saved_query_id.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Deletes a saved query.
+        # @param [String] name
+        #   Required. The name of the saved query to delete. It must be in the format of: *
+        #   projects/project_number/savedQueries/saved_query_id * folders/folder_number/
+        #   savedQueries/saved_query_id * organizations/organization_number/savedQueries/
+        #   saved_query_id
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1::Empty] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1::Empty]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def delete_saved_query(name, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:delete, 'v1/{+name}', options)
+          command.response_representation = Google::Apis::CloudassetV1::Empty::Representation
+          command.response_class = Google::Apis::CloudassetV1::Empty
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Gets details about a saved query.
+        # @param [String] name
+        #   Required. The name of the saved query and it must be in the format of: *
+        #   projects/project_number/savedQueries/saved_query_id * folders/folder_number/
+        #   savedQueries/saved_query_id * organizations/organization_number/savedQueries/
+        #   saved_query_id
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1::SavedQuery] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1::SavedQuery]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_saved_query(name, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+name}', options)
+          command.response_representation = Google::Apis::CloudassetV1::SavedQuery::Representation
+          command.response_class = Google::Apis::CloudassetV1::SavedQuery
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Lists all saved queries in a parent project/folder/organization.
+        # @param [String] parent
+        #   Required. The parent project/folder/organization whose savedQueries are to be
+        #   listed. It can only be using project/folder/organization number (such as "
+        #   folders/12345")", or a project ID (such as "projects/my-project-id").
+        # @param [String] filter
+        #   Optional. The expression to filter resources. The expression is a list of zero
+        #   or more restrictions combined via logical operators `AND` and `OR`. When `AND`
+        #   and `OR` are both used in the expression, parentheses must be appropriately
+        #   used to group the combinations. The expression may also contain regular
+        #   expressions. See https://google.aip.dev/160 for more information on the
+        #   grammar.
+        # @param [Fixnum] page_size
+        #   Optional. The maximum number of saved queries to return per page. The service
+        #   may return fewer than this value. If unspecified, at most 50 will be returned.
+        #   The maximum value is 1000; values above 1000 will be coerced to 1000.
+        # @param [String] page_token
+        #   Optional. A page token, received from a previous `ListSavedQueries` call.
+        #   Provide this to retrieve the subsequent page. When paginating, all other
+        #   parameters provided to `ListSavedQueries` must match the call that provided
+        #   the page token.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1::ListSavedQueriesResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1::ListSavedQueriesResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def list_saved_queries(parent, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1/{+parent}/savedQueries', options)
+          command.response_representation = Google::Apis::CloudassetV1::ListSavedQueriesResponse::Representation
+          command.response_class = Google::Apis::CloudassetV1::ListSavedQueriesResponse
+          command.params['parent'] = parent unless parent.nil?
+          command.query['filter'] = filter unless filter.nil?
+          command.query['pageSize'] = page_size unless page_size.nil?
+          command.query['pageToken'] = page_token unless page_token.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Updates a saved query.
+        # @param [String] name
+        #   The resource name of the saved query. The format must be: * projects/
+        #   project_number/savedQueries/saved_query_id * folders/folder_number/
+        #   savedQueries/saved_query_id * organizations/organization_number/savedQueries/
+        #   saved_query_id
+        # @param [Google::Apis::CloudassetV1::SavedQuery] saved_query_object
+        # @param [String] update_mask
+        #   Required. The list of fields to update.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1::SavedQuery] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1::SavedQuery]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def patch_saved_query(name, saved_query_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:patch, 'v1/{+name}', options)
+          command.request_representation = Google::Apis::CloudassetV1::SavedQuery::Representation
+          command.request_object = saved_query_object
+          command.response_representation = Google::Apis::CloudassetV1::SavedQuery::Representation
+          command.response_class = Google::Apis::CloudassetV1::SavedQuery
+          command.params['name'] = name unless name.nil?
+          command.query['updateMask'] = update_mask unless update_mask.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Analyzes IAM policies to answer which identities have what accesses on which
         # resources.
         # @param [String] scope
@@ -352,8 +552,8 @@ module Google
         #   value must not be earlier than the current time; otherwise, an
         #   INVALID_ARGUMENT error will be returned.
         # @param [String] analysis_query_identity_selector_identity
-        #   Required. The identity appear in the form of members in [IAM policy binding](
-        #   https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of
+        #   Required. The identity appear in the form of principals in [IAM policy binding]
+        #   (https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of
         #   supported forms are: "user:mike@example.com", "group:admins@example.com", "
         #   domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com".
         #   Notice that wildcard characters (such as * and ?) are not supported. You must
@@ -402,11 +602,12 @@ module Google
         #   result will be determined by the selector, and this flag is not allowed to set.
         #   Default is false.
         # @param [Boolean] analysis_query_options_output_group_edges
-        #   Optional. If true, the result will output group identity edges, starting from
-        #   the binding's group members, to any expanded identities. Default is false.
+        #   Optional. If true, the result will output the relevant membership
+        #   relationships between groups and other groups, and between groups and
+        #   principals. Default is false.
         # @param [Boolean] analysis_query_options_output_resource_edges
-        #   Optional. If true, the result will output resource edges, starting from the
-        #   policy attached resource, to any expanded resources. Default is false.
+        #   Optional. If true, the result will output the relevant parent/child
+        #   relationships between resources. Default is false.
         # @param [String] analysis_query_resource_selector_full_resource_name
         #   Required. The [full resource name] (https://cloud.google.com/asset-inventory/
         #   docs/resource-name-format) of a resource of [supported resource types](https://
@@ -420,6 +621,18 @@ module Google
         #   you will get a response with partial result. Otherwise, your query's execution
         #   will continue until the RPC deadline. If it's not finished until then, you
         #   will get a DEADLINE_EXCEEDED error. Default is empty.
+        # @param [String] saved_analysis_query
+        #   Optional. The name of a saved query, which must be in the format of: *
+        #   projects/project_number/savedQueries/saved_query_id * folders/folder_number/
+        #   savedQueries/saved_query_id * organizations/organization_number/savedQueries/
+        #   saved_query_id If both `analysis_query` and `saved_analysis_query` are
+        #   provided, they will be merged together with the `saved_analysis_query` as base
+        #   and the `analysis_query` as overrides. For more details of the merge behavior,
+        #   please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/
+        #   docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page.
+        #   Note that you cannot override primitive fields with default value, such as 0
+        #   or empty string, etc., because we use proto3, which doesn't support field
+        #   presence yet.
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
         # @param [String] quota_user
@@ -437,7 +650,7 @@ module Google
         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
         # @raise [Google::Apis::AuthorizationError] Authorization is required
-        def analyze_iam_policy(scope, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_condition_context_access_time: nil, analysis_query_identity_selector_identity: nil, analysis_query_options_analyze_service_account_impersonation: nil, analysis_query_options_expand_groups: nil, analysis_query_options_expand_resources: nil, analysis_query_options_expand_roles: nil, analysis_query_options_output_group_edges: nil, analysis_query_options_output_resource_edges: nil, analysis_query_resource_selector_full_resource_name: nil, execution_timeout: nil, fields: nil, quota_user: nil, options: nil, &block)
+        def analyze_iam_policy(scope, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_condition_context_access_time: nil, analysis_query_identity_selector_identity: nil, analysis_query_options_analyze_service_account_impersonation: nil, analysis_query_options_expand_groups: nil, analysis_query_options_expand_resources: nil, analysis_query_options_expand_roles: nil, analysis_query_options_output_group_edges: nil, analysis_query_options_output_resource_edges: nil, analysis_query_resource_selector_full_resource_name: nil, execution_timeout: nil, saved_analysis_query: nil, fields: nil, quota_user: nil, options: nil, &block)
           command = make_simple_command(:get, 'v1/{+scope}:analyzeIamPolicy', options)
           command.response_representation = Google::Apis::CloudassetV1::AnalyzeIamPolicyResponse::Representation
           command.response_class = Google::Apis::CloudassetV1::AnalyzeIamPolicyResponse
@@ -454,6 +667,7 @@ module Google
           command.query['analysisQuery.options.outputResourceEdges'] = analysis_query_options_output_resource_edges unless analysis_query_options_output_resource_edges.nil?
           command.query['analysisQuery.resourceSelector.fullResourceName'] = analysis_query_resource_selector_full_resource_name unless analysis_query_resource_selector_full_resource_name.nil?
           command.query['executionTimeout'] = execution_timeout unless execution_timeout.nil?
+          command.query['savedAnalysisQuery'] = saved_analysis_query unless saved_analysis_query.nil?
           command.query['fields'] = fields unless fields.nil?
           command.query['quotaUser'] = quota_user unless quota_user.nil?
           execute_or_queue_command(command, &block)
@@ -713,9 +927,9 @@ module Google
         #   how_to_construct_a_query) for more information. If not specified or empty, it
         #   will search all the IAM policies within the specified `scope`. Note that the
         #   query string is compared against each Cloud IAM policy binding, including its
-        #   members, roles, and Cloud IAM conditions. The returned Cloud IAM policies will
-        #   only contain the bindings that match your query. To learn more about the IAM
-        #   policy structure, see [IAM policy doc](https://cloud.google.com/iam/docs/
+        #   principals, roles, and Cloud IAM conditions. The returned Cloud IAM policies
+        #   will only contain the bindings that match your query. To learn more about the
+        #   IAM policy structure, see [IAM policy doc](https://cloud.google.com/iam/docs/
         #   policies#structure). Examples: * `policy:amy@gmail.com` to find IAM policy
         #   bindings that specify user "amy@gmail.com". * `policy:roles/compute.admin` to
         #   find IAM policy bindings that specify the Compute Admin role. * `policy:comp*`
@@ -737,8 +951,8 @@ module Google
         #   instance1 OR instance2) policy:amy` to find IAM policy bindings that are set
         #   on resources "instance1" or "instance2" and also specify user "amy". * `roles:
         #   roles/compute.admin` to find IAM policy bindings that specify the Compute
-        #   Admin role. * `memberTypes:user` to find IAM policy bindings that contain the "
-        #   user" member type.
+        #   Admin role. * `memberTypes:user` to find IAM policy bindings that contain the
+        #   principal type "user".
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
         # @param [String] quota_user

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-cloudasset_v1
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 0.22.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-20 00:00:00.000000000 Z
+date: 2021-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -57,9 +57,9 @@ licenses:
 - Apache-2.0
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
-  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-cloudasset_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.18.0
-  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-cloudasset_v1
+  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1/CHANGELOG.md
+  documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.22.0
+  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1
 post_install_message: 
 rdoc_options: []
 require_paths: