google-apis-cloudasset_v1 0.3.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f1acf6282fa984e011f3ac787cddfac7095488391d249307c2f5ec0d5a6d9e6
-  data.tar.gz: 141f49ede27cea29d82a4e6eda0fbed050a3049db8bb731f04653ee6d30eb244
+  metadata.gz: 450f9a28366fecd8b3eaaef7a700e380a0aa4b68a378c1c6c2576f741be3487d
+  data.tar.gz: 709ebd03deafa5a6393e41ad30df6c4d3296b0cccab8d76a6a67f3ec70bd8962
 SHA512:
-  metadata.gz: e8bcce462c34522145b7735b0c9608ded6e57935692ba0a36011b6323153e1b1ebb8311781ae8a43e4b6c5b728dcdd7ea342ac3feb44b73fc57a292f218d1a3c
-  data.tar.gz: 871835974e3ff8856929512bf7b3cbf9f418955dca3bd3b17860425e07b5d0924fd74ec17b4acd8d813dd12db8134571f13c20f6fe038b44d5fec70ff5aa88d0
+  metadata.gz: 524b7f5de245377fcbcf8a585a1b4eaf9efc9e8e8b84d8f1a702d8d7ba34a1d0f19b6149265c266ce80221ef9a8b68f367518f41c8d7997847e474774d94c179
+  data.tar.gz: 61889f0d53670fd0d7493fdfe80a795b206f86293b158fb94b5441c3aff1a3845532b54976fc712bc68275fc2d5afcb8d4a9824db65e0843fb11ffbb1aaceb91

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Release history for google-apis-cloudasset_v1
 
+### v0.8.0 (2021-05-20)
+
+* Regenerated from discovery document revision 20210518
+* Unspecified changes
+
+### v0.7.0 (2021-05-12)
+
+* Regenerated from discovery document revision 20210507
+
+### v0.6.0 (2021-03-31)
+
+* Regenerated from discovery document revision 20210326
+
+### v0.5.0 (2021-03-09)
+
+* Regenerated from discovery document revision 20210305
+* Regenerated using generator version 0.2.0
+
+### v0.4.0 (2021-03-04)
+
+* Regenerated from discovery document revision 20210226
+
 ### v0.3.0 (2021-02-17)
 
 * Regenerated from discovery document revision 20210212

data/lib/google/apis/cloudasset_v1.rb

@@ -29,7 +29,7 @@ module Google
       # This is NOT the gem version.
       VERSION = 'V1'
 
-      # View and manage your data across Google Cloud Platform services
+      # See, edit, configure, and delete your Google Cloud Platform data
       AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
     end
   end

data/lib/google/apis/cloudasset_v1/classes.rb

@@ -75,6 +75,19 @@ module Google
         end
       end
       
+      # A response message for AssetService.AnalyzeIamPolicyLongrunning.
+      class AnalyzeIamPolicyLongrunningResponse
+        include Google::Apis::Core::Hashable
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      
       # A response message for AssetService.AnalyzeIamPolicy.
       class AnalyzeIamPolicyResponse
         include Google::Apis::Core::Hashable
@@ -110,12 +123,33 @@ module Google
         end
       end
       
+      # The response message for resource move analysis.
+      class AnalyzeMoveResponse
+        include Google::Apis::Core::Hashable
+      
+        # The list of analyses returned from performing the intended resource move
+        # analysis. The analysis is grouped by different Cloud services.
+        # Corresponds to the JSON property `moveAnalysis`
+        # @return [Array<Google::Apis::CloudassetV1::MoveAnalysis>]
+        attr_accessor :move_analysis
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @move_analysis = args[:move_analysis] if args.key?(:move_analysis)
+        end
+      end
+      
       # An asset in Google Cloud. An asset can be any resource in the Google Cloud [
       # resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
       # platform-resource-hierarchy), a resource outside the Google Cloud resource
       # hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
-      # (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/
-      # asset-inventory/docs/supported-asset-types) for more information.
+      # (e.g. Cloud IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
+      # relationship). See [Supported asset types](https://cloud.google.com/asset-
+      # inventory/docs/supported-asset-types) for more information.
       class Asset
         include Google::Apis::Core::Hashable
       
@@ -480,6 +514,46 @@ module Google
         end
       end
       
+      # The IAM conditions context.
+      class ConditionContext
+        include Google::Apis::Core::Hashable
+      
+        # The hypothetical access timestamp to evaluate IAM conditions. Note that this
+        # value must not be earlier than the current time; otherwise, an
+        # INVALID_ARGUMENT error will be returned.
+        # Corresponds to the JSON property `accessTime`
+        # @return [String]
+        attr_accessor :access_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @access_time = args[:access_time] if args.key?(:access_time)
+        end
+      end
+      
+      # The Condition evaluation.
+      class ConditionEvaluation
+        include Google::Apis::Core::Hashable
+      
+        # The evaluation result.
+        # Corresponds to the JSON property `evaluationValue`
+        # @return [String]
+        attr_accessor :evaluation_value
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @evaluation_value = args[:evaluation_value] if args.key?(:evaluation_value)
+        end
+      end
+      
       # Create asset feed request.
       class CreateFeedRequest
         include Google::Apis::Core::Hashable
@@ -763,7 +837,9 @@ module Google
         # The uri of the Cloud Storage object. It's the same uri that is used by gsutil.
         # Example: "gs://bucket_name/object_name". See [Viewing and Editing Object
         # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for
-        # more information.
+        # more information. If the specified Cloud Storage object already exists and
+        # there is no [hold](https://cloud.google.com/storage/docs/object-holds), it
+        # will be overwritten with the exported result.
         # Corresponds to the JSON property `uri`
         # @return [String]
         attr_accessor :uri
@@ -842,6 +918,11 @@ module Google
         # @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1Access>]
         attr_accessor :accesses
       
+        # The Condition evaluation.
+        # Corresponds to the JSON property `conditionEvaluation`
+        # @return [Google::Apis::CloudassetV1::ConditionEvaluation]
+        attr_accessor :condition_evaluation
+      
         # Resource edges of the graph starting from the policy attached resource to any
         # descendant resources. The Edge.source_node contains the full resource name of
         # a parent resource and Edge.target_node contains the full resource name of a
@@ -865,6 +946,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @accesses = args[:accesses] if args.key?(:accesses)
+          @condition_evaluation = args[:condition_evaluation] if args.key?(:condition_evaluation)
           @resource_edges = args[:resource_edges] if args.key?(:resource_edges)
           @resources = args[:resources] if args.key?(:resources)
         end
@@ -954,9 +1036,11 @@ module Google
         include Google::Apis::Core::Hashable
       
         # Required. The uri of the Cloud Storage object. It's the same uri that is used
-        # by gsutil. For example: "gs://bucket_name/object_name". See [Quickstart: Using
-        # the gsutil tool] (https://cloud.google.com/storage/docs/quickstart-gsutil) for
-        # examples.
+        # by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing
+        # Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-
+        # metadata) for more information. If the specified Cloud Storage object already
+        # exists and there is no [hold](https://cloud.google.com/storage/docs/object-
+        # holds), it will be overwritten with the analysis result.
         # Corresponds to the JSON property `uri`
         # @return [String]
         attr_accessor :uri
@@ -1058,6 +1142,326 @@ module Google
         end
       end
       
+      # An asset in Google Cloud. An asset can be any resource in the Google Cloud [
+      # resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
+      # platform-resource-hierarchy), a resource outside the Google Cloud resource
+      # hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
+      # (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/
+      # asset-inventory/docs/supported-asset-types) for more information.
+      class GoogleCloudAssetV1p7beta1Asset
+        include Google::Apis::Core::Hashable
+      
+        # An `AccessLevel` is a label that can be applied to requests to Google Cloud
+        # services, along with a list of requirements necessary for the label to be
+        # applied.
+        # Corresponds to the JSON property `accessLevel`
+        # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessLevel]
+        attr_accessor :access_level
+      
+        # `AccessPolicy` is a container for `AccessLevels` (which define the necessary
+        # attributes to use Google Cloud services) and `ServicePerimeters` (which define
+        # regions of services able to freely pass data within a perimeter). An access
+        # policy is globally visible within an organization, and the restrictions it
+        # specifies apply to all projects within an organization.
+        # Corresponds to the JSON property `accessPolicy`
+        # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1AccessPolicy]
+        attr_accessor :access_policy
+      
+        # The ancestry path of an asset in Google Cloud [resource hierarchy](https://
+        # cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
+        # represented as a list of relative resource names. An ancestry path starts with
+        # the closest ancestor in the hierarchy and ends at root. If the asset is a
+        # project, folder, or organization, the ancestry path starts from the asset
+        # itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
+        # Corresponds to the JSON property `ancestors`
+        # @return [Array<String>]
+        attr_accessor :ancestors
+      
+        # The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported
+        # asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-
+        # types) for more information.
+        # Corresponds to the JSON property `assetType`
+        # @return [String]
+        attr_accessor :asset_type
+      
+        # An Identity and Access Management (IAM) policy, which specifies access
+        # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+        # A `binding` binds one or more `members` to a single `role`. Members can be
+        # user accounts, service accounts, Google groups, and domains (such as G Suite).
+        # A `role` is a named list of permissions; each `role` can be an IAM predefined
+        # role or a user-created custom role. For some types of Google Cloud resources,
+        # a `binding` can also specify a `condition`, which is a logical expression that
+        # allows access to a resource only if the expression evaluates to `true`. A
+        # condition can add constraints based on attributes of the request, the resource,
+        # or both. To learn which resources support conditions in their IAM policies,
+        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
+        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
+        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
+        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
+        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
+        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
+        # title": "expirable access", "description": "Does not grant access after Sep
+        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
+        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
+        # members: - user:mike@example.com - group:admins@example.com - domain:google.
+        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
+        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
+        # roles/resourcemanager.organizationViewer condition: title: expirable access
+        # description: Does not grant access after Sep 2020 expression: request.time <
+        # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
+        # description of IAM and its features, see the [IAM documentation](https://cloud.
+        # google.com/iam/docs/).
+        # Corresponds to the JSON property `iamPolicy`
+        # @return [Google::Apis::CloudassetV1::Policy]
+        attr_accessor :iam_policy
+      
+        # The full name of the asset. Example: `//compute.googleapis.com/projects/
+        # my_project_123/zones/zone1/instances/instance1` See [Resource names](https://
+        # cloud.google.com/apis/design/resource_names#full_resource_name) for more
+        # information.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+      
+        # A representation of an [organization policy](https://cloud.google.com/resource-
+        # manager/docs/organization-policy/overview#organization_policy). There can be
+        # more than one organization policy with different constraints set on a given
+        # resource.
+        # Corresponds to the JSON property `orgPolicy`
+        # @return [Array<Google::Apis::CloudassetV1::GoogleCloudOrgpolicyV1Policy>]
+        attr_accessor :org_policy
+      
+        # The detailed related assets with the `relationship_type`.
+        # Corresponds to the JSON property `relatedAssets`
+        # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1p7beta1RelatedAssets]
+        attr_accessor :related_assets
+      
+        # A representation of a Google Cloud resource.
+        # Corresponds to the JSON property `resource`
+        # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1p7beta1Resource]
+        attr_accessor :resource
+      
+        # `ServicePerimeter` describes a set of Google Cloud resources which can freely
+        # import and export data amongst themselves, but not export outside of the `
+        # ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+        # has a target outside of the `ServicePerimeter`, the request will be blocked.
+        # Otherwise the request is allowed. There are two types of Service Perimeter -
+        # Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google
+        # Cloud project can only belong to a single regular Service Perimeter. Service
+        # Perimeter Bridges can contain only Google Cloud projects as members, a single
+        # Google Cloud project may belong to multiple Service Perimeter Bridges.
+        # Corresponds to the JSON property `servicePerimeter`
+        # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter]
+        attr_accessor :service_perimeter
+      
+        # The last update timestamp of an asset. update_time is updated when create/
+        # update/delete operation is performed.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @access_level = args[:access_level] if args.key?(:access_level)
+          @access_policy = args[:access_policy] if args.key?(:access_policy)
+          @ancestors = args[:ancestors] if args.key?(:ancestors)
+          @asset_type = args[:asset_type] if args.key?(:asset_type)
+          @iam_policy = args[:iam_policy] if args.key?(:iam_policy)
+          @name = args[:name] if args.key?(:name)
+          @org_policy = args[:org_policy] if args.key?(:org_policy)
+          @related_assets = args[:related_assets] if args.key?(:related_assets)
+          @resource = args[:resource] if args.key?(:resource)
+          @service_perimeter = args[:service_perimeter] if args.key?(:service_perimeter)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      
+      # An asset identify in Google Cloud which contains its name, type and ancestors.
+      # An asset can be any resource in the Google Cloud [resource hierarchy](https://
+      # cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a
+      # resource outside the Google Cloud resource hierarchy (such as Google
+      # Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
+      # See [Supported asset types](https://cloud.google.com/asset-inventory/docs/
+      # supported-asset-types) for more information.
+      class GoogleCloudAssetV1p7beta1RelatedAsset
+        include Google::Apis::Core::Hashable
+      
+        # The ancestors of an asset in Google Cloud [resource hierarchy](https://cloud.
+        # google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
+        # represented as a list of relative resource names. An ancestry path starts with
+        # the closest ancestor in the hierarchy and ends at root. Example: `["projects/
+        # 123456789", "folders/5432", "organizations/1234"]`
+        # Corresponds to the JSON property `ancestors`
+        # @return [Array<String>]
+        attr_accessor :ancestors
+      
+        # The full name of the asset. Example: `//compute.googleapis.com/projects/
+        # my_project_123/zones/zone1/instances/instance1` See [Resource names](https://
+        # cloud.google.com/apis/design/resource_names#full_resource_name) for more
+        # information.
+        # Corresponds to the JSON property `asset`
+        # @return [String]
+        attr_accessor :asset
+      
+        # The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported
+        # asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-
+        # types) for more information.
+        # Corresponds to the JSON property `assetType`
+        # @return [String]
+        attr_accessor :asset_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @ancestors = args[:ancestors] if args.key?(:ancestors)
+          @asset = args[:asset] if args.key?(:asset)
+          @asset_type = args[:asset_type] if args.key?(:asset_type)
+        end
+      end
+      
+      # The detailed related assets with the `relationship_type`.
+      class GoogleCloudAssetV1p7beta1RelatedAssets
+        include Google::Apis::Core::Hashable
+      
+        # The peer resources of the relationship.
+        # Corresponds to the JSON property `assets`
+        # @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1p7beta1RelatedAsset>]
+        attr_accessor :assets
+      
+        # The relationship attributes which include `type`, `source_resource_type`, `
+        # target_resource_type` and `action`.
+        # Corresponds to the JSON property `relationshipAttributes`
+        # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1p7beta1RelationshipAttributes]
+        attr_accessor :relationship_attributes
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @assets = args[:assets] if args.key?(:assets)
+          @relationship_attributes = args[:relationship_attributes] if args.key?(:relationship_attributes)
+        end
+      end
+      
+      # The relationship attributes which include `type`, `source_resource_type`, `
+      # target_resource_type` and `action`.
+      class GoogleCloudAssetV1p7beta1RelationshipAttributes
+        include Google::Apis::Core::Hashable
+      
+        # The detail of the relationship, e.g. `contains`, `attaches`
+        # Corresponds to the JSON property `action`
+        # @return [String]
+        attr_accessor :action
+      
+        # The source asset type. Example: `compute.googleapis.com/Instance`
+        # Corresponds to the JSON property `sourceResourceType`
+        # @return [String]
+        attr_accessor :source_resource_type
+      
+        # The target asset type. Example: `compute.googleapis.com/Disk`
+        # Corresponds to the JSON property `targetResourceType`
+        # @return [String]
+        attr_accessor :target_resource_type
+      
+        # The unique identifier of the relationship type. Example: `
+        # INSTANCE_TO_INSTANCEGROUP`
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @action = args[:action] if args.key?(:action)
+          @source_resource_type = args[:source_resource_type] if args.key?(:source_resource_type)
+          @target_resource_type = args[:target_resource_type] if args.key?(:target_resource_type)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
+      # A representation of a Google Cloud resource.
+      class GoogleCloudAssetV1p7beta1Resource
+        include Google::Apis::Core::Hashable
+      
+        # The content of the resource, in which some sensitive fields are removed and
+        # may not be present.
+        # Corresponds to the JSON property `data`
+        # @return [Hash<String,Object>]
+        attr_accessor :data
+      
+        # The URL of the discovery document containing the resource's JSON schema.
+        # Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This
+        # value is unspecified for resources that do not have an API based on a
+        # discovery document, such as Cloud Bigtable.
+        # Corresponds to the JSON property `discoveryDocumentUri`
+        # @return [String]
+        attr_accessor :discovery_document_uri
+      
+        # The JSON schema name listed in the discovery document. Example: `Project` This
+        # value is unspecified for resources that do not have an API based on a
+        # discovery document, such as Cloud Bigtable.
+        # Corresponds to the JSON property `discoveryName`
+        # @return [String]
+        attr_accessor :discovery_name
+      
+        # The location of the resource in Google Cloud, such as its zone and region. For
+        # more information, see https://cloud.google.com/about/locations/.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+      
+        # The full name of the immediate parent of this resource. See [Resource Names](
+        # https://cloud.google.com/apis/design/resource_names#full_resource_name) for
+        # more information. For Google Cloud assets, this value is the parent resource
+        # defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/
+        # overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/
+        # projects/my_project_123` For third-party assets, this field may be set
+        # differently.
+        # Corresponds to the JSON property `parent`
+        # @return [String]
+        attr_accessor :parent
+      
+        # The REST URL for accessing the resource. An HTTP `GET` request using this URL
+        # returns the resource itself. Example: `https://cloudresourcemanager.googleapis.
+        # com/v1/projects/my-project-123` This value is unspecified for resources
+        # without a REST API.
+        # Corresponds to the JSON property `resourceUrl`
+        # @return [String]
+        attr_accessor :resource_url
+      
+        # The API version. Example: `v1`
+        # Corresponds to the JSON property `version`
+        # @return [String]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @data = args[:data] if args.key?(:data)
+          @discovery_document_uri = args[:discovery_document_uri] if args.key?(:discovery_document_uri)
+          @discovery_name = args[:discovery_name] if args.key?(:discovery_name)
+          @location = args[:location] if args.key?(:location)
+          @parent = args[:parent] if args.key?(:parent)
+          @resource_url = args[:resource_url] if args.key?(:resource_url)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
       # Used in `policy_type` to specify how `boolean_policy` will behave at this
       # resource.
       class GoogleCloudOrgpolicyV1BooleanPolicy
@@ -1663,9 +2067,9 @@ module Google
       
       # Defines the conditions under which an EgressPolicy matches a request.
       # Conditions based on information about the source of the request. Note that if
-      # the destination of the request is protected by a ServicePerimeter, then that
-      # ServicePerimeter must have an IngressPolicy which allows access in order for
-      # this request to succeed.
+      # the destination of the request is also protected by a ServicePerimeter, then
+      # that ServicePerimeter must have an IngressPolicy which allows access in order
+      # for this request to succeed.
       class GoogleIdentityAccesscontextmanagerV1EgressFrom
         include Google::Apis::Core::Hashable
       
@@ -1711,9 +2115,9 @@ module Google
       
         # Defines the conditions under which an EgressPolicy matches a request.
         # Conditions based on information about the source of the request. Note that if
-        # the destination of the request is protected by a ServicePerimeter, then that
-        # ServicePerimeter must have an IngressPolicy which allows access in order for
-        # this request to succeed.
+        # the destination of the request is also protected by a ServicePerimeter, then
+        # that ServicePerimeter must have an IngressPolicy which allows access in order
+        # for this request to succeed.
         # Corresponds to the JSON property `egressFrom`
         # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressFrom]
         attr_accessor :egress_from
@@ -1721,8 +2125,10 @@ module Google
         # Defines the conditions under which an EgressPolicy matches a request.
         # Conditions are based on information about the ApiOperation intended to be
         # performed on the `resources` specified. Note that if the destination of the
-        # request is protected by a ServicePerimeter, then that ServicePerimeter must
-        # have an IngressPolicy which allows access in order for this request to succeed.
+        # request is also protected by a ServicePerimeter, then that ServicePerimeter
+        # must have an IngressPolicy which allows access in order for this request to
+        # succeed. The request must match `operations` AND `resources` fields in order
+        # to be allowed egress out of the perimeter.
         # Corresponds to the JSON property `egressTo`
         # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressTo]
         attr_accessor :egress_to
@@ -1741,21 +2147,25 @@ module Google
       # Defines the conditions under which an EgressPolicy matches a request.
       # Conditions are based on information about the ApiOperation intended to be
       # performed on the `resources` specified. Note that if the destination of the
-      # request is protected by a ServicePerimeter, then that ServicePerimeter must
-      # have an IngressPolicy which allows access in order for this request to succeed.
+      # request is also protected by a ServicePerimeter, then that ServicePerimeter
+      # must have an IngressPolicy which allows access in order for this request to
+      # succeed. The request must match `operations` AND `resources` fields in order
+      # to be allowed egress out of the perimeter.
       class GoogleIdentityAccesscontextmanagerV1EgressTo
         include Google::Apis::Core::Hashable
       
-        # A list of ApiOperations that this egress rule applies to. A request matches if
-        # it contains an operation/service in this list.
+        # A list of ApiOperations allowed to be performed by the sources specified in
+        # the corresponding EgressFrom. A request matches if it uses an operation/
+        # service in this list.
         # Corresponds to the JSON property `operations`
         # @return [Array<Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ApiOperation>]
         attr_accessor :operations
       
-        # A list of resources, currently only projects in the form `projects/`, that
-        # match this to stanza. A request matches if it contains a resource in this list.
-        # If `*` is specified for resources, then this EgressTo rule will authorize
-        # access to all resources outside the perimeter.
+        # A list of resources, currently only projects in the form `projects/`, that are
+        # allowed to be accessed by sources defined in the corresponding EgressFrom. A
+        # request matches if it contains a resource in this list. If `*` is specified
+        # for `resources`, then this EgressTo rule will authorize access to all
+        # resources outside the perimeter.
         # Corresponds to the JSON property `resources`
         # @return [Array<String>]
         attr_accessor :resources
@@ -1772,7 +2182,9 @@ module Google
       end
       
       # Defines the conditions under which an IngressPolicy matches a request.
-      # Conditions are based on information about the source of the request.
+      # Conditions are based on information about the source of the request. The
+      # request must satisfy what is defined in `sources` AND identity related fields
+      # in order to match.
       class GoogleIdentityAccesscontextmanagerV1IngressFrom
         include Google::Apis::Core::Hashable
       
@@ -1821,14 +2233,17 @@ module Google
         include Google::Apis::Core::Hashable
       
         # Defines the conditions under which an IngressPolicy matches a request.
-        # Conditions are based on information about the source of the request.
+        # Conditions are based on information about the source of the request. The
+        # request must satisfy what is defined in `sources` AND identity related fields
+        # in order to match.
         # Corresponds to the JSON property `ingressFrom`
         # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1IngressFrom]
         attr_accessor :ingress_from
       
         # Defines the conditions under which an IngressPolicy matches a request.
         # Conditions are based on information about the ApiOperation intended to be
-        # performed on the destination of the request.
+        # performed on the target resource of the request. The request must satisfy what
+        # is defined in `operations` AND `resources` in order to match.
         # Corresponds to the JSON property `ingressTo`
         # @return [Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1IngressTo]
         attr_accessor :ingress_to
@@ -1854,7 +2269,8 @@ module Google
         # cause an error. If no AccessLevel names are listed, resources within the
         # perimeter can only be accessed via Google Cloud calls with request origins
         # within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`
-        # . If `*` is specified, then all IngressSources will be allowed.
+        # . If a single `*` is specified for `access_level`, then all IngressSources
+        # will be allowed.
         # Corresponds to the JSON property `accessLevel`
         # @return [String]
         attr_accessor :access_level
@@ -1882,22 +2298,21 @@ module Google
       
       # Defines the conditions under which an IngressPolicy matches a request.
       # Conditions are based on information about the ApiOperation intended to be
-      # performed on the destination of the request.
+      # performed on the target resource of the request. The request must satisfy what
+      # is defined in `operations` AND `resources` in order to match.
       class GoogleIdentityAccesscontextmanagerV1IngressTo
         include Google::Apis::Core::Hashable
       
-        # A list of ApiOperations the sources specified in corresponding IngressFrom are
-        # allowed to perform in this ServicePerimeter.
+        # A list of ApiOperations allowed to be performed by the sources specified in
+        # corresponding IngressFrom in this ServicePerimeter.
         # Corresponds to the JSON property `operations`
         # @return [Array<Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1ApiOperation>]
         attr_accessor :operations
       
         # A list of resources, currently only projects in the form `projects/`,
         # protected by this ServicePerimeter that are allowed to be accessed by sources
-        # defined in the corresponding IngressFrom. A request matches if it contains a
-        # resource in this list. If `*` is specified for resources, then this IngressTo
-        # rule will authorize access to all resources inside the perimeter, provided
-        # that the request also matches the `operations` field.
+        # defined in the corresponding IngressFrom. If a single `*` is specified, then
+        # access to all resources inside the perimeter are allowed.
         # Corresponds to the JSON property `resources`
         # @return [Array<String>]
         attr_accessor :resources
@@ -2228,6 +2643,11 @@ module Google
         # @return [Google::Apis::CloudassetV1::AccessSelector]
         attr_accessor :access_selector
       
+        # The IAM conditions context.
+        # Corresponds to the JSON property `conditionContext`
+        # @return [Google::Apis::CloudassetV1::ConditionContext]
+        attr_accessor :condition_context
+      
         # Specifies an identity for which to determine resource access, based on roles
         # assigned either directly to them or to the groups they belong to, directly or
         # indirectly.
@@ -2267,6 +2687,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @access_selector = args[:access_selector] if args.key?(:access_selector)
+          @condition_context = args[:condition_context] if args.key?(:condition_context)
           @identity_selector = args[:identity_selector] if args.key?(:identity_selector)
           @options = args[:options] if args.key?(:options)
           @resource_selector = args[:resource_selector] if args.key?(:resource_selector)
@@ -2532,6 +2953,39 @@ module Google
         end
       end
       
+      # ListAssets response.
+      class ListAssetsResponse
+        include Google::Apis::Core::Hashable
+      
+        # Assets.
+        # Corresponds to the JSON property `assets`
+        # @return [Array<Google::Apis::CloudassetV1::Asset>]
+        attr_accessor :assets
+      
+        # Token to retrieve the next page of results. It expires 72 hours after the page
+        # token for the first page is generated. Set to empty if there are no remaining
+        # results.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+      
+        # Time the snapshot was taken.
+        # Corresponds to the JSON property `readTime`
+        # @return [String]
+        attr_accessor :read_time
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @assets = args[:assets] if args.key?(:assets)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @read_time = args[:read_time] if args.key?(:read_time)
+        end
+      end
+      
       # 
       class ListFeedsResponse
         include Google::Apis::Core::Hashable
@@ -2551,6 +3005,90 @@ module Google
         end
       end
       
+      # A message to group the analysis information.
+      class MoveAnalysis
+        include Google::Apis::Core::Hashable
+      
+        # An analysis result including blockers and warnings.
+        # Corresponds to the JSON property `analysis`
+        # @return [Google::Apis::CloudassetV1::MoveAnalysisResult]
+        attr_accessor :analysis
+      
+        # The user friendly display name of the analysis. E.g. IAM, Organization Policy
+        # etc.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # The `Status` type defines a logical error model that is suitable for different
+        # programming environments, including REST APIs and RPC APIs. It is used by [
+        # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
+        # data: error code, error message, and error details. You can find out more
+        # about this error model and how to work with it in the [API Design Guide](https:
+        # //cloud.google.com/apis/design/errors).
+        # Corresponds to the JSON property `error`
+        # @return [Google::Apis::CloudassetV1::Status]
+        attr_accessor :error
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @analysis = args[:analysis] if args.key?(:analysis)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @error = args[:error] if args.key?(:error)
+        end
+      end
+      
+      # An analysis result including blockers and warnings.
+      class MoveAnalysisResult
+        include Google::Apis::Core::Hashable
+      
+        # Blocking information that would prevent the target resource from moving to the
+        # specified destination at runtime.
+        # Corresponds to the JSON property `blockers`
+        # @return [Array<Google::Apis::CloudassetV1::MoveImpact>]
+        attr_accessor :blockers
+      
+        # Warning information indicating that moving the target resource to the
+        # specified destination might be unsafe. This can include important policy
+        # information and configuration changes, but will not block moves at runtime.
+        # Corresponds to the JSON property `warnings`
+        # @return [Array<Google::Apis::CloudassetV1::MoveImpact>]
+        attr_accessor :warnings
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @blockers = args[:blockers] if args.key?(:blockers)
+          @warnings = args[:warnings] if args.key?(:warnings)
+        end
+      end
+      
+      # A message to group impacts of moving the target resource.
+      class MoveImpact
+        include Google::Apis::Core::Hashable
+      
+        # User friendly impact detail in a free form message.
+        # Corresponds to the JSON property `detail`
+        # @return [String]
+        attr_accessor :detail
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @detail = args[:detail] if args.key?(:detail)
+        end
+      end
+      
       # This resource represents a long-running operation that is the result of a
       # network API call.
       class Operation
@@ -3042,8 +3580,10 @@ module Google
         # The create timestamp of this resource, at which the resource was created. The
         # granularity is in seconds. Timestamp.nanos will always be 0. This field is
         # available only when the resource's proto contains it. To search against `
-        # create_time`: * use a field query (value in seconds). Example: `createTime >=
-        # 1594294238`
+        # create_time`: * use a field query. - value in seconds since unix epoch.
+        # Example: `createTime > 1609459200` - value in date string. Example: `
+        # createTime > 2021-01-01` - value in date-time string (must be quoted). Example:
+        # `createTime > "2021-01-01T00:00:00"`
         # Corresponds to the JSON property `createTime`
         # @return [String]
         attr_accessor :create_time
@@ -3142,7 +3682,10 @@ module Google
         # @return [String]
         attr_accessor :parent_asset_type
       
-        # The full resource name of this resource's parent, if it has one.
+        # The full resource name of this resource's parent, if it has one. To search
+        # against the `parent_full_resource_name`: * use a field query. Example: `
+        # parentFullResourceName:"project-name"` * use a free text query. Example: `
+        # project-name`
         # Corresponds to the JSON property `parentFullResourceName`
         # @return [String]
         attr_accessor :parent_full_resource_name
@@ -3176,8 +3719,10 @@ module Google
         # The last update timestamp of this resource, at which the resource was last
         # modified or deleted. The granularity is in seconds. Timestamp.nanos will
         # always be 0. This field is available only when the resource's proto contains
-        # it. To search against `update_time`: * use a field query (value in seconds).
-        # Example: `updateTime < 1594294238`
+        # it. To search against `update_time`: * use a field query. - value in seconds
+        # since unix epoch. Example: `updateTime < 1609459200` - value in date string.
+        # Example: `updateTime < 2021-01-01` - value in date-time string (must be quoted)
+        # . Example: `updateTime < "2021-01-01T00:00:00"`
         # Corresponds to the JSON property `updateTime`
         # @return [String]
         attr_accessor :update_time
@@ -3407,8 +3952,9 @@ module Google
         # resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
         # platform-resource-hierarchy), a resource outside the Google Cloud resource
         # hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
-        # (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/
-        # asset-inventory/docs/supported-asset-types) for more information.
+        # (e.g. Cloud IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
+        # relationship). See [Supported asset types](https://cloud.google.com/asset-
+        # inventory/docs/supported-asset-types) for more information.
         # Corresponds to the JSON property `asset`
         # @return [Google::Apis::CloudassetV1::Asset]
         attr_accessor :asset
@@ -3423,8 +3969,9 @@ module Google
         # resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
         # platform-resource-hierarchy), a resource outside the Google Cloud resource
         # hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
-        # (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/
-        # asset-inventory/docs/supported-asset-types) for more information.
+        # (e.g. Cloud IAM policy), or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP
+        # relationship). See [Supported asset types](https://cloud.google.com/asset-
+        # inventory/docs/supported-asset-types) for more information.
         # Corresponds to the JSON property `priorAsset`
         # @return [Google::Apis::CloudassetV1::Asset]
         attr_accessor :prior_asset