google-apis-cloudasset_v1 0.55.0 → 0.56.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33206fba874a3b414222428f801f9f415c952710d8d2a96d375716cba11f9322
4
- data.tar.gz: 30eab0a360d938435d9a18621d6a9e8228eee8db1eaab0b2725345a058a4571e
3
+ metadata.gz: cae2a5c40a4915851dbe35bfcd073bfeeda620b597f0e09f8b0aadb8d5a4cc80
4
+ data.tar.gz: ffc0cb6ea09d9c771e13a08675490bce783320e44eabed80143e988a36d475f9
5
5
  SHA512:
6
- metadata.gz: 3a946d9905a498d1eed37dcd70ffcf56117dac4d957af42b4212c9b29c91c1538972ce7c2e04edcaf643a20e3f55ba583fd3eca00e87a008486c553af4dc6649
7
- data.tar.gz: 59a817cb40670a1df475bc7869ca7f4e31b62ce2dd204b56cc8f0adc34f41a21493be4225435adfcf1f8ef5a7226baa0d01469df5a4893442fce995aed793a68
6
+ metadata.gz: 932cefa63289f12c53530fcbcd67e6410c3cf875b54a5d8fa853a18aaba64894851a5335cfb80ec1d51dff7274bc7f68dc62fea48d2130d7c669025b3f163f2c
7
+ data.tar.gz: 87de735778b3dff998fa2e88f73c3e6f6d1cb7ca960b1b26eed48d74d84cf4249c89076d07f22b97a5d9d0cba31075d72c83925d1cfe9d96ce52753eb3b2d864
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Release history for google-apis-cloudasset_v1
2
2
 
3
+ ### v0.56.0 (2023-04-23)
4
+
5
+ * Regenerated from discovery document revision 20230414
6
+
3
7
  ### v0.55.0 (2023-03-26)
4
8
 
5
9
  * Regenerated from discovery document revision 20230304
@@ -928,6 +928,32 @@ module Google
928
928
  end
929
929
  end
930
930
 
931
+ # A denied access contains details about an access tuple that is blocked by IAM
932
+ # deny policies.
933
+ class DeniedAccess
934
+ include Google::Apis::Core::Hashable
935
+
936
+ # An access tuple contains a tuple of a resource, an identity and an access.
937
+ # Corresponds to the JSON property `deniedAccessTuple`
938
+ # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccessTuple]
939
+ attr_accessor :denied_access_tuple
940
+
941
+ # The details about how denied_access_tuple is denied.
942
+ # Corresponds to the JSON property `denyDetails`
943
+ # @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessDenyDetail>]
944
+ attr_accessor :deny_details
945
+
946
+ def initialize(**args)
947
+ update!(**args)
948
+ end
949
+
950
+ # Update properties of this object
951
+ def update!(**args)
952
+ @denied_access_tuple = args[:denied_access_tuple] if args.key?(:denied_access_tuple)
953
+ @deny_details = args[:deny_details] if args.key?(:deny_details)
954
+ end
955
+ end
956
+
931
957
  # The effective IAM policies on one resource.
932
958
  class EffectiveIamPolicy
933
959
  include Google::Apis::Core::Hashable
@@ -1414,7 +1440,7 @@ module Google
1414
1440
  class GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedIamPolicy
1415
1441
  include Google::Apis::Core::Hashable
1416
1442
 
1417
- # The full resource name of the resource associated with this IAM policy.
1443
+ # The full resource name of the resource on which this IAM policy is set.
1418
1444
  # Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/
1419
1445
  # instances/instance1`. See [Cloud Asset Inventory Resource Name Format](https://
1420
1446
  # cloud.google.com/asset-inventory/docs/resource-name-format) for more
@@ -1724,6 +1750,160 @@ module Google
1724
1750
  end
1725
1751
  end
1726
1752
 
1753
+ # An IAM role or permission under analysis.
1754
+ class GoogleCloudAssetV1DeniedAccessAccess
1755
+ include Google::Apis::Core::Hashable
1756
+
1757
+ # The IAM permission in [v1 format](https://cloud.google.com/iam/docs/
1758
+ # permissions-reference)
1759
+ # Corresponds to the JSON property `permission`
1760
+ # @return [String]
1761
+ attr_accessor :permission
1762
+
1763
+ # The IAM role.
1764
+ # Corresponds to the JSON property `role`
1765
+ # @return [String]
1766
+ attr_accessor :role
1767
+
1768
+ def initialize(**args)
1769
+ update!(**args)
1770
+ end
1771
+
1772
+ # Update properties of this object
1773
+ def update!(**args)
1774
+ @permission = args[:permission] if args.key?(:permission)
1775
+ @role = args[:role] if args.key?(:role)
1776
+ end
1777
+ end
1778
+
1779
+ # An access tuple contains a tuple of a resource, an identity and an access.
1780
+ class GoogleCloudAssetV1DeniedAccessAccessTuple
1781
+ include Google::Apis::Core::Hashable
1782
+
1783
+ # An IAM role or permission under analysis.
1784
+ # Corresponds to the JSON property `access`
1785
+ # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess]
1786
+ attr_accessor :access
1787
+
1788
+ # An identity under analysis.
1789
+ # Corresponds to the JSON property `identity`
1790
+ # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity]
1791
+ attr_accessor :identity
1792
+
1793
+ # A Google Cloud resource under analysis.
1794
+ # Corresponds to the JSON property `resource`
1795
+ # @return [Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource]
1796
+ attr_accessor :resource
1797
+
1798
+ def initialize(**args)
1799
+ update!(**args)
1800
+ end
1801
+
1802
+ # Update properties of this object
1803
+ def update!(**args)
1804
+ @access = args[:access] if args.key?(:access)
1805
+ @identity = args[:identity] if args.key?(:identity)
1806
+ @resource = args[:resource] if args.key?(:resource)
1807
+ end
1808
+ end
1809
+
1810
+ # A deny detail that explains which IAM deny rule denies the denied_access_tuple.
1811
+ class GoogleCloudAssetV1DeniedAccessDenyDetail
1812
+ include Google::Apis::Core::Hashable
1813
+
1814
+ # The denied accesses. If this deny_rule fully denies the denied_access_tuple,
1815
+ # this field will be same as AccessTuple.access. Otherwise, this field can
1816
+ # contain AccessTuple.access and its descendant accesses, such as a subset of
1817
+ # IAM permissions contained in an IAM role.
1818
+ # Corresponds to the JSON property `accesses`
1819
+ # @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess>]
1820
+ attr_accessor :accesses
1821
+
1822
+ # A deny rule in an IAM deny policy.
1823
+ # Corresponds to the JSON property `denyRule`
1824
+ # @return [Google::Apis::CloudassetV1::GoogleIamV2DenyRule]
1825
+ attr_accessor :deny_rule
1826
+
1827
+ # Whether the deny_rule fully denies all access granted by the
1828
+ # denied_access_tuple. `True` means the deny rule fully blocks the access tuple.
1829
+ # `False` means the deny rule partially blocks the access tuple."
1830
+ # Corresponds to the JSON property `fullyDenied`
1831
+ # @return [Boolean]
1832
+ attr_accessor :fully_denied
1833
+ alias_method :fully_denied?, :fully_denied
1834
+
1835
+ # If this deny_rule fully denies the denied_access_tuple, this field will be
1836
+ # same as AccessTuple.identity. Otherwise, this field can contain AccessTuple.
1837
+ # identity and its descendant identities, such as a subset of users in a group.
1838
+ # Corresponds to the JSON property `identities`
1839
+ # @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity>]
1840
+ attr_accessor :identities
1841
+
1842
+ # The resources that the identities are denied access to. If this deny_rule
1843
+ # fully denies the denied_access_tuple, this field will be same as AccessTuple.
1844
+ # resource. Otherwise, this field can contain AccessTuple.resource and its
1845
+ # descendant resources.
1846
+ # Corresponds to the JSON property `resources`
1847
+ # @return [Array<Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource>]
1848
+ attr_accessor :resources
1849
+
1850
+ def initialize(**args)
1851
+ update!(**args)
1852
+ end
1853
+
1854
+ # Update properties of this object
1855
+ def update!(**args)
1856
+ @accesses = args[:accesses] if args.key?(:accesses)
1857
+ @deny_rule = args[:deny_rule] if args.key?(:deny_rule)
1858
+ @fully_denied = args[:fully_denied] if args.key?(:fully_denied)
1859
+ @identities = args[:identities] if args.key?(:identities)
1860
+ @resources = args[:resources] if args.key?(:resources)
1861
+ end
1862
+ end
1863
+
1864
+ # An identity under analysis.
1865
+ class GoogleCloudAssetV1DeniedAccessIdentity
1866
+ include Google::Apis::Core::Hashable
1867
+
1868
+ # The identity of members, formatted as appear in an [IAM policy binding](https:/
1869
+ # /cloud.google.com/iam/reference/rest/v1/Binding). For example, they might be
1870
+ # formatted like the following: - user:foo@google.com - group:group1@google.com -
1871
+ # serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id
1872
+ # - domain:google.com - allUsers
1873
+ # Corresponds to the JSON property `name`
1874
+ # @return [String]
1875
+ attr_accessor :name
1876
+
1877
+ def initialize(**args)
1878
+ update!(**args)
1879
+ end
1880
+
1881
+ # Update properties of this object
1882
+ def update!(**args)
1883
+ @name = args[:name] if args.key?(:name)
1884
+ end
1885
+ end
1886
+
1887
+ # A Google Cloud resource under analysis.
1888
+ class GoogleCloudAssetV1DeniedAccessResource
1889
+ include Google::Apis::Core::Hashable
1890
+
1891
+ # The [full resource name](https://cloud.google.com/asset-inventory/docs/
1892
+ # resource-name-format)
1893
+ # Corresponds to the JSON property `fullResourceName`
1894
+ # @return [String]
1895
+ attr_accessor :full_resource_name
1896
+
1897
+ def initialize(**args)
1898
+ update!(**args)
1899
+ end
1900
+
1901
+ # Update properties of this object
1902
+ def update!(**args)
1903
+ @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
1904
+ end
1905
+ end
1906
+
1727
1907
  # A directional edge.
1728
1908
  class GoogleCloudAssetV1Edge
1729
1909
  include Google::Apis::Core::Hashable
@@ -1832,10 +2012,11 @@ module Google
1832
2012
  # @return [Google::Apis::CloudassetV1::IamPolicyAnalysisState]
1833
2013
  attr_accessor :analysis_state
1834
2014
 
1835
- # The identity name in any form of members appear in [IAM policy binding](https:/
1836
- # /cloud.google.com/iam/reference/rest/v1/Binding), such as: - user:foo@google.
1837
- # com - group:group1@google.com - serviceAccount:s1@prj1.iam.gserviceaccount.com
1838
- # - projectOwner:some_project_id - domain:google.com - allUsers - etc.
2015
+ # The identity of members, formatted as appear in an [IAM policy binding](https:/
2016
+ # /cloud.google.com/iam/reference/rest/v1/Binding). For example, they might be
2017
+ # formatted like the following: - user:foo@google.com - group:group1@google.com -
2018
+ # serviceAccount:s1@prj1.iam.gserviceaccount.com - projectOwner:some_project_id
2019
+ # - domain:google.com - allUsers
1839
2020
  # Corresponds to the JSON property `name`
1840
2021
  # @return [String]
1841
2022
  attr_accessor :name
@@ -2667,6 +2848,101 @@ module Google
2667
2848
  end
2668
2849
  end
2669
2850
 
2851
+ # A deny rule in an IAM deny policy.
2852
+ class GoogleIamV2DenyRule
2853
+ include Google::Apis::Core::Hashable
2854
+
2855
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
2856
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
2857
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
2858
+ # "Summary size limit" description: "Determines if a summary is less than 100
2859
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
2860
+ # Requestor is owner" description: "Determines if requestor is the document
2861
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
2862
+ # Logic): title: "Public documents" description: "Determine whether the document
2863
+ # should be publicly visible" expression: "document.type != 'private' &&
2864
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
2865
+ # string" description: "Create a notification string with a timestamp."
2866
+ # expression: "'New message received at ' + string(document.create_time)" The
2867
+ # exact variables and functions that may be referenced within an expression are
2868
+ # determined by the service that evaluates it. See the service documentation for
2869
+ # additional information.
2870
+ # Corresponds to the JSON property `denialCondition`
2871
+ # @return [Google::Apis::CloudassetV1::Expr]
2872
+ attr_accessor :denial_condition
2873
+
2874
+ # The permissions that are explicitly denied by this rule. Each permission uses
2875
+ # the format ``service_fqdn`/`resource`.`verb``, where ``service_fqdn`` is the
2876
+ # fully qualified domain name for the service. For example, `iam.googleapis.com/
2877
+ # roles.list`.
2878
+ # Corresponds to the JSON property `deniedPermissions`
2879
+ # @return [Array<String>]
2880
+ attr_accessor :denied_permissions
2881
+
2882
+ # The identities that are prevented from using one or more permissions on Google
2883
+ # Cloud resources. This field can contain the following values: * `principalSet:/
2884
+ # /goog/public:all`: A special identifier that represents any principal that is
2885
+ # on the internet, even if they do not have a Google Account or are not logged
2886
+ # in. * `principal://goog/subject/`email_id``: A specific Google Account.
2887
+ # Includes Gmail, Cloud Identity, and Google Workspace user accounts. For
2888
+ # example, `principal://goog/subject/alice@example.com`. * `deleted:principal://
2889
+ # goog/subject/`email_id`?uid=`uid``: A specific Google Account that was deleted
2890
+ # recently. For example, `deleted:principal://goog/subject/alice@example.com?uid=
2891
+ # 1234567890`. If the Google Account is recovered, this identifier reverts to
2892
+ # the standard identifier for a Google Account. * `principalSet://goog/group/`
2893
+ # group_id``: A Google group. For example, `principalSet://goog/group/admins@
2894
+ # example.com`. * `deleted:principalSet://goog/group/`group_id`?uid=`uid``: A
2895
+ # Google group that was deleted recently. For example, `deleted:principalSet://
2896
+ # goog/group/admins@example.com?uid=1234567890`. If the Google group is restored,
2897
+ # this identifier reverts to the standard identifier for a Google group. * `
2898
+ # principal://iam.googleapis.com/projects/-/serviceAccounts/`service_account_id``
2899
+ # : A Google Cloud service account. For example, `principal://iam.googleapis.com/
2900
+ # projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`. * `
2901
+ # deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/`
2902
+ # service_account_id`?uid=`uid``: A Google Cloud service account that was
2903
+ # deleted recently. For example, `deleted:principal://iam.googleapis.com/
2904
+ # projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=
2905
+ # 1234567890`. If the service account is undeleted, this identifier reverts to
2906
+ # the standard identifier for a service account. * `principalSet://goog/
2907
+ # cloudIdentityCustomerId/`customer_id``: All of the principals associated with
2908
+ # the specified Google Workspace or Cloud Identity customer ID. For example, `
2909
+ # principalSet://goog/cloudIdentityCustomerId/C01Abc35`.
2910
+ # Corresponds to the JSON property `deniedPrincipals`
2911
+ # @return [Array<String>]
2912
+ attr_accessor :denied_principals
2913
+
2914
+ # Specifies the permissions that this rule excludes from the set of denied
2915
+ # permissions given by `denied_permissions`. If a permission appears in `
2916
+ # denied_permissions` _and_ in `exception_permissions` then it will _not_ be
2917
+ # denied. The excluded permissions can be specified using the same syntax as `
2918
+ # denied_permissions`.
2919
+ # Corresponds to the JSON property `exceptionPermissions`
2920
+ # @return [Array<String>]
2921
+ attr_accessor :exception_permissions
2922
+
2923
+ # The identities that are excluded from the deny rule, even if they are listed
2924
+ # in the `denied_principals`. For example, you could add a Google group to the `
2925
+ # denied_principals`, then exclude specific users who belong to that group. This
2926
+ # field can contain the same values as the `denied_principals` field, excluding `
2927
+ # principalSet://goog/public:all`, which represents all users on the internet.
2928
+ # Corresponds to the JSON property `exceptionPrincipals`
2929
+ # @return [Array<String>]
2930
+ attr_accessor :exception_principals
2931
+
2932
+ def initialize(**args)
2933
+ update!(**args)
2934
+ end
2935
+
2936
+ # Update properties of this object
2937
+ def update!(**args)
2938
+ @denial_condition = args[:denial_condition] if args.key?(:denial_condition)
2939
+ @denied_permissions = args[:denied_permissions] if args.key?(:denied_permissions)
2940
+ @denied_principals = args[:denied_principals] if args.key?(:denied_principals)
2941
+ @exception_permissions = args[:exception_permissions] if args.key?(:exception_permissions)
2942
+ @exception_principals = args[:exception_principals] if args.key?(:exception_principals)
2943
+ end
2944
+ end
2945
+
2670
2946
  # An `AccessLevel` is a label that can be applied to requests to Google Cloud
2671
2947
  # services, along with a list of requirements necessary for the label to be
2672
2948
  # applied.
@@ -3540,6 +3816,14 @@ module Google
3540
3816
  # @return [Array<Google::Apis::CloudassetV1::IamPolicyAnalysisResult>]
3541
3817
  attr_accessor :analysis_results
3542
3818
 
3819
+ # A list of DeniedAccess, which contains all access tuples in the
3820
+ # analysis_results that are denied by IAM deny policies. If no access tuples are
3821
+ # denied, the list is empty. This is only populated when IamPolicyAnalysisQuery.
3822
+ # Options.include_deny_policy_analysis is true.
3823
+ # Corresponds to the JSON property `deniedAccesses`
3824
+ # @return [Array<Google::Apis::CloudassetV1::DeniedAccess>]
3825
+ attr_accessor :denied_accesses
3826
+
3543
3827
  # Represents whether all entries in the analysis_results have been fully
3544
3828
  # explored to answer the query.
3545
3829
  # Corresponds to the JSON property `fullyExplored`
@@ -3560,6 +3844,7 @@ module Google
3560
3844
  def update!(**args)
3561
3845
  @analysis_query = args[:analysis_query] if args.key?(:analysis_query)
3562
3846
  @analysis_results = args[:analysis_results] if args.key?(:analysis_results)
3847
+ @denied_accesses = args[:denied_accesses] if args.key?(:denied_accesses)
3563
3848
  @fully_explored = args[:fully_explored] if args.key?(:fully_explored)
3564
3849
  @non_critical_errors = args[:non_critical_errors] if args.key?(:non_critical_errors)
3565
3850
  end
@@ -4253,6 +4538,13 @@ module Google
4253
4538
  attr_accessor :expand_roles
4254
4539
  alias_method :expand_roles?, :expand_roles
4255
4540
 
4541
+ # Optional. If true, the response includes deny policy analysis results, and you
4542
+ # can see which access tuples are denied. Default is false.
4543
+ # Corresponds to the JSON property `includeDenyPolicyAnalysis`
4544
+ # @return [Boolean]
4545
+ attr_accessor :include_deny_policy_analysis
4546
+ alias_method :include_deny_policy_analysis?, :include_deny_policy_analysis
4547
+
4256
4548
  # Optional. If true, the result will output the relevant membership
4257
4549
  # relationships between groups and other groups, and between groups and
4258
4550
  # principals. Default is false.
@@ -4278,6 +4570,7 @@ module Google
4278
4570
  @expand_groups = args[:expand_groups] if args.key?(:expand_groups)
4279
4571
  @expand_resources = args[:expand_resources] if args.key?(:expand_resources)
4280
4572
  @expand_roles = args[:expand_roles] if args.key?(:expand_roles)
4573
+ @include_deny_policy_analysis = args[:include_deny_policy_analysis] if args.key?(:include_deny_policy_analysis)
4281
4574
  @output_group_edges = args[:output_group_edges] if args.key?(:output_group_edges)
4282
4575
  @output_resource_edges = args[:output_resource_edges] if args.key?(:output_resource_edges)
4283
4576
  end
@@ -16,13 +16,13 @@ module Google
16
16
  module Apis
17
17
  module CloudassetV1
18
18
  # Version of the google-apis-cloudasset_v1 gem
19
- GEM_VERSION = "0.55.0"
19
+ GEM_VERSION = "0.56.0"
20
20
 
21
21
  # Version of the code generator used to generate this client
22
22
  GENERATOR_VERSION = "0.12.0"
23
23
 
24
24
  # Revision of the discovery document this client was generated from
25
- REVISION = "20230304"
25
+ REVISION = "20230414"
26
26
  end
27
27
  end
28
28
  end
@@ -160,6 +160,12 @@ module Google
160
160
  include Google::Apis::Core::JsonObjectSupport
161
161
  end
162
162
 
163
+ class DeniedAccess
164
+ class Representation < Google::Apis::Core::JsonRepresentation; end
165
+
166
+ include Google::Apis::Core::JsonObjectSupport
167
+ end
168
+
163
169
  class EffectiveIamPolicy
164
170
  class Representation < Google::Apis::Core::JsonRepresentation; end
165
171
 
@@ -262,6 +268,36 @@ module Google
262
268
  include Google::Apis::Core::JsonObjectSupport
263
269
  end
264
270
 
271
+ class GoogleCloudAssetV1DeniedAccessAccess
272
+ class Representation < Google::Apis::Core::JsonRepresentation; end
273
+
274
+ include Google::Apis::Core::JsonObjectSupport
275
+ end
276
+
277
+ class GoogleCloudAssetV1DeniedAccessAccessTuple
278
+ class Representation < Google::Apis::Core::JsonRepresentation; end
279
+
280
+ include Google::Apis::Core::JsonObjectSupport
281
+ end
282
+
283
+ class GoogleCloudAssetV1DeniedAccessDenyDetail
284
+ class Representation < Google::Apis::Core::JsonRepresentation; end
285
+
286
+ include Google::Apis::Core::JsonObjectSupport
287
+ end
288
+
289
+ class GoogleCloudAssetV1DeniedAccessIdentity
290
+ class Representation < Google::Apis::Core::JsonRepresentation; end
291
+
292
+ include Google::Apis::Core::JsonObjectSupport
293
+ end
294
+
295
+ class GoogleCloudAssetV1DeniedAccessResource
296
+ class Representation < Google::Apis::Core::JsonRepresentation; end
297
+
298
+ include Google::Apis::Core::JsonObjectSupport
299
+ end
300
+
265
301
  class GoogleCloudAssetV1Edge
266
302
  class Representation < Google::Apis::Core::JsonRepresentation; end
267
303
 
@@ -376,6 +412,12 @@ module Google
376
412
  include Google::Apis::Core::JsonObjectSupport
377
413
  end
378
414
 
415
+ class GoogleIamV2DenyRule
416
+ class Representation < Google::Apis::Core::JsonRepresentation; end
417
+
418
+ include Google::Apis::Core::JsonObjectSupport
419
+ end
420
+
379
421
  class GoogleIdentityAccesscontextmanagerV1AccessLevel
380
422
  class Representation < Google::Apis::Core::JsonRepresentation; end
381
423
 
@@ -1050,6 +1092,16 @@ module Google
1050
1092
  end
1051
1093
  end
1052
1094
 
1095
+ class DeniedAccess
1096
+ # @private
1097
+ class Representation < Google::Apis::Core::JsonRepresentation
1098
+ property :denied_access_tuple, as: 'deniedAccessTuple', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccessTuple, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccessTuple::Representation
1099
+
1100
+ collection :deny_details, as: 'denyDetails', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessDenyDetail, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessDenyDetail::Representation
1101
+
1102
+ end
1103
+ end
1104
+
1053
1105
  class EffectiveIamPolicy
1054
1106
  # @private
1055
1107
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -1230,6 +1282,55 @@ module Google
1230
1282
  end
1231
1283
  end
1232
1284
 
1285
+ class GoogleCloudAssetV1DeniedAccessAccess
1286
+ # @private
1287
+ class Representation < Google::Apis::Core::JsonRepresentation
1288
+ property :permission, as: 'permission'
1289
+ property :role, as: 'role'
1290
+ end
1291
+ end
1292
+
1293
+ class GoogleCloudAssetV1DeniedAccessAccessTuple
1294
+ # @private
1295
+ class Representation < Google::Apis::Core::JsonRepresentation
1296
+ property :access, as: 'access', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess::Representation
1297
+
1298
+ property :identity, as: 'identity', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity::Representation
1299
+
1300
+ property :resource, as: 'resource', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource::Representation
1301
+
1302
+ end
1303
+ end
1304
+
1305
+ class GoogleCloudAssetV1DeniedAccessDenyDetail
1306
+ # @private
1307
+ class Representation < Google::Apis::Core::JsonRepresentation
1308
+ collection :accesses, as: 'accesses', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessAccess::Representation
1309
+
1310
+ property :deny_rule, as: 'denyRule', class: Google::Apis::CloudassetV1::GoogleIamV2DenyRule, decorator: Google::Apis::CloudassetV1::GoogleIamV2DenyRule::Representation
1311
+
1312
+ property :fully_denied, as: 'fullyDenied'
1313
+ collection :identities, as: 'identities', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessIdentity::Representation
1314
+
1315
+ collection :resources, as: 'resources', class: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource, decorator: Google::Apis::CloudassetV1::GoogleCloudAssetV1DeniedAccessResource::Representation
1316
+
1317
+ end
1318
+ end
1319
+
1320
+ class GoogleCloudAssetV1DeniedAccessIdentity
1321
+ # @private
1322
+ class Representation < Google::Apis::Core::JsonRepresentation
1323
+ property :name, as: 'name'
1324
+ end
1325
+ end
1326
+
1327
+ class GoogleCloudAssetV1DeniedAccessResource
1328
+ # @private
1329
+ class Representation < Google::Apis::Core::JsonRepresentation
1330
+ property :full_resource_name, as: 'fullResourceName'
1331
+ end
1332
+ end
1333
+
1233
1334
  class GoogleCloudAssetV1Edge
1234
1335
  # @private
1235
1336
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -1429,6 +1530,18 @@ module Google
1429
1530
  end
1430
1531
  end
1431
1532
 
1533
+ class GoogleIamV2DenyRule
1534
+ # @private
1535
+ class Representation < Google::Apis::Core::JsonRepresentation
1536
+ property :denial_condition, as: 'denialCondition', class: Google::Apis::CloudassetV1::Expr, decorator: Google::Apis::CloudassetV1::Expr::Representation
1537
+
1538
+ collection :denied_permissions, as: 'deniedPermissions'
1539
+ collection :denied_principals, as: 'deniedPrincipals'
1540
+ collection :exception_permissions, as: 'exceptionPermissions'
1541
+ collection :exception_principals, as: 'exceptionPrincipals'
1542
+ end
1543
+ end
1544
+
1432
1545
  class GoogleIdentityAccesscontextmanagerV1AccessLevel
1433
1546
  # @private
1434
1547
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -1632,6 +1745,8 @@ module Google
1632
1745
 
1633
1746
  collection :analysis_results, as: 'analysisResults', class: Google::Apis::CloudassetV1::IamPolicyAnalysisResult, decorator: Google::Apis::CloudassetV1::IamPolicyAnalysisResult::Representation
1634
1747
 
1748
+ collection :denied_accesses, as: 'deniedAccesses', class: Google::Apis::CloudassetV1::DeniedAccess, decorator: Google::Apis::CloudassetV1::DeniedAccess::Representation
1749
+
1635
1750
  property :fully_explored, as: 'fullyExplored'
1636
1751
  collection :non_critical_errors, as: 'nonCriticalErrors', class: Google::Apis::CloudassetV1::IamPolicyAnalysisState, decorator: Google::Apis::CloudassetV1::IamPolicyAnalysisState::Representation
1637
1752
 
@@ -1810,6 +1925,7 @@ module Google
1810
1925
  property :expand_groups, as: 'expandGroups'
1811
1926
  property :expand_resources, as: 'expandResources'
1812
1927
  property :expand_roles, as: 'expandRoles'
1928
+ property :include_deny_policy_analysis, as: 'includeDenyPolicyAnalysis'
1813
1929
  property :output_group_edges, as: 'outputGroupEdges'
1814
1930
  property :output_resource_edges, as: 'outputResourceEdges'
1815
1931
  end
@@ -656,6 +656,9 @@ module Google
656
656
  # IamPolicyAnalysisQuery.access_selector is specified, the access section of the
657
657
  # result will be determined by the selector, and this flag is not allowed to set.
658
658
  # Default is false.
659
+ # @param [Boolean] analysis_query_options_include_deny_policy_analysis
660
+ # Optional. If true, the response includes deny policy analysis results, and you
661
+ # can see which access tuples are denied. Default is false.
659
662
  # @param [Boolean] analysis_query_options_output_group_edges
660
663
  # Optional. If true, the result will output the relevant membership
661
664
  # relationships between groups and other groups, and between groups and
@@ -705,7 +708,7 @@ module Google
705
708
  # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
706
709
  # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
707
710
  # @raise [Google::Apis::AuthorizationError] Authorization is required
708
- def analyze_iam_policy(scope, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_condition_context_access_time: nil, analysis_query_identity_selector_identity: nil, analysis_query_options_analyze_service_account_impersonation: nil, analysis_query_options_expand_groups: nil, analysis_query_options_expand_resources: nil, analysis_query_options_expand_roles: nil, analysis_query_options_output_group_edges: nil, analysis_query_options_output_resource_edges: nil, analysis_query_resource_selector_full_resource_name: nil, execution_timeout: nil, saved_analysis_query: nil, fields: nil, quota_user: nil, options: nil, &block)
711
+ def analyze_iam_policy(scope, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_condition_context_access_time: nil, analysis_query_identity_selector_identity: nil, analysis_query_options_analyze_service_account_impersonation: nil, analysis_query_options_expand_groups: nil, analysis_query_options_expand_resources: nil, analysis_query_options_expand_roles: nil, analysis_query_options_include_deny_policy_analysis: nil, analysis_query_options_output_group_edges: nil, analysis_query_options_output_resource_edges: nil, analysis_query_resource_selector_full_resource_name: nil, execution_timeout: nil, saved_analysis_query: nil, fields: nil, quota_user: nil, options: nil, &block)
709
712
  command = make_simple_command(:get, 'v1/{+scope}:analyzeIamPolicy', options)
710
713
  command.response_representation = Google::Apis::CloudassetV1::AnalyzeIamPolicyResponse::Representation
711
714
  command.response_class = Google::Apis::CloudassetV1::AnalyzeIamPolicyResponse
@@ -718,6 +721,7 @@ module Google
718
721
  command.query['analysisQuery.options.expandGroups'] = analysis_query_options_expand_groups unless analysis_query_options_expand_groups.nil?
719
722
  command.query['analysisQuery.options.expandResources'] = analysis_query_options_expand_resources unless analysis_query_options_expand_resources.nil?
720
723
  command.query['analysisQuery.options.expandRoles'] = analysis_query_options_expand_roles unless analysis_query_options_expand_roles.nil?
724
+ command.query['analysisQuery.options.includeDenyPolicyAnalysis'] = analysis_query_options_include_deny_policy_analysis unless analysis_query_options_include_deny_policy_analysis.nil?
721
725
  command.query['analysisQuery.options.outputGroupEdges'] = analysis_query_options_output_group_edges unless analysis_query_options_output_group_edges.nil?
722
726
  command.query['analysisQuery.options.outputResourceEdges'] = analysis_query_options_output_resource_edges unless analysis_query_options_output_resource_edges.nil?
723
727
  command.query['analysisQuery.resourceSelector.fullResourceName'] = analysis_query_resource_selector_full_resource_name unless analysis_query_resource_selector_full_resource_name.nil?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-apis-cloudasset_v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.55.0
4
+ version: 0.56.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-26 00:00:00.000000000 Z
11
+ date: 2023-04-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-apis-core
@@ -58,7 +58,7 @@ licenses:
58
58
  metadata:
59
59
  bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
60
60
  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1/CHANGELOG.md
61
- documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.55.0
61
+ documentation_uri: https://googleapis.dev/ruby/google-apis-cloudasset_v1/v0.56.0
62
62
  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-cloudasset_v1
63
63
  post_install_message:
64
64
  rdoc_options: []