google-apis-cloudasset_v1p4beta1 0.1.0

data/lib/google/apis/cloudasset_v1p4beta1/gem_version.rb

@@ -0,0 +1,28 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Google
+  module Apis
+    module CloudassetV1p4beta1
+      # Version of the google-apis-cloudasset_v1p4beta1 gem
+      GEM_VERSION = "0.1.0"
+
+      # Version of the code generator used to generate this client
+      GENERATOR_VERSION = "0.1.1"
+
+      # Revision of the discovery document this client was generated from
+      REVISION = "20201106"
+    end
+  end
+end

data/lib/google/apis/cloudasset_v1p4beta1/representations.rb

@@ -0,0 +1,377 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'date'
+require 'google/apis/core/base_service'
+require 'google/apis/core/json_representation'
+require 'google/apis/core/hashable'
+require 'google/apis/errors'
+
+module Google
+  module Apis
+    module CloudassetV1p4beta1
+      
+      class AccessSelector
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class AnalyzeIamPolicyResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class Binding
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class ExportIamPolicyAnalysisRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class Expr
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GcsDestination
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1Access
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1AccessControlList
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1AnalysisState
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1Edge
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1Identity
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1IdentityList
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleCloudAssetV1p4beta1Resource
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class IamPolicyAnalysis
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class IamPolicyAnalysisOutputConfig
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class IamPolicyAnalysisQuery
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class IamPolicyAnalysisResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class IdentitySelector
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class Operation
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class Options
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class ResourceSelector
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class Status
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class AccessSelector
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :permissions, as: 'permissions'
+          collection :roles, as: 'roles'
+        end
+      end
+      
+      class AnalyzeIamPolicyResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :fully_explored, as: 'fullyExplored'
+          property :main_analysis, as: 'mainAnalysis', class: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysis, decorator: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysis::Representation
+      
+          collection :non_critical_errors, as: 'nonCriticalErrors', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState::Representation
+      
+          collection :service_account_impersonation_analysis, as: 'serviceAccountImpersonationAnalysis', class: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysis, decorator: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysis::Representation
+      
+        end
+      end
+      
+      class Binding
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :condition, as: 'condition', class: Google::Apis::CloudassetV1p4beta1::Expr, decorator: Google::Apis::CloudassetV1p4beta1::Expr::Representation
+      
+          collection :members, as: 'members'
+          property :role, as: 'role'
+        end
+      end
+      
+      class ExportIamPolicyAnalysisRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :analysis_query, as: 'analysisQuery', class: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisQuery, decorator: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisQuery::Representation
+      
+          property :options, as: 'options', class: Google::Apis::CloudassetV1p4beta1::Options, decorator: Google::Apis::CloudassetV1p4beta1::Options::Representation
+      
+          property :output_config, as: 'outputConfig', class: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisOutputConfig, decorator: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisOutputConfig::Representation
+      
+        end
+      end
+      
+      class Expr
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :description, as: 'description'
+          property :expression, as: 'expression'
+          property :location, as: 'location'
+          property :title, as: 'title'
+        end
+      end
+      
+      class GcsDestination
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :uri, as: 'uri'
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1Access
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :analysis_state, as: 'analysisState', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState::Representation
+      
+          property :permission, as: 'permission'
+          property :role, as: 'role'
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1AccessControlList
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :accesses, as: 'accesses', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Access, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Access::Representation
+      
+          collection :resource_edges, as: 'resourceEdges', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Edge, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Edge::Representation
+      
+          collection :resources, as: 'resources', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Resource, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Resource::Representation
+      
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1AnalysisState
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :cause, as: 'cause'
+          property :code, as: 'code'
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1Edge
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :source_node, as: 'sourceNode'
+          property :target_node, as: 'targetNode'
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1Identity
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :analysis_state, as: 'analysisState', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState::Representation
+      
+          property :name, as: 'name'
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1IdentityList
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :group_edges, as: 'groupEdges', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Edge, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Edge::Representation
+      
+          collection :identities, as: 'identities', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Identity, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1Identity::Representation
+      
+        end
+      end
+      
+      class GoogleCloudAssetV1p4beta1Resource
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :analysis_state, as: 'analysisState', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AnalysisState::Representation
+      
+          property :full_resource_name, as: 'fullResourceName'
+        end
+      end
+      
+      class IamPolicyAnalysis
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :analysis_query, as: 'analysisQuery', class: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisQuery, decorator: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisQuery::Representation
+      
+          collection :analysis_results, as: 'analysisResults', class: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisResult, decorator: Google::Apis::CloudassetV1p4beta1::IamPolicyAnalysisResult::Representation
+      
+          property :fully_explored, as: 'fullyExplored'
+        end
+      end
+      
+      class IamPolicyAnalysisOutputConfig
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :gcs_destination, as: 'gcsDestination', class: Google::Apis::CloudassetV1p4beta1::GcsDestination, decorator: Google::Apis::CloudassetV1p4beta1::GcsDestination::Representation
+      
+        end
+      end
+      
+      class IamPolicyAnalysisQuery
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :access_selector, as: 'accessSelector', class: Google::Apis::CloudassetV1p4beta1::AccessSelector, decorator: Google::Apis::CloudassetV1p4beta1::AccessSelector::Representation
+      
+          property :identity_selector, as: 'identitySelector', class: Google::Apis::CloudassetV1p4beta1::IdentitySelector, decorator: Google::Apis::CloudassetV1p4beta1::IdentitySelector::Representation
+      
+          property :parent, as: 'parent'
+          property :resource_selector, as: 'resourceSelector', class: Google::Apis::CloudassetV1p4beta1::ResourceSelector, decorator: Google::Apis::CloudassetV1p4beta1::ResourceSelector::Representation
+      
+        end
+      end
+      
+      class IamPolicyAnalysisResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :access_control_lists, as: 'accessControlLists', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AccessControlList, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1AccessControlList::Representation
+      
+          property :attached_resource_full_name, as: 'attachedResourceFullName'
+          property :fully_explored, as: 'fullyExplored'
+          property :iam_binding, as: 'iamBinding', class: Google::Apis::CloudassetV1p4beta1::Binding, decorator: Google::Apis::CloudassetV1p4beta1::Binding::Representation
+      
+          property :identity_list, as: 'identityList', class: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1IdentityList, decorator: Google::Apis::CloudassetV1p4beta1::GoogleCloudAssetV1p4beta1IdentityList::Representation
+      
+        end
+      end
+      
+      class IdentitySelector
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :identity, as: 'identity'
+        end
+      end
+      
+      class Operation
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :done, as: 'done'
+          property :error, as: 'error', class: Google::Apis::CloudassetV1p4beta1::Status, decorator: Google::Apis::CloudassetV1p4beta1::Status::Representation
+      
+          hash :metadata, as: 'metadata'
+          property :name, as: 'name'
+          hash :response, as: 'response'
+        end
+      end
+      
+      class Options
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :analyze_service_account_impersonation, as: 'analyzeServiceAccountImpersonation'
+          property :expand_groups, as: 'expandGroups'
+          property :expand_resources, as: 'expandResources'
+          property :expand_roles, as: 'expandRoles'
+          property :output_group_edges, as: 'outputGroupEdges'
+          property :output_resource_edges, as: 'outputResourceEdges'
+        end
+      end
+      
+      class ResourceSelector
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :full_resource_name, as: 'fullResourceName'
+        end
+      end
+      
+      class Status
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :code, as: 'code'
+          collection :details, as: 'details'
+          property :message, as: 'message'
+        end
+      end
+    end
+  end
+end

data/lib/google/apis/cloudasset_v1p4beta1/service.rb

@@ -0,0 +1,226 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'google/apis/core/base_service'
+require 'google/apis/core/json_representation'
+require 'google/apis/core/hashable'
+require 'google/apis/errors'
+
+module Google
+  module Apis
+    module CloudassetV1p4beta1
+      # Cloud Asset API
+      #
+      # The cloud asset API manages the history and inventory of cloud resources.
+      #
+      # @example
+      #    require 'google/apis/cloudasset_v1p4beta1'
+      #
+      #    Cloudasset = Google::Apis::CloudassetV1p4beta1 # Alias the module
+      #    service = Cloudasset::CloudAssetService.new
+      #
+      # @see https://cloud.google.com/asset-inventory/docs/quickstart
+      class CloudAssetService < Google::Apis::Core::BaseService
+        # @return [String]
+        #  API key. Your API key identifies your project and provides you with API access,
+        #  quota, and reports. Required unless you provide an OAuth 2.0 token.
+        attr_accessor :key
+
+        # @return [String]
+        #  Available to use for quota purposes for server-side applications. Can be any
+        #  arbitrary string assigned to a user, but should not exceed 40 characters.
+        attr_accessor :quota_user
+
+        def initialize
+          super('https://cloudasset.googleapis.com/', '',
+                client_name: 'google-apis-cloudasset_v1p4beta1',
+                client_version: Google::Apis::CloudassetV1p4beta1::GEM_VERSION)
+          @batch_path = 'batch'
+        end
+        
+        # Analyzes IAM policies to answer which identities have what accesses on which
+        # resources.
+        # @param [String] parent
+        #   Required. The relative name of the root asset. Only resources and IAM policies
+        #   within the parent will be analyzed. This can only be an organization number (
+        #   such as "organizations/123"), a folder number (such as "folders/123"), a
+        #   project ID (such as "projects/my-project-id"), or a project number (such as "
+        #   projects/12345"). To know how to get organization id, visit [here ](https://
+        #   cloud.google.com/resource-manager/docs/creating-managing-organization#
+        #   retrieving_your_organization_id). To know how to get folder or project id,
+        #   visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-
+        #   folders#viewing_or_listing_folders_and_projects).
+        # @param [Array<String>, String] analysis_query_access_selector_permissions
+        #   Optional. The permissions to appear in result.
+        # @param [Array<String>, String] analysis_query_access_selector_roles
+        #   Optional. The roles to appear in result.
+        # @param [String] analysis_query_identity_selector_identity
+        #   Required. The identity appear in the form of members in [IAM policy binding](
+        #   https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of
+        #   supported forms are: "user:mike@example.com", "group:admins@example.com", "
+        #   domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com".
+        #   Notice that wildcard characters (such as * and ?) are not supported. You must
+        #   give a specific identity.
+        # @param [String] analysis_query_resource_selector_full_resource_name
+        #   Required. The [full resource name](https://cloud.google.com/asset-inventory/
+        #   docs/resource-name-format) of a resource of [supported resource types](https://
+        #   cloud.google.com/asset-inventory/docs/supported-asset-types#
+        #   analyzable_asset_types).
+        # @param [Boolean] options_analyze_service_account_impersonation
+        #   Optional. If true, the response will include access analysis from identities
+        #   to resources via service account impersonation. This is a very expensive
+        #   operation, because many derived queries will be executed. We highly recommend
+        #   you use AssetService.ExportIamPolicyAnalysis rpc instead. For example, if the
+        #   request analyzes for which resources user A has permission P, and there's an
+        #   IAM policy states user A has iam.serviceAccounts.getAccessToken permission to
+        #   a service account SA, and there's another IAM policy states service account SA
+        #   has permission P to a GCP folder F, then user A potentially has access to the
+        #   GCP folder F. And those advanced analysis results will be included in
+        #   AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another
+        #   example, if the request analyzes for who has permission P to a GCP folder F,
+        #   and there's an IAM policy states user A has iam.serviceAccounts.actAs
+        #   permission to a service account SA, and there's another IAM policy states
+        #   service account SA has permission P to the GCP folder F, then user A
+        #   potentially has access to the GCP folder F. And those advanced analysis
+        #   results will be included in AnalyzeIamPolicyResponse.
+        #   service_account_impersonation_analysis. Default is false.
+        # @param [String] options_execution_timeout
+        #   Optional. Amount of time executable has to complete. See JSON representation
+        #   of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
+        #   If this field is set with a value less than the RPC deadline, and the
+        #   execution of your query hasn't finished in the specified execution timeout,
+        #   you will get a response with partial result. Otherwise, your query's execution
+        #   will continue until the RPC deadline. If it's not finished until then, you
+        #   will get a DEADLINE_EXCEEDED error. Default is empty.
+        # @param [Boolean] options_expand_groups
+        #   Optional. If true, the identities section of the result will expand any Google
+        #   groups appearing in an IAM policy binding. If identity_selector is specified,
+        #   the identity in the result will be determined by the selector, and this flag
+        #   will have no effect. Default is false.
+        # @param [Boolean] options_expand_resources
+        #   Optional. If true, the resource section of the result will expand any resource
+        #   attached to an IAM policy to include resources lower in the resource hierarchy.
+        #   For example, if the request analyzes for which resources user A has
+        #   permission P, and the results include an IAM policy with P on a GCP folder,
+        #   the results will also include resources in that folder with permission P. If
+        #   resource_selector is specified, the resource section of the result will be
+        #   determined by the selector, and this flag will have no effect. Default is
+        #   false.
+        # @param [Boolean] options_expand_roles
+        #   Optional. If true, the access section of result will expand any roles
+        #   appearing in IAM policy bindings to include their permissions. If
+        #   access_selector is specified, the access section of the result will be
+        #   determined by the selector, and this flag will have no effect. Default is
+        #   false.
+        # @param [Boolean] options_output_group_edges
+        #   Optional. If true, the result will output group identity edges, starting from
+        #   the binding's group members, to any expanded identities. Default is false.
+        # @param [Boolean] options_output_resource_edges
+        #   Optional. If true, the result will output resource edges, starting from the
+        #   policy attached resource, to any expanded resources. Default is false.
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def analyze_iam_policy(parent, analysis_query_access_selector_permissions: nil, analysis_query_access_selector_roles: nil, analysis_query_identity_selector_identity: nil, analysis_query_resource_selector_full_resource_name: nil, options_analyze_service_account_impersonation: nil, options_execution_timeout: nil, options_expand_groups: nil, options_expand_resources: nil, options_expand_roles: nil, options_output_group_edges: nil, options_output_resource_edges: nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:get, 'v1p4beta1/{+parent}:analyzeIamPolicy', options)
+          command.response_representation = Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse::Representation
+          command.response_class = Google::Apis::CloudassetV1p4beta1::AnalyzeIamPolicyResponse
+          command.params['parent'] = parent unless parent.nil?
+          command.query['analysisQuery.accessSelector.permissions'] = analysis_query_access_selector_permissions unless analysis_query_access_selector_permissions.nil?
+          command.query['analysisQuery.accessSelector.roles'] = analysis_query_access_selector_roles unless analysis_query_access_selector_roles.nil?
+          command.query['analysisQuery.identitySelector.identity'] = analysis_query_identity_selector_identity unless analysis_query_identity_selector_identity.nil?
+          command.query['analysisQuery.resourceSelector.fullResourceName'] = analysis_query_resource_selector_full_resource_name unless analysis_query_resource_selector_full_resource_name.nil?
+          command.query['options.analyzeServiceAccountImpersonation'] = options_analyze_service_account_impersonation unless options_analyze_service_account_impersonation.nil?
+          command.query['options.executionTimeout'] = options_execution_timeout unless options_execution_timeout.nil?
+          command.query['options.expandGroups'] = options_expand_groups unless options_expand_groups.nil?
+          command.query['options.expandResources'] = options_expand_resources unless options_expand_resources.nil?
+          command.query['options.expandRoles'] = options_expand_roles unless options_expand_roles.nil?
+          command.query['options.outputGroupEdges'] = options_output_group_edges unless options_output_group_edges.nil?
+          command.query['options.outputResourceEdges'] = options_output_resource_edges unless options_output_resource_edges.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Exports the answers of which identities have what accesses on which resources
+        # to a Google Cloud Storage destination. The output format is the JSON format
+        # that represents a AnalyzeIamPolicyResponse in the JSON format. This method
+        # implements the google.longrunning.Operation, which allows you to keep track of
+        # the export. We recommend intervals of at least 2 seconds with exponential
+        # retry to poll the export operation result. The metadata contains the request
+        # to help callers to map responses to requests.
+        # @param [String] parent
+        #   Required. The relative name of the root asset. Only resources and IAM policies
+        #   within the parent will be analyzed. This can only be an organization number (
+        #   such as "organizations/123"), a folder number (such as "folders/123"), a
+        #   project ID (such as "projects/my-project-id"), or a project number (such as "
+        #   projects/12345"). To know how to get organization id, visit [here ](https://
+        #   cloud.google.com/resource-manager/docs/creating-managing-organization#
+        #   retrieving_your_organization_id). To know how to get folder or project id,
+        #   visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-
+        #   folders#viewing_or_listing_folders_and_projects).
+        # @param [Google::Apis::CloudassetV1p4beta1::ExportIamPolicyAnalysisRequest] export_iam_policy_analysis_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::CloudassetV1p4beta1::Operation] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::CloudassetV1p4beta1::Operation]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def export_iam_policy_analysis(parent, export_iam_policy_analysis_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1p4beta1/{+parent}:exportIamPolicyAnalysis', options)
+          command.request_representation = Google::Apis::CloudassetV1p4beta1::ExportIamPolicyAnalysisRequest::Representation
+          command.request_object = export_iam_policy_analysis_request_object
+          command.response_representation = Google::Apis::CloudassetV1p4beta1::Operation::Representation
+          command.response_class = Google::Apis::CloudassetV1p4beta1::Operation
+          command.params['parent'] = parent unless parent.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+
+        protected
+
+        def apply_command_defaults(command)
+          command.query['key'] = key unless key.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+        end
+      end
+    end
+  end
+end