google-cloud-asset-v1 0.2.3 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 146d92531ea9d255916e790bba685754e5dd33c40bda18a0bca7a5a41b65c463
-  data.tar.gz: d6ce7170c915fb035581a909bf716dd4d16271027f6c22256149d9a4739afd2d
+  metadata.gz: f46ad7edc434252f8c8dee87bfba260b8aa24346e300cf6ab7d442e81c89c3e1
+  data.tar.gz: 56d5a1b6d03b3b5a8ec8448266abd000d76dc0e06245b6590a7f2739e32852f7
 SHA512:
-  metadata.gz: 5919727dae53db59a1409e5b011b7b97edf4d0af4b23cf2f7efc0b27275ef201ed7e51695630ffda06d9b0b6c27c6691dfc9503fba21fcbd261e867d139b93b2
-  data.tar.gz: ef8c73a1dc3da98c135aa199258a2f301ab591b50dfa21b85f755eab31ff49e8d3479adb64b01e2182bc421e3871bca1d8599264238e92b5c7a5af95bb9abfb6
+  metadata.gz: f12603eeb775698889082767fec48569b8a072e9029a42f9f4399e50148d9e322fb608fa2a13c8236980aae9249b63c011f7146aa7fa856a2a249a00bd435cf0
+  data.tar.gz: 433f992728d70ada4cce95693659300799287c9482be3d481ab9e9ea02fc8c712b0e4acc4a1be603272ae1a9c9634d5a1134204591e3644fb0249faf7e949b55

data/lib/google/cloud/asset/v1/asset_service/client.rb

@@ -75,6 +75,22 @@ module Google
                   retry_codes:   ["DEADLINE_EXCEEDED", "UNAVAILABLE"]
                 }
 
+                default_config.rpcs.search_all_resources.timeout = 15.0
+                default_config.rpcs.search_all_resources.retry_policy = {
+                  initial_delay: 0.1,
+                  max_delay:     60.0,
+                  multiplier:    1.3,
+                  retry_codes:   ["DEADLINE_EXCEEDED", "UNAVAILABLE"]
+                }
+
+                default_config.rpcs.search_all_iam_policies.timeout = 15.0
+                default_config.rpcs.search_all_iam_policies.retry_policy = {
+                  initial_delay: 0.1,
+                  max_delay:     60.0,
+                  multiplier:    1.3,
+                  retry_codes:   ["DEADLINE_EXCEEDED", "UNAVAILABLE"]
+                }
+
                 default_config
               end
               yield @configure if block_given?
@@ -140,7 +156,8 @@ module Google
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
-              @quota_project_id = credentials.respond_to?(:quota_project_id) ? credentials.quota_project_id : nil
+              @quota_project_id = @config.quota_project
+              @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
               @operations_client = Operations.new do |config|
                 config.credentials = credentials
@@ -168,8 +185,9 @@ module Google
             ##
             # Exports assets with time and resource types to a given Cloud Storage
             # location. The output format is newline-delimited JSON.
-            # This API implements the {::Google::Longrunning::Operation google.longrunning.Operation} API allowing you
-            # to keep track of the export.
+            # This API implements the
+            # {::Google::Longrunning::Operation google.longrunning.Operation} API allowing
+            # you to keep track of the export.
             #
             # @overload export_assets(request, options = nil)
             #   Pass arguments to `export_assets` via a request object, either of type
@@ -379,9 +397,8 @@ module Google
             #     Required. This is the client-assigned asset feed identifier and it needs to
             #     be unique under a specific parent project/folder/organization.
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The feed details. The field `name` must be empty and it will be generated
-            #     in the format of:
-            #     projects/project_number/feeds/feed_id
+            #     Required. The feed details. The field `name` must be empty and it will be
+            #     generated in the format of: projects/project_number/feeds/feed_id
             #     folders/folder_number/feeds/feed_id
             #     organizations/organization_number/feeds/feed_id
             #
@@ -586,8 +603,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The new values of feed details. It must match an existing feed and the
-            #     field `name` must be in the format of:
+            #     Required. The new values of feed details. It must match an existing feed
+            #     and the field `name` must be in the format of:
             #     projects/project_number/feeds/feed_id or
             #     folders/folder_number/feeds/feed_id or
             #     organizations/organization_number/feeds/feed_id.
@@ -710,6 +727,250 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Searches all the resources within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllResources permission upon the requested scope,
+            # otherwise the request will be rejected.
+            #
+            # @overload search_all_resources(request, options = nil)
+            #   Pass arguments to `search_all_resources` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::SearchAllResourcesRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::SearchAllResourcesRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload search_all_resources(scope: nil, query: nil, asset_types: nil, page_size: nil, page_token: nil, order_by: nil)
+            #   Pass arguments to `search_all_resources` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. A scope can be a project, a folder or an organization. The search
+            #     is limited to the resources within the `scope`.
+            #
+            #     The allowed values are:
+            #
+            #     * projects/\\{PROJECT_ID}
+            #     * projects/\\{PROJECT_NUMBER}
+            #     * folders/\\{FOLDER_NUMBER}
+            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #   @param query [::String]
+            #     Optional. The query statement. An empty query can be specified to search
+            #     all the resources of certain `asset_types` within the given `scope`.
+            #
+            #     Examples:
+            #
+            #     * `name : "Important"` to find Cloud resources whose name contains
+            #       "Important" as a word.
+            #     * `displayName : "Impor*"` to find Cloud resources whose display name
+            #       contains "Impor" as a word prefix.
+            #     * `description : "*por*"` to find Cloud resources whose description
+            #       contains "por" as a substring.
+            #     * `location : "us-west*"` to find Cloud resources whose location is
+            #       prefixed with "us-west".
+            #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+            #       a key or value.
+            #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+            #       and its value is "prod".
+            #     * `labels.env : *` to find Cloud resources which have a label "env".
+            #     * `"Important"` to find Cloud resources which contain "Important" as a word
+            #       in any of the searchable fields.
+            #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+            #       in any of the searchable fields.
+            #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+            #       any of the searchable fields.
+            #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
+            #       resources which contain "Important" as a word in any of the searchable
+            #       fields and are also located in the "us-west1" region or the "global"
+            #       location.
+            #
+            #     See [how to construct a
+            #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+            #     for more details.
+            #   @param asset_types [::Array<::String>]
+            #     Optional. A list of asset types that this request searches for. If empty,
+            #     it will search all the [searchable asset
+            #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+            #   @param page_size [::Integer]
+            #     Optional. The page size for search result pagination. Page size is capped
+            #     at 500 even if a larger value is given. If set to zero, server will pick an
+            #     appropriate default. Returned results may be fewer than requested. When
+            #     this happens, there could be more results as long as `next_page_token` is
+            #     returned.
+            #   @param page_token [::String]
+            #     Optional. If present, then retrieve the next batch of results from the
+            #     preceding call to this method. `page_token` must be the value of
+            #     `next_page_token` from the previous response. The values of all other
+            #     method parameters, must be identical to those in the previous call.
+            #   @param order_by [::String]
+            #     Optional. A comma separated list of fields specifying the sorting order of
+            #     the results. The default order is ascending. Add " DESC" after the field
+            #     name to indicate descending order. Redundant space characters are ignored.
+            #     Example: "location DESC, name". See [supported resource metadata
+            #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
+            #     for more details.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def search_all_resources request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::SearchAllResourcesRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.search_all_resources.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "scope" => request.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.search_all_resources.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.search_all_resources.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :search_all_resources, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :search_all_resources, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Searches all the IAM policies within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+            # otherwise the request will be rejected.
+            #
+            # @overload search_all_iam_policies(request, options = nil)
+            #   Pass arguments to `search_all_iam_policies` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload search_all_iam_policies(scope: nil, query: nil, page_size: nil, page_token: nil)
+            #   Pass arguments to `search_all_iam_policies` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. A scope can be a project, a folder or an organization. The search
+            #     is limited to the IAM policies within the `scope`.
+            #
+            #     The allowed values are:
+            #
+            #     * projects/\\{PROJECT_ID}
+            #     * projects/\\{PROJECT_NUMBER}
+            #     * folders/\\{FOLDER_NUMBER}
+            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #   @param query [::String]
+            #     Optional. The query statement. An empty query can be specified to search
+            #     all the IAM policies within the given `scope`.
+            #
+            #     Examples:
+            #
+            #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
+            #       specify user "amy@gmail.com".
+            #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
+            #       specify the Compute Admin role.
+            #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
+            #       policy bindings that specify a role containing "storage.buckets.update"
+            #       permission.
+            #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
+            #       are set on "organizations/123".
+            #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
+            #       to find Cloud IAM policy bindings that are set on "organizations/123" or
+            #       "folders/1234", and also specify user "amy".
+            #
+            #     See [how to construct a
+            #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+            #     for more details.
+            #   @param page_size [::Integer]
+            #     Optional. The page size for search result pagination. Page size is capped
+            #     at 500 even if a larger value is given. If set to zero, server will pick an
+            #     appropriate default. Returned results may be fewer than requested. When
+            #     this happens, there could be more results as long as `next_page_token` is
+            #     returned.
+            #   @param page_token [::String]
+            #     Optional. If present, retrieve the next batch of results from the preceding
+            #     call to this method. `page_token` must be the value of `next_page_token`
+            #     from the previous response. The values of all other method parameters must
+            #     be identical to those in the previous call.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def search_all_iam_policies request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.search_all_iam_policies.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "scope" => request.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.search_all_iam_policies.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.search_all_iam_policies.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :search_all_iam_policies, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :search_all_iam_policies, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AssetService API.
             #
@@ -786,24 +1047,28 @@ module Google
             #    *  `:retry_codes` (*type:* `Array<String>`) - The error codes that should
             #       trigger a retry.
             #   @return [::Hash]
+            # @!attribute [rw] quota_project
+            #   A separate project against which to charge quota.
+            #   @return [::String]
             #
             class Configuration
               extend ::Gapic::Config
 
-              config_attr :endpoint,     "cloudasset.googleapis.com", String
-              config_attr :credentials,  nil do |value|
+              config_attr :endpoint,      "cloudasset.googleapis.com", ::String
+              config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
-              config_attr :scope,        nil, ::String, ::Array, nil
-              config_attr :lib_name,     nil, ::String, nil
-              config_attr :lib_version,  nil, ::String, nil
-              config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
-              config_attr :interceptors, nil, ::Array, nil
-              config_attr :timeout,      nil, ::Numeric, nil
-              config_attr :metadata,     nil, ::Hash, nil
-              config_attr :retry_policy, nil, ::Hash, Proc, nil
+              config_attr :scope,         nil, ::String, ::Array, nil
+              config_attr :lib_name,      nil, ::String, nil
+              config_attr :lib_version,   nil, ::String, nil
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr :interceptors,  nil, ::Array, nil
+              config_attr :timeout,       nil, ::Numeric, nil
+              config_attr :metadata,      nil, ::Hash, nil
+              config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
+              config_attr :quota_project, nil, ::String, nil
 
               # @private
               def initialize parent_config = nil
@@ -819,7 +1084,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if @parent_config&.respond_to? :rpcs
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end
@@ -877,6 +1142,16 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :delete_feed
+                ##
+                # RPC-specific configuration for `search_all_resources`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :search_all_resources
+                ##
+                # RPC-specific configuration for `search_all_iam_policies`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :search_all_iam_policies
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -894,6 +1169,10 @@ module Google
                   @update_feed = ::Gapic::Config::Method.new update_feed_config
                   delete_feed_config = parent_rpcs&.delete_feed if parent_rpcs&.respond_to? :delete_feed
                   @delete_feed = ::Gapic::Config::Method.new delete_feed_config
+                  search_all_resources_config = parent_rpcs&.search_all_resources if parent_rpcs&.respond_to? :search_all_resources
+                  @search_all_resources = ::Gapic::Config::Method.new search_all_resources_config
+                  search_all_iam_policies_config = parent_rpcs&.search_all_iam_policies if parent_rpcs&.respond_to? :search_all_iam_policies
+                  @search_all_iam_policies = ::Gapic::Config::Method.new search_all_iam_policies_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/asset/v1/asset_service/operations.rb

@@ -85,6 +85,8 @@ module Google
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
+              @quota_project_id = @config.quota_project
+              @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
               @operations_stub = ::Gapic::ServiceStub.new(
                 ::Google::Longrunning::Operations::Stub,
@@ -464,24 +466,28 @@ module Google
             #    *  `:retry_codes` (*type:* `Array<String>`) - The error codes that should
             #       trigger a retry.
             #   @return [::Hash]
+            # @!attribute [rw] quota_project
+            #   A separate project against which to charge quota.
+            #   @return [::String]
             #
             class Configuration
               extend ::Gapic::Config
 
-              config_attr :endpoint,     "cloudasset.googleapis.com", String
-              config_attr :credentials,  nil do |value|
+              config_attr :endpoint,      "cloudasset.googleapis.com", ::String
+              config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
-              config_attr :scope,        nil, ::String, ::Array, nil
-              config_attr :lib_name,     nil, ::String, nil
-              config_attr :lib_version,  nil, ::String, nil
-              config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
-              config_attr :interceptors, nil, ::Array, nil
-              config_attr :timeout,      nil, ::Numeric, nil
-              config_attr :metadata,     nil, ::Hash, nil
-              config_attr :retry_policy, nil, ::Hash, Proc, nil
+              config_attr :scope,         nil, ::String, ::Array, nil
+              config_attr :lib_name,      nil, ::String, nil
+              config_attr :lib_version,   nil, ::String, nil
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr :interceptors,  nil, ::Array, nil
+              config_attr :timeout,       nil, ::Numeric, nil
+              config_attr :metadata,      nil, ::Hash, nil
+              config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
+              config_attr :quota_project, nil, ::String, nil
 
               # @private
               def initialize parent_config = nil
@@ -497,7 +503,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if @parent_config&.respond_to? :rpcs
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end

data/lib/google/cloud/asset/v1/asset_service_pb.rb

@@ -88,6 +88,28 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :content_type, :enum, 4, "google.cloud.asset.v1.ContentType"
       optional :feed_output_config, :message, 5, "google.cloud.asset.v1.FeedOutputConfig"
     end
+    add_message "google.cloud.asset.v1.SearchAllResourcesRequest" do
+      optional :scope, :string, 1
+      optional :query, :string, 2
+      repeated :asset_types, :string, 3
+      optional :page_size, :int32, 4
+      optional :page_token, :string, 5
+      optional :order_by, :string, 6
+    end
+    add_message "google.cloud.asset.v1.SearchAllResourcesResponse" do
+      repeated :results, :message, 1, "google.cloud.asset.v1.ResourceSearchResult"
+      optional :next_page_token, :string, 2
+    end
+    add_message "google.cloud.asset.v1.SearchAllIamPoliciesRequest" do
+      optional :scope, :string, 1
+      optional :query, :string, 2
+      optional :page_size, :int32, 3
+      optional :page_token, :string, 4
+    end
+    add_message "google.cloud.asset.v1.SearchAllIamPoliciesResponse" do
+      repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
+      optional :next_page_token, :string, 2
+    end
     add_enum "google.cloud.asset.v1.ContentType" do
       value :CONTENT_TYPE_UNSPECIFIED, 0
       value :RESOURCE, 1
@@ -118,6 +140,10 @@ module Google
         PubsubDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.PubsubDestination").msgclass
         FeedOutputConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.FeedOutputConfig").msgclass
         Feed = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Feed").msgclass
+        SearchAllResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesRequest").msgclass
+        SearchAllResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesResponse").msgclass
+        SearchAllIamPoliciesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesRequest").msgclass
+        SearchAllIamPoliciesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesResponse").msgclass
         ContentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ContentType").enummodule
       end
     end

data/lib/google/cloud/asset/v1/asset_service_services_pb.rb

@@ -35,8 +35,9 @@ module Google
 
             # Exports assets with time and resource types to a given Cloud Storage
             # location. The output format is newline-delimited JSON.
-            # This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
-            # to keep track of the export.
+            # This API implements the
+            # [google.longrunning.Operation][google.longrunning.Operation] API allowing
+            # you to keep track of the export.
             rpc :ExportAssets, ExportAssetsRequest, Google::Longrunning::Operation
             # Batch gets the update history of assets that overlap a time window.
             # For RESOURCE content, this API outputs history with asset in both
@@ -57,6 +58,16 @@ module Google
             rpc :UpdateFeed, UpdateFeedRequest, Feed
             # Deletes an asset feed.
             rpc :DeleteFeed, DeleteFeedRequest, Google::Protobuf::Empty
+            # Searches all the resources within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllResources permission upon the requested scope,
+            # otherwise the request will be rejected.
+            rpc :SearchAllResources, SearchAllResourcesRequest, SearchAllResourcesResponse
+            # Searches all the IAM policies within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+            # otherwise the request will be rejected.
+            rpc :SearchAllIamPolicies, SearchAllIamPoliciesRequest, SearchAllIamPoliciesResponse
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/cloud/asset/v1/assets_pb.rb

@@ -3,6 +3,7 @@
 
 require 'google/protobuf'
 
+require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/orgpolicy/v1/orgpolicy_pb'
 require 'google/iam/v1/policy_pb'
@@ -12,7 +13,6 @@ require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
 require 'google/protobuf/any_pb'
 require 'google/protobuf/struct_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
     add_message "google.cloud.asset.v1.TemporalAsset" do
@@ -44,6 +44,30 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :resource_url, :string, 4
       optional :parent, :string, 5
       optional :data, :message, 6, "google.protobuf.Struct"
+      optional :location, :string, 8
+    end
+    add_message "google.cloud.asset.v1.ResourceSearchResult" do
+      optional :name, :string, 1
+      optional :asset_type, :string, 2
+      optional :project, :string, 3
+      optional :display_name, :string, 4
+      optional :description, :string, 5
+      optional :location, :string, 6
+      map :labels, :string, :string, 7
+      repeated :network_tags, :string, 8
+      optional :additional_attributes, :message, 9, "google.protobuf.Struct"
+    end
+    add_message "google.cloud.asset.v1.IamPolicySearchResult" do
+      optional :resource, :string, 1
+      optional :project, :string, 2
+      optional :policy, :message, 3, "google.iam.v1.Policy"
+      optional :explanation, :message, 4, "google.cloud.asset.v1.IamPolicySearchResult.Explanation"
+    end
+    add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation" do
+      map :matched_permissions, :string, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions"
+    end
+    add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions" do
+      repeated :permissions, :string, 1
     end
   end
 end
@@ -56,6 +80,10 @@ module Google
         TimeWindow = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.TimeWindow").msgclass
         Asset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Asset").msgclass
         Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Resource").msgclass
+        ResourceSearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ResourceSearchResult").msgclass
+        IamPolicySearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult").msgclass
+        IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
+        IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
       end
     end
   end

data/lib/google/cloud/asset/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Asset
       module V1
-        VERSION = "0.2.3"
+        VERSION = "0.4.3"
       end
     end
   end

data/proto_docs/google/cloud/asset/v1/asset_service.rb

@@ -56,8 +56,10 @@ module Google
         end
 
         # The export asset response. This message is returned by the
-        # google.longrunning.Operations.GetOperation method in the returned
-        # {::Google::Longrunning::Operation#response google.longrunning.Operation.response} field.
+        # google.longrunning.Operations.GetOperation
+        # method in the returned
+        # {::Google::Longrunning::Operation#response google.longrunning.Operation.response}
+        # field.
         # @!attribute [rw] read_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Time the snapshot was taken.
@@ -127,9 +129,8 @@ module Google
         #     be unique under a specific parent project/folder/organization.
         # @!attribute [rw] feed
         #   @return [::Google::Cloud::Asset::V1::Feed]
-        #     Required. The feed details. The field `name` must be empty and it will be generated
-        #     in the format of:
-        #     projects/project_number/feeds/feed_id
+        #     Required. The feed details. The field `name` must be empty and it will be
+        #     generated in the format of: projects/project_number/feeds/feed_id
         #     folders/folder_number/feeds/feed_id
         #     organizations/organization_number/feeds/feed_id
         class CreateFeedRequest
@@ -171,8 +172,8 @@ module Google
         # Update asset feed request.
         # @!attribute [rw] feed
         #   @return [::Google::Cloud::Asset::V1::Feed]
-        #     Required. The new values of feed details. It must match an existing feed and the
-        #     field `name` must be in the format of:
+        #     Required. The new values of feed details. It must match an existing feed
+        #     and the field `name` must be in the format of:
         #     projects/project_number/feeds/feed_id or
         #     folders/folder_number/feeds/feed_id or
         #     organizations/organization_number/feeds/feed_id.
@@ -325,6 +326,166 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Search all resources request.
+        # @!attribute [rw] scope
+        #   @return [::String]
+        #     Required. A scope can be a project, a folder or an organization. The search
+        #     is limited to the resources within the `scope`.
+        #
+        #     The allowed values are:
+        #
+        #     * projects/\\{PROJECT_ID}
+        #     * projects/\\{PROJECT_NUMBER}
+        #     * folders/\\{FOLDER_NUMBER}
+        #     * organizations/\\{ORGANIZATION_NUMBER}
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     Optional. The query statement. An empty query can be specified to search
+        #     all the resources of certain `asset_types` within the given `scope`.
+        #
+        #     Examples:
+        #
+        #     * `name : "Important"` to find Cloud resources whose name contains
+        #       "Important" as a word.
+        #     * `displayName : "Impor*"` to find Cloud resources whose display name
+        #       contains "Impor" as a word prefix.
+        #     * `description : "*por*"` to find Cloud resources whose description
+        #       contains "por" as a substring.
+        #     * `location : "us-west*"` to find Cloud resources whose location is
+        #       prefixed with "us-west".
+        #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+        #       a key or value.
+        #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+        #       and its value is "prod".
+        #     * `labels.env : *` to find Cloud resources which have a label "env".
+        #     * `"Important"` to find Cloud resources which contain "Important" as a word
+        #       in any of the searchable fields.
+        #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+        #       in any of the searchable fields.
+        #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+        #       any of the searchable fields.
+        #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
+        #       resources which contain "Important" as a word in any of the searchable
+        #       fields and are also located in the "us-west1" region or the "global"
+        #       location.
+        #
+        #     See [how to construct a
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+        #     for more details.
+        # @!attribute [rw] asset_types
+        #   @return [::Array<::String>]
+        #     Optional. A list of asset types that this request searches for. If empty,
+        #     it will search all the [searchable asset
+        #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. The page size for search result pagination. Page size is capped
+        #     at 500 even if a larger value is given. If set to zero, server will pick an
+        #     appropriate default. Returned results may be fewer than requested. When
+        #     this happens, there could be more results as long as `next_page_token` is
+        #     returned.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. If present, then retrieve the next batch of results from the
+        #     preceding call to this method. `page_token` must be the value of
+        #     `next_page_token` from the previous response. The values of all other
+        #     method parameters, must be identical to those in the previous call.
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Optional. A comma separated list of fields specifying the sorting order of
+        #     the results. The default order is ascending. Add " DESC" after the field
+        #     name to indicate descending order. Redundant space characters are ignored.
+        #     Example: "location DESC, name". See [supported resource metadata
+        #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
+        #     for more details.
+        class SearchAllResourcesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Search all resources response.
+        # @!attribute [rw] results
+        #   @return [::Array<::Google::Cloud::Asset::V1::ResourceSearchResult>]
+        #     A list of Resources that match the search query. It contains the resource
+        #     standard metadata information.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     If there are more results than those appearing in this response, then
+        #     `next_page_token` is included. To get the next set of results, call this
+        #     method again using the value of `next_page_token` as `page_token`.
+        class SearchAllResourcesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Search all IAM policies request.
+        # @!attribute [rw] scope
+        #   @return [::String]
+        #     Required. A scope can be a project, a folder or an organization. The search
+        #     is limited to the IAM policies within the `scope`.
+        #
+        #     The allowed values are:
+        #
+        #     * projects/\\{PROJECT_ID}
+        #     * projects/\\{PROJECT_NUMBER}
+        #     * folders/\\{FOLDER_NUMBER}
+        #     * organizations/\\{ORGANIZATION_NUMBER}
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     Optional. The query statement. An empty query can be specified to search
+        #     all the IAM policies within the given `scope`.
+        #
+        #     Examples:
+        #
+        #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
+        #       specify user "amy@gmail.com".
+        #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
+        #       specify the Compute Admin role.
+        #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
+        #       policy bindings that specify a role containing "storage.buckets.update"
+        #       permission.
+        #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
+        #       are set on "organizations/123".
+        #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
+        #       to find Cloud IAM policy bindings that are set on "organizations/123" or
+        #       "folders/1234", and also specify user "amy".
+        #
+        #     See [how to construct a
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+        #     for more details.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. The page size for search result pagination. Page size is capped
+        #     at 500 even if a larger value is given. If set to zero, server will pick an
+        #     appropriate default. Returned results may be fewer than requested. When
+        #     this happens, there could be more results as long as `next_page_token` is
+        #     returned.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. If present, retrieve the next batch of results from the preceding
+        #     call to this method. `page_token` must be the value of `next_page_token`
+        #     from the previous response. The values of all other method parameters must
+        #     be identical to those in the previous call.
+        class SearchAllIamPoliciesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Search all IAM policies response.
+        # @!attribute [rw] results
+        #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
+        #     A list of IamPolicy that match the search query. Related information such
+        #     as the associated resource is returned along with the policy.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     Set if there are more results than those appearing in this response; to get
+        #     the next set of results, call this method again, using this value as the
+        #     `page_token`.
+        class SearchAllIamPoliciesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Asset content type.
         module ContentType
           # Unspecified content type.

data/proto_docs/google/cloud/asset/v1/assets.rb

@@ -37,7 +37,7 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # A time window specified by its "start_time" and "end_time".
+        # A time window specified by its `start_time` and `end_time`.
         # @!attribute [rw] start_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Start time of the time window (exclusive).
@@ -58,14 +58,14 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     The full name of the asset. For example:
-        #     "//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1"
+        #     `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`
         #
         #     See [Resource
         #     names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
         #     for more information.
         # @!attribute [rw] asset_type
         #   @return [::String]
-        #     The type of the asset. For example: "compute.googleapis.com/Disk"
+        #     The type of the asset. For example: `compute.googleapis.com/Disk`
         #
         #     See [Supported asset
         #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
@@ -114,19 +114,19 @@ module Google
         # A representation of a Google Cloud resource.
         # @!attribute [rw] version
         #   @return [::String]
-        #     The API version. For example: "v1"
+        #     The API version. For example: `v1`
         # @!attribute [rw] discovery_document_uri
         #   @return [::String]
         #     The URL of the discovery document containing the resource's JSON schema.
         #     For example:
-        #     "https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"
+        #     `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
         #
         #     This value is unspecified for resources that do not have an API based on a
         #     discovery document, such as Cloud Bigtable.
         # @!attribute [rw] discovery_name
         #   @return [::String]
         #     The JSON schema name listed in the discovery document. For example:
-        #     "Project"
+        #     `Project`
         #
         #     This value is unspecified for resources that do not have an API based on a
         #     discovery document, such as Cloud Bigtable.
@@ -134,7 +134,7 @@ module Google
         #   @return [::String]
         #     The REST URL for accessing the resource. An HTTP `GET` request using this
         #     URL returns the resource itself. For example:
-        #     "https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123"
+        #     `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
         #
         #     This value is unspecified for resources without a REST API.
         # @!attribute [rw] parent
@@ -148,17 +148,206 @@ module Google
         #     [Cloud IAM policy
         #     hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
         #     For example:
-        #     "//cloudresourcemanager.googleapis.com/projects/my_project_123"
+        #     `//cloudresourcemanager.googleapis.com/projects/my_project_123`
         #
         #     For third-party assets, this field may be set differently.
         # @!attribute [rw] data
         #   @return [::Google::Protobuf::Struct]
         #     The content of the resource, in which some sensitive fields are removed
         #     and may not be present.
+        # @!attribute [rw] location
+        #   @return [::String]
+        #     The location of the resource in Google Cloud, such as its zone and region.
+        #     For more information, see https://cloud.google.com/about/locations/.
         class Resource
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
+
+        # A result of Resource Search, containing information of a cloud resoure.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The full resource name of this resource. Example:
+        #     `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
+        #     See [Cloud Asset Inventory Resource Name
+        #     Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+        #     for more information.
+        #
+        #     To search against the `name`:
+        #
+        #     * use a field query. Example: `name : "instance1"`
+        #     * use a free text query. Example: `"instance1"`
+        # @!attribute [rw] asset_type
+        #   @return [::String]
+        #     The type of this resource. Example: `compute.googleapis.com/Disk`.
+        #
+        #     To search against the `asset_type`:
+        #
+        #     * specify the `asset_type` field in your search request.
+        # @!attribute [rw] project
+        #   @return [::String]
+        #     The project that this resource belongs to, in the form of
+        #     projects/\\{PROJECT_NUMBER}.
+        #
+        #     To search against the `project`:
+        #
+        #     * specify the `scope` field as this project in your search request.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The display name of this resource.
+        #
+        #     To search against the `display_name`:
+        #
+        #     * use a field query. Example: `displayName : "My Instance"`
+        #     * use a free text query. Example: `"My Instance"`
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     One or more paragraphs of text description of this resource. Maximum length
+        #     could be up to 1M bytes.
+        #
+        #     To search against the `description`:
+        #
+        #     * use a field query. Example: `description : "*important instance*"`
+        #     * use a free text query. Example: `"*important instance*"`
+        # @!attribute [rw] location
+        #   @return [::String]
+        #     Location can be `global`, regional like `us-east1`, or zonal like
+        #     `us-west1-b`.
+        #
+        #     To search against the `location`:
+        #
+        #     * use a field query. Example: `location : "us-west*"`
+        #     * use a free text query. Example: `"us-west*"`
+        # @!attribute [rw] labels
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Labels associated with this resource. See [Labelling and grouping GCP
+        #     resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
+        #     for more information.
+        #
+        #     To search against the `labels`:
+        #
+        #     * use a field query, as following:
+        #         - query on any label's key or value. Example: `labels : "prod"`
+        #         - query by a given label. Example: `labels.env : "prod"`
+        #         - query by a given label'sexistence. Example: `labels.env : *`
+        #     * use a free text query. Example: `"prod"`
+        # @!attribute [rw] network_tags
+        #   @return [::Array<::String>]
+        #     Network tags associated with this resource. Like labels, network tags are a
+        #     type of annotations used to group GCP resources. See [Labelling GCP
+        #     resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
+        #     for more information.
+        #
+        #     To search against the `network_tags`:
+        #
+        #     * use a field query. Example: `networkTags : "internal"`
+        #     * use a free text query. Example: `"internal"`
+        # @!attribute [rw] additional_attributes
+        #   @return [::Google::Protobuf::Struct]
+        #     The additional attributes of this resource. The attributes may vary from
+        #     one resource type to another. Examples: `projectId` for Project,
+        #     `dnsName` for DNS ManagedZone.
+        #
+        #     To search against the `additional_attributes`:
+        #
+        #     * use a free text query to match the attributes values. Example: to search
+        #       `additional_attributes = { dnsName: "foobar" }`, you can issue a query
+        #       `"foobar"`.
+        class ResourceSearchResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class LabelsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # A result of IAM Policy search, containing information of an IAM policy.
+        # @!attribute [rw] resource
+        #   @return [::String]
+        #     The full resource name of the resource associated with this IAM policy.
+        #     Example:
+        #     `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
+        #     See [Cloud Asset Inventory Resource Name
+        #     Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+        #     for more information.
+        #
+        #     To search against the `resource`:
+        #
+        #     * use a field query. Example: `resource : "organizations/123"`
+        # @!attribute [rw] project
+        #   @return [::String]
+        #     The project that the associated GCP resource belongs to, in the form of
+        #     projects/\\{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
+        #     instance, Cloud Storage bucket), the project field will indicate the
+        #     project that contains the resource. If an IAM policy is set on a folder or
+        #     orgnization, the project field will be empty.
+        #
+        #     To search against the `project`:
+        #
+        #     * specify the `scope` field as this project in your search request.
+        # @!attribute [rw] policy
+        #   @return [::Google::Iam::V1::Policy]
+        #     The IAM policy directly set on the given resource. Note that the original
+        #     IAM policy can contain multiple bindings. This only contains the bindings
+        #     that match the given query. For queries that don't contain a constrain on
+        #     policies (e.g., an empty query), this contains all the bindings.
+        #
+        #     To search against the `policy` bindings:
+        #
+        #     * use a field query, as following:
+        #         - query by the policy contained members. Example:
+        #           `policy : "amy@gmail.com"`
+        #         - query by the policy contained roles. Example:
+        #           `policy : "roles/compute.admin"`
+        #         - query by the policy contained roles' implied permissions. Example:
+        #           `policy.role.permissions : "compute.instances.create"`
+        # @!attribute [rw] explanation
+        #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
+        #     Explanation about the IAM policy search result. It contains additional
+        #     information to explain why the search result matches the query.
+        class IamPolicySearchResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Explanation about the IAM policy search result.
+          # @!attribute [rw] matched_permissions
+          #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
+          #     The map from roles to their included permissions that match the
+          #     permission query (i.e., a query containing `policy.role.permissions:`).
+          #     Example: if query `policy.role.permissions : "compute.disk.get"`
+          #     matches a policy binding that contains owner role, the
+          #     matched_permissions will be `{"roles/owner": ["compute.disk.get"]}`. The
+          #     roles can also be found in the returned `policy` bindings. Note that the
+          #     map is populated only for requests with permission queries.
+          class Explanation
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # IAM permissions
+            # @!attribute [rw] permissions
+            #   @return [::Array<::String>]
+            #     A list of permissions. A sample permission string: `compute.disk.get`.
+            class Permissions
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # @!attribute [rw] key
+            #   @return [::String]
+            # @!attribute [rw] value
+            #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
+            class MatchedPermissionsEntry
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-asset-v1
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.4.3
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-05 00:00:00.000000000 Z
+date: 2020-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -78,14 +78,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.10'
+        version: '5.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.10'
+        version: '5.14'
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: minitest-rg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -165,7 +193,6 @@ files:
 - lib/google/cloud/asset/v1/asset_service_services_pb.rb
 - lib/google/cloud/asset/v1/assets_pb.rb
 - lib/google/cloud/asset/v1/version.rb
-- lib/google/cloud/common_resources_pb.rb
 - lib/google/cloud/orgpolicy/v1/orgpolicy_pb.rb
 - lib/google/identity/accesscontextmanager/type/device_resources_pb.rb
 - lib/google/identity/accesscontextmanager/v1/access_level_pb.rb
@@ -209,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: API Client library for the Cloud Asset V1 API

data/lib/google/cloud/common_resources_pb.rb

@@ -1,15 +0,0 @@
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# source: google/cloud/common_resources.proto
-
-require 'google/protobuf'
-
-require 'google/api/resource_pb'
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("google/cloud/common_resources.proto", :syntax => :proto3) do
-  end
-end
-
-module Google
-  module Cloud
-  end
-end