google-cloud-asset-v1 0.21.1 → 0.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d8af562b0115d3d973426bda368ef1ec3e9068ec877174ce025f6da784f197e3
-  data.tar.gz: d7dcef2f57cd7ec3b82dae5491518ecfb655e7a71174ab02e72609fe8493cdb8
+  metadata.gz: 8cc1b419784cf746cafa20ca39158e6344d101e6861461c5621db2f1e580ddc3
+  data.tar.gz: 4cd6921bbbea34aa66cbcc7864e0347c8f9aa6ca23e384a8a63ed3e9affced3b
 SHA512:
-  metadata.gz: 650b132db2f02dcc24ad3f36cd631034d8da3b01054ab3ce5ff90466b8e3aa50de6e72613ecb836317ae094c9040c25e9fbd99fa4dbdb525f9bae732cb4e856f
-  data.tar.gz: 95f1007bd217d967d4d47f76d7a1ad516f1ebf0a8a86d2bb0a907dce0444fab8e4f046532c0a8af88410078ba45f2dbec1332ec70808228795fe5020a4c98bd3
+  metadata.gz: 06d22c1799c844023dd9336ebc3d92de04e01ef97973832efaac80f836212e063e95d5a938a15270adb3f73215a792883afb9d14a593c85ee912e1c5e917c142
+  data.tar.gz: 0d9584daa580108316348200dc95bc856a3da6dde332c43d223870ec8b6e5d7271491a279dd3a7be851cb455f6899c5da3b57fbf1ae280c1b42e2f0b2b776910

data/README.md

@@ -46,7 +46,7 @@ for general usage information.
 ## Enabling Logging
 
 To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
-The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib/libdoc/logger/rdoc/Logger.html) as shown below,
+The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
 or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
 that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
 and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.

data/lib/google/cloud/asset/v1/asset_service/client.rb

@@ -1118,8 +1118,8 @@ module Google
             end
 
             ##
-            # Searches all Cloud resources within the specified scope, such as a project,
-            # folder, or organization. The caller must be granted the
+            # Searches all Google Cloud resources within the specified scope, such as a
+            # project, folder, or organization. The caller must be granted the
             # `cloudasset.assets.searchAllResources` permission on the desired scope,
             # otherwise the request will be rejected.
             #
@@ -1159,44 +1159,48 @@ module Google
             #
             #     Examples:
             #
-            #     * `name:Important` to find Cloud resources whose name contains
+            #     * `name:Important` to find Google Cloud resources whose name contains
             #       "Important" as a word.
-            #     * `name=Important` to find the Cloud resource whose name is exactly
+            #     * `name=Important` to find the Google Cloud resource whose name is exactly
             #       "Important".
-            #     * `displayName:Impor*` to find Cloud resources whose display name
+            #     * `displayName:Impor*` to find Google Cloud resources whose display name
             #       contains "Impor" as a prefix of any word in the field.
-            #     * `location:us-west*` to find Cloud resources whose location contains both
-            #       "us" and "west" as prefixes.
-            #     * `labels:prod` to find Cloud resources whose labels contain "prod" as
-            #       a key or value.
-            #     * `labels.env:prod` to find Cloud resources that have a label "env"
+            #     * `location:us-west*` to find Google Cloud resources whose location
+            #       contains both "us" and "west" as prefixes.
+            #     * `labels:prod` to find Google Cloud resources whose labels contain "prod"
+            #       as a key or value.
+            #     * `labels.env:prod` to find Google Cloud resources that have a label "env"
             #       and its value is "prod".
-            #     * `labels.env:*` to find Cloud resources that have a label "env".
-            #     * `kmsKey:key` to find Cloud resources encrypted with a customer-managed
-            #       encryption key whose name contains the word "key".
-            #     * `relationships:instance-group-1` to find Cloud resources that have
+            #     * `labels.env:*` to find Google Cloud resources that have a label "env".
+            #     * `kmsKey:key` to find Google Cloud resources encrypted with a
+            #       customer-managed encryption key whose name contains "key" as a word. This
+            #       field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS
+            #       key information.
+            #     * `kmsKeys:key` to find Google Cloud resources encrypted with
+            #       customer-managed encryption keys whose name contains the word "key".
+            #     * `relationships:instance-group-1` to find Google Cloud resources that have
             #       relationships with "instance-group-1" in the related resource name.
-            #     * `relationships:INSTANCE_TO_INSTANCEGROUP` to find compute instances that
-            #       have relationships of type "INSTANCE_TO_INSTANCEGROUP".
+            #     * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine
+            #       instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP".
             #     * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find
-            #       compute instances that have relationships with "instance-group-1" in the
-            #       compute instance group resource name, for relationship type
+            #       Compute Engine instances that have relationships with "instance-group-1"
+            #       in the Compute Engine instance group resource name, for relationship type
             #       "INSTANCE_TO_INSTANCEGROUP".
-            #     * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
-            #       word.
-            #     * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain
+            #     * `state:ACTIVE` to find Google Cloud resources whose state contains
             #       "ACTIVE" as a word.
-            #     * `createTime<1609459200` to find Cloud resources that were created before
-            #       "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
+            #     * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't
+            #       contain "ACTIVE" as a word.
+            #     * `createTime<1609459200` to find Google Cloud resources that were created
+            #       before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
             #       "2021-01-01 00:00:00 UTC" in seconds.
-            #     * `updateTime>1609459200` to find Cloud resources that were updated after
-            #       "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
+            #     * `updateTime>1609459200` to find Google Cloud resources that were updated
+            #       after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
             #       "2021-01-01 00:00:00 UTC" in seconds.
-            #     * `Important` to find Cloud resources that contain "Important" as a word
-            #       in any of the searchable fields.
-            #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any
+            #     * `Important` to find Google Cloud resources that contain "Important" as a
             #       word in any of the searchable fields.
-            #     * `Important location:(us-west1 OR global)` to find Cloud
+            #     * `Impor*` to find Google Cloud resources that contain "Impor" as a prefix
+            #       of any word in any of the searchable fields.
+            #     * `Important location:(us-west1 OR global)` to find Google Cloud
             #       resources that contain "Important" as a word in any of the searchable
             #       fields and are also located in the "us-west1" region or the "global"
             #       location.
@@ -1239,16 +1243,15 @@ module Google
             #       * displayName
             #       * description
             #       * location
-            #       * kmsKey
             #       * createTime
             #       * updateTime
             #       * state
             #       * parentFullResourceName
             #       * parentAssetType
             #
-            #     All the other fields such as repeated fields (e.g., `networkTags`), map
-            #     fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
-            #     are not supported.
+            #     All the other fields such as repeated fields (e.g., `networkTags`,
+            #     `kmsKeys`), map fields (e.g., `labels`) and struct fields (e.g.,
+            #     `additionalAttributes`) are not supported.
             #   @param read_mask [::Google::Protobuf::FieldMask, ::Hash]
             #     Optional. A comma-separated list of fields specifying which fields to be
             #     returned in ResourceSearchResult. Only '*' or combination of top level
@@ -1269,7 +1272,9 @@ module Google
             #       * tagValueIds
             #       * labels
             #       * networkTags
-            #       * kmsKey
+            #       * kmsKey (This field is deprecated. Please use the `kmsKeys` field to
+            #         retrieve Cloud KMS key information.)
+            #       * kmsKeys
             #       * createTime
             #       * updateTime
             #       * state
@@ -1392,8 +1397,8 @@ module Google
             #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
             #     for more information. If not specified or empty, it will search all the
             #     IAM policies within the specified `scope`. Note that the query string is
-            #     compared against each Cloud IAM policy binding, including its principals,
-            #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
+            #     compared against each IAM policy binding, including its principals,
+            #     roles, and IAM conditions. The returned IAM policies will only
             #     contain the bindings that match your query. To learn more about the IAM
             #     policy structure, see the [IAM policy
             #     documentation](https://cloud.google.com/iam/help/allow-policies/structure).
@@ -1803,14 +1808,14 @@ module Google
             #
             #   @param resource [::String]
             #     Required. Name of the resource to perform the analysis against.
-            #     Only GCP Project are supported as of today. Hence, this can only be Project
-            #     ID (such as "projects/my-project-id") or a Project Number (such as
-            #     "projects/12345").
+            #     Only Google Cloud projects are supported as of today. Hence, this can only
+            #     be a project ID (such as "projects/my-project-id") or a project number
+            #     (such as "projects/12345").
             #   @param destination_parent [::String]
-            #     Required. Name of the GCP Folder or Organization to reparent the target
-            #     resource. The analysis will be performed against hypothetically moving the
-            #     resource to this specified desitination parent. This can only be a Folder
-            #     number (such as "folders/123") or an Organization number (such as
+            #     Required. Name of the Google Cloud folder or organization to reparent the
+            #     target resource. The analysis will be performed against hypothetically
+            #     moving the resource to this specified desitination parent. This can only be
+            #     a folder number (such as "folders/123") or an organization number (such as
             #     "organizations/123").
             #   @param view [::Google::Cloud::Asset::V1::AnalyzeMoveRequest::AnalysisView]
             #     Analysis view indicating what information should be included in the
@@ -2065,7 +2070,7 @@ module Google
             #     resource name.
             #
             #     This value should be 4-63 characters, and valid characters
-            #     are /[a-z][0-9]-/.
+            #     are `[a-z][0-9]-`.
             #
             #     Notice that this field is required in the saved query creation, and the
             #     `name` field of the `saved_query` will be ignored.
@@ -2621,6 +2626,374 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Analyzes organization policies under a scope.
+            #
+            # @overload analyze_org_policies(request, options = nil)
+            #   Pass arguments to `analyze_org_policies` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload analyze_org_policies(scope: nil, constraint: nil, filter: nil, page_size: nil, page_token: nil)
+            #   Pass arguments to `analyze_org_policies` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. The organization to scope the request. Only organization
+            #     policies within the scope will be analyzed.
+            #
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
+            #   @param constraint [::String]
+            #     Required. The name of the constraint to analyze organization policies for.
+            #     The response only contains analyzed organization policies for the provided
+            #     constraint.
+            #   @param filter [::String]
+            #     The expression to filter
+            #     {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}.
+            #     The only supported field is `consolidated_policy.attached_resource`, and
+            #     the only supported operator is `=`.
+            #
+            #     Example:
+            #     consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001"
+            #     will return the org policy results of"folders/001".
+            #   @param page_size [::Integer]
+            #     The maximum number of items to return per page. If unspecified,
+            #     {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}
+            #     will contain 20 items with a maximum of 200.
+            #   @param page_token [::String]
+            #     The pagination token to retrieve the next page.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse::OrgPolicyResult>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse::OrgPolicyResult>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/asset/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Asset::V1::AssetService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest.new
+            #
+            #   # Call the analyze_org_policies method.
+            #   result = client.analyze_org_policies request
+            #
+            #   # The returned object is of type Gapic::PagedEnumerable. You can
+            #   # iterate over all elements by calling #each, and the enumerable
+            #   # will lazily make API calls to fetch subsequent pages. Other
+            #   # methods are also available for managing paging directly.
+            #   result.each do |response|
+            #     # Each element is of type ::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse::OrgPolicyResult.
+            #     p response
+            #   end
+            #
+            def analyze_org_policies request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.analyze_org_policies.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.scope
+                header_params["scope"] = request.scope
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.analyze_org_policies.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.analyze_org_policies.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :analyze_org_policies, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :analyze_org_policies, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Analyzes organization policies governed containers (projects, folders or
+            # organization) under a scope.
+            #
+            # @overload analyze_org_policy_governed_containers(request, options = nil)
+            #   Pass arguments to `analyze_org_policy_governed_containers` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload analyze_org_policy_governed_containers(scope: nil, constraint: nil, filter: nil, page_size: nil, page_token: nil)
+            #   Pass arguments to `analyze_org_policy_governed_containers` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. The organization to scope the request. Only organization
+            #     policies within the scope will be analyzed. The output containers will
+            #     also be limited to the ones governed by those in-scope organization
+            #     policies.
+            #
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
+            #   @param constraint [::String]
+            #     Required. The name of the constraint to analyze governed containers for.
+            #     The analysis only contains organization policies for the provided
+            #     constraint.
+            #   @param filter [::String]
+            #     The expression to filter the governed containers in result.
+            #     The only supported field is `parent`, and the only supported operator is
+            #     `=`.
+            #
+            #     Example:
+            #     parent="//cloudresourcemanager.googleapis.com/folders/001" will return all
+            #     containers under "folders/001".
+            #   @param page_size [::Integer]
+            #     The maximum number of items to return per page. If unspecified,
+            #     {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse#governed_containers AnalyzeOrgPolicyGovernedContainersResponse.governed_containers}
+            #     will contain 100 items with a maximum of 200.
+            #   @param page_token [::String]
+            #     The pagination token to retrieve the next page.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/asset/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Asset::V1::AssetService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersRequest.new
+            #
+            #   # Call the analyze_org_policy_governed_containers method.
+            #   result = client.analyze_org_policy_governed_containers request
+            #
+            #   # The returned object is of type Gapic::PagedEnumerable. You can
+            #   # iterate over all elements by calling #each, and the enumerable
+            #   # will lazily make API calls to fetch subsequent pages. Other
+            #   # methods are also available for managing paging directly.
+            #   result.each do |response|
+            #     # Each element is of type ::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer.
+            #     p response
+            #   end
+            #
+            def analyze_org_policy_governed_containers request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.analyze_org_policy_governed_containers.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.scope
+                header_params["scope"] = request.scope
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.analyze_org_policy_governed_containers.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.analyze_org_policy_governed_containers.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :analyze_org_policy_governed_containers, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :analyze_org_policy_governed_containers, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Analyzes organization policies governed assets (Google Cloud resources or
+            # policies) under a scope. This RPC supports custom constraints and the
+            # following 10 canned constraints:
+            #
+            # * storage.uniformBucketLevelAccess
+            # * iam.disableServiceAccountKeyCreation
+            # * iam.allowedPolicyMemberDomains
+            # * compute.vmExternalIpAccess
+            # * appengine.enforceServiceAccountActAsCheck
+            # * gcp.resourceLocations
+            # * compute.trustedImageProjects
+            # * compute.skipDefaultNetworkCreation
+            # * compute.requireOsLogin
+            # * compute.disableNestedVirtualization
+            #
+            # This RPC only returns either resources of types supported by [searchable
+            # asset
+            # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types),
+            # or IAM policies.
+            #
+            # @overload analyze_org_policy_governed_assets(request, options = nil)
+            #   Pass arguments to `analyze_org_policy_governed_assets` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload analyze_org_policy_governed_assets(scope: nil, constraint: nil, filter: nil, page_size: nil, page_token: nil)
+            #   Pass arguments to `analyze_org_policy_governed_assets` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. The organization to scope the request. Only organization
+            #     policies within the scope will be analyzed. The output assets will
+            #     also be limited to the ones governed by those in-scope organization
+            #     policies.
+            #
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
+            #   @param constraint [::String]
+            #     Required. The name of the constraint to analyze governed assets for. The
+            #     analysis only contains analyzed organization policies for the provided
+            #     constraint.
+            #   @param filter [::String]
+            #     The expression to filter the governed assets in result. The only supported
+            #     fields for governed resources are `governed_resource.project` and
+            #     `governed_resource.folders`. The only supported fields for governed iam
+            #     policies are `governed_iam_policy.project` and
+            #     `governed_iam_policy.folders`. The only supported operator is `=`.
+            #
+            #     Example 1: governed_resource.project="projects/12345678" filter will return
+            #     all governed resources under projects/12345678 including the project
+            #     ifself, if applicable.
+            #
+            #     Example 2: governed_iam_policy.folders="folders/12345678" filter will
+            #     return all governed iam policies under folders/12345678, if applicable.
+            #   @param page_size [::Integer]
+            #     The maximum number of items to return per page. If unspecified,
+            #     {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse#governed_assets AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets}
+            #     will contain 100 items with a maximum of 200.
+            #   @param page_token [::String]
+            #     The pagination token to retrieve the next page.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/asset/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::Asset::V1::AssetService::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest.new
+            #
+            #   # Call the analyze_org_policy_governed_assets method.
+            #   result = client.analyze_org_policy_governed_assets request
+            #
+            #   # The returned object is of type Gapic::PagedEnumerable. You can
+            #   # iterate over all elements by calling #each, and the enumerable
+            #   # will lazily make API calls to fetch subsequent pages. Other
+            #   # methods are also available for managing paging directly.
+            #   result.each do |response|
+            #     # Each element is of type ::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset.
+            #     p response
+            #   end
+            #
+            def analyze_org_policy_governed_assets request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.analyze_org_policy_governed_assets.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.scope
+                header_params["scope"] = request.scope
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.analyze_org_policy_governed_assets.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.analyze_org_policy_governed_assets.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :analyze_org_policy_governed_assets, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :analyze_org_policy_governed_assets, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AssetService API.
             #
@@ -2856,6 +3229,21 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :batch_get_effective_iam_policies
+                ##
+                # RPC-specific configuration for `analyze_org_policies`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :analyze_org_policies
+                ##
+                # RPC-specific configuration for `analyze_org_policy_governed_containers`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :analyze_org_policy_governed_containers
+                ##
+                # RPC-specific configuration for `analyze_org_policy_governed_assets`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :analyze_org_policy_governed_assets
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -2899,6 +3287,12 @@ module Google
                   @delete_saved_query = ::Gapic::Config::Method.new delete_saved_query_config
                   batch_get_effective_iam_policies_config = parent_rpcs.batch_get_effective_iam_policies if parent_rpcs.respond_to? :batch_get_effective_iam_policies
                   @batch_get_effective_iam_policies = ::Gapic::Config::Method.new batch_get_effective_iam_policies_config
+                  analyze_org_policies_config = parent_rpcs.analyze_org_policies if parent_rpcs.respond_to? :analyze_org_policies
+                  @analyze_org_policies = ::Gapic::Config::Method.new analyze_org_policies_config
+                  analyze_org_policy_governed_containers_config = parent_rpcs.analyze_org_policy_governed_containers if parent_rpcs.respond_to? :analyze_org_policy_governed_containers
+                  @analyze_org_policy_governed_containers = ::Gapic::Config::Method.new analyze_org_policy_governed_containers_config
+                  analyze_org_policy_governed_assets_config = parent_rpcs.analyze_org_policy_governed_assets if parent_rpcs.respond_to? :analyze_org_policy_governed_assets
+                  @analyze_org_policy_governed_assets = ::Gapic::Config::Method.new analyze_org_policy_governed_assets_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/asset/v1/asset_service.rb

@@ -34,7 +34,7 @@ module Google
         ##
         # Asset service definition.
         #
-        # To load this service and instantiate a client:
+        # @example Load this service and instantiate a gRPC client
         #
         #     require "google/cloud/asset/v1/asset_service"
         #     client = ::Google::Cloud::Asset::V1::AssetService::Client.new