google-cloud-asset-v1 0.22.0 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -22,7 +22,7 @@ module Google
22
22
  module Asset
23
23
  module V1
24
24
  # Represents the metadata of the longrunning operation for the
25
- # AnalyzeIamPolicyLongrunning rpc.
25
+ # AnalyzeIamPolicyLongrunning RPC.
26
26
  # @!attribute [r] create_time
27
27
  # @return [::Google::Protobuf::Timestamp]
28
28
  # Output only. The time the operation was created.
@@ -71,7 +71,8 @@ module Google
71
71
  # returned.
72
72
  # @!attribute [rw] output_config
73
73
  # @return [::Google::Cloud::Asset::V1::OutputConfig]
74
- # Required. Output configuration indicating where the results will be output to.
74
+ # Required. Output configuration indicating where the results will be output
75
+ # to.
75
76
  # @!attribute [rw] relationship_types
76
77
  # @return [::Array<::String>]
77
78
  # A list of relationship types to export, for example:
@@ -95,8 +96,10 @@ module Google
95
96
  end
96
97
 
97
98
  # The export asset response. This message is returned by the
98
- # google.longrunning.Operations.GetOperation method in the returned
99
- # {::Google::Longrunning::Operation#response google.longrunning.Operation.response} field.
99
+ # google.longrunning.Operations.GetOperation
100
+ # method in the returned
101
+ # {::Google::Longrunning::Operation#response google.longrunning.Operation.response}
102
+ # field.
100
103
  # @!attribute [rw] read_time
101
104
  # @return [::Google::Protobuf::Timestamp]
102
105
  # Time the snapshot was taken.
@@ -106,10 +109,10 @@ module Google
106
109
  # @!attribute [rw] output_result
107
110
  # @return [::Google::Cloud::Asset::V1::OutputResult]
108
111
  # Output result indicating where the assets were exported to. For example, a
109
- # set of actual Google Cloud Storage object uris where the assets are
110
- # exported to. The uris can be different from what [output_config] has
111
- # specified, as the service will split the output object into multiple ones
112
- # once it exceeds a single Google Cloud Storage object limit.
112
+ # set of actual Cloud Storage object URIs where the assets are exported to.
113
+ # The URIs can be different from what [output_config] has specified, as the
114
+ # service will split the output object into multiple ones once it exceeds a
115
+ # single Cloud Storage object limit.
113
116
  class ExportAssetsResponse
114
117
  include ::Google::Protobuf::MessageExts
115
118
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -118,11 +121,11 @@ module Google
118
121
  # ListAssets request.
119
122
  # @!attribute [rw] parent
120
123
  # @return [::String]
121
- # Required. Name of the organization, folder, or project the assets belong to. Format:
122
- # "organizations/[organization-number]" (such as "organizations/123"),
123
- # "projects/[project-id]" (such as "projects/my-project-id"),
124
- # "projects/[project-number]" (such as "projects/12345"), or
125
- # "folders/[folder-number]" (such as "folders/12345").
124
+ # Required. Name of the organization, folder, or project the assets belong
125
+ # to. Format: "organizations/[organization-number]" (such as
126
+ # "organizations/123"), "projects/[project-id]" (such as
127
+ # "projects/my-project-id"), "projects/[project-number]" (such as
128
+ # "projects/12345"), or "folders/[folder-number]" (such as "folders/12345").
126
129
  # @!attribute [rw] read_time
127
130
  # @return [::Google::Protobuf::Timestamp]
128
131
  # Timestamp to take an asset snapshot. This can only be set to a timestamp
@@ -275,9 +278,8 @@ module Google
275
278
  # be unique under a specific parent project/folder/organization.
276
279
  # @!attribute [rw] feed
277
280
  # @return [::Google::Cloud::Asset::V1::Feed]
278
- # Required. The feed details. The field `name` must be empty and it will be generated
279
- # in the format of:
280
- # projects/project_number/feeds/feed_id
281
+ # Required. The feed details. The field `name` must be empty and it will be
282
+ # generated in the format of: projects/project_number/feeds/feed_id
281
283
  # folders/folder_number/feeds/feed_id
282
284
  # organizations/organization_number/feeds/feed_id
283
285
  class CreateFeedRequest
@@ -319,8 +321,8 @@ module Google
319
321
  # Update asset feed request.
320
322
  # @!attribute [rw] feed
321
323
  # @return [::Google::Cloud::Asset::V1::Feed]
322
- # Required. The new values of feed details. It must match an existing feed and the
323
- # field `name` must be in the format of:
324
+ # Required. The new values of feed details. It must match an existing feed
325
+ # and the field `name` must be in the format of:
324
326
  # projects/project_number/feeds/feed_id or
325
327
  # folders/folder_number/feeds/feed_id or
326
328
  # organizations/organization_number/feeds/feed_id.
@@ -370,7 +372,7 @@ module Google
370
372
  # A Cloud Storage output result.
371
373
  # @!attribute [rw] uris
372
374
  # @return [::Array<::String>]
373
- # List of uris of the Cloud Storage objects. Example:
375
+ # List of URIs of the Cloud Storage objects. Example:
374
376
  # "gs://bucket_name/object_name".
375
377
  class GcsOutputResult
376
378
  include ::Google::Protobuf::MessageExts
@@ -380,7 +382,7 @@ module Google
380
382
  # A Cloud Storage location.
381
383
  # @!attribute [rw] uri
382
384
  # @return [::String]
383
- # The uri of the Cloud Storage object. It's the same uri that is used by
385
+ # The URI of the Cloud Storage object. It's the same URI that is used by
384
386
  # gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
385
387
  # Editing Object
386
388
  # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
@@ -391,8 +393,8 @@ module Google
391
393
  # overwritten with the exported result.
392
394
  # @!attribute [rw] uri_prefix
393
395
  # @return [::String]
394
- # The uri prefix of all generated Cloud Storage objects. Example:
395
- # "gs://bucket_name/object_name_prefix". Each object uri is in format:
396
+ # The URI prefix of all generated Cloud Storage objects. Example:
397
+ # "gs://bucket_name/object_name_prefix". Each object URI is in format:
396
398
  # "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only
397
399
  # contains assets for that type. <shard number> starts from 0. Example:
398
400
  # "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is
@@ -611,8 +613,9 @@ module Google
611
613
  # Search all resources request.
612
614
  # @!attribute [rw] scope
613
615
  # @return [::String]
614
- # Required. A scope can be a project, a folder, or an organization. The search is
615
- # limited to the resources within the `scope`. The caller must be granted the
616
+ # Required. A scope can be a project, a folder, or an organization. The
617
+ # search is limited to the resources within the `scope`. The caller must be
618
+ # granted the
616
619
  # [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
617
620
  # permission on the desired scope.
618
621
  #
@@ -631,55 +634,55 @@ module Google
631
634
  #
632
635
  # Examples:
633
636
  #
634
- # * `name:Important` to find Cloud resources whose name contains
637
+ # * `name:Important` to find Google Cloud resources whose name contains
635
638
  # "Important" as a word.
636
- # * `name=Important` to find the Cloud resource whose name is exactly
639
+ # * `name=Important` to find the Google Cloud resource whose name is exactly
637
640
  # "Important".
638
- # * `displayName:Impor*` to find Cloud resources whose display name
641
+ # * `displayName:Impor*` to find Google Cloud resources whose display name
639
642
  # contains "Impor" as a prefix of any word in the field.
640
- # * `location:us-west*` to find Cloud resources whose location contains both
641
- # "us" and "west" as prefixes.
642
- # * `labels:prod` to find Cloud resources whose labels contain "prod" as
643
- # a key or value.
644
- # * `labels.env:prod` to find Cloud resources that have a label "env"
643
+ # * `location:us-west*` to find Google Cloud resources whose location
644
+ # contains both "us" and "west" as prefixes.
645
+ # * `labels:prod` to find Google Cloud resources whose labels contain "prod"
646
+ # as a key or value.
647
+ # * `labels.env:prod` to find Google Cloud resources that have a label "env"
645
648
  # and its value is "prod".
646
- # * `labels.env:*` to find Cloud resources that have a label "env".
647
- # * `kmsKey:key` to find Cloud resources encrypted with a customer-managed
648
- # encryption key whose name contains "key" as a word. This field is
649
- # deprecated. Please use the `kmsKeys` field to retrieve KMS key
650
- # information.
651
- # * `kmsKeys:key` to find Cloud resources encrypted with customer-managed
652
- # encryption keys whose name contains the word "key".
653
- # * `relationships:instance-group-1` to find Cloud resources that have
649
+ # * `labels.env:*` to find Google Cloud resources that have a label "env".
650
+ # * `kmsKey:key` to find Google Cloud resources encrypted with a
651
+ # customer-managed encryption key whose name contains "key" as a word. This
652
+ # field is deprecated. Please use the `kmsKeys` field to retrieve Cloud KMS
653
+ # key information.
654
+ # * `kmsKeys:key` to find Google Cloud resources encrypted with
655
+ # customer-managed encryption keys whose name contains the word "key".
656
+ # * `relationships:instance-group-1` to find Google Cloud resources that have
654
657
  # relationships with "instance-group-1" in the related resource name.
655
- # * `relationships:INSTANCE_TO_INSTANCEGROUP` to find compute instances that
656
- # have relationships of type "INSTANCE_TO_INSTANCEGROUP".
658
+ # * `relationships:INSTANCE_TO_INSTANCEGROUP` to find Compute Engine
659
+ # instances that have relationships of type "INSTANCE_TO_INSTANCEGROUP".
657
660
  # * `relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find
658
- # compute instances that have relationships with "instance-group-1" in the
659
- # compute instance group resource name, for relationship type
661
+ # Compute Engine instances that have relationships with "instance-group-1"
662
+ # in the Compute Engine instance group resource name, for relationship type
660
663
  # "INSTANCE_TO_INSTANCEGROUP".
661
- # * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
662
- # word.
663
- # * `NOT state:ACTIVE` to find Cloud resources whose state doesn't contain
664
+ # * `state:ACTIVE` to find Google Cloud resources whose state contains
664
665
  # "ACTIVE" as a word.
665
- # * `createTime<1609459200` to find Cloud resources that were created before
666
- # "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
666
+ # * `NOT state:ACTIVE` to find Google Cloud resources whose state doesn't
667
+ # contain "ACTIVE" as a word.
668
+ # * `createTime<1609459200` to find Google Cloud resources that were created
669
+ # before "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
667
670
  # "2021-01-01 00:00:00 UTC" in seconds.
668
- # * `updateTime>1609459200` to find Cloud resources that were updated after
669
- # "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
671
+ # * `updateTime>1609459200` to find Google Cloud resources that were updated
672
+ # after "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
670
673
  # "2021-01-01 00:00:00 UTC" in seconds.
671
- # * `Important` to find Cloud resources that contain "Important" as a word
672
- # in any of the searchable fields.
673
- # * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any
674
+ # * `Important` to find Google Cloud resources that contain "Important" as a
674
675
  # word in any of the searchable fields.
675
- # * `Important location:(us-west1 OR global)` to find Cloud
676
+ # * `Impor*` to find Google Cloud resources that contain "Impor" as a prefix
677
+ # of any word in any of the searchable fields.
678
+ # * `Important location:(us-west1 OR global)` to find Google Cloud
676
679
  # resources that contain "Important" as a word in any of the searchable
677
680
  # fields and are also located in the "us-west1" region or the "global"
678
681
  # location.
679
682
  # @!attribute [rw] asset_types
680
683
  # @return [::Array<::String>]
681
- # Optional. A list of asset types that this request searches for. If empty, it will
682
- # search all the [searchable asset
684
+ # Optional. A list of asset types that this request searches for. If empty,
685
+ # it will search all the [searchable asset
683
686
  # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
684
687
  #
685
688
  # Regular expressions are also supported. For example:
@@ -694,21 +697,22 @@ module Google
694
697
  # supported asset type, an INVALID_ARGUMENT error will be returned.
695
698
  # @!attribute [rw] page_size
696
699
  # @return [::Integer]
697
- # Optional. The page size for search result pagination. Page size is capped at 500 even
698
- # if a larger value is given. If set to zero, server will pick an appropriate
699
- # default. Returned results may be fewer than requested. When this happens,
700
- # there could be more results as long as `next_page_token` is returned.
700
+ # Optional. The page size for search result pagination. Page size is capped
701
+ # at 500 even if a larger value is given. If set to zero, server will pick an
702
+ # appropriate default. Returned results may be fewer than requested. When
703
+ # this happens, there could be more results as long as `next_page_token` is
704
+ # returned.
701
705
  # @!attribute [rw] page_token
702
706
  # @return [::String]
703
- # Optional. If present, then retrieve the next batch of results from the preceding call
704
- # to this method. `page_token` must be the value of `next_page_token` from
705
- # the previous response. The values of all other method parameters, must be
706
- # identical to those in the previous call.
707
+ # Optional. If present, then retrieve the next batch of results from the
708
+ # preceding call to this method. `page_token` must be the value of
709
+ # `next_page_token` from the previous response. The values of all other
710
+ # method parameters, must be identical to those in the previous call.
707
711
  # @!attribute [rw] order_by
708
712
  # @return [::String]
709
- # Optional. A comma-separated list of fields specifying the sorting order of the
710
- # results. The default order is ascending. Add " DESC" after the field name
711
- # to indicate descending order. Redundant space characters are ignored.
713
+ # Optional. A comma-separated list of fields specifying the sorting order of
714
+ # the results. The default order is ascending. Add " DESC" after the field
715
+ # name to indicate descending order. Redundant space characters are ignored.
712
716
  # Example: "location DESC, name".
713
717
  # Only singular primitive fields in the response are sortable:
714
718
  #
@@ -729,10 +733,10 @@ module Google
729
733
  # `additionalAttributes`) are not supported.
730
734
  # @!attribute [rw] read_mask
731
735
  # @return [::Google::Protobuf::FieldMask]
732
- # Optional. A comma-separated list of fields specifying which fields to be returned in
733
- # ResourceSearchResult. Only '*' or combination of top level fields can be
734
- # specified. Field names of both snake_case and camelCase are supported.
735
- # Examples: `"*"`, `"name,location"`, `"name,versionedResources"`.
736
+ # Optional. A comma-separated list of fields specifying which fields to be
737
+ # returned in ResourceSearchResult. Only '*' or combination of top level
738
+ # fields can be specified. Field names of both snake_case and camelCase are
739
+ # supported. Examples: `"*"`, `"name,location"`, `"name,versionedResources"`.
736
740
  #
737
741
  # The read_mask paths must be valid field paths listed but not limited to
738
742
  # (both snake_case and camelCase are supported):
@@ -749,7 +753,7 @@ module Google
749
753
  # * labels
750
754
  # * networkTags
751
755
  # * kmsKey (This field is deprecated. Please use the `kmsKeys` field to
752
- # retrieve KMS key information.)
756
+ # retrieve Cloud KMS key information.)
753
757
  # * kmsKeys
754
758
  # * createTime
755
759
  # * updateTime
@@ -785,9 +789,9 @@ module Google
785
789
  # Search all IAM policies request.
786
790
  # @!attribute [rw] scope
787
791
  # @return [::String]
788
- # Required. A scope can be a project, a folder, or an organization. The search is
789
- # limited to the IAM policies within the `scope`. The caller must be granted
790
- # the
792
+ # Required. A scope can be a project, a folder, or an organization. The
793
+ # search is limited to the IAM policies within the `scope`. The caller must
794
+ # be granted the
791
795
  # [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
792
796
  # permission on the desired scope.
793
797
  #
@@ -803,8 +807,8 @@ module Google
803
807
  # query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
804
808
  # for more information. If not specified or empty, it will search all the
805
809
  # IAM policies within the specified `scope`. Note that the query string is
806
- # compared against each Cloud IAM policy binding, including its principals,
807
- # roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
810
+ # compared against each IAM policy binding, including its principals,
811
+ # roles, and IAM conditions. The returned IAM policies will only
808
812
  # contain the bindings that match your query. To learn more about the IAM
809
813
  # policy structure, see the [IAM policy
810
814
  # documentation](https://cloud.google.com/iam/help/allow-policies/structure).
@@ -843,20 +847,22 @@ module Google
843
847
  # principal type "user".
844
848
  # @!attribute [rw] page_size
845
849
  # @return [::Integer]
846
- # Optional. The page size for search result pagination. Page size is capped at 500 even
847
- # if a larger value is given. If set to zero, server will pick an appropriate
848
- # default. Returned results may be fewer than requested. When this happens,
849
- # there could be more results as long as `next_page_token` is returned.
850
+ # Optional. The page size for search result pagination. Page size is capped
851
+ # at 500 even if a larger value is given. If set to zero, server will pick an
852
+ # appropriate default. Returned results may be fewer than requested. When
853
+ # this happens, there could be more results as long as `next_page_token` is
854
+ # returned.
850
855
  # @!attribute [rw] page_token
851
856
  # @return [::String]
852
- # Optional. If present, retrieve the next batch of results from the preceding call to
853
- # this method. `page_token` must be the value of `next_page_token` from the
854
- # previous response. The values of all other method parameters must be
855
- # identical to those in the previous call.
857
+ # Optional. If present, retrieve the next batch of results from the preceding
858
+ # call to this method. `page_token` must be the value of `next_page_token`
859
+ # from the previous response. The values of all other method parameters must
860
+ # be identical to those in the previous call.
856
861
  # @!attribute [rw] asset_types
857
862
  # @return [::Array<::String>]
858
- # Optional. A list of asset types that the IAM policies are attached to. If empty, it
859
- # will search the IAM policies that are attached to all the [searchable asset
863
+ # Optional. A list of asset types that the IAM policies are attached to. If
864
+ # empty, it will search the IAM policies that are attached to all the
865
+ # [searchable asset
860
866
  # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
861
867
  #
862
868
  # Regular expressions are also supported. For example:
@@ -873,9 +879,9 @@ module Google
873
879
  # supported asset type, an INVALID_ARGUMENT error will be returned.
874
880
  # @!attribute [rw] order_by
875
881
  # @return [::String]
876
- # Optional. A comma-separated list of fields specifying the sorting order of the
877
- # results. The default order is ascending. Add " DESC" after the field name
878
- # to indicate descending order. Redundant space characters are ignored.
882
+ # Optional. A comma-separated list of fields specifying the sorting order of
883
+ # the results. The default order is ascending. Add " DESC" after the field
884
+ # name to indicate descending order. Redundant space characters are ignored.
879
885
  # Example: "assetType DESC, resource".
880
886
  # Only singular primitive fields in the response are sortable:
881
887
  # * resource
@@ -891,8 +897,8 @@ module Google
891
897
  # Search all IAM policies response.
892
898
  # @!attribute [rw] results
893
899
  # @return [::Array<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
894
- # A list of IamPolicy that match the search query. Related information such
895
- # as the associated resource is returned along with the policy.
900
+ # A list of IAM policies that match the search query. Related information
901
+ # such as the associated resource is returned along with the policy.
896
902
  # @!attribute [rw] next_page_token
897
903
  # @return [::String]
898
904
  # Set if there are more results than those appearing in this response; to get
@@ -906,8 +912,8 @@ module Google
906
912
  # IAM policy analysis query message.
907
913
  # @!attribute [rw] scope
908
914
  # @return [::String]
909
- # Required. The relative name of the root asset. Only resources and IAM policies within
910
- # the scope will be analyzed.
915
+ # Required. The relative name of the root asset. Only resources and IAM
916
+ # policies within the scope will be analyzed.
911
917
  #
912
918
  # This can only be an organization number (such as "organizations/123"), a
913
919
  # folder number (such as "folders/123"), a project ID (such as
@@ -995,9 +1001,10 @@ module Google
995
1001
  # Optional. If true, the identities section of the result will expand any
996
1002
  # Google groups appearing in an IAM policy binding.
997
1003
  #
998
- # If {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#identity_selector IamPolicyAnalysisQuery.identity_selector} is specified, the
999
- # identity in the result will be determined by the selector, and this flag
1000
- # is not allowed to set.
1004
+ # If
1005
+ # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#identity_selector IamPolicyAnalysisQuery.identity_selector}
1006
+ # is specified, the identity in the result will be determined by the
1007
+ # selector, and this flag is not allowed to set.
1001
1008
  #
1002
1009
  # If true, the default max expansion per group is 1000 for
1003
1010
  # AssetService.AnalyzeIamPolicy][].
@@ -1008,32 +1015,35 @@ module Google
1008
1015
  # Optional. If true, the access section of result will expand any roles
1009
1016
  # appearing in IAM policy bindings to include their permissions.
1010
1017
  #
1011
- # If {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#access_selector IamPolicyAnalysisQuery.access_selector} is specified, the access
1012
- # section of the result will be determined by the selector, and this flag
1013
- # is not allowed to set.
1018
+ # If
1019
+ # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#access_selector IamPolicyAnalysisQuery.access_selector}
1020
+ # is specified, the access section of the result will be determined by the
1021
+ # selector, and this flag is not allowed to set.
1014
1022
  #
1015
1023
  # Default is false.
1016
1024
  # @!attribute [rw] expand_resources
1017
1025
  # @return [::Boolean]
1018
- # Optional. If true and {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector} is not
1019
- # specified, the resource section of the result will expand any resource
1020
- # attached to an IAM policy to include resources lower in the resource
1021
- # hierarchy.
1026
+ # Optional. If true and
1027
+ # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector}
1028
+ # is not specified, the resource section of the result will expand any
1029
+ # resource attached to an IAM policy to include resources lower in the
1030
+ # resource hierarchy.
1022
1031
  #
1023
1032
  # For example, if the request analyzes for which resources user A has
1024
- # permission P, and the results include an IAM policy with P on a GCP
1025
- # folder, the results will also include resources in that folder with
1033
+ # permission P, and the results include an IAM policy with P on a Google
1034
+ # Cloud folder, the results will also include resources in that folder with
1026
1035
  # permission P.
1027
1036
  #
1028
- # If true and {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector} is specified,
1029
- # the resource section of the result will expand the specified resource to
1030
- # include resources lower in the resource hierarchy. Only project or
1031
- # lower resources are supported. Folder and organization resource cannot be
1032
- # used together with this option.
1037
+ # If true and
1038
+ # {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector}
1039
+ # is specified, the resource section of the result will expand the
1040
+ # specified resource to include resources lower in the resource hierarchy.
1041
+ # Only project or lower resources are supported. Folder and organization
1042
+ # resources cannot be used together with this option.
1033
1043
  #
1034
1044
  # For example, if the request analyzes for which users have permission P on
1035
- # a GCP project with this option enabled, the results will include all
1036
- # users who have permission P on that project or any lower resource.
1045
+ # a Google Cloud project with this option enabled, the results will include
1046
+ # all users who have permission P on that project or any lower resource.
1037
1047
  #
1038
1048
  # If true, the default max expansion per resource is 1000 for
1039
1049
  # AssetService.AnalyzeIamPolicy][] and 100000 for
@@ -1042,36 +1052,38 @@ module Google
1042
1052
  # Default is false.
1043
1053
  # @!attribute [rw] output_resource_edges
1044
1054
  # @return [::Boolean]
1045
- # Optional. If true, the result will output the relevant parent/child relationships
1046
- # between resources.
1047
- # Default is false.
1055
+ # Optional. If true, the result will output the relevant parent/child
1056
+ # relationships between resources. Default is false.
1048
1057
  # @!attribute [rw] output_group_edges
1049
1058
  # @return [::Boolean]
1050
- # Optional. If true, the result will output the relevant membership relationships
1051
- # between groups and other groups, and between groups and principals.
1052
- # Default is false.
1059
+ # Optional. If true, the result will output the relevant membership
1060
+ # relationships between groups and other groups, and between groups and
1061
+ # principals. Default is false.
1053
1062
  # @!attribute [rw] analyze_service_account_impersonation
1054
1063
  # @return [::Boolean]
1055
- # Optional. If true, the response will include access analysis from identities to
1056
- # resources via service account impersonation. This is a very expensive
1057
- # operation, because many derived queries will be executed. We highly
1058
- # recommend you use {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning} rpc
1059
- # instead.
1064
+ # Optional. If true, the response will include access analysis from
1065
+ # identities to resources via service account impersonation. This is a very
1066
+ # expensive operation, because many derived queries will be executed. We
1067
+ # highly recommend you use
1068
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}
1069
+ # RPC instead.
1060
1070
  #
1061
1071
  # For example, if the request analyzes for which resources user A has
1062
1072
  # permission P, and there's an IAM policy states user A has
1063
1073
  # iam.serviceAccounts.getAccessToken permission to a service account SA,
1064
1074
  # and there's another IAM policy states service account SA has permission P
1065
- # to a GCP folder F, then user A potentially has access to the GCP folder
1066
- # F. And those advanced analysis results will be included in
1075
+ # to a Google Cloud folder F, then user A potentially has access to the
1076
+ # Google Cloud folder F. And those advanced analysis results will be
1077
+ # included in
1067
1078
  # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
1068
1079
  #
1069
1080
  # Another example, if the request analyzes for who has
1070
- # permission P to a GCP folder F, and there's an IAM policy states user A
1071
- # has iam.serviceAccounts.actAs permission to a service account SA, and
1072
- # there's another IAM policy states service account SA has permission P to
1073
- # the GCP folder F, then user A potentially has access to the GCP folder
1074
- # F. And those advanced analysis results will be included in
1081
+ # permission P to a Google Cloud folder F, and there's an IAM policy states
1082
+ # user A has iam.serviceAccounts.actAs permission to a service account SA,
1083
+ # and there's another IAM policy states service account SA has permission P
1084
+ # to the Google Cloud folder F, then user A potentially has access to the
1085
+ # Google Cloud folder F. And those advanced analysis results will be
1086
+ # included in
1075
1087
  # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
1076
1088
  #
1077
1089
  # Only the following permissions are considered in this analysis:
@@ -1101,7 +1113,8 @@ module Google
1101
1113
  end
1102
1114
  end
1103
1115
 
1104
- # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
1116
+ # A request message for
1117
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
1105
1118
  # @!attribute [rw] analysis_query
1106
1119
  # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
1107
1120
  # Required. The request query.
@@ -1125,7 +1138,8 @@ module Google
1125
1138
  # presence yet.
1126
1139
  # @!attribute [rw] execution_timeout
1127
1140
  # @return [::Google::Protobuf::Duration]
1128
- # Optional. Amount of time executable has to complete. See JSON representation of
1141
+ # Optional. Amount of time executable has to complete. See JSON
1142
+ # representation of
1129
1143
  # [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
1130
1144
  #
1131
1145
  # If this field is set with a value less than the RPC deadline, and the
@@ -1140,7 +1154,8 @@ module Google
1140
1154
  extend ::Google::Protobuf::MessageExts::ClassMethods
1141
1155
  end
1142
1156
 
1143
- # A response message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
1157
+ # A response message for
1158
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
1144
1159
  # @!attribute [rw] main_analysis
1145
1160
  # @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis]
1146
1161
  # The main analysis that matches the original request.
@@ -1151,9 +1166,11 @@ module Google
1151
1166
  # enabled.
1152
1167
  # @!attribute [rw] fully_explored
1153
1168
  # @return [::Boolean]
1154
- # Represents whether all entries in the {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#main_analysis main_analysis} and
1155
- # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis service_account_impersonation_analysis} have been fully explored to
1156
- # answer the query in the request.
1169
+ # Represents whether all entries in the
1170
+ # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#main_analysis main_analysis}
1171
+ # and
1172
+ # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis service_account_impersonation_analysis}
1173
+ # have been fully explored to answer the query in the request.
1157
1174
  class AnalyzeIamPolicyResponse
1158
1175
  include ::Google::Protobuf::MessageExts
1159
1176
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1164,12 +1181,14 @@ module Google
1164
1181
  # The analysis query.
1165
1182
  # @!attribute [rw] analysis_results
1166
1183
  # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult>]
1167
- # A list of {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult} that matches the analysis query, or
1168
- # empty if no result is found.
1184
+ # A list of
1185
+ # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult}
1186
+ # that matches the analysis query, or empty if no result is found.
1169
1187
  # @!attribute [rw] fully_explored
1170
1188
  # @return [::Boolean]
1171
- # Represents whether all entries in the {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis#analysis_results analysis_results} have been
1172
- # fully explored to answer the query.
1189
+ # Represents whether all entries in the
1190
+ # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis#analysis_results analysis_results}
1191
+ # have been fully explored to answer the query.
1173
1192
  # @!attribute [rw] non_critical_errors
1174
1193
  # @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisState>]
1175
1194
  # A list of non-critical errors happened during the query handling.
@@ -1193,8 +1212,8 @@ module Google
1193
1212
  # A Cloud Storage location.
1194
1213
  # @!attribute [rw] uri
1195
1214
  # @return [::String]
1196
- # Required. The uri of the Cloud Storage object. It's the same uri that is used by
1197
- # gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
1215
+ # Required. The URI of the Cloud Storage object. It's the same URI that is
1216
+ # used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
1198
1217
  # Editing Object
1199
1218
  # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
1200
1219
  # for more information.
@@ -1210,13 +1229,15 @@ module Google
1210
1229
  # A BigQuery destination.
1211
1230
  # @!attribute [rw] dataset
1212
1231
  # @return [::String]
1213
- # Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId",
1214
- # to which the analysis results should be exported. If this dataset does
1215
- # not exist, the export call will return an INVALID_ARGUMENT error.
1232
+ # Required. The BigQuery dataset in format
1233
+ # "projects/projectId/datasets/datasetId", to which the analysis results
1234
+ # should be exported. If this dataset does not exist, the export call will
1235
+ # return an INVALID_ARGUMENT error.
1216
1236
  # @!attribute [rw] table_prefix
1217
1237
  # @return [::String]
1218
- # Required. The prefix of the BigQuery tables to which the analysis results will be
1219
- # written. Tables will be created based on this table_prefix if not exist:
1238
+ # Required. The prefix of the BigQuery tables to which the analysis results
1239
+ # will be written. Tables will be created based on this table_prefix if not
1240
+ # exist:
1220
1241
  # * <table_prefix>_analysis table will contain export operation's metadata.
1221
1242
  # * <table_prefix>_analysis_result will contain all the
1222
1243
  # {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult}.
@@ -1227,8 +1248,8 @@ module Google
1227
1248
  # The partition key for BigQuery partitioned table.
1228
1249
  # @!attribute [rw] write_disposition
1229
1250
  # @return [::String]
1230
- # Optional. Specifies the action that occurs if the destination table or partition
1231
- # already exists. The following values are supported:
1251
+ # Optional. Specifies the action that occurs if the destination table or
1252
+ # partition already exists. The following values are supported:
1232
1253
  #
1233
1254
  # * WRITE_TRUNCATE: If the table or partition already exists, BigQuery
1234
1255
  # overwrites the entire table or all the partitions data.
@@ -1261,7 +1282,8 @@ module Google
1261
1282
  end
1262
1283
  end
1263
1284
 
1264
- # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
1285
+ # A request message for
1286
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
1265
1287
  # @!attribute [rw] analysis_query
1266
1288
  # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
1267
1289
  # Required. The request query.
@@ -1285,13 +1307,15 @@ module Google
1285
1307
  # presence yet.
1286
1308
  # @!attribute [rw] output_config
1287
1309
  # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig]
1288
- # Required. Output configuration indicating where the results will be output to.
1310
+ # Required. Output configuration indicating where the results will be output
1311
+ # to.
1289
1312
  class AnalyzeIamPolicyLongrunningRequest
1290
1313
  include ::Google::Protobuf::MessageExts
1291
1314
  extend ::Google::Protobuf::MessageExts::ClassMethods
1292
1315
  end
1293
1316
 
1294
- # A response message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
1317
+ # A response message for
1318
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
1295
1319
  class AnalyzeIamPolicyLongrunningResponse
1296
1320
  include ::Google::Protobuf::MessageExts
1297
1321
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1320,7 +1344,8 @@ module Google
1320
1344
  # Output only. The last update time of this saved query.
1321
1345
  # @!attribute [r] last_updater
1322
1346
  # @return [::String]
1323
- # Output only. The account's email address who has updated this saved query most recently.
1347
+ # Output only. The account's email address who has updated this saved query
1348
+ # most recently.
1324
1349
  # @!attribute [rw] labels
1325
1350
  # @return [::Google::Protobuf::Map{::String => ::String}]
1326
1351
  # Labels applied on the resource.
@@ -1337,8 +1362,11 @@ module Google
1337
1362
  # @!attribute [rw] iam_policy_analysis_query
1338
1363
  # @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
1339
1364
  # An IAM Policy Analysis query, which could be used in
1340
- # the {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy} rpc or
1341
- # the {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning} rpc.
1365
+ # the
1366
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}
1367
+ # RPC or the
1368
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}
1369
+ # RPC.
1342
1370
  class QueryContent
1343
1371
  include ::Google::Protobuf::MessageExts
1344
1372
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1357,23 +1385,23 @@ module Google
1357
1385
  # Request to create a saved query.
1358
1386
  # @!attribute [rw] parent
1359
1387
  # @return [::String]
1360
- # Required. The name of the project/folder/organization where this saved_query
1361
- # should be created in. It can only be an organization number (such as
1362
- # "organizations/123"), a folder number (such as "folders/123"), a project ID
1363
- # (such as "projects/my-project-id")", or a project number (such as
1364
- # "projects/12345").
1388
+ # Required. The name of the project/folder/organization where this
1389
+ # saved_query should be created in. It can only be an organization number
1390
+ # (such as "organizations/123"), a folder number (such as "folders/123"), a
1391
+ # project ID (such as "projects/my-project-id")", or a project number (such
1392
+ # as "projects/12345").
1365
1393
  # @!attribute [rw] saved_query
1366
1394
  # @return [::Google::Cloud::Asset::V1::SavedQuery]
1367
- # Required. The saved_query details. The `name` field must be empty as it will be
1368
- # generated based on the parent and saved_query_id.
1395
+ # Required. The saved_query details. The `name` field must be empty as it
1396
+ # will be generated based on the parent and saved_query_id.
1369
1397
  # @!attribute [rw] saved_query_id
1370
1398
  # @return [::String]
1371
- # Required. The ID to use for the saved query, which must be unique in the specified
1372
- # parent. It will become the final component of the saved query's resource
1373
- # name.
1399
+ # Required. The ID to use for the saved query, which must be unique in the
1400
+ # specified parent. It will become the final component of the saved query's
1401
+ # resource name.
1374
1402
  #
1375
1403
  # This value should be 4-63 characters, and valid characters
1376
- # are /[a-z][0-9]-/.
1404
+ # are `[a-z][0-9]-`.
1377
1405
  #
1378
1406
  # Notice that this field is required in the saved query creation, and the
1379
1407
  # `name` field of the `saved_query` will be ignored.
@@ -1398,8 +1426,8 @@ module Google
1398
1426
  # Request to list saved queries.
1399
1427
  # @!attribute [rw] parent
1400
1428
  # @return [::String]
1401
- # Required. The parent project/folder/organization whose savedQueries are to be
1402
- # listed. It can only be using project/folder/organization number (such as
1429
+ # Required. The parent project/folder/organization whose savedQueries are to
1430
+ # be listed. It can only be using project/folder/organization number (such as
1403
1431
  # "folders/12345")", or a project ID (such as "projects/my-project-id").
1404
1432
  # @!attribute [rw] filter
1405
1433
  # @return [::String]
@@ -1412,8 +1440,9 @@ module Google
1412
1440
  # See https://google.aip.dev/160 for more information on the grammar.
1413
1441
  # @!attribute [rw] page_size
1414
1442
  # @return [::Integer]
1415
- # Optional. The maximum number of saved queries to return per page. The service may
1416
- # return fewer than this value. If unspecified, at most 50 will be returned.
1443
+ # Optional. The maximum number of saved queries to return per page. The
1444
+ # service may return fewer than this value. If unspecified, at most 50 will
1445
+ # be returned.
1417
1446
  # The maximum value is 1000; values above 1000 will be coerced to 1000.
1418
1447
  # @!attribute [rw] page_token
1419
1448
  # @return [::String]
@@ -1462,7 +1491,8 @@ module Google
1462
1491
  # Request to delete a saved query.
1463
1492
  # @!attribute [rw] name
1464
1493
  # @return [::String]
1465
- # Required. The name of the saved query to delete. It must be in the format of:
1494
+ # Required. The name of the saved query to delete. It must be in the format
1495
+ # of:
1466
1496
  #
1467
1497
  # * projects/project_number/savedQueries/saved_query_id
1468
1498
  # * folders/folder_number/savedQueries/saved_query_id
@@ -1476,15 +1506,15 @@ module Google
1476
1506
  # @!attribute [rw] resource
1477
1507
  # @return [::String]
1478
1508
  # Required. Name of the resource to perform the analysis against.
1479
- # Only GCP Project are supported as of today. Hence, this can only be Project
1480
- # ID (such as "projects/my-project-id") or a Project Number (such as
1481
- # "projects/12345").
1509
+ # Only Google Cloud projects are supported as of today. Hence, this can only
1510
+ # be a project ID (such as "projects/my-project-id") or a project number
1511
+ # (such as "projects/12345").
1482
1512
  # @!attribute [rw] destination_parent
1483
1513
  # @return [::String]
1484
- # Required. Name of the GCP Folder or Organization to reparent the target
1485
- # resource. The analysis will be performed against hypothetically moving the
1486
- # resource to this specified desitination parent. This can only be a Folder
1487
- # number (such as "folders/123") or an Organization number (such as
1514
+ # Required. Name of the Google Cloud folder or organization to reparent the
1515
+ # target resource. The analysis will be performed against hypothetically
1516
+ # moving the resource to this specified desitination parent. This can only be
1517
+ # a folder number (such as "folders/123") or an organization number (such as
1488
1518
  # "organizations/123").
1489
1519
  # @!attribute [rw] view
1490
1520
  # @return [::Google::Cloud::Asset::V1::AnalyzeMoveRequest::AnalysisView]
@@ -1514,7 +1544,7 @@ module Google
1514
1544
  # @!attribute [rw] move_analysis
1515
1545
  # @return [::Array<::Google::Cloud::Asset::V1::MoveAnalysis>]
1516
1546
  # The list of analyses returned from performing the intended resource move
1517
- # analysis. The analysis is grouped by different Cloud services.
1547
+ # analysis. The analysis is grouped by different Google Cloud services.
1518
1548
  class AnalyzeMoveResponse
1519
1549
  include ::Google::Protobuf::MessageExts
1520
1550
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1523,8 +1553,8 @@ module Google
1523
1553
  # A message to group the analysis information.
1524
1554
  # @!attribute [rw] display_name
1525
1555
  # @return [::String]
1526
- # The user friendly display name of the analysis. E.g. IAM, Organization
1527
- # Policy etc.
1556
+ # The user friendly display name of the analysis. E.g. IAM, organization
1557
+ # policy etc.
1528
1558
  # @!attribute [rw] analysis
1529
1559
  # @return [::Google::Cloud::Asset::V1::MoveAnalysisResult]
1530
1560
  # Analysis result of moving the target resource.
@@ -1571,12 +1601,13 @@ module Google
1571
1601
  # BigQuery destination.
1572
1602
  # @!attribute [rw] dataset
1573
1603
  # @return [::String]
1574
- # Required. The BigQuery dataset where the query results will be saved. It has the
1575
- # format of "projects/\\{projectId}/datasets/\\{datasetId}".
1604
+ # Required. The BigQuery dataset where the query results will be saved. It
1605
+ # has the format of "projects/\\{projectId}/datasets/\\{datasetId}".
1576
1606
  # @!attribute [rw] table
1577
1607
  # @return [::String]
1578
- # Required. The BigQuery table where the query results will be saved. If this table
1579
- # does not exist, a new table with the given name will be created.
1608
+ # Required. The BigQuery table where the query results will be saved. If
1609
+ # this table does not exist, a new table with the given name will be
1610
+ # created.
1580
1611
  # @!attribute [rw] write_disposition
1581
1612
  # @return [::String]
1582
1613
  # Specifies the action that occurs if the destination table or partition
@@ -1611,12 +1642,12 @@ module Google
1611
1642
  # SQL](http://cloud/bigquery/docs/reference/standard-sql/enabling-standard-sql).
1612
1643
  # @!attribute [rw] job_reference
1613
1644
  # @return [::String]
1614
- # Optional. Reference to the query job, which is from the `QueryAssetsResponse` of
1615
- # previous `QueryAssets` call.
1645
+ # Optional. Reference to the query job, which is from the
1646
+ # `QueryAssetsResponse` of previous `QueryAssets` call.
1616
1647
  # @!attribute [rw] page_size
1617
1648
  # @return [::Integer]
1618
- # Optional. The maximum number of rows to return in the results. Responses are limited
1619
- # to 10 MB and 1000 rows.
1649
+ # Optional. The maximum number of rows to return in the results. Responses
1650
+ # are limited to 10 MB and 1000 rows.
1620
1651
  #
1621
1652
  # By default, the maximum row count is 1000. When the byte or row count limit
1622
1653
  # is reached, the rest of the query results will be paginated.
@@ -1629,10 +1660,11 @@ module Google
1629
1660
  # The field will be ignored when [output_config] is specified.
1630
1661
  # @!attribute [rw] timeout
1631
1662
  # @return [::Google::Protobuf::Duration]
1632
- # Optional. Specifies the maximum amount of time that the client is willing to wait
1633
- # for the query to complete. By default, this limit is 5 min for the first
1634
- # query, and 1 minute for the following queries. If the query is complete,
1635
- # the `done` field in the `QueryAssetsResponse` is true, otherwise false.
1663
+ # Optional. Specifies the maximum amount of time that the client is willing
1664
+ # to wait for the query to complete. By default, this limit is 5 min for the
1665
+ # first query, and 1 minute for the following queries. If the query is
1666
+ # complete, the `done` field in the `QueryAssetsResponse` is true, otherwise
1667
+ # false.
1636
1668
  #
1637
1669
  # Like BigQuery [jobs.query
1638
1670
  # API](https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs/query#queryrequest)
@@ -1643,12 +1675,13 @@ module Google
1643
1675
  # The field will be ignored when [output_config] is specified.
1644
1676
  # @!attribute [rw] read_time_window
1645
1677
  # @return [::Google::Cloud::Asset::V1::TimeWindow]
1646
- # Optional. [start_time] is required. [start_time] must be less than [end_time]
1647
- # Defaults [end_time] to now if [start_time] is set and [end_time] isn't.
1648
- # Maximum permitted time range is 7 days.
1678
+ # Optional. [start_time] is required. [start_time] must be less than
1679
+ # [end_time] Defaults [end_time] to now if [start_time] is set and
1680
+ # [end_time] isn't. Maximum permitted time range is 7 days.
1649
1681
  # @!attribute [rw] read_time
1650
1682
  # @return [::Google::Protobuf::Timestamp]
1651
- # Optional. Queries cloud assets as they appeared at the specified point in time.
1683
+ # Optional. Queries cloud assets as they appeared at the specified point in
1684
+ # time.
1652
1685
  # @!attribute [rw] output_config
1653
1686
  # @return [::Google::Cloud::Asset::V1::QueryAssetsOutputConfig]
1654
1687
  # Optional. Destination where the query results will be saved.
@@ -1759,7 +1792,8 @@ module Google
1759
1792
  extend ::Google::Protobuf::MessageExts::ClassMethods
1760
1793
  end
1761
1794
 
1762
- # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#batch_get_effective_iam_policies AssetService.BatchGetEffectiveIamPolicies}.
1795
+ # A request message for
1796
+ # {::Google::Cloud::Asset::V1::AssetService::Client#batch_get_effective_iam_policies AssetService.BatchGetEffectiveIamPolicies}.
1763
1797
  # @!attribute [rw] scope
1764
1798
  # @return [::String]
1765
1799
  # Required. Only IAM policies on or below the scope will be returned.
@@ -1785,14 +1819,16 @@ module Google
1785
1819
  extend ::Google::Protobuf::MessageExts::ClassMethods
1786
1820
  end
1787
1821
 
1788
- # A response message for {::Google::Cloud::Asset::V1::AssetService::Client#batch_get_effective_iam_policies AssetService.BatchGetEffectiveIamPolicies}.
1822
+ # A response message for
1823
+ # {::Google::Cloud::Asset::V1::AssetService::Client#batch_get_effective_iam_policies AssetService.BatchGetEffectiveIamPolicies}.
1789
1824
  # @!attribute [rw] policy_results
1790
1825
  # @return [::Array<::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy>]
1791
1826
  # The effective policies for a batch of resources. Note that the results
1792
1827
  # order is the same as the order of
1793
- # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names}. When a resource does not
1794
- # have any effective IAM policies, its corresponding policy_result will
1795
- # contain empty {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#policies EffectiveIamPolicy.policies}.
1828
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names}.
1829
+ # When a resource does not have any effective IAM policies, its corresponding
1830
+ # policy_result will contain empty
1831
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#policies EffectiveIamPolicy.policies}.
1796
1832
  class BatchGetEffectiveIamPoliciesResponse
1797
1833
  include ::Google::Protobuf::MessageExts
1798
1834
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1802,24 +1838,33 @@ module Google
1802
1838
  # @return [::String]
1803
1839
  # The [full_resource_name]
1804
1840
  # (https://cloud.google.com/asset-inventory/docs/resource-name-format)
1805
- # for which the {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#policies policies} are computed. This is one of the
1806
- # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names} the caller provides in the
1807
- # request.
1841
+ # for which the
1842
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#policies policies}
1843
+ # are computed. This is one of the
1844
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#names BatchGetEffectiveIamPoliciesRequest.names}
1845
+ # the caller provides in the request.
1808
1846
  # @!attribute [rw] policies
1809
1847
  # @return [::Array<::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo>]
1810
- # The effective policies for the {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}.
1848
+ # The effective policies for the
1849
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}.
1811
1850
  #
1812
- # These policies include the policy set on the {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name} and
1813
- # those set on its parents and ancestors up to the
1814
- # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#scope BatchGetEffectiveIamPoliciesRequest.scope}. Note that these policies
1815
- # are not filtered according to the resource type of the
1851
+ # These policies include the policy set on the
1852
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}
1853
+ # and those set on its parents and ancestors up to the
1854
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesRequest#scope BatchGetEffectiveIamPoliciesRequest.scope}.
1855
+ # Note that these policies are not filtered according to the resource type
1856
+ # of the
1816
1857
  # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}.
1817
1858
  #
1818
1859
  # These policies are hierarchically ordered by
1819
- # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource} starting from {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}
1860
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}
1861
+ # starting from
1862
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy#full_resource_name full_resource_name}
1820
1863
  # itself to its parents and ancestors, such that policies[i]'s
1821
- # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource} is the child of policies[i+1]'s
1822
- # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}, if policies[i+1] exists.
1864
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource}
1865
+ # is the child of policies[i+1]'s
1866
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource PolicyInfo.attached_resource},
1867
+ # if policies[i+1] exists.
1823
1868
  class EffectiveIamPolicy
1824
1869
  include ::Google::Protobuf::MessageExts
1825
1870
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1827,10 +1872,13 @@ module Google
1827
1872
  # The IAM policy and its attached resource.
1828
1873
  # @!attribute [rw] attached_resource
1829
1874
  # @return [::String]
1830
- # The full resource name the {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#policy policy} is directly attached to.
1875
+ # The full resource name the
1876
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#policy policy}
1877
+ # is directly attached to.
1831
1878
  # @!attribute [rw] policy
1832
1879
  # @return [::Google::Iam::V1::Policy]
1833
- # The IAM policy that's directly attached to the {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource attached_resource}.
1880
+ # The IAM policy that's directly attached to the
1881
+ # {::Google::Cloud::Asset::V1::BatchGetEffectiveIamPoliciesResponse::EffectiveIamPolicy::PolicyInfo#attached_resource attached_resource}.
1834
1882
  class PolicyInfo
1835
1883
  include ::Google::Protobuf::MessageExts
1836
1884
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1838,6 +1886,561 @@ module Google
1838
1886
  end
1839
1887
  end
1840
1888
 
1889
+ # This organization policy message is a modified version of the one defined in
1890
+ # the Organization Policy system. This message contains several fields defined
1891
+ # in the original organization policy with some new fields for analysis
1892
+ # purpose.
1893
+ # @!attribute [rw] attached_resource
1894
+ # @return [::String]
1895
+ # The [full resource name]
1896
+ # (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
1897
+ # an organization/folder/project resource where this organization policy is
1898
+ # set.
1899
+ #
1900
+ # Notice that some type of constraints are defined with default policy. This
1901
+ # field will be empty for them.
1902
+ # @!attribute [rw] applied_resource
1903
+ # @return [::String]
1904
+ # The [full resource name]
1905
+ # (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
1906
+ # an organization/folder/project resource where this organization policy
1907
+ # applies to.
1908
+ #
1909
+ # For any user defined org policies, this field has the same value as
1910
+ # the [attached_resource] field. Only for default policy, this field has
1911
+ # the different value.
1912
+ # @!attribute [rw] rules
1913
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule>]
1914
+ # List of rules for this organization policy.
1915
+ # @!attribute [rw] inherit_from_parent
1916
+ # @return [::Boolean]
1917
+ # If `inherit_from_parent` is true, Rules set higher up in the
1918
+ # hierarchy (up to the closest root) are inherited and present in the
1919
+ # effective policy. If it is false, then no rules are inherited, and this
1920
+ # policy becomes the effective root for evaluation.
1921
+ # @!attribute [rw] reset
1922
+ # @return [::Boolean]
1923
+ # Ignores policies set above this resource and restores the default behavior
1924
+ # of the constraint at this resource.
1925
+ # This field can be set in policies for either list or boolean
1926
+ # constraints. If set, `rules` must be empty and `inherit_from_parent`
1927
+ # must be set to false.
1928
+ class AnalyzerOrgPolicy
1929
+ include ::Google::Protobuf::MessageExts
1930
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1931
+
1932
+ # Represents a rule defined in an organization policy
1933
+ # @!attribute [rw] values
1934
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy::Rule::StringValues]
1935
+ # List of values to be used for this PolicyRule. This field can be set
1936
+ # only in Policies for list constraints.
1937
+ # @!attribute [rw] allow_all
1938
+ # @return [::Boolean]
1939
+ # Setting this to true means that all values are allowed. This field can
1940
+ # be set only in Policies for list constraints.
1941
+ # @!attribute [rw] deny_all
1942
+ # @return [::Boolean]
1943
+ # Setting this to true means that all values are denied. This field can
1944
+ # be set only in Policies for list constraints.
1945
+ # @!attribute [rw] enforce
1946
+ # @return [::Boolean]
1947
+ # If `true`, then the `Policy` is enforced. If `false`, then any
1948
+ # configuration is acceptable.
1949
+ # This field can be set only in Policies for boolean constraints.
1950
+ # @!attribute [rw] condition
1951
+ # @return [::Google::Type::Expr]
1952
+ # The evaluating condition for this rule.
1953
+ class Rule
1954
+ include ::Google::Protobuf::MessageExts
1955
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1956
+
1957
+ # The string values for the list constraints.
1958
+ # @!attribute [rw] allowed_values
1959
+ # @return [::Array<::String>]
1960
+ # List of values allowed at this resource.
1961
+ # @!attribute [rw] denied_values
1962
+ # @return [::Array<::String>]
1963
+ # List of values denied at this resource.
1964
+ class StringValues
1965
+ include ::Google::Protobuf::MessageExts
1966
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1967
+ end
1968
+ end
1969
+ end
1970
+
1971
+ # The organization policy constraint definition.
1972
+ # @!attribute [rw] google_defined_constraint
1973
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint]
1974
+ # The definition of the canned constraint defined by Google.
1975
+ # @!attribute [rw] custom_constraint
1976
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::CustomConstraint]
1977
+ # The definition of the custom constraint.
1978
+ class AnalyzerOrgPolicyConstraint
1979
+ include ::Google::Protobuf::MessageExts
1980
+ extend ::Google::Protobuf::MessageExts::ClassMethods
1981
+
1982
+ # The definition of a constraint.
1983
+ # @!attribute [rw] name
1984
+ # @return [::String]
1985
+ # The unique name of the constraint. Format of the name should be
1986
+ # * `constraints/{constraint_name}`
1987
+ #
1988
+ # For example, `constraints/compute.disableSerialPortAccess`.
1989
+ # @!attribute [rw] display_name
1990
+ # @return [::String]
1991
+ # The human readable name of the constraint.
1992
+ # @!attribute [rw] description
1993
+ # @return [::String]
1994
+ # Detailed description of what this `Constraint` controls as well as how
1995
+ # and where it is enforced.
1996
+ # @!attribute [rw] constraint_default
1997
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint::ConstraintDefault]
1998
+ # The evaluation behavior of this constraint in the absence of 'Policy'.
1999
+ # @!attribute [rw] list_constraint
2000
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint::ListConstraint]
2001
+ # Defines this constraint as being a ListConstraint.
2002
+ # @!attribute [rw] boolean_constraint
2003
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::Constraint::BooleanConstraint]
2004
+ # Defines this constraint as being a BooleanConstraint.
2005
+ class Constraint
2006
+ include ::Google::Protobuf::MessageExts
2007
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2008
+
2009
+ # A `Constraint` that allows or disallows a list of string values, which
2010
+ # are configured by an organization's policy administrator with a `Policy`.
2011
+ # @!attribute [rw] supports_in
2012
+ # @return [::Boolean]
2013
+ # Indicates whether values grouped into categories can be used in
2014
+ # `Policy.allowed_values` and `Policy.denied_values`. For example,
2015
+ # `"in:Python"` would match any value in the 'Python' group.
2016
+ # @!attribute [rw] supports_under
2017
+ # @return [::Boolean]
2018
+ # Indicates whether subtrees of Cloud Resource Manager resource hierarchy
2019
+ # can be used in `Policy.allowed_values` and `Policy.denied_values`. For
2020
+ # example, `"under:folders/123"` would match any resource under the
2021
+ # 'folders/123' folder.
2022
+ class ListConstraint
2023
+ include ::Google::Protobuf::MessageExts
2024
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2025
+ end
2026
+
2027
+ # A `Constraint` that is either enforced or not.
2028
+ #
2029
+ # For example a constraint `constraints/compute.disableSerialPortAccess`.
2030
+ # If it is enforced on a VM instance, serial port connections will not be
2031
+ # opened to that instance.
2032
+ class BooleanConstraint
2033
+ include ::Google::Protobuf::MessageExts
2034
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2035
+ end
2036
+
2037
+ # Specifies the default behavior in the absence of any `Policy` for the
2038
+ # `Constraint`. This must not be `CONSTRAINT_DEFAULT_UNSPECIFIED`.
2039
+ module ConstraintDefault
2040
+ # This is only used for distinguishing unset values and should never be
2041
+ # used.
2042
+ CONSTRAINT_DEFAULT_UNSPECIFIED = 0
2043
+
2044
+ # Indicate that all values are allowed for list constraints.
2045
+ # Indicate that enforcement is off for boolean constraints.
2046
+ ALLOW = 1
2047
+
2048
+ # Indicate that all values are denied for list constraints.
2049
+ # Indicate that enforcement is on for boolean constraints.
2050
+ DENY = 2
2051
+ end
2052
+ end
2053
+
2054
+ # The definition of a custom constraint.
2055
+ # @!attribute [rw] name
2056
+ # @return [::String]
2057
+ # Name of the constraint. This is unique within the organization. Format of
2058
+ # the name should be
2059
+ # * `organizations/{organization_id}/customConstraints/{custom_constraint_id}`
2060
+ #
2061
+ # Example :
2062
+ # "organizations/123/customConstraints/custom.createOnlyE2TypeVms"
2063
+ # @!attribute [rw] resource_types
2064
+ # @return [::Array<::String>]
2065
+ # The Resource Instance type on which this policy applies to. Format will
2066
+ # be of the form : "<canonical service name>/<type>" Example:
2067
+ # * `compute.googleapis.com/Instance`.
2068
+ # @!attribute [rw] method_types
2069
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::CustomConstraint::MethodType>]
2070
+ # All the operations being applied for this constraint.
2071
+ # @!attribute [rw] condition
2072
+ # @return [::String]
2073
+ # Organization Policy condition/expression. For example:
2074
+ # `resource.instanceName.matches("[production|test]_.*_(\d)+")'` or,
2075
+ # `resource.management.auto_upgrade == true`
2076
+ # @!attribute [rw] action_type
2077
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint::CustomConstraint::ActionType]
2078
+ # Allow or deny type.
2079
+ # @!attribute [rw] display_name
2080
+ # @return [::String]
2081
+ # One line display name for the UI.
2082
+ # @!attribute [rw] description
2083
+ # @return [::String]
2084
+ # Detailed information about this custom policy constraint.
2085
+ class CustomConstraint
2086
+ include ::Google::Protobuf::MessageExts
2087
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2088
+
2089
+ # The operation in which this constraint will be applied. For example:
2090
+ # If the constraint applies only when create VMs, the method_types will be
2091
+ # "CREATE" only. If the constraint applied when create or delete VMs, the
2092
+ # method_types will be "CREATE" and "DELETE".
2093
+ module MethodType
2094
+ # Unspecified. Will results in user error.
2095
+ METHOD_TYPE_UNSPECIFIED = 0
2096
+
2097
+ # Constraint applied when creating the resource.
2098
+ CREATE = 1
2099
+
2100
+ # Constraint applied when updating the resource.
2101
+ UPDATE = 2
2102
+
2103
+ # Constraint applied when deleting the resource.
2104
+ DELETE = 3
2105
+ end
2106
+
2107
+ # Allow or deny type.
2108
+ module ActionType
2109
+ # Unspecified. Will results in user error.
2110
+ ACTION_TYPE_UNSPECIFIED = 0
2111
+
2112
+ # Allowed action type.
2113
+ ALLOW = 1
2114
+
2115
+ # Deny action type.
2116
+ DENY = 2
2117
+ end
2118
+ end
2119
+ end
2120
+
2121
+ # A request message for
2122
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policies AssetService.AnalyzeOrgPolicies}.
2123
+ # @!attribute [rw] scope
2124
+ # @return [::String]
2125
+ # Required. The organization to scope the request. Only organization
2126
+ # policies within the scope will be analyzed.
2127
+ #
2128
+ # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
2129
+ # @!attribute [rw] constraint
2130
+ # @return [::String]
2131
+ # Required. The name of the constraint to analyze organization policies for.
2132
+ # The response only contains analyzed organization policies for the provided
2133
+ # constraint.
2134
+ # @!attribute [rw] filter
2135
+ # @return [::String]
2136
+ # The expression to filter
2137
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}.
2138
+ # The only supported field is `consolidated_policy.attached_resource`, and
2139
+ # the only supported operator is `=`.
2140
+ #
2141
+ # Example:
2142
+ # consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001"
2143
+ # will return the org policy results of"folders/001".
2144
+ # @!attribute [rw] page_size
2145
+ # @return [::Integer]
2146
+ # The maximum number of items to return per page. If unspecified,
2147
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}
2148
+ # will contain 20 items with a maximum of 200.
2149
+ # @!attribute [rw] page_token
2150
+ # @return [::String]
2151
+ # The pagination token to retrieve the next page.
2152
+ class AnalyzeOrgPoliciesRequest
2153
+ include ::Google::Protobuf::MessageExts
2154
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2155
+ end
2156
+
2157
+ # The response message for
2158
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policies AssetService.AnalyzeOrgPolicies}.
2159
+ # @!attribute [rw] org_policy_results
2160
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse::OrgPolicyResult>]
2161
+ # The organization policies under the
2162
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest#scope AnalyzeOrgPoliciesRequest.scope}
2163
+ # with the
2164
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesRequest#constraint AnalyzeOrgPoliciesRequest.constraint}.
2165
+ # @!attribute [rw] constraint
2166
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint]
2167
+ # The definition of the constraint in the request.
2168
+ # @!attribute [rw] next_page_token
2169
+ # @return [::String]
2170
+ # The page token to fetch the next page for
2171
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPoliciesResponse#org_policy_results AnalyzeOrgPoliciesResponse.org_policy_results}.
2172
+ class AnalyzeOrgPoliciesResponse
2173
+ include ::Google::Protobuf::MessageExts
2174
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2175
+
2176
+ # The organization policy result to the query.
2177
+ # @!attribute [rw] consolidated_policy
2178
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy]
2179
+ # The consolidated organization policy for the analyzed resource. The
2180
+ # consolidated organization policy is computed by merging and evaluating
2181
+ # [AnalyzeOrgPoliciesResponse.policy_bundle][].
2182
+ # The evaluation will respect the organization policy [hierarchy
2183
+ # rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
2184
+ # @!attribute [rw] policy_bundle
2185
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy>]
2186
+ # The ordered list of all organization policies from the
2187
+ # [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][].
2188
+ # to the scope specified in the request.
2189
+ #
2190
+ # If the constraint is defined with default policy, it will also appear in
2191
+ # the list.
2192
+ class OrgPolicyResult
2193
+ include ::Google::Protobuf::MessageExts
2194
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2195
+ end
2196
+ end
2197
+
2198
+ # A request message for
2199
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_containers AssetService.AnalyzeOrgPolicyGovernedContainers}.
2200
+ # @!attribute [rw] scope
2201
+ # @return [::String]
2202
+ # Required. The organization to scope the request. Only organization
2203
+ # policies within the scope will be analyzed. The output containers will
2204
+ # also be limited to the ones governed by those in-scope organization
2205
+ # policies.
2206
+ #
2207
+ # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
2208
+ # @!attribute [rw] constraint
2209
+ # @return [::String]
2210
+ # Required. The name of the constraint to analyze governed containers for.
2211
+ # The analysis only contains organization policies for the provided
2212
+ # constraint.
2213
+ # @!attribute [rw] filter
2214
+ # @return [::String]
2215
+ # The expression to filter the governed containers in result.
2216
+ # The only supported field is `parent`, and the only supported operator is
2217
+ # `=`.
2218
+ #
2219
+ # Example:
2220
+ # parent="//cloudresourcemanager.googleapis.com/folders/001" will return all
2221
+ # containers under "folders/001".
2222
+ # @!attribute [rw] page_size
2223
+ # @return [::Integer]
2224
+ # The maximum number of items to return per page. If unspecified,
2225
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse#governed_containers AnalyzeOrgPolicyGovernedContainersResponse.governed_containers}
2226
+ # will contain 100 items with a maximum of 200.
2227
+ # @!attribute [rw] page_token
2228
+ # @return [::String]
2229
+ # The pagination token to retrieve the next page.
2230
+ class AnalyzeOrgPolicyGovernedContainersRequest
2231
+ include ::Google::Protobuf::MessageExts
2232
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2233
+ end
2234
+
2235
+ # The response message for
2236
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_containers AssetService.AnalyzeOrgPolicyGovernedContainers}.
2237
+ # @!attribute [rw] governed_containers
2238
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer>]
2239
+ # The list of the analyzed governed containers.
2240
+ # @!attribute [rw] constraint
2241
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint]
2242
+ # The definition of the constraint in the request.
2243
+ # @!attribute [rw] next_page_token
2244
+ # @return [::String]
2245
+ # The page token to fetch the next page for
2246
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse#governed_containers AnalyzeOrgPolicyGovernedContainersResponse.governed_containers}.
2247
+ class AnalyzeOrgPolicyGovernedContainersResponse
2248
+ include ::Google::Protobuf::MessageExts
2249
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2250
+
2251
+ # The organization/folder/project resource governed by organization policies
2252
+ # of
2253
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersRequest#constraint AnalyzeOrgPolicyGovernedContainersRequest.constraint}.
2254
+ # @!attribute [rw] full_resource_name
2255
+ # @return [::String]
2256
+ # The [full resource name]
2257
+ # (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
2258
+ # an organization/folder/project resource.
2259
+ # @!attribute [rw] parent
2260
+ # @return [::String]
2261
+ # The [full resource name]
2262
+ # (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
2263
+ # the parent of
2264
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#full_resource_name AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.full_resource_name}.
2265
+ # @!attribute [rw] consolidated_policy
2266
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy]
2267
+ # The consolidated organization policy for the analyzed resource. The
2268
+ # consolidated organization policy is computed by merging and evaluating
2269
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedContainersResponse::GovernedContainer#policy_bundle AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.policy_bundle}.
2270
+ # The evaluation will respect the organization policy [hierarchy
2271
+ # rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
2272
+ # @!attribute [rw] policy_bundle
2273
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy>]
2274
+ # The ordered list of all organization policies from the
2275
+ # [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][].
2276
+ # to the scope specified in the request.
2277
+ #
2278
+ # If the constraint is defined with default policy, it will also appear in
2279
+ # the list.
2280
+ class GovernedContainer
2281
+ include ::Google::Protobuf::MessageExts
2282
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2283
+ end
2284
+ end
2285
+
2286
+ # A request message for
2287
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_assets AssetService.AnalyzeOrgPolicyGovernedAssets}.
2288
+ # @!attribute [rw] scope
2289
+ # @return [::String]
2290
+ # Required. The organization to scope the request. Only organization
2291
+ # policies within the scope will be analyzed. The output assets will
2292
+ # also be limited to the ones governed by those in-scope organization
2293
+ # policies.
2294
+ #
2295
+ # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
2296
+ # @!attribute [rw] constraint
2297
+ # @return [::String]
2298
+ # Required. The name of the constraint to analyze governed assets for. The
2299
+ # analysis only contains analyzed organization policies for the provided
2300
+ # constraint.
2301
+ # @!attribute [rw] filter
2302
+ # @return [::String]
2303
+ # The expression to filter the governed assets in result. The only supported
2304
+ # fields for governed resources are `governed_resource.project` and
2305
+ # `governed_resource.folders`. The only supported fields for governed iam
2306
+ # policies are `governed_iam_policy.project` and
2307
+ # `governed_iam_policy.folders`. The only supported operator is `=`.
2308
+ #
2309
+ # Example 1: governed_resource.project="projects/12345678" filter will return
2310
+ # all governed resources under projects/12345678 including the project
2311
+ # ifself, if applicable.
2312
+ #
2313
+ # Example 2: governed_iam_policy.folders="folders/12345678" filter will
2314
+ # return all governed iam policies under folders/12345678, if applicable.
2315
+ # @!attribute [rw] page_size
2316
+ # @return [::Integer]
2317
+ # The maximum number of items to return per page. If unspecified,
2318
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse#governed_assets AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets}
2319
+ # will contain 100 items with a maximum of 200.
2320
+ # @!attribute [rw] page_token
2321
+ # @return [::String]
2322
+ # The pagination token to retrieve the next page.
2323
+ class AnalyzeOrgPolicyGovernedAssetsRequest
2324
+ include ::Google::Protobuf::MessageExts
2325
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2326
+ end
2327
+
2328
+ # The response message for
2329
+ # {::Google::Cloud::Asset::V1::AssetService::Client#analyze_org_policy_governed_assets AssetService.AnalyzeOrgPolicyGovernedAssets}.
2330
+ # @!attribute [rw] governed_assets
2331
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset>]
2332
+ # The list of the analyzed governed assets.
2333
+ # @!attribute [rw] constraint
2334
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicyConstraint]
2335
+ # The definition of the constraint in the request.
2336
+ # @!attribute [rw] next_page_token
2337
+ # @return [::String]
2338
+ # The page token to fetch the next page for
2339
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse#governed_assets AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets}.
2340
+ class AnalyzeOrgPolicyGovernedAssetsResponse
2341
+ include ::Google::Protobuf::MessageExts
2342
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2343
+
2344
+ # The Google Cloud resources governed by the organization policies of the
2345
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
2346
+ # @!attribute [rw] full_resource_name
2347
+ # @return [::String]
2348
+ # The [full resource name]
2349
+ # (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
2350
+ # the Google Cloud resource.
2351
+ # @!attribute [rw] parent
2352
+ # @return [::String]
2353
+ # The [full resource name]
2354
+ # (https://cloud.google.com/asset-inventory/docs/resource-name-format) of
2355
+ # the parent of
2356
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedResource#full_resource_name AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name}.
2357
+ # @!attribute [rw] project
2358
+ # @return [::String]
2359
+ # The project that this resource belongs to, in the form of
2360
+ # projects/\\{PROJECT_NUMBER}. This field is available when the resource
2361
+ # belongs to a project.
2362
+ # @!attribute [rw] folders
2363
+ # @return [::Array<::String>]
2364
+ # The folder(s) that this resource belongs to, in the form of
2365
+ # folders/\\{FOLDER_NUMBER}. This field is available when the resource
2366
+ # belongs(directly or cascadingly) to one or more folders.
2367
+ # @!attribute [rw] organization
2368
+ # @return [::String]
2369
+ # The organization that this resource belongs to, in the form of
2370
+ # organizations/\\{ORGANIZATION_NUMBER}. This field is available when the
2371
+ # resource belongs(directly or cascadingly) to an organization.
2372
+ class GovernedResource
2373
+ include ::Google::Protobuf::MessageExts
2374
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2375
+ end
2376
+
2377
+ # The IAM policies governed by the organization policies of the
2378
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
2379
+ # @!attribute [rw] attached_resource
2380
+ # @return [::String]
2381
+ # The full resource name of the resource associated with this IAM policy.
2382
+ # Example:
2383
+ # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
2384
+ # See [Cloud Asset Inventory Resource Name
2385
+ # Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
2386
+ # for more information.
2387
+ # @!attribute [rw] policy
2388
+ # @return [::Google::Iam::V1::Policy]
2389
+ # The IAM policy directly set on the given resource.
2390
+ # @!attribute [rw] project
2391
+ # @return [::String]
2392
+ # The project that this IAM policy belongs to, in the form of
2393
+ # projects/\\{PROJECT_NUMBER}. This field is available when the IAM policy
2394
+ # belongs to a project.
2395
+ # @!attribute [rw] folders
2396
+ # @return [::Array<::String>]
2397
+ # The folder(s) that this IAM policy belongs to, in the form of
2398
+ # folders/\\{FOLDER_NUMBER}. This field is available when the IAM policy
2399
+ # belongs(directly or cascadingly) to one or more folders.
2400
+ # @!attribute [rw] organization
2401
+ # @return [::String]
2402
+ # The organization that this IAM policy belongs to, in the form of
2403
+ # organizations/\\{ORGANIZATION_NUMBER}. This field is available when the
2404
+ # IAM policy belongs(directly or cascadingly) to an organization.
2405
+ class GovernedIamPolicy
2406
+ include ::Google::Protobuf::MessageExts
2407
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2408
+ end
2409
+
2410
+ # Represents a Google Cloud asset(resource or IAM policy) governed by the
2411
+ # organization policies of the
2412
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
2413
+ # @!attribute [rw] governed_resource
2414
+ # @return [::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedResource]
2415
+ # A Google Cloud resource governed by the organization
2416
+ # policies of the
2417
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
2418
+ # @!attribute [rw] governed_iam_policy
2419
+ # @return [::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedIamPolicy]
2420
+ # An IAM policy governed by the organization
2421
+ # policies of the
2422
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsRequest#constraint AnalyzeOrgPolicyGovernedAssetsRequest.constraint}.
2423
+ # @!attribute [rw] consolidated_policy
2424
+ # @return [::Google::Cloud::Asset::V1::AnalyzerOrgPolicy]
2425
+ # The consolidated policy for the analyzed asset. The consolidated
2426
+ # policy is computed by merging and evaluating
2427
+ # {::Google::Cloud::Asset::V1::AnalyzeOrgPolicyGovernedAssetsResponse::GovernedAsset#policy_bundle AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.policy_bundle}.
2428
+ # The evaluation will respect the organization policy [hierarchy
2429
+ # rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy).
2430
+ # @!attribute [rw] policy_bundle
2431
+ # @return [::Array<::Google::Cloud::Asset::V1::AnalyzerOrgPolicy>]
2432
+ # The ordered list of all organization policies from the
2433
+ # [AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource][]
2434
+ # to the scope specified in the request.
2435
+ #
2436
+ # If the constraint is defined with default policy, it will also appear in
2437
+ # the list.
2438
+ class GovernedAsset
2439
+ include ::Google::Protobuf::MessageExts
2440
+ extend ::Google::Protobuf::MessageExts::ClassMethods
2441
+ end
2442
+ end
2443
+
1841
2444
  # Asset content type.
1842
2445
  module ContentType
1843
2446
  # Unspecified content type.
@@ -1849,10 +2452,10 @@ module Google
1849
2452
  # The actual IAM policy set on a resource.
1850
2453
  IAM_POLICY = 2
1851
2454
 
1852
- # The Cloud Organization Policy set on an asset.
2455
+ # The organization policy set on an asset.
1853
2456
  ORG_POLICY = 4
1854
2457
 
1855
- # The Cloud Access context manager Policy set on an asset.
2458
+ # The Access Context Manager policy set on an asset.
1856
2459
  ACCESS_POLICY = 5
1857
2460
 
1858
2461
  # The runtime OS Inventory information.