google-cloud-asset-v1 0.5.1 → 0.7.0

data/lib/google/cloud/asset/v1/assets_pb.rb

@@ -3,7 +3,6 @@
 
 require 'google/protobuf'
 
-require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/orgpolicy/v1/orgpolicy_pb'
 require 'google/iam/v1/policy_pb'
@@ -14,6 +13,7 @@ require 'google/protobuf/any_pb'
 require 'google/protobuf/struct_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/rpc/code_pb'
+require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
     add_message "google.cloud.asset.v1.TemporalAsset" do

data/lib/google/cloud/asset/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Asset
       module V1
-        VERSION = "0.5.1"
+        VERSION = "0.7.0"
       end
     end
   end

data/proto_docs/google/api/resource.rb

@@ -43,12 +43,12 @@ module Google
     #
     # The ResourceDescriptor Yaml config will look like:
     #
-    #    resources:
-    #    - type: "pubsub.googleapis.com/Topic"
-    #      name_descriptor:
-    #        - pattern: "projects/\\{project}/topics/\\{topic}"
-    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #          parent_name_extractor: "projects/\\{project}"
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
     #         }
     # @!attribute [rw] plural
     #   @return [::String]
-    #     The plural name used in the resource name, such as 'projects' for
-    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
-    #     field in k8s CRD spec
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
+    #     concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
     # @!attribute [rw] singular
     #   @return [::String]
     #     The same concept of the `singular` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
     class ResourceDescriptor
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
         # that from being necessary once there are multiple patterns.)
         FUTURE_MULTI_PATTERN = 2
       end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
     end
 
     # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
     #             type: "pubsub.googleapis.com/Topic"
     #           }];
     #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
     # @!attribute [rw] child_type
     #   @return [::String]
     #     The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
     #
     #     Example:
     #
-    #       message ListLogEntriesRequest {
-    #         string parent = 1 [(google.api.resource_reference) = {
-    #           child_type: "logging.googleapis.com/LogEntry"
-    #         };
-    #       }
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
     class ResourceReference
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/asset/v1/asset_service.rb

@@ -37,9 +37,22 @@ module Google
         #     running the same query may get different results.
         # @!attribute [rw] asset_types
         #   @return [::Array<::String>]
-        #     A list of asset types of which to take a snapshot for. Example:
-        #     "compute.googleapis.com/Disk". If specified, only matching assets will be
-        #     returned. See [Introduction to Cloud Asset
+        #     A list of asset types to take a snapshot for. For example:
+        #     "compute.googleapis.com/Disk".
+        #
+        #     Regular expressions are also supported. For example:
+        #
+        #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+        #     with "compute.googleapis.com".
+        #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+        #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+        #
+        #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+        #     regular expression syntax. If the regular expression does not match any
+        #     supported asset type, an INVALID_ARGUMENT error will be returned.
+        #
+        #     If specified, only matching assets will be returned, otherwise, it will
+        #     snapshot all asset types. See [Introduction to Cloud Asset
         #     Inventory](https://cloud.google.com/asset-inventory/docs/overview)
         #     for all supported asset types.
         # @!attribute [rw] content_type
@@ -48,24 +61,28 @@ module Google
         #     returned.
         # @!attribute [rw] output_config
         #   @return [::Google::Cloud::Asset::V1::OutputConfig]
-        #     Required. Output configuration indicating where the results will be output
-        #     to.
+        #     Required. Output configuration indicating where the results will be output to.
         class ExportAssetsRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
         # The export asset response. This message is returned by the
-        # google.longrunning.Operations.GetOperation
-        # method in the returned
-        # {::Google::Longrunning::Operation#response google.longrunning.Operation.response}
-        # field.
+        # google.longrunning.Operations.GetOperation method in the returned
+        # {::Google::Longrunning::Operation#response google.longrunning.Operation.response} field.
         # @!attribute [rw] read_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Time the snapshot was taken.
         # @!attribute [rw] output_config
         #   @return [::Google::Cloud::Asset::V1::OutputConfig]
         #     Output configuration indicating where the results were output to.
+        # @!attribute [rw] output_result
+        #   @return [::Google::Cloud::Asset::V1::OutputResult]
+        #     Output result indicating where the assets were exported to. For example, a
+        #     set of actual Google Cloud Storage object uris where the assets are
+        #     exported to. The uris can be different from what [output_config] has
+        #     specified, as the service will split the output object into multiple ones
+        #     once it exceeds a single Google Cloud Storage object limit.
         class ExportAssetsResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -126,8 +143,9 @@ module Google
         #     be unique under a specific parent project/folder/organization.
         # @!attribute [rw] feed
         #   @return [::Google::Cloud::Asset::V1::Feed]
-        #     Required. The feed details. The field `name` must be empty and it will be
-        #     generated in the format of: projects/project_number/feeds/feed_id
+        #     Required. The feed details. The field `name` must be empty and it will be generated
+        #     in the format of:
+        #     projects/project_number/feeds/feed_id
         #     folders/folder_number/feeds/feed_id
         #     organizations/organization_number/feeds/feed_id
         class CreateFeedRequest
@@ -169,8 +187,8 @@ module Google
         # Update asset feed request.
         # @!attribute [rw] feed
         #   @return [::Google::Cloud::Asset::V1::Feed]
-        #     Required. The new values of feed details. It must match an existing feed
-        #     and the field `name` must be in the format of:
+        #     Required. The new values of feed details. It must match an existing feed and the
+        #     field `name` must be in the format of:
         #     projects/project_number/feeds/feed_id or
         #     folders/folder_number/feeds/feed_id or
         #     organizations/organization_number/feeds/feed_id.
@@ -208,6 +226,25 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Output result of export assets.
+        # @!attribute [rw] gcs_result
+        #   @return [::Google::Cloud::Asset::V1::GcsOutputResult]
+        #     Export result on Cloud Storage.
+        class OutputResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A Cloud Storage output result.
+        # @!attribute [rw] uris
+        #   @return [::Array<::String>]
+        #     List of uris of the Cloud Storage objects. Example:
+        #     "gs://bucket_name/object_name".
+        class GcsOutputResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A Cloud Storage location.
         # @!attribute [rw] uri
         #   @return [::String]
@@ -250,11 +287,91 @@ module Google
         #     table will be overwritten by the contents of assets snapshot. If the flag
         #     is `FALSE` or unset and the destination table already exists, the export
         #     call returns an INVALID_ARGUMEMT error.
+        # @!attribute [rw] partition_spec
+        #   @return [::Google::Cloud::Asset::V1::PartitionSpec]
+        #     [partition_spec] determines whether to export to partitioned table(s) and
+        #     how to partition the data.
+        #
+        #     If [partition_spec] is unset or [partition_spec.partion_key] is unset or
+        #     `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to
+        #     non-partitioned table(s). [force] will decide whether to overwrite existing
+        #     table(s).
+        #
+        #     If [partition_spec] is specified. First, the snapshot results will be
+        #     written to partitioned table(s) with two additional timestamp columns,
+        #     readTime and requestTime, one of which will be the partition key. Secondly,
+        #     in the case when any destination table already exists, it will first try to
+        #     update existing table's schema as necessary by appending additional
+        #     columns. Then, if [force] is `TRUE`, the corresponding partition will be
+        #     overwritten by the snapshot results (data in different partitions will
+        #     remain intact); if [force] is unset or `FALSE`, it will append the data. An
+        #     error will be returned if the schema update or data appension fails.
+        # @!attribute [rw] separate_tables_per_asset_type
+        #   @return [::Boolean]
+        #     If this flag is `TRUE`, the snapshot results will be written to one or
+        #     multiple tables, each of which contains results of one asset type. The
+        #     [force] and [partition_spec] fields will apply to each of them.
+        #
+        #     Field [table] will be concatenated with "_" and the asset type names (see
+        #     https://cloud.google.com/asset-inventory/docs/supported-asset-types for
+        #     supported asset types) to construct per-asset-type table names, in which
+        #     all non-alphanumeric characters like "." and "/" will be substituted by
+        #     "_". Example: if field [table] is "mytable" and snapshot results
+        #     contain "storage.googleapis.com/Bucket" assets, the corresponding table
+        #     name will be "mytable_storage_googleapis_com_Bucket". If any of these
+        #     tables does not exist, a new table with the concatenated name will be
+        #     created.
+        #
+        #     When [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of
+        #     each table will include RECORD-type columns mapped to the nested fields in
+        #     the Asset.resource.data field of that asset type (up to the 15 nested level
+        #     BigQuery supports
+        #     (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The
+        #     fields in >15 nested levels will be stored in JSON format string as a child
+        #     column of its parent RECORD column.
+        #
+        #     If error occurs when exporting to any table, the whole export call will
+        #     return an error but the export results that already succeed will persist.
+        #     Example: if exporting to table_type_A succeeds when exporting to
+        #     table_type_B fails during one export call, the results in table_type_A will
+        #     persist and there will not be partial results persisting in a table.
         class BigQueryDestination
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Specifications of BigQuery partitioned table as export destination.
+        # @!attribute [rw] partition_key
+        #   @return [::Google::Cloud::Asset::V1::PartitionSpec::PartitionKey]
+        #     The partition key for BigQuery partitioned table.
+        class PartitionSpec
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # This enum is used to determine the partition key column when exporting
+          # assets to BigQuery partitioned table(s). Note that, if the partition key is
+          # a timestamp column, the actual partition is based on its date value
+          # (expressed in UTC. see details in
+          # https://cloud.google.com/bigquery/docs/partitioned-tables#date_timestamp_partitioned_tables).
+          module PartitionKey
+            # Unspecified partition key. If used, it means using non-partitioned table.
+            PARTITION_KEY_UNSPECIFIED = 0
+
+            # The time when the snapshot is taken. If specified as partition key, the
+            # result table(s) is partitoned by the additional timestamp column,
+            # readTime. If [read_time] in ExportAssetsRequest is specified, the
+            # readTime column's value will be the same as it. Otherwise, its value will
+            # be the current time that is used to take the snapshot.
+            READ_TIME = 1
+
+            # The time when the request is received and started to be processed. If
+            # specified as partition key, the result table(s) is partitoned by the
+            # requestTime column, an additional timestamp column representing when the
+            # request was received.
+            REQUEST_TIME = 2
+          end
+        end
+
         # A Pub/Sub destination.
         # @!attribute [rw] topic
         #   @return [::String]
@@ -324,8 +441,12 @@ module Google
         #     When set, `expression` field in the `Expr` must be a valid [CEL expression]
         #     (https://github.com/google/cel-spec) on a TemporalAsset with name
         #     `temporal_asset`. Example: a Feed with expression ("temporal_asset.deleted
-        #     == true") will only publish Asset deletions. Other fields in `Expr` are
+        #     == true") will only publish Asset deletions. Other fields of `Expr` are
         #     optional.
+        #
+        #     See our [user
+        #     guide](https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes#feed_with_condition)
+        #     for detailed instructions.
         class Feed
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -334,75 +455,81 @@ module Google
         # Search all resources request.
         # @!attribute [rw] scope
         #   @return [::String]
-        #     Required. A scope can be a project, a folder or an organization. The search
-        #     is limited to the resources within the `scope`.
+        #     Required. A scope can be a project, a folder, or an organization. The search is
+        #     limited to the resources within the `scope`. The caller must be granted the
+        #     [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+        #     permission on the desired scope.
         #
         #     The allowed values are:
         #
-        #     * projects/\\{PROJECT_ID}
-        #     * projects/\\{PROJECT_NUMBER}
-        #     * folders/\\{FOLDER_NUMBER}
-        #     * organizations/\\{ORGANIZATION_NUMBER}
+        #     * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
+        #     * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
+        #     * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
+        #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
         # @!attribute [rw] query
         #   @return [::String]
-        #     Optional. The query statement. An empty query can be specified to search
-        #     all the resources of certain `asset_types` within the given `scope`.
+        #     Optional. The query statement. See [how to construct a
+        #     query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+        #     for more information. If not specified or empty, it will search all the
+        #     resources within the specified `scope`. Note that the query string is
+        #     compared against each Cloud IAM policy binding, including its members,
+        #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
+        #     contain the bindings that match your query. To learn more about the IAM
+        #     policy structure, see [IAM policy
+        #     doc](https://cloud.google.com/iam/docs/policies#structure).
         #
         #     Examples:
         #
-        #     * `name : "Important"` to find Cloud resources whose name contains
+        #     * `name:Important` to find Cloud resources whose name contains
         #       "Important" as a word.
-        #     * `displayName : "Impor*"` to find Cloud resources whose display name
-        #       contains "Impor" as a word prefix.
-        #     * `description : "*por*"` to find Cloud resources whose description
+        #     * `displayName:Impor*` to find Cloud resources whose display name
+        #       contains "Impor" as a prefix.
+        #     * `description:*por*` to find Cloud resources whose description
         #       contains "por" as a substring.
-        #     * `location : "us-west*"` to find Cloud resources whose location is
+        #     * `location:us-west*` to find Cloud resources whose location is
         #       prefixed with "us-west".
-        #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+        #     * `labels:prod` to find Cloud resources whose labels contain "prod" as
         #       a key or value.
-        #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+        #     * `labels.env:prod` to find Cloud resources that have a label "env"
         #       and its value is "prod".
-        #     * `labels.env : *` to find Cloud resources which have a label "env".
-        #     * `"Important"` to find Cloud resources which contain "Important" as a word
+        #     * `labels.env:*` to find Cloud resources that have a label "env".
+        #     * `Important` to find Cloud resources that contain "Important" as a word
         #       in any of the searchable fields.
-        #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+        #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix
         #       in any of the searchable fields.
-        #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+        #     * `*por*` to find Cloud resources that contain "por" as a substring in
         #       any of the searchable fields.
-        #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
-        #       resources which contain "Important" as a word in any of the searchable
+        #     * `Important location:(us-west1 OR global)` to find Cloud
+        #       resources that contain "Important" as a word in any of the searchable
         #       fields and are also located in the "us-west1" region or the "global"
         #       location.
-        #
-        #     See [how to construct a
-        #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
-        #     for more details.
         # @!attribute [rw] asset_types
         #   @return [::Array<::String>]
-        #     Optional. A list of asset types that this request searches for. If empty,
-        #     it will search all the [searchable asset
+        #     Optional. A list of asset types that this request searches for. If empty, it will
+        #     search all the [searchable asset
         #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
         # @!attribute [rw] page_size
         #   @return [::Integer]
-        #     Optional. The page size for search result pagination. Page size is capped
-        #     at 500 even if a larger value is given. If set to zero, server will pick an
-        #     appropriate default. Returned results may be fewer than requested. When
-        #     this happens, there could be more results as long as `next_page_token` is
-        #     returned.
+        #     Optional. The page size for search result pagination. Page size is capped at 500 even
+        #     if a larger value is given. If set to zero, server will pick an appropriate
+        #     default. Returned results may be fewer than requested. When this happens,
+        #     there could be more results as long as `next_page_token` is returned.
         # @!attribute [rw] page_token
         #   @return [::String]
-        #     Optional. If present, then retrieve the next batch of results from the
-        #     preceding call to this method. `page_token` must be the value of
-        #     `next_page_token` from the previous response. The values of all other
-        #     method parameters, must be identical to those in the previous call.
+        #     Optional. If present, then retrieve the next batch of results from the preceding call
+        #     to this method. `page_token` must be the value of `next_page_token` from
+        #     the previous response. The values of all other method parameters, must be
+        #     identical to those in the previous call.
         # @!attribute [rw] order_by
         #   @return [::String]
-        #     Optional. A comma separated list of fields specifying the sorting order of
-        #     the results. The default order is ascending. Add " DESC" after the field
-        #     name to indicate descending order. Redundant space characters are ignored.
-        #     Example: "location DESC, name". See [supported resource metadata
-        #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
-        #     for more details.
+        #     Optional. A comma separated list of fields specifying the sorting order of the
+        #     results. The default order is ascending. Add " DESC" after the field name
+        #     to indicate descending order. Redundant space characters are ignored.
+        #     Example: "location DESC, name". Only string fields in the response are
+        #     sortable, including `name`, `displayName`, `description`, `location`. All
+        #     the other fields such as repeated fields (e.g., `networkTags`), map
+        #     fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
+        #     are not supported.
         class SearchAllResourcesRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -426,51 +553,58 @@ module Google
         # Search all IAM policies request.
         # @!attribute [rw] scope
         #   @return [::String]
-        #     Required. A scope can be a project, a folder or an organization. The search
-        #     is limited to the IAM policies within the `scope`.
+        #     Required. A scope can be a project, a folder, or an organization. The search is
+        #     limited to the IAM policies within the `scope`. The caller must be granted
+        #     the
+        #     [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+        #     permission on the desired scope.
         #
         #     The allowed values are:
         #
-        #     * projects/\\{PROJECT_ID}
-        #     * projects/\\{PROJECT_NUMBER}
-        #     * folders/\\{FOLDER_NUMBER}
-        #     * organizations/\\{ORGANIZATION_NUMBER}
+        #     * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
+        #     * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
+        #     * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
+        #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
         # @!attribute [rw] query
         #   @return [::String]
-        #     Optional. The query statement. An empty query can be specified to search
-        #     all the IAM policies within the given `scope`.
+        #     Optional. The query statement. See [how to construct a
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+        #     for more information. If not specified or empty, it will search all the
+        #     IAM policies within the specified `scope`.
         #
         #     Examples:
         #
-        #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
-        #       specify user "amy@gmail.com".
-        #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
-        #       specify the Compute Admin role.
-        #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
-        #       policy bindings that specify a role containing "storage.buckets.update"
-        #       permission.
-        #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
-        #       are set on "organizations/123".
-        #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
-        #       to find Cloud IAM policy bindings that are set on "organizations/123" or
-        #       "folders/1234", and also specify user "amy".
-        #
-        #     See [how to construct a
-        #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
-        #     for more details.
+        #     * `policy:amy@gmail.com` to find IAM policy bindings that specify user
+        #       "amy@gmail.com".
+        #     * `policy:roles/compute.admin` to find IAM policy bindings that specify
+        #       the Compute Admin role.
+        #     * `policy.role.permissions:storage.buckets.update` to find IAM policy
+        #       bindings that specify a role containing "storage.buckets.update"
+        #       permission. Note that if callers don't have `iam.roles.get` access to a
+        #       role's included permissions, policy bindings that specify this role will
+        #       be dropped from the search results.
+        #     * `resource:organizations/123456` to find IAM policy bindings
+        #       that are set on "organizations/123456".
+        #     * `Important` to find IAM policy bindings that contain "Important" as a
+        #       word in any of the searchable fields (except for the included
+        #       permissions).
+        #     * `*por*` to find IAM policy bindings that contain "por" as a substring
+        #       in any of the searchable fields (except for the included permissions).
+        #     * `resource:(instance1 OR instance2) policy:amy` to find
+        #       IAM policy bindings that are set on resources "instance1" or
+        #       "instance2" and also specify user "amy".
         # @!attribute [rw] page_size
         #   @return [::Integer]
-        #     Optional. The page size for search result pagination. Page size is capped
-        #     at 500 even if a larger value is given. If set to zero, server will pick an
-        #     appropriate default. Returned results may be fewer than requested. When
-        #     this happens, there could be more results as long as `next_page_token` is
-        #     returned.
+        #     Optional. The page size for search result pagination. Page size is capped at 500 even
+        #     if a larger value is given. If set to zero, server will pick an appropriate
+        #     default. Returned results may be fewer than requested. When this happens,
+        #     there could be more results as long as `next_page_token` is returned.
         # @!attribute [rw] page_token
         #   @return [::String]
-        #     Optional. If present, retrieve the next batch of results from the preceding
-        #     call to this method. `page_token` must be the value of `next_page_token`
-        #     from the previous response. The values of all other method parameters must
-        #     be identical to those in the previous call.
+        #     Optional. If present, retrieve the next batch of results from the preceding call to
+        #     this method. `page_token` must be the value of `next_page_token` from the
+        #     previous response. The values of all other method parameters must be
+        #     identical to those in the previous call.
         class SearchAllIamPoliciesRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -505,7 +639,7 @@ module Google
           # The Cloud Organization Policy set on an asset.
           ORG_POLICY = 4
 
-          # The Cloud Access context mananger Policy set on an asset.
+          # The Cloud Access context manager Policy set on an asset.
           ACCESS_POLICY = 5
         end
       end