google-cloud-asset-v1 0.5.2 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9dbd360a64ed48dfbf749f266ab5c5338e8ded9409c34d28a7688f58c2c952e6
-  data.tar.gz: 9515e97298798479197877d170ec3b496ac28f214e72b5c283fcda41315d2323
+  metadata.gz: '05390bfafbb8f33e2657eafdb8ea02df48f64fe22566b08677f7283e93247abf'
+  data.tar.gz: d4fc94fdf2eb291f3c16092cf1642567a27b2cb750ed5c0a2ccf0211f3cfc291
 SHA512:
-  metadata.gz: 2e50236aa6ef4801b77150d09b9c3bfc75fde0022e54b00d7310670255f7306c8ed54e3de05ecdaf408c6b5819b3773b7981e0c265656cc95be0209ed44ebcf1
-  data.tar.gz: 252d7eb1beeb6fb3f265403318ae903d6da4a0785fb2b3ae049fe31bc173c309ae71f746139cd80b69511b9e97594730068148bef038a8ec46fcc08090502b7b
+  metadata.gz: 6109bc11e6dee3a83b058f27b9ffff14dc921eda4b055667cf9ad6cd1ebb43238d088545441d67006b036d80fd3f55d5d81eb46bb88ee3b08cc4b2b2fe941079
+  data.tar.gz: f872c116d26b2479e77d9922c3a49cdbbb37ed1b7f3e40cfdd823353075041a13cb7d4f8d716df134f537c87907f8ed6f3ff26f35bfb095da2c249c9603af3e6

data/lib/google/cloud/asset/v1/asset_service/client.rb

@@ -119,6 +119,16 @@ module Google
                   retry_codes:   [4, 14]
                 }
 
+                default_config.rpcs.analyze_iam_policy.timeout = 300.0
+                default_config.rpcs.analyze_iam_policy.retry_policy = {
+                  initial_delay: 0.1,
+                  max_delay:     60.0,
+                  multiplier:    1.3,
+                  retry_codes:   [14]
+                }
+
+                default_config.rpcs.analyze_iam_policy_longrunning.timeout = 60.0
+
                 default_config
               end
               yield @configure if block_given?
@@ -214,14 +224,13 @@ module Google
             # Exports assets with time and resource types to a given Cloud Storage
             # location/BigQuery table. For Cloud Storage location destinations, the
             # output format is newline-delimited JSON. Each line represents a
-            # {::Google::Cloud::Asset::V1::Asset google.cloud.asset.v1.Asset} in the JSON
-            # format; for BigQuery table destinations, the output table stores the fields
-            # in asset proto as columns. This API implements the
-            # {::Google::Longrunning::Operation google.longrunning.Operation} API , which
-            # allows you to keep track of the export. We recommend intervals of at least
-            # 2 seconds with exponential retry to poll the export operation result. For
-            # regular-size resource parent, the export operation usually finishes within
-            # 5 minutes.
+            # {::Google::Cloud::Asset::V1::Asset google.cloud.asset.v1.Asset} in the JSON format; for BigQuery table
+            # destinations, the output table stores the fields in asset proto as columns.
+            # This API implements the {::Google::Longrunning::Operation google.longrunning.Operation} API
+            # , which allows you to keep track of the export. We recommend intervals of
+            # at least 2 seconds with exponential retry to poll the export operation
+            # result. For regular-size resource parent, the export operation usually
+            # finishes within 5 minutes.
             #
             # @overload export_assets(request, options = nil)
             #   Pass arguments to `export_assets` via a request object, either of type
@@ -250,17 +259,29 @@ module Google
             #     data collection and indexing, there is a volatile window during which
             #     running the same query may get different results.
             #   @param asset_types [::Array<::String>]
-            #     A list of asset types of which to take a snapshot for. Example:
-            #     "compute.googleapis.com/Disk". If specified, only matching assets will be
-            #     returned. See [Introduction to Cloud Asset
+            #     A list of asset types to take a snapshot for. For example:
+            #     "compute.googleapis.com/Disk".
+            #
+            #     Regular expressions are also supported. For example:
+            #
+            #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+            #     with "compute.googleapis.com".
+            #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+            #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+            #
+            #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+            #     regular expression syntax. If the regular expression does not match any
+            #     supported asset type, an INVALID_ARGUMENT error will be returned.
+            #
+            #     If specified, only matching assets will be returned, otherwise, it will
+            #     snapshot all asset types. See [Introduction to Cloud Asset
             #     Inventory](https://cloud.google.com/asset-inventory/docs/overview)
             #     for all supported asset types.
             #   @param content_type [::Google::Cloud::Asset::V1::ContentType]
             #     Asset content type. If not specified, no content but the asset name will be
             #     returned.
             #   @param output_config [::Google::Cloud::Asset::V1::OutputConfig, ::Hash]
-            #     Required. Output configuration indicating where the results will be output
-            #     to.
+            #     Required. Output configuration indicating where the results will be output to.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::Operation]
@@ -429,8 +450,9 @@ module Google
             #     Required. This is the client-assigned asset feed identifier and it needs to
             #     be unique under a specific parent project/folder/organization.
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The feed details. The field `name` must be empty and it will be
-            #     generated in the format of: projects/project_number/feeds/feed_id
+            #     Required. The feed details. The field `name` must be empty and it will be generated
+            #     in the format of:
+            #     projects/project_number/feeds/feed_id
             #     folders/folder_number/feeds/feed_id
             #     organizations/organization_number/feeds/feed_id
             #
@@ -635,8 +657,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The new values of feed details. It must match an existing feed
-            #     and the field `name` must be in the format of:
+            #     Required. The new values of feed details. It must match an existing feed and the
+            #     field `name` must be in the format of:
             #     projects/project_number/feeds/feed_id or
             #     folders/folder_number/feeds/feed_id or
             #     organizations/organization_number/feeds/feed_id.
@@ -760,9 +782,9 @@ module Google
             end
 
             ##
-            # Searches all the resources within the given accessible scope (e.g., a
-            # project, a folder or an organization). Callers should have
-            # cloud.assets.SearchAllResources permission upon the requested scope,
+            # Searches all Cloud resources within the specified scope, such as a project,
+            # folder, or organization. The caller must be granted the
+            # `cloudasset.assets.searchAllResources` permission on the desired scope,
             # otherwise the request will be rejected.
             #
             # @overload search_all_resources(request, options = nil)
@@ -781,70 +803,76 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param scope [::String]
-            #     Required. A scope can be a project, a folder or an organization. The search
-            #     is limited to the resources within the `scope`.
+            #     Required. A scope can be a project, a folder, or an organization. The search is
+            #     limited to the resources within the `scope`. The caller must be granted the
+            #     [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+            #     permission on the desired scope.
             #
             #     The allowed values are:
             #
-            #     * projects/\\{PROJECT_ID}
-            #     * projects/\\{PROJECT_NUMBER}
-            #     * folders/\\{FOLDER_NUMBER}
-            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #     * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
+            #     * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
+            #     * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
             #   @param query [::String]
-            #     Optional. The query statement. An empty query can be specified to search
-            #     all the resources of certain `asset_types` within the given `scope`.
+            #     Optional. The query statement. See [how to construct a
+            #     query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+            #     for more information. If not specified or empty, it will search all the
+            #     resources within the specified `scope`. Note that the query string is
+            #     compared against each Cloud IAM policy binding, including its members,
+            #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
+            #     contain the bindings that match your query. To learn more about the IAM
+            #     policy structure, see [IAM policy
+            #     doc](https://cloud.google.com/iam/docs/policies#structure).
             #
             #     Examples:
             #
-            #     * `name : "Important"` to find Cloud resources whose name contains
+            #     * `name:Important` to find Cloud resources whose name contains
             #       "Important" as a word.
-            #     * `displayName : "Impor*"` to find Cloud resources whose display name
-            #       contains "Impor" as a word prefix.
-            #     * `description : "*por*"` to find Cloud resources whose description
+            #     * `displayName:Impor*` to find Cloud resources whose display name
+            #       contains "Impor" as a prefix.
+            #     * `description:*por*` to find Cloud resources whose description
             #       contains "por" as a substring.
-            #     * `location : "us-west*"` to find Cloud resources whose location is
+            #     * `location:us-west*` to find Cloud resources whose location is
             #       prefixed with "us-west".
-            #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+            #     * `labels:prod` to find Cloud resources whose labels contain "prod" as
             #       a key or value.
-            #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+            #     * `labels.env:prod` to find Cloud resources that have a label "env"
             #       and its value is "prod".
-            #     * `labels.env : *` to find Cloud resources which have a label "env".
-            #     * `"Important"` to find Cloud resources which contain "Important" as a word
+            #     * `labels.env:*` to find Cloud resources that have a label "env".
+            #     * `Important` to find Cloud resources that contain "Important" as a word
             #       in any of the searchable fields.
-            #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+            #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix
             #       in any of the searchable fields.
-            #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+            #     * `*por*` to find Cloud resources that contain "por" as a substring in
             #       any of the searchable fields.
-            #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
-            #       resources which contain "Important" as a word in any of the searchable
+            #     * `Important location:(us-west1 OR global)` to find Cloud
+            #       resources that contain "Important" as a word in any of the searchable
             #       fields and are also located in the "us-west1" region or the "global"
             #       location.
-            #
-            #     See [how to construct a
-            #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
-            #     for more details.
             #   @param asset_types [::Array<::String>]
-            #     Optional. A list of asset types that this request searches for. If empty,
-            #     it will search all the [searchable asset
+            #     Optional. A list of asset types that this request searches for. If empty, it will
+            #     search all the [searchable asset
             #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
             #   @param page_size [::Integer]
-            #     Optional. The page size for search result pagination. Page size is capped
-            #     at 500 even if a larger value is given. If set to zero, server will pick an
-            #     appropriate default. Returned results may be fewer than requested. When
-            #     this happens, there could be more results as long as `next_page_token` is
-            #     returned.
+            #     Optional. The page size for search result pagination. Page size is capped at 500 even
+            #     if a larger value is given. If set to zero, server will pick an appropriate
+            #     default. Returned results may be fewer than requested. When this happens,
+            #     there could be more results as long as `next_page_token` is returned.
             #   @param page_token [::String]
-            #     Optional. If present, then retrieve the next batch of results from the
-            #     preceding call to this method. `page_token` must be the value of
-            #     `next_page_token` from the previous response. The values of all other
-            #     method parameters, must be identical to those in the previous call.
+            #     Optional. If present, then retrieve the next batch of results from the preceding call
+            #     to this method. `page_token` must be the value of `next_page_token` from
+            #     the previous response. The values of all other method parameters, must be
+            #     identical to those in the previous call.
             #   @param order_by [::String]
-            #     Optional. A comma separated list of fields specifying the sorting order of
-            #     the results. The default order is ascending. Add " DESC" after the field
-            #     name to indicate descending order. Redundant space characters are ignored.
-            #     Example: "location DESC, name". See [supported resource metadata
-            #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
-            #     for more details.
+            #     Optional. A comma separated list of fields specifying the sorting order of the
+            #     results. The default order is ascending. Add " DESC" after the field name
+            #     to indicate descending order. Redundant space characters are ignored.
+            #     Example: "location DESC, name". Only string fields in the response are
+            #     sortable, including `name`, `displayName`, `description`, `location`. All
+            #     the other fields such as repeated fields (e.g., `networkTags`), map
+            #     fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
+            #     are not supported.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
@@ -893,9 +921,9 @@ module Google
             end
 
             ##
-            # Searches all the IAM policies within the given accessible scope (e.g., a
-            # project, a folder or an organization). Callers should have
-            # cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+            # Searches all IAM policies within the specified scope, such as a project,
+            # folder, or organization. The caller must be granted the
+            # `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
             # otherwise the request will be rejected.
             #
             # @overload search_all_iam_policies(request, options = nil)
@@ -914,48 +942,55 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param scope [::String]
-            #     Required. A scope can be a project, a folder or an organization. The search
-            #     is limited to the IAM policies within the `scope`.
+            #     Required. A scope can be a project, a folder, or an organization. The search is
+            #     limited to the IAM policies within the `scope`. The caller must be granted
+            #     the
+            #     [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+            #     permission on the desired scope.
             #
             #     The allowed values are:
             #
-            #     * projects/\\{PROJECT_ID}
-            #     * projects/\\{PROJECT_NUMBER}
-            #     * folders/\\{FOLDER_NUMBER}
-            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #     * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
+            #     * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
+            #     * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
             #   @param query [::String]
-            #     Optional. The query statement. An empty query can be specified to search
-            #     all the IAM policies within the given `scope`.
+            #     Optional. The query statement. See [how to construct a
+            #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+            #     for more information. If not specified or empty, it will search all the
+            #     IAM policies within the specified `scope`.
             #
             #     Examples:
             #
-            #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
-            #       specify user "amy@gmail.com".
-            #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
-            #       specify the Compute Admin role.
-            #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
-            #       policy bindings that specify a role containing "storage.buckets.update"
-            #       permission.
-            #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
-            #       are set on "organizations/123".
-            #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
-            #       to find Cloud IAM policy bindings that are set on "organizations/123" or
-            #       "folders/1234", and also specify user "amy".
-            #
-            #     See [how to construct a
-            #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
-            #     for more details.
+            #     * `policy:amy@gmail.com` to find IAM policy bindings that specify user
+            #       "amy@gmail.com".
+            #     * `policy:roles/compute.admin` to find IAM policy bindings that specify
+            #       the Compute Admin role.
+            #     * `policy.role.permissions:storage.buckets.update` to find IAM policy
+            #       bindings that specify a role containing "storage.buckets.update"
+            #       permission. Note that if callers don't have `iam.roles.get` access to a
+            #       role's included permissions, policy bindings that specify this role will
+            #       be dropped from the search results.
+            #     * `resource:organizations/123456` to find IAM policy bindings
+            #       that are set on "organizations/123456".
+            #     * `Important` to find IAM policy bindings that contain "Important" as a
+            #       word in any of the searchable fields (except for the included
+            #       permissions).
+            #     * `*por*` to find IAM policy bindings that contain "por" as a substring
+            #       in any of the searchable fields (except for the included permissions).
+            #     * `resource:(instance1 OR instance2) policy:amy` to find
+            #       IAM policy bindings that are set on resources "instance1" or
+            #       "instance2" and also specify user "amy".
             #   @param page_size [::Integer]
-            #     Optional. The page size for search result pagination. Page size is capped
-            #     at 500 even if a larger value is given. If set to zero, server will pick an
-            #     appropriate default. Returned results may be fewer than requested. When
-            #     this happens, there could be more results as long as `next_page_token` is
-            #     returned.
+            #     Optional. The page size for search result pagination. Page size is capped at 500 even
+            #     if a larger value is given. If set to zero, server will pick an appropriate
+            #     default. Returned results may be fewer than requested. When this happens,
+            #     there could be more results as long as `next_page_token` is returned.
             #   @param page_token [::String]
-            #     Optional. If present, retrieve the next batch of results from the preceding
-            #     call to this method. `page_token` must be the value of `next_page_token`
-            #     from the previous response. The values of all other method parameters must
-            #     be identical to those in the previous call.
+            #     Optional. If present, retrieve the next batch of results from the preceding call to
+            #     this method. `page_token` must be the value of `next_page_token` from the
+            #     previous response. The values of all other method parameters must be
+            #     identical to those in the previous call.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
@@ -1003,6 +1038,161 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Analyzes IAM policies to answer which identities have what accesses on
+            # which resources.
+            #
+            # @overload analyze_iam_policy(request, options = nil)
+            #   Pass arguments to `analyze_iam_policy` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload analyze_iam_policy(analysis_query: nil, execution_timeout: nil)
+            #   Pass arguments to `analyze_iam_policy` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
+            #     Required. The request query.
+            #   @param execution_timeout [::Google::Protobuf::Duration, ::Hash]
+            #     Optional. Amount of time executable has to complete.  See JSON representation of
+            #     [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
+            #
+            #     If this field is set with a value less than the RPC deadline, and the
+            #     execution of your query hasn't finished in the specified
+            #     execution timeout,  you will get a response with partial result.
+            #     Otherwise, your query's execution will continue until the RPC deadline.
+            #     If it's not finished until then, you will get a  DEADLINE_EXCEEDED error.
+            #
+            #     Default is empty.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def analyze_iam_policy request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.analyze_iam_policy.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "analysis_query.scope" => request.analysis_query.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.analyze_iam_policy.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.analyze_iam_policy.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :analyze_iam_policy, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Analyzes IAM policies asynchronously to answer which identities have what
+            # accesses on which resources, and writes the analysis results to a Google
+            # Cloud Storage or a BigQuery destination. For Cloud Storage destination, the
+            # output format is the JSON format that represents a
+            # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse AnalyzeIamPolicyResponse}. This method implements the
+            # {::Google::Longrunning::Operation google.longrunning.Operation}, which allows you to track the operation
+            # status. We recommend intervals of at least 2 seconds with exponential
+            # backoff retry to poll the operation result. The metadata contains the
+            # request to help callers to map responses to requests.
+            #
+            # @overload analyze_iam_policy_longrunning(request, options = nil)
+            #   Pass arguments to `analyze_iam_policy_longrunning` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::AnalyzeIamPolicyLongrunningRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::AnalyzeIamPolicyLongrunningRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload analyze_iam_policy_longrunning(analysis_query: nil, output_config: nil)
+            #   Pass arguments to `analyze_iam_policy_longrunning` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
+            #     Required. The request query.
+            #   @param output_config [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig, ::Hash]
+            #     Required. Output configuration indicating where the results will be output to.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::Operation]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::Operation]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def analyze_iam_policy_longrunning request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeIamPolicyLongrunningRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.analyze_iam_policy_longrunning.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "analysis_query.scope" => request.analysis_query.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.analyze_iam_policy_longrunning.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.analyze_iam_policy_longrunning.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :analyze_iam_policy_longrunning, request, options: options do |response, operation|
+                response = ::Gapic::Operation.new response, @operations_client, options: options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AssetService API.
             #
@@ -1088,7 +1278,7 @@ module Google
 
               config_attr :endpoint,      "cloudasset.googleapis.com", ::String
               config_attr :credentials,   nil do |value|
-                allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
+                allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
@@ -1184,6 +1374,16 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :search_all_iam_policies
+                ##
+                # RPC-specific configuration for `analyze_iam_policy`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :analyze_iam_policy
+                ##
+                # RPC-specific configuration for `analyze_iam_policy_longrunning`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :analyze_iam_policy_longrunning
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -1205,6 +1405,10 @@ module Google
                   @search_all_resources = ::Gapic::Config::Method.new search_all_resources_config
                   search_all_iam_policies_config = parent_rpcs&.search_all_iam_policies if parent_rpcs&.respond_to? :search_all_iam_policies
                   @search_all_iam_policies = ::Gapic::Config::Method.new search_all_iam_policies_config
+                  analyze_iam_policy_config = parent_rpcs&.analyze_iam_policy if parent_rpcs&.respond_to? :analyze_iam_policy
+                  @analyze_iam_policy = ::Gapic::Config::Method.new analyze_iam_policy_config
+                  analyze_iam_policy_longrunning_config = parent_rpcs&.analyze_iam_policy_longrunning if parent_rpcs&.respond_to? :analyze_iam_policy_longrunning
+                  @analyze_iam_policy_longrunning = ::Gapic::Config::Method.new analyze_iam_policy_longrunning_config
 
                   yield self if block_given?
                 end