google-cloud-asset-v1 0.5.3 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 789eee25202a6d2431bb58e180904105ea5cc6a88d90d588c8688896c1a342ba
-  data.tar.gz: ee795aa5fa7486f627a2710ece7b3b0a720b2568aeae95808d08e1273d5750e2
+  metadata.gz: 47903709aadc0bfaa500654626a56c96aae048c5b901a5b0c60d79e6186ae997
+  data.tar.gz: 720eb8288342eb67e1d314ac048500bea99c7f8c6a71d1edd941048ecfac1134
 SHA512:
-  metadata.gz: 21fd1d6ff7c8b782c6c79363192bc4ab7001f3fbeef546dbca732f2afdeffa8618e9d65ebe9974373f3d996f4ce5fbb07e2e1e639cb67debe53b1dd982676a02
-  data.tar.gz: 322fd1f8985f3391256f7fe0526e2b9dc72f93a5a21934521f02cebd4c07dc0fe99b696bdf545a3fd68e3be8aba07bd0e30f75604de8728a53981b7fc6290584
+  metadata.gz: 9eaef8da1ab7e67c1efa41f4f31c88587508eb2350e2d703833967a1cb66d10a2e44e30d6af121d290a5e6f97671b8cef4c1d020965674bcdef919edc31faa6a
+  data.tar.gz: 5aa1b26f56d54da1627fefc83a3d6bc2bd74ae9b058ec943aa162183f1624ba0b922b0c79a60869640545a43b67cec442d8e1d77048209e3f60f60150ff1520f

data/lib/google/cloud/asset/v1/asset_service/client.rb

@@ -119,6 +119,16 @@ module Google
                   retry_codes:   [4, 14]
                 }
 
+                default_config.rpcs.analyze_iam_policy.timeout = 300.0
+                default_config.rpcs.analyze_iam_policy.retry_policy = {
+                  initial_delay: 0.1,
+                  max_delay:     60.0,
+                  multiplier:    1.3,
+                  retry_codes:   [14]
+                }
+
+                default_config.rpcs.export_iam_policy_analysis.timeout = 60.0
+
                 default_config
               end
               yield @configure if block_given?
@@ -214,14 +224,13 @@ module Google
             # Exports assets with time and resource types to a given Cloud Storage
             # location/BigQuery table. For Cloud Storage location destinations, the
             # output format is newline-delimited JSON. Each line represents a
-            # {::Google::Cloud::Asset::V1::Asset google.cloud.asset.v1.Asset} in the JSON
-            # format; for BigQuery table destinations, the output table stores the fields
-            # in asset proto as columns. This API implements the
-            # {::Google::Longrunning::Operation google.longrunning.Operation} API , which
-            # allows you to keep track of the export. We recommend intervals of at least
-            # 2 seconds with exponential retry to poll the export operation result. For
-            # regular-size resource parent, the export operation usually finishes within
-            # 5 minutes.
+            # {::Google::Cloud::Asset::V1::Asset google.cloud.asset.v1.Asset} in the JSON format; for BigQuery table
+            # destinations, the output table stores the fields in asset proto as columns.
+            # This API implements the {::Google::Longrunning::Operation google.longrunning.Operation} API
+            # , which allows you to keep track of the export. We recommend intervals of
+            # at least 2 seconds with exponential retry to poll the export operation
+            # result. For regular-size resource parent, the export operation usually
+            # finishes within 5 minutes.
             #
             # @overload export_assets(request, options = nil)
             #   Pass arguments to `export_assets` via a request object, either of type
@@ -250,17 +259,29 @@ module Google
             #     data collection and indexing, there is a volatile window during which
             #     running the same query may get different results.
             #   @param asset_types [::Array<::String>]
-            #     A list of asset types of which to take a snapshot for. Example:
-            #     "compute.googleapis.com/Disk". If specified, only matching assets will be
-            #     returned. See [Introduction to Cloud Asset
+            #     A list of asset types to take a snapshot for. For example:
+            #     "compute.googleapis.com/Disk".
+            #
+            #     Regular expressions are also supported. For example:
+            #
+            #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+            #     with "compute.googleapis.com".
+            #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+            #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+            #
+            #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+            #     regular expression syntax. If the regular expression does not match any
+            #     supported asset type, an INVALID_ARGUMENT error will be returned.
+            #
+            #     If specified, only matching assets will be returned, otherwise, it will
+            #     snapshot all asset types. See [Introduction to Cloud Asset
             #     Inventory](https://cloud.google.com/asset-inventory/docs/overview)
             #     for all supported asset types.
             #   @param content_type [::Google::Cloud::Asset::V1::ContentType]
             #     Asset content type. If not specified, no content but the asset name will be
             #     returned.
             #   @param output_config [::Google::Cloud::Asset::V1::OutputConfig, ::Hash]
-            #     Required. Output configuration indicating where the results will be output
-            #     to.
+            #     Required. Output configuration indicating where the results will be output to.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::Operation]
@@ -429,8 +450,9 @@ module Google
             #     Required. This is the client-assigned asset feed identifier and it needs to
             #     be unique under a specific parent project/folder/organization.
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The feed details. The field `name` must be empty and it will be
-            #     generated in the format of: projects/project_number/feeds/feed_id
+            #     Required. The feed details. The field `name` must be empty and it will be generated
+            #     in the format of:
+            #     projects/project_number/feeds/feed_id
             #     folders/folder_number/feeds/feed_id
             #     organizations/organization_number/feeds/feed_id
             #
@@ -635,8 +657,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The new values of feed details. It must match an existing feed
-            #     and the field `name` must be in the format of:
+            #     Required. The new values of feed details. It must match an existing feed and the
+            #     field `name` must be in the format of:
             #     projects/project_number/feeds/feed_id or
             #     folders/folder_number/feeds/feed_id or
             #     organizations/organization_number/feeds/feed_id.
@@ -760,9 +782,9 @@ module Google
             end
 
             ##
-            # Searches all the resources within the given accessible scope (e.g., a
-            # project, a folder or an organization). Callers should have
-            # cloud.assets.SearchAllResources permission upon the requested scope,
+            # Searches all Cloud resources within the specified scope, such as a project,
+            # folder, or organization. The caller must be granted the
+            # `cloudasset.assets.searchAllResources` permission on the desired scope,
             # otherwise the request will be rejected.
             #
             # @overload search_all_resources(request, options = nil)
@@ -781,70 +803,76 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param scope [::String]
-            #     Required. A scope can be a project, a folder or an organization. The search
-            #     is limited to the resources within the `scope`.
+            #     Required. A scope can be a project, a folder, or an organization. The search is
+            #     limited to the resources within the `scope`. The caller must be granted the
+            #     [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+            #     permission on the desired scope.
             #
             #     The allowed values are:
             #
-            #     * projects/\\{PROJECT_ID}
-            #     * projects/\\{PROJECT_NUMBER}
-            #     * folders/\\{FOLDER_NUMBER}
-            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #     * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
+            #     * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
+            #     * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
             #   @param query [::String]
-            #     Optional. The query statement. An empty query can be specified to search
-            #     all the resources of certain `asset_types` within the given `scope`.
+            #     Optional. The query statement. See [how to construct a
+            #     query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+            #     for more information. If not specified or empty, it will search all the
+            #     resources within the specified `scope`. Note that the query string is
+            #     compared against each Cloud IAM policy binding, including its members,
+            #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
+            #     contain the bindings that match your query. To learn more about the IAM
+            #     policy structure, see [IAM policy
+            #     doc](https://cloud.google.com/iam/docs/policies#structure).
             #
             #     Examples:
             #
-            #     * `name : "Important"` to find Cloud resources whose name contains
+            #     * `name:Important` to find Cloud resources whose name contains
             #       "Important" as a word.
-            #     * `displayName : "Impor*"` to find Cloud resources whose display name
-            #       contains "Impor" as a word prefix.
-            #     * `description : "*por*"` to find Cloud resources whose description
+            #     * `displayName:Impor*` to find Cloud resources whose display name
+            #       contains "Impor" as a prefix.
+            #     * `description:*por*` to find Cloud resources whose description
             #       contains "por" as a substring.
-            #     * `location : "us-west*"` to find Cloud resources whose location is
+            #     * `location:us-west*` to find Cloud resources whose location is
             #       prefixed with "us-west".
-            #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+            #     * `labels:prod` to find Cloud resources whose labels contain "prod" as
             #       a key or value.
-            #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+            #     * `labels.env:prod` to find Cloud resources that have a label "env"
             #       and its value is "prod".
-            #     * `labels.env : *` to find Cloud resources which have a label "env".
-            #     * `"Important"` to find Cloud resources which contain "Important" as a word
+            #     * `labels.env:*` to find Cloud resources that have a label "env".
+            #     * `Important` to find Cloud resources that contain "Important" as a word
             #       in any of the searchable fields.
-            #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+            #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix
             #       in any of the searchable fields.
-            #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+            #     * `*por*` to find Cloud resources that contain "por" as a substring in
             #       any of the searchable fields.
-            #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
-            #       resources which contain "Important" as a word in any of the searchable
+            #     * `Important location:(us-west1 OR global)` to find Cloud
+            #       resources that contain "Important" as a word in any of the searchable
             #       fields and are also located in the "us-west1" region or the "global"
             #       location.
-            #
-            #     See [how to construct a
-            #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
-            #     for more details.
             #   @param asset_types [::Array<::String>]
-            #     Optional. A list of asset types that this request searches for. If empty,
-            #     it will search all the [searchable asset
+            #     Optional. A list of asset types that this request searches for. If empty, it will
+            #     search all the [searchable asset
             #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
             #   @param page_size [::Integer]
-            #     Optional. The page size for search result pagination. Page size is capped
-            #     at 500 even if a larger value is given. If set to zero, server will pick an
-            #     appropriate default. Returned results may be fewer than requested. When
-            #     this happens, there could be more results as long as `next_page_token` is
-            #     returned.
+            #     Optional. The page size for search result pagination. Page size is capped at 500 even
+            #     if a larger value is given. If set to zero, server will pick an appropriate
+            #     default. Returned results may be fewer than requested. When this happens,
+            #     there could be more results as long as `next_page_token` is returned.
             #   @param page_token [::String]
-            #     Optional. If present, then retrieve the next batch of results from the
-            #     preceding call to this method. `page_token` must be the value of
-            #     `next_page_token` from the previous response. The values of all other
-            #     method parameters, must be identical to those in the previous call.
+            #     Optional. If present, then retrieve the next batch of results from the preceding call
+            #     to this method. `page_token` must be the value of `next_page_token` from
+            #     the previous response. The values of all other method parameters, must be
+            #     identical to those in the previous call.
             #   @param order_by [::String]
-            #     Optional. A comma separated list of fields specifying the sorting order of
-            #     the results. The default order is ascending. Add " DESC" after the field
-            #     name to indicate descending order. Redundant space characters are ignored.
-            #     Example: "location DESC, name". See [supported resource metadata
-            #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
-            #     for more details.
+            #     Optional. A comma separated list of fields specifying the sorting order of the
+            #     results. The default order is ascending. Add " DESC" after the field name
+            #     to indicate descending order. Redundant space characters are ignored.
+            #     Example: "location DESC, name". Only string fields in the response are
+            #     sortable, including `name`, `displayName`, `description`, `location`. All
+            #     the other fields such as repeated fields (e.g., `networkTags`), map
+            #     fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
+            #     are not supported.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
@@ -893,9 +921,9 @@ module Google
             end
 
             ##
-            # Searches all the IAM policies within the given accessible scope (e.g., a
-            # project, a folder or an organization). Callers should have
-            # cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+            # Searches all IAM policies within the specified scope, such as a project,
+            # folder, or organization. The caller must be granted the
+            # `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
             # otherwise the request will be rejected.
             #
             # @overload search_all_iam_policies(request, options = nil)
@@ -914,48 +942,55 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param scope [::String]
-            #     Required. A scope can be a project, a folder or an organization. The search
-            #     is limited to the IAM policies within the `scope`.
+            #     Required. A scope can be a project, a folder, or an organization. The search is
+            #     limited to the IAM policies within the `scope`. The caller must be granted
+            #     the
+            #     [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+            #     permission on the desired scope.
             #
             #     The allowed values are:
             #
-            #     * projects/\\{PROJECT_ID}
-            #     * projects/\\{PROJECT_NUMBER}
-            #     * folders/\\{FOLDER_NUMBER}
-            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #     * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar")
+            #     * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678")
+            #     * folders/\\{FOLDER_NUMBER} (e.g., "folders/1234567")
+            #     * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
             #   @param query [::String]
-            #     Optional. The query statement. An empty query can be specified to search
-            #     all the IAM policies within the given `scope`.
+            #     Optional. The query statement. See [how to construct a
+            #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+            #     for more information. If not specified or empty, it will search all the
+            #     IAM policies within the specified `scope`.
             #
             #     Examples:
             #
-            #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
-            #       specify user "amy@gmail.com".
-            #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
-            #       specify the Compute Admin role.
-            #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
-            #       policy bindings that specify a role containing "storage.buckets.update"
-            #       permission.
-            #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
-            #       are set on "organizations/123".
-            #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
-            #       to find Cloud IAM policy bindings that are set on "organizations/123" or
-            #       "folders/1234", and also specify user "amy".
-            #
-            #     See [how to construct a
-            #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
-            #     for more details.
+            #     * `policy:amy@gmail.com` to find IAM policy bindings that specify user
+            #       "amy@gmail.com".
+            #     * `policy:roles/compute.admin` to find IAM policy bindings that specify
+            #       the Compute Admin role.
+            #     * `policy.role.permissions:storage.buckets.update` to find IAM policy
+            #       bindings that specify a role containing "storage.buckets.update"
+            #       permission. Note that if callers don't have `iam.roles.get` access to a
+            #       role's included permissions, policy bindings that specify this role will
+            #       be dropped from the search results.
+            #     * `resource:organizations/123456` to find IAM policy bindings
+            #       that are set on "organizations/123456".
+            #     * `Important` to find IAM policy bindings that contain "Important" as a
+            #       word in any of the searchable fields (except for the included
+            #       permissions).
+            #     * `*por*` to find IAM policy bindings that contain "por" as a substring
+            #       in any of the searchable fields (except for the included permissions).
+            #     * `resource:(instance1 OR instance2) policy:amy` to find
+            #       IAM policy bindings that are set on resources "instance1" or
+            #       "instance2" and also specify user "amy".
             #   @param page_size [::Integer]
-            #     Optional. The page size for search result pagination. Page size is capped
-            #     at 500 even if a larger value is given. If set to zero, server will pick an
-            #     appropriate default. Returned results may be fewer than requested. When
-            #     this happens, there could be more results as long as `next_page_token` is
-            #     returned.
+            #     Optional. The page size for search result pagination. Page size is capped at 500 even
+            #     if a larger value is given. If set to zero, server will pick an appropriate
+            #     default. Returned results may be fewer than requested. When this happens,
+            #     there could be more results as long as `next_page_token` is returned.
             #   @param page_token [::String]
-            #     Optional. If present, retrieve the next batch of results from the preceding
-            #     call to this method. `page_token` must be the value of `next_page_token`
-            #     from the previous response. The values of all other method parameters must
-            #     be identical to those in the previous call.
+            #     Optional. If present, retrieve the next batch of results from the preceding call to
+            #     this method. `page_token` must be the value of `next_page_token` from the
+            #     previous response. The values of all other method parameters must be
+            #     identical to those in the previous call.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
@@ -1003,6 +1038,176 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Analyzes IAM policies to answer which identities have what accesses on
+            # which resources.
+            #
+            # @overload analyze_iam_policy(request, options = nil)
+            #   Pass arguments to `analyze_iam_policy` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload analyze_iam_policy(analysis_query: nil, execution_timeout: nil)
+            #   Pass arguments to `analyze_iam_policy` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
+            #     The request query.
+            #   @param execution_timeout [::Google::Protobuf::Duration, ::Hash]
+            #     Amount of time executable has to complete.  See JSON representation of
+            #     [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
+            #
+            #     If this field is set with a value less than the RPC deadline, and the
+            #     execution of your query hasn't finished in the specified
+            #     execution timeout,  you will get a response with partial result.
+            #     Otherwise, your query's execution will continue until the RPC deadline.
+            #     If it's not finished until then, you will get a  DEADLINE_EXCEEDED error.
+            #
+            #     Default is empty.
+            #
+            #     (-- We had discussion of whether we should have this field in the    --)
+            #     (-- request or use the RPC deadline instead. We finally choose this  --)
+            #     (-- approach for the following reasons (detailed in                  --)
+            #     (-- go/analyze-iam-policy-deadlines):                                --)
+            #     (-- * HTTP clients have very limited support of the RPC deadline.    --)
+            #     (--   There is an X-Server-Timeout header introduced in 2019/09, but --)
+            #     (--   only implemented in the C++ HTTP server library.               --)
+            #     (-- * The purpose of the RPC deadline is for RPC clients to          --)
+            #     (--   communicate its max waiting time to the server. This deadline  --)
+            #     (--   could be further propagated to the downstream servers. It is   --)
+            #     (--   mainly used for servers to cancel the request processing       --)
+            #     (--   to avoid resource wasting. Overloading the RPC deadline for    --)
+            #     (--   other purposes could make our backend system harder to reason  --)
+            #     (--   about.                                                         --)
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def analyze_iam_policy request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.analyze_iam_policy.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "analysis_query.scope" => request.analysis_query.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.analyze_iam_policy.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.analyze_iam_policy.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :analyze_iam_policy, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Exports the answers of which identities have what accesses on which
+            # resources to a Google Cloud Storage or a BigQuery destination. For Cloud
+            # Storage destination, the output format is the JSON format that represents a
+            # {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse google.cloud.asset.v1.AnalyzeIamPolicyResponse}.
+            # This method implements the
+            # {::Google::Longrunning::Operation google.longrunning.Operation}, which allows
+            # you to track the export status. We recommend intervals of at least 2
+            # seconds with exponential retry to poll the export operation result. The
+            # metadata contains the request to help callers to map responses to requests.
+            #
+            # @overload export_iam_policy_analysis(request, options = nil)
+            #   Pass arguments to `export_iam_policy_analysis` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload export_iam_policy_analysis(analysis_query: nil, output_config: nil)
+            #   Pass arguments to `export_iam_policy_analysis` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param analysis_query [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery, ::Hash]
+            #     The request query.
+            #   @param output_config [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig, ::Hash]
+            #     Output configuration indicating where the results will be output to.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::Operation]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::Operation]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def export_iam_policy_analysis request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::ExportIamPolicyAnalysisRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.export_iam_policy_analysis.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "analysis_query.scope" => request.analysis_query.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.export_iam_policy_analysis.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.export_iam_policy_analysis.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :export_iam_policy_analysis, request, options: options do |response, operation|
+                response = ::Gapic::Operation.new response, @operations_client, options: options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AssetService API.
             #
@@ -1184,6 +1389,16 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :search_all_iam_policies
+                ##
+                # RPC-specific configuration for `analyze_iam_policy`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :analyze_iam_policy
+                ##
+                # RPC-specific configuration for `export_iam_policy_analysis`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :export_iam_policy_analysis
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -1205,6 +1420,10 @@ module Google
                   @search_all_resources = ::Gapic::Config::Method.new search_all_resources_config
                   search_all_iam_policies_config = parent_rpcs&.search_all_iam_policies if parent_rpcs&.respond_to? :search_all_iam_policies
                   @search_all_iam_policies = ::Gapic::Config::Method.new search_all_iam_policies_config
+                  analyze_iam_policy_config = parent_rpcs&.analyze_iam_policy if parent_rpcs&.respond_to? :analyze_iam_policy
+                  @analyze_iam_policy = ::Gapic::Config::Method.new analyze_iam_policy_config
+                  export_iam_policy_analysis_config = parent_rpcs&.export_iam_policy_analysis if parent_rpcs&.respond_to? :export_iam_policy_analysis
+                  @export_iam_policy_analysis = ::Gapic::Config::Method.new export_iam_policy_analysis_config
 
                   yield self if block_given?
                 end