google-cloud-asset-v1 0.7.0 → 0.11.0

data/lib/google/cloud/asset/v1/asset_service/paths.rb

@@ -54,12 +54,12 @@ module Google
             # @return [::String]
             def feed_path **args
               resources = {
-                "feed:project"      => (proc do |project:, feed:|
+                "feed:project" => (proc do |project:, feed:|
                   raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
 
                   "projects/#{project}/feeds/#{feed}"
                 end),
-                "feed:folder"       => (proc do |folder:, feed:|
+                "feed:folder" => (proc do |folder:, feed:|
                   raise ::ArgumentError, "folder cannot contain /" if folder.to_s.include? "/"
 
                   "folders/#{folder}/feeds/#{feed}"

data/lib/google/cloud/asset/v1/asset_service_pb.rb

@@ -131,12 +131,78 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
       optional :next_page_token, :string, 2
     end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery" do
+      optional :scope, :string, 1
+      optional :resource_selector, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector"
+      optional :identity_selector, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector"
+      optional :access_selector, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector"
+      optional :options, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options"
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector" do
+      optional :full_resource_name, :string, 1
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector" do
+      optional :identity, :string, 1
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector" do
+      repeated :roles, :string, 1
+      repeated :permissions, :string, 2
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options" do
+      optional :expand_groups, :bool, 1
+      optional :expand_roles, :bool, 2
+      optional :expand_resources, :bool, 3
+      optional :output_resource_edges, :bool, 4
+      optional :output_group_edges, :bool, 5
+      optional :analyze_service_account_impersonation, :bool, 6
+    end
+    add_message "google.cloud.asset.v1.AnalyzeIamPolicyRequest" do
+      optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
+      optional :execution_timeout, :message, 2, "google.protobuf.Duration"
+    end
+    add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse" do
+      optional :main_analysis, :message, 1, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis"
+      repeated :service_account_impersonation_analysis, :message, 2, "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis"
+      optional :fully_explored, :bool, 3
+    end
+    add_message "google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis" do
+      optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
+      repeated :analysis_results, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult"
+      optional :fully_explored, :bool, 3
+      repeated :non_critical_errors, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisState"
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig" do
+      oneof :destination do
+        optional :gcs_destination, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination"
+        optional :bigquery_destination, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination"
+      end
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination" do
+      optional :uri, :string, 1
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination" do
+      optional :dataset, :string, 1
+      optional :table_prefix, :string, 2
+      optional :partition_key, :enum, 3, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey"
+      optional :write_disposition, :string, 4
+    end
+    add_enum "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey" do
+      value :PARTITION_KEY_UNSPECIFIED, 0
+      value :REQUEST_TIME, 1
+    end
+    add_message "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningRequest" do
+      optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
+      optional :output_config, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisOutputConfig"
+    end
+    add_message "google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse" do
+    end
     add_enum "google.cloud.asset.v1.ContentType" do
       value :CONTENT_TYPE_UNSPECIFIED, 0
       value :RESOURCE, 1
       value :IAM_POLICY, 2
       value :ORG_POLICY, 4
       value :ACCESS_POLICY, 5
+      value :OS_INVENTORY, 6
     end
   end
 end
@@ -169,6 +235,20 @@ module Google
         SearchAllResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesResponse").msgclass
         SearchAllIamPoliciesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesRequest").msgclass
         SearchAllIamPoliciesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesResponse").msgclass
+        IamPolicyAnalysisQuery = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery").msgclass
+        IamPolicyAnalysisQuery::ResourceSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector").msgclass
+        IamPolicyAnalysisQuery::IdentitySelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector").msgclass
+        IamPolicyAnalysisQuery::AccessSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector").msgclass
+        IamPolicyAnalysisQuery::Options = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.Options").msgclass
+        AnalyzeIamPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyRequest").msgclass
+        AnalyzeIamPolicyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse").msgclass
+        AnalyzeIamPolicyResponse::IamPolicyAnalysis = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis").msgclass
+        IamPolicyAnalysisOutputConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig").msgclass
+        IamPolicyAnalysisOutputConfig::GcsDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.GcsDestination").msgclass
+        IamPolicyAnalysisOutputConfig::BigQueryDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination").msgclass
+        IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisOutputConfig.BigQueryDestination.PartitionKey").enummodule
+        AnalyzeIamPolicyLongrunningRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyLongrunningRequest").msgclass
+        AnalyzeIamPolicyLongrunningResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyLongrunningResponse").msgclass
         ContentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ContentType").enummodule
       end
     end

data/lib/google/cloud/asset/v1/asset_service_services_pb.rb

@@ -73,6 +73,19 @@ module Google
             # `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
             # otherwise the request will be rejected.
             rpc :SearchAllIamPolicies, ::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest, ::Google::Cloud::Asset::V1::SearchAllIamPoliciesResponse
+            # Analyzes IAM policies to answer which identities have what accesses on
+            # which resources.
+            rpc :AnalyzeIamPolicy, ::Google::Cloud::Asset::V1::AnalyzeIamPolicyRequest, ::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse
+            # Analyzes IAM policies asynchronously to answer which identities have what
+            # accesses on which resources, and writes the analysis results to a Google
+            # Cloud Storage or a BigQuery destination. For Cloud Storage destination, the
+            # output format is the JSON format that represents a
+            # [AnalyzeIamPolicyResponse][google.cloud.asset.v1.AnalyzeIamPolicyResponse]. This method implements the
+            # [google.longrunning.Operation][google.longrunning.Operation], which allows you to track the operation
+            # status. We recommend intervals of at least 2 seconds with exponential
+            # backoff retry to poll the operation result. The metadata contains the
+            # request to help callers to map responses to requests.
+            rpc :AnalyzeIamPolicyLongrunning, ::Google::Cloud::Asset::V1::AnalyzeIamPolicyLongrunningRequest, ::Google::Longrunning::Operation
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/cloud/asset/v1/assets_pb.rb

@@ -8,6 +8,7 @@ require 'google/cloud/orgpolicy/v1/orgpolicy_pb'
 require 'google/iam/v1/policy_pb'
 require 'google/identity/accesscontextmanager/v1/access_level_pb'
 require 'google/identity/accesscontextmanager/v1/access_policy_pb'
+require 'google/cloud/osconfig/v1/inventory_pb'
 require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
 require 'google/protobuf/any_pb'
 require 'google/protobuf/struct_pb'
@@ -41,6 +42,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :resource, :message, 3, "google.cloud.asset.v1.Resource"
       optional :iam_policy, :message, 4, "google.iam.v1.Policy"
       repeated :org_policy, :message, 6, "google.cloud.orgpolicy.v1.Policy"
+      optional :os_inventory, :message, 12, "google.cloud.osconfig.v1.Inventory"
       repeated :ancestors, :string, 10
       oneof :access_context_policy do
         optional :access_policy, :message, 7, "google.identity.accesscontextmanager.v1.AccessPolicy"
@@ -80,6 +82,45 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions" do
       repeated :permissions, :string, 1
     end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisState" do
+      optional :code, :enum, 1, "google.rpc.Code"
+      optional :cause, :string, 2
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult" do
+      optional :attached_resource_full_name, :string, 1
+      optional :iam_binding, :message, 2, "google.iam.v1.Binding"
+      repeated :access_control_lists, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList"
+      optional :identity_list, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList"
+      optional :fully_explored, :bool, 5
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource" do
+      optional :full_resource_name, :string, 1
+      optional :analysis_state, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisState"
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Access" do
+      optional :analysis_state, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisState"
+      oneof :oneof_access do
+        optional :role, :string, 1
+        optional :permission, :string, 2
+      end
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity" do
+      optional :name, :string, 1
+      optional :analysis_state, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisState"
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge" do
+      optional :source_node, :string, 1
+      optional :target_node, :string, 2
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList" do
+      repeated :resources, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource"
+      repeated :accesses, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Access"
+      repeated :resource_edges, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
+    end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList" do
+      repeated :identities, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity"
+      repeated :group_edges, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
+    end
   end
 end
 
@@ -96,6 +137,14 @@ module Google
         IamPolicySearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult").msgclass
         IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
         IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
+        IamPolicyAnalysisState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisState").msgclass
+        IamPolicyAnalysisResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult").msgclass
+        IamPolicyAnalysisResult::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Resource").msgclass
+        IamPolicyAnalysisResult::Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Access").msgclass
+        IamPolicyAnalysisResult::Identity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Identity").msgclass
+        IamPolicyAnalysisResult::Edge = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Edge").msgclass
+        IamPolicyAnalysisResult::AccessControlList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.AccessControlList").msgclass
+        IamPolicyAnalysisResult::IdentityList = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList").msgclass
       end
     end
   end

data/lib/google/cloud/asset/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Asset
       module V1
-        VERSION = "0.7.0"
+        VERSION = "0.11.0"
       end
     end
   end

data/lib/google/cloud/osconfig/v1/inventory_pb.rb

@@ -0,0 +1,108 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/osconfig/v1/inventory.proto
+
+require 'google/protobuf'
+
+require 'google/protobuf/timestamp_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/osconfig/v1/inventory.proto", :syntax => :proto3) do
+    add_message "google.cloud.osconfig.v1.Inventory" do
+      optional :os_info, :message, 1, "google.cloud.osconfig.v1.Inventory.OsInfo"
+      map :items, :string, :message, 2, "google.cloud.osconfig.v1.Inventory.Item"
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.OsInfo" do
+      optional :hostname, :string, 9
+      optional :long_name, :string, 2
+      optional :short_name, :string, 3
+      optional :version, :string, 4
+      optional :architecture, :string, 5
+      optional :kernel_version, :string, 6
+      optional :kernel_release, :string, 7
+      optional :osconfig_agent_version, :string, 8
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.Item" do
+      optional :id, :string, 1
+      optional :origin_type, :enum, 2, "google.cloud.osconfig.v1.Inventory.Item.OriginType"
+      optional :create_time, :message, 8, "google.protobuf.Timestamp"
+      optional :update_time, :message, 9, "google.protobuf.Timestamp"
+      optional :type, :enum, 5, "google.cloud.osconfig.v1.Inventory.Item.Type"
+      oneof :details do
+        optional :installed_package, :message, 6, "google.cloud.osconfig.v1.Inventory.SoftwarePackage"
+        optional :available_package, :message, 7, "google.cloud.osconfig.v1.Inventory.SoftwarePackage"
+      end
+    end
+    add_enum "google.cloud.osconfig.v1.Inventory.Item.OriginType" do
+      value :ORIGIN_TYPE_UNSPECIFIED, 0
+      value :INVENTORY_REPORT, 1
+    end
+    add_enum "google.cloud.osconfig.v1.Inventory.Item.Type" do
+      value :TYPE_UNSPECIFIED, 0
+      value :INSTALLED_PACKAGE, 1
+      value :AVAILABLE_PACKAGE, 2
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.SoftwarePackage" do
+      oneof :details do
+        optional :yum_package, :message, 1, "google.cloud.osconfig.v1.Inventory.VersionedPackage"
+        optional :apt_package, :message, 2, "google.cloud.osconfig.v1.Inventory.VersionedPackage"
+        optional :zypper_package, :message, 3, "google.cloud.osconfig.v1.Inventory.VersionedPackage"
+        optional :googet_package, :message, 4, "google.cloud.osconfig.v1.Inventory.VersionedPackage"
+        optional :zypper_patch, :message, 5, "google.cloud.osconfig.v1.Inventory.ZypperPatch"
+        optional :wua_package, :message, 6, "google.cloud.osconfig.v1.Inventory.WindowsUpdatePackage"
+        optional :qfe_package, :message, 7, "google.cloud.osconfig.v1.Inventory.WindowsQuickFixEngineeringPackage"
+        optional :cos_package, :message, 8, "google.cloud.osconfig.v1.Inventory.VersionedPackage"
+      end
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.VersionedPackage" do
+      optional :package_name, :string, 4
+      optional :architecture, :string, 2
+      optional :version, :string, 3
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.WindowsUpdatePackage" do
+      optional :title, :string, 1
+      optional :description, :string, 2
+      repeated :categories, :message, 3, "google.cloud.osconfig.v1.Inventory.WindowsUpdatePackage.WindowsUpdateCategory"
+      repeated :kb_article_ids, :string, 4
+      optional :support_url, :string, 11
+      repeated :more_info_urls, :string, 5
+      optional :update_id, :string, 6
+      optional :revision_number, :int32, 7
+      optional :last_deployment_change_time, :message, 10, "google.protobuf.Timestamp"
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.WindowsUpdatePackage.WindowsUpdateCategory" do
+      optional :id, :string, 1
+      optional :name, :string, 2
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.ZypperPatch" do
+      optional :patch_name, :string, 5
+      optional :category, :string, 2
+      optional :severity, :string, 3
+      optional :summary, :string, 4
+    end
+    add_message "google.cloud.osconfig.v1.Inventory.WindowsQuickFixEngineeringPackage" do
+      optional :caption, :string, 1
+      optional :description, :string, 2
+      optional :hot_fix_id, :string, 3
+      optional :install_time, :message, 5, "google.protobuf.Timestamp"
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module OsConfig
+      module V1
+        Inventory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory").msgclass
+        Inventory::OsInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.OsInfo").msgclass
+        Inventory::Item = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.Item").msgclass
+        Inventory::Item::OriginType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.Item.OriginType").enummodule
+        Inventory::Item::Type = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.Item.Type").enummodule
+        Inventory::SoftwarePackage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.SoftwarePackage").msgclass
+        Inventory::VersionedPackage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.VersionedPackage").msgclass
+        Inventory::WindowsUpdatePackage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.WindowsUpdatePackage").msgclass
+        Inventory::WindowsUpdatePackage::WindowsUpdateCategory = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.WindowsUpdatePackage.WindowsUpdateCategory").msgclass
+        Inventory::ZypperPatch = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.ZypperPatch").msgclass
+        Inventory::WindowsQuickFixEngineeringPackage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.osconfig.v1.Inventory.WindowsQuickFixEngineeringPackage").msgclass
+      end
+    end
+  end
+end

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/cloud/asset/v1/asset_service.rb

@@ -292,7 +292,7 @@ module Google
         #     [partition_spec] determines whether to export to partitioned table(s) and
         #     how to partition the data.
         #
-        #     If [partition_spec] is unset or [partition_spec.partion_key] is unset or
+        #     If [partition_spec] is unset or [partition_spec.partition_key] is unset or
         #     `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to
         #     non-partitioned table(s). [force] will decide whether to overwrite existing
         #     table(s).
@@ -625,6 +625,329 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # IAM policy analysis query message.
+        # @!attribute [rw] scope
+        #   @return [::String]
+        #     Required. The relative name of the root asset. Only resources and IAM policies within
+        #     the scope will be analyzed.
+        #
+        #     This can only be an organization number (such as "organizations/123"), a
+        #     folder number (such as "folders/123"), a project ID (such as
+        #     "projects/my-project-id"), or a project number (such as "projects/12345").
+        #
+        #     To know how to get organization id, visit [here
+        #     ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).
+        #
+        #     To know how to get folder or project id, visit [here
+        #     ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+        # @!attribute [rw] resource_selector
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::ResourceSelector]
+        #     Optional. Specifies a resource for analysis.
+        # @!attribute [rw] identity_selector
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::IdentitySelector]
+        #     Optional. Specifies an identity for analysis.
+        # @!attribute [rw] access_selector
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::AccessSelector]
+        #     Optional. Specifies roles or permissions for analysis. This is optional.
+        # @!attribute [rw] options
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::Options]
+        #     Optional. The query options.
+        class IamPolicyAnalysisQuery
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Specifies the resource to analyze for access policies, which may be set
+          # directly on the resource, or on ancestors such as organizations, folders or
+          # projects.
+          # @!attribute [rw] full_resource_name
+          #   @return [::String]
+          #     Required. The [full resource name]
+          #     (https://cloud.google.com/asset-inventory/docs/resource-name-format)
+          #     of a resource of [supported resource
+          #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+          class ResourceSelector
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Specifies an identity for which to determine resource access, based on
+          # roles assigned either directly to them or to the groups they belong to,
+          # directly or indirectly.
+          # @!attribute [rw] identity
+          #   @return [::String]
+          #     Required. The identity appear in the form of members in
+          #     [IAM policy
+          #     binding](https://cloud.google.com/iam/reference/rest/v1/Binding).
+          #
+          #     The examples of supported forms are:
+          #     "user:mike@example.com",
+          #     "group:admins@example.com",
+          #     "domain:google.com",
+          #     "serviceAccount:my-project-id@appspot.gserviceaccount.com".
+          #
+          #     Notice that wildcard characters (such as * and ?) are not supported.
+          #     You must give a specific identity.
+          class IdentitySelector
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Specifies roles and/or permissions to analyze, to determine both the
+          # identities possessing them and the resources they control. If multiple
+          # values are specified, results will include roles or permissions matching
+          # any of them. The total number of roles and permissions should be equal or
+          # less than 10.
+          # @!attribute [rw] roles
+          #   @return [::Array<::String>]
+          #     Optional. The roles to appear in result.
+          # @!attribute [rw] permissions
+          #   @return [::Array<::String>]
+          #     Optional. The permissions to appear in result.
+          class AccessSelector
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Contains query options.
+          # @!attribute [rw] expand_groups
+          #   @return [::Boolean]
+          #     Optional. If true, the identities section of the result will expand any
+          #     Google groups appearing in an IAM policy binding.
+          #
+          #     If {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#identity_selector IamPolicyAnalysisQuery.identity_selector} is specified, the
+          #     identity in the result will be determined by the selector, and this flag
+          #     is not allowed to set.
+          #
+          #     Default is false.
+          # @!attribute [rw] expand_roles
+          #   @return [::Boolean]
+          #     Optional. If true, the access section of result will expand any roles
+          #     appearing in IAM policy bindings to include their permissions.
+          #
+          #     If {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#access_selector IamPolicyAnalysisQuery.access_selector} is specified, the access
+          #     section of the result will be determined by the selector, and this flag
+          #     is not allowed to set.
+          #
+          #     Default is false.
+          # @!attribute [rw] expand_resources
+          #   @return [::Boolean]
+          #     Optional. If true and {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector} is not
+          #     specified, the resource section of the result will expand any resource
+          #     attached to an IAM policy to include resources lower in the resource
+          #     hierarchy.
+          #
+          #     For example, if the request analyzes for which resources user A has
+          #     permission P, and the results include an IAM policy with P on a GCP
+          #     folder, the results will also include resources in that folder with
+          #     permission P.
+          #
+          #     If true and {::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery#resource_selector IamPolicyAnalysisQuery.resource_selector} is specified,
+          #     the resource section of the result will expand the specified resource to
+          #     include resources lower in the resource hierarchy. Only project or
+          #     lower resources are supported. Folder and organization resource cannot be
+          #     used together with this option.
+          #
+          #     For example, if the request analyzes for which users have permission P on
+          #     a GCP project with this option enabled, the results will include all
+          #     users who have permission P on that project or any lower resource.
+          #
+          #     Default is false.
+          # @!attribute [rw] output_resource_edges
+          #   @return [::Boolean]
+          #     Optional. If true, the result will output resource edges, starting
+          #     from the policy attached resource, to any expanded resources.
+          #     Default is false.
+          # @!attribute [rw] output_group_edges
+          #   @return [::Boolean]
+          #     Optional. If true, the result will output group identity edges, starting
+          #     from the binding's group members, to any expanded identities.
+          #     Default is false.
+          # @!attribute [rw] analyze_service_account_impersonation
+          #   @return [::Boolean]
+          #     Optional. If true, the response will include access analysis from identities to
+          #     resources via service account impersonation. This is a very expensive
+          #     operation, because many derived queries will be executed. We highly
+          #     recommend you use {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning} rpc
+          #     instead.
+          #
+          #     For example, if the request analyzes for which resources user A has
+          #     permission P, and there's an IAM policy states user A has
+          #     iam.serviceAccounts.getAccessToken permission to a service account SA,
+          #     and there's another IAM policy states service account SA has permission P
+          #     to a GCP folder F, then user A potentially has access to the GCP folder
+          #     F. And those advanced analysis results will be included in
+          #     {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
+          #
+          #     Another example, if the request analyzes for who has
+          #     permission P to a GCP folder F, and there's an IAM policy states user A
+          #     has iam.serviceAccounts.actAs permission to a service account SA, and
+          #     there's another IAM policy states service account SA has permission P to
+          #     the GCP folder F, then user A potentially has access to the GCP folder
+          #     F. And those advanced analysis results will be included in
+          #     {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis AnalyzeIamPolicyResponse.service_account_impersonation_analysis}.
+          #
+          #     Default is false.
+          class Options
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
+        # @!attribute [rw] analysis_query
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
+        #     Required. The request query.
+        # @!attribute [rw] execution_timeout
+        #   @return [::Google::Protobuf::Duration]
+        #     Optional. Amount of time executable has to complete.  See JSON representation of
+        #     [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).
+        #
+        #     If this field is set with a value less than the RPC deadline, and the
+        #     execution of your query hasn't finished in the specified
+        #     execution timeout,  you will get a response with partial result.
+        #     Otherwise, your query's execution will continue until the RPC deadline.
+        #     If it's not finished until then, you will get a  DEADLINE_EXCEEDED error.
+        #
+        #     Default is empty.
+        class AnalyzeIamPolicyRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
+        # @!attribute [rw] main_analysis
+        #   @return [::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis]
+        #     The main analysis that matches the original request.
+        # @!attribute [rw] service_account_impersonation_analysis
+        #   @return [::Array<::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis>]
+        #     The service account impersonation analysis if
+        #     [AnalyzeIamPolicyRequest.analyze_service_account_impersonation][] is
+        #     enabled.
+        # @!attribute [rw] fully_explored
+        #   @return [::Boolean]
+        #     Represents whether all entries in the {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#main_analysis main_analysis} and
+        #     {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse#service_account_impersonation_analysis service_account_impersonation_analysis} have been fully explored to
+        #     answer the query in the request.
+        class AnalyzeIamPolicyResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # An analysis message to group the query and results.
+          # @!attribute [rw] analysis_query
+          #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
+          #     The analysis query.
+          # @!attribute [rw] analysis_results
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisResult>]
+          #     A list of {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult} that matches the analysis query, or
+          #     empty if no result is found.
+          # @!attribute [rw] fully_explored
+          #   @return [::Boolean]
+          #     Represents whether all entries in the {::Google::Cloud::Asset::V1::AnalyzeIamPolicyResponse::IamPolicyAnalysis#analysis_results analysis_results} have been
+          #     fully explored to answer the query.
+          # @!attribute [rw] non_critical_errors
+          #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicyAnalysisState>]
+          #     A list of non-critical errors happened during the query handling.
+          class IamPolicyAnalysis
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # Output configuration for export IAM policy analysis destination.
+        # @!attribute [rw] gcs_destination
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::GcsDestination]
+        #     Destination on Cloud Storage.
+        # @!attribute [rw] bigquery_destination
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination]
+        #     Destination on BigQuery.
+        class IamPolicyAnalysisOutputConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # A Cloud Storage location.
+          # @!attribute [rw] uri
+          #   @return [::String]
+          #     Required. The uri of the Cloud Storage object. It's the same uri that is used by
+          #     gsutil. For example: "gs://bucket_name/object_name". See
+          #     [Quickstart: Using the gsutil tool]
+          #     (https://cloud.google.com/storage/docs/quickstart-gsutil) for examples.
+          class GcsDestination
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # A BigQuery destination.
+          # @!attribute [rw] dataset
+          #   @return [::String]
+          #     Required. The BigQuery dataset in format "projects/projectId/datasets/datasetId",
+          #     to which the analysis results should be exported. If this dataset does
+          #     not exist, the export call will return an INVALID_ARGUMENT error.
+          # @!attribute [rw] table_prefix
+          #   @return [::String]
+          #     Required. The prefix of the BigQuery tables to which the analysis results will be
+          #     written. Tables will be created based on this table_prefix if not exist:
+          #     * <table_prefix>_analysis table will contain export operation's metadata.
+          #     * <table_prefix>_analysis_result will contain all the
+          #       {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult IamPolicyAnalysisResult}.
+          #     When [partition_key] is specified, both tables will be partitioned based
+          #     on the [partition_key].
+          # @!attribute [rw] partition_key
+          #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig::BigQueryDestination::PartitionKey]
+          #     The partition key for BigQuery partitioned table.
+          # @!attribute [rw] write_disposition
+          #   @return [::String]
+          #     Optional. Specifies the action that occurs if the destination table or partition
+          #     already exists. The following values are supported:
+          #
+          #     * WRITE_TRUNCATE: If the table or partition already exists, BigQuery
+          #     overwrites the entire table or all the partitions data.
+          #     * WRITE_APPEND: If the table or partition already exists, BigQuery
+          #     appends the data to the table or the latest partition.
+          #     * WRITE_EMPTY: If the table already exists and contains data, an error is
+          #     returned.
+          #
+          #     The default value is WRITE_APPEND. Each action is atomic and only occurs
+          #     if BigQuery is able to complete the job successfully. Details are at
+          #     https://cloud.google.com/bigquery/docs/loading-data-local#appending_to_or_overwriting_a_table_using_a_local_file.
+          class BigQueryDestination
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # This enum determines the partition key column for the bigquery tables.
+            # Partitioning can improve query performance and reduce query cost by
+            # filtering partitions. Refer to
+            # https://cloud.google.com/bigquery/docs/partitioned-tables for details.
+            module PartitionKey
+              # Unspecified partition key. Tables won't be partitioned using this
+              # option.
+              PARTITION_KEY_UNSPECIFIED = 0
+
+              # The time when the request is received. If specified as partition key,
+              # the result table(s) is partitoned by the RequestTime column, an
+              # additional timestamp column representing when the request was received.
+              REQUEST_TIME = 1
+            end
+          end
+        end
+
+        # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
+        # @!attribute [rw] analysis_query
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery]
+        #     Required. The request query.
+        # @!attribute [rw] output_config
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisOutputConfig]
+        #     Required. Output configuration indicating where the results will be output to.
+        class AnalyzeIamPolicyLongrunningRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy_longrunning AssetService.AnalyzeIamPolicyLongrunning}.
+        class AnalyzeIamPolicyLongrunningResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Asset content type.
         module ContentType
           # Unspecified content type.
@@ -641,6 +964,9 @@ module Google
 
           # The Cloud Access context manager Policy set on an asset.
           ACCESS_POLICY = 5
+
+          # The runtime OS Inventory information.
+          OS_INVENTORY = 6
         end
       end
     end