google-cloud-asset-v1 0.8.0 → 0.12.0

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/cloud/asset/v1/asset_service.rb

@@ -88,6 +88,75 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # ListAssets request.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Name of the organization or project the assets belong to. Format:
+        #     "organizations/[organization-number]" (such as "organizations/123"),
+        #     "projects/[project-id]" (such as "projects/my-project-id"), or
+        #     "projects/[project-number]" (such as "projects/12345").
+        # @!attribute [rw] read_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Timestamp to take an asset snapshot. This can only be set to a timestamp
+        #     between the current time and the current time minus 35 days (inclusive).
+        #     If not specified, the current time will be used. Due to delays in resource
+        #     data collection and indexing, there is a volatile window during which
+        #     running the same query may get different results.
+        # @!attribute [rw] asset_types
+        #   @return [::Array<::String>]
+        #     A list of asset types to take a snapshot for. For example:
+        #     "compute.googleapis.com/Disk".
+        #
+        #     Regular expression is also supported. For example:
+        #
+        #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+        #     with "compute.googleapis.com".
+        #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+        #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+        #
+        #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+        #     regular expression syntax. If the regular expression does not match any
+        #     supported asset type, an INVALID_ARGUMENT error will be returned.
+        #
+        #     If specified, only matching assets will be returned, otherwise, it will
+        #     snapshot all asset types. See [Introduction to Cloud Asset
+        #     Inventory](https://cloud.google.com/asset-inventory/docs/overview)
+        #     for all supported asset types.
+        # @!attribute [rw] content_type
+        #   @return [::Google::Cloud::Asset::V1::ContentType]
+        #     Asset content type. If not specified, no content but the asset name will
+        #     be returned.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of assets to be returned in a single response. Default
+        #     is 100, minimum is 1, and maximum is 1000.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     The `next_page_token` returned from the previous `ListAssetsResponse`, or
+        #     unspecified for the first `ListAssetsRequest`. It is a continuation of a
+        #     prior `ListAssets` call, and the API should return the next page of assets.
+        class ListAssetsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # ListAssets response.
+        # @!attribute [rw] read_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Time the snapshot was taken.
+        # @!attribute [rw] assets
+        #   @return [::Array<::Google::Cloud::Asset::V1::Asset>]
+        #     Assets.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     Token to retrieve the next page of results. It expires 72 hours after the
+        #     page token for the first page is generated. Set to empty if there are no
+        #     remaining results.
+        class ListAssetsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Batch get assets history request.
         # @!attribute [rw] parent
         #   @return [::String]
@@ -253,6 +322,10 @@ module Google
         #     Editing Object
         #     Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
         #     for more information.
+        #
+        #     If the specified Cloud Storage object already exists and there is no
+        #     [hold](https://cloud.google.com/storage/docs/object-holds), it will be
+        #     overwritten with the exported result.
         # @!attribute [rw] uri_prefix
         #   @return [::String]
         #     The uri prefix of all generated Cloud Storage objects. Example:
@@ -292,7 +365,7 @@ module Google
         #     [partition_spec] determines whether to export to partitioned table(s) and
         #     how to partition the data.
         #
-        #     If [partition_spec] is unset or [partition_spec.partion_key] is unset or
+        #     If [partition_spec] is unset or [partition_spec.partition_key] is unset or
         #     `PARTITION_KEY_UNSPECIFIED`, the snapshot results will be exported to
         #     non-partitioned table(s). [force] will decide whether to overwrite existing
         #     table(s).
@@ -457,7 +530,7 @@ module Google
         #   @return [::String]
         #     Required. A scope can be a project, a folder, or an organization. The search is
         #     limited to the resources within the `scope`. The caller must be granted the
-        #     [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+        #     [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
         #     permission on the desired scope.
         #
         #     The allowed values are:
@@ -469,36 +542,41 @@ module Google
         # @!attribute [rw] query
         #   @return [::String]
         #     Optional. The query statement. See [how to construct a
-        #     query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
         #     for more information. If not specified or empty, it will search all the
-        #     resources within the specified `scope`. Note that the query string is
-        #     compared against each Cloud IAM policy binding, including its members,
-        #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
-        #     contain the bindings that match your query. To learn more about the IAM
-        #     policy structure, see [IAM policy
-        #     doc](https://cloud.google.com/iam/docs/policies#structure).
+        #     resources within the specified `scope`.
         #
         #     Examples:
         #
         #     * `name:Important` to find Cloud resources whose name contains
         #       "Important" as a word.
+        #     * `name=Important` to find the Cloud resource whose name is exactly
+        #       "Important".
         #     * `displayName:Impor*` to find Cloud resources whose display name
-        #       contains "Impor" as a prefix.
-        #     * `description:*por*` to find Cloud resources whose description
-        #       contains "por" as a substring.
-        #     * `location:us-west*` to find Cloud resources whose location is
-        #       prefixed with "us-west".
+        #       contains "Impor" as a prefix of any word in the field.
+        #     * `location:us-west*` to find Cloud resources whose location contains both
+        #       "us" and "west" as prefixes.
         #     * `labels:prod` to find Cloud resources whose labels contain "prod" as
         #       a key or value.
         #     * `labels.env:prod` to find Cloud resources that have a label "env"
         #       and its value is "prod".
         #     * `labels.env:*` to find Cloud resources that have a label "env".
+        #     * `kmsKey:key` to find Cloud resources encrypted with a customer-managed
+        #       encryption key whose name contains the word "key".
+        #     * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
+        #       word.
+        #     * `NOT state:ACTIVE` to find \\{\\{gcp_name}} resources whose state
+        #       doesn't contain "ACTIVE" as a word.
+        #     * `createTime<1609459200` to find Cloud resources that were created before
+        #       "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
+        #       "2021-01-01 00:00:00 UTC" in seconds.
+        #     * `updateTime>1609459200` to find Cloud resources that were updated after
+        #       "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
+        #       "2021-01-01 00:00:00 UTC" in seconds.
         #     * `Important` to find Cloud resources that contain "Important" as a word
         #       in any of the searchable fields.
-        #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix
-        #       in any of the searchable fields.
-        #     * `*por*` to find Cloud resources that contain "por" as a substring in
-        #       any of the searchable fields.
+        #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any
+        #       word in any of the searchable fields.
         #     * `Important location:(us-west1 OR global)` to find Cloud
         #       resources that contain "Important" as a word in any of the searchable
         #       fields and are also located in the "us-west1" region or the "global"
@@ -508,6 +586,17 @@ module Google
         #     Optional. A list of asset types that this request searches for. If empty, it will
         #     search all the [searchable asset
         #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+        #
+        #     Regular expressions are also supported. For example:
+        #
+        #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+        #     with "compute.googleapis.com".
+        #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+        #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+        #
+        #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+        #     regular expression syntax. If the regular expression does not match any
+        #     supported asset type, an INVALID_ARGUMENT error will be returned.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Optional. The page size for search result pagination. Page size is capped at 500 even
@@ -522,12 +611,24 @@ module Google
         #     identical to those in the previous call.
         # @!attribute [rw] order_by
         #   @return [::String]
-        #     Optional. A comma separated list of fields specifying the sorting order of the
+        #     Optional. A comma-separated list of fields specifying the sorting order of the
         #     results. The default order is ascending. Add " DESC" after the field name
         #     to indicate descending order. Redundant space characters are ignored.
-        #     Example: "location DESC, name". Only string fields in the response are
-        #     sortable, including `name`, `displayName`, `description`, `location`. All
-        #     the other fields such as repeated fields (e.g., `networkTags`), map
+        #     Example: "location DESC, name".
+        #     Only singular primitive fields in the response are sortable:
+        #       * name
+        #       * assetType
+        #       * project
+        #       * displayName
+        #       * description
+        #       * location
+        #       * kmsKey
+        #       * createTime
+        #       * updateTime
+        #       * state
+        #       * parentFullResourceName
+        #       * parentAssetType
+        #     All the other fields such as repeated fields (e.g., `networkTags`), map
         #     fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
         #     are not supported.
         class SearchAllResourcesRequest
@@ -556,7 +657,7 @@ module Google
         #     Required. A scope can be a project, a folder, or an organization. The search is
         #     limited to the IAM policies within the `scope`. The caller must be granted
         #     the
-        #     [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+        #     [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
         #     permission on the desired scope.
         #
         #     The allowed values are:
@@ -570,7 +671,12 @@ module Google
         #     Optional. The query statement. See [how to construct a
         #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
         #     for more information. If not specified or empty, it will search all the
-        #     IAM policies within the specified `scope`.
+        #     IAM policies within the specified `scope`. Note that the query string is
+        #     compared against each Cloud IAM policy binding, including its members,
+        #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
+        #     contain the bindings that match your query. To learn more about the IAM
+        #     policy structure, see [IAM policy
+        #     doc](https://cloud.google.com/iam/docs/policies#structure).
         #
         #     Examples:
         #
@@ -578,18 +684,25 @@ module Google
         #       "amy@gmail.com".
         #     * `policy:roles/compute.admin` to find IAM policy bindings that specify
         #       the Compute Admin role.
+        #     * `policy:comp*` to find IAM policy bindings that contain "comp" as a
+        #       prefix of any word in the binding.
         #     * `policy.role.permissions:storage.buckets.update` to find IAM policy
         #       bindings that specify a role containing "storage.buckets.update"
         #       permission. Note that if callers don't have `iam.roles.get` access to a
         #       role's included permissions, policy bindings that specify this role will
         #       be dropped from the search results.
+        #     * `policy.role.permissions:upd*` to find IAM policy bindings that specify a
+        #       role containing "upd" as a prefix of any word in the role permission.
+        #       Note that if callers don't have `iam.roles.get` access to a role's
+        #       included permissions, policy bindings that specify this role will be
+        #       dropped from the search results.
         #     * `resource:organizations/123456` to find IAM policy bindings
         #       that are set on "organizations/123456".
+        #     * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to
+        #       find IAM policy bindings that are set on the project named "myproject".
         #     * `Important` to find IAM policy bindings that contain "Important" as a
         #       word in any of the searchable fields (except for the included
         #       permissions).
-        #     * `*por*` to find IAM policy bindings that contain "por" as a substring
-        #       in any of the searchable fields (except for the included permissions).
         #     * `resource:(instance1 OR instance2) policy:amy` to find
         #       IAM policy bindings that are set on resources "instance1" or
         #       "instance2" and also specify user "amy".
@@ -625,7 +738,7 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # IAM policy analysis query message.
+        # ## IAM policy analysis query message.
         # @!attribute [rw] scope
         #   @return [::String]
         #     Required. The relative name of the root asset. Only resources and IAM policies within
@@ -652,6 +765,9 @@ module Google
         # @!attribute [rw] options
         #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::Options]
         #     Optional. The query options.
+        # @!attribute [rw] condition_context
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::ConditionContext]
+        #     Optional. The hypothetical context for IAM conditions evaluation.
         class IamPolicyAnalysisQuery
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -791,6 +907,17 @@ module Google
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
+
+          # The IAM conditions context.
+          # @!attribute [rw] access_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     The hypothetical access timestamp to evaluate IAM conditions. Note that
+          #     this value must not be earlier than the current time; otherwise, an
+          #     INVALID_ARGUMENT error will be returned.
+          class ConditionContext
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
         end
 
         # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
@@ -868,9 +995,14 @@ module Google
           # @!attribute [rw] uri
           #   @return [::String]
           #     Required. The uri of the Cloud Storage object. It's the same uri that is used by
-          #     gsutil. For example: "gs://bucket_name/object_name". See
-          #     [Quickstart: Using the gsutil tool]
-          #     (https://cloud.google.com/storage/docs/quickstart-gsutil) for examples.
+          #     gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
+          #     Editing Object
+          #     Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
+          #     for more information.
+          #
+          #     If the specified Cloud Storage object already exists and there is no
+          #     [hold](https://cloud.google.com/storage/docs/object-holds), it will be
+          #     overwritten with the analysis result.
           class GcsDestination
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -964,6 +1096,9 @@ module Google
 
           # The Cloud Access context manager Policy set on an asset.
           ACCESS_POLICY = 5
+
+          # The runtime OS Inventory information.
+          OS_INVENTORY = 6
         end
       end
     end

data/proto_docs/google/cloud/asset/v1/assets.rb

@@ -79,7 +79,8 @@ module Google
         # [resource
         # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
         # a resource outside the Google Cloud resource hierarchy (such as Google
-        # Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
+        # Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy),
+        # or a relationship (e.g. an INSTANCE_TO_INSTANCEGROUP relationship).
         # See [Supported asset
         # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
         # for more information.
@@ -134,6 +135,11 @@ module Google
         #   @return [::Google::Identity::AccessContextManager::V1::ServicePerimeter]
         #     Please also refer to the [service perimeter user
         #     guide](https://cloud.google.com/vpc-service-controls/docs/overview).
+        # @!attribute [rw] os_inventory
+        #   @return [::Google::Cloud::OsConfig::V1::Inventory]
+        #     A representation of runtime OS Inventory information. See [this
+        #     topic](https://cloud.google.com/compute/docs/instances/os-inventory-management)
+        #     for more information.
         # @!attribute [rw] ancestors
         #   @return [::Array<::String>]
         #     The ancestry path of an asset in Google Cloud [resource
@@ -225,14 +231,40 @@ module Google
         # @!attribute [rw] project
         #   @return [::String]
         #     The project that this resource belongs to, in the form of
-        #     projects/\\{PROJECT_NUMBER}.
+        #     projects/\\{PROJECT_NUMBER}. This field is available when the resource
+        #     belongs to a project.
         #
-        #     To search against the `project`:
+        #     To search against `project`:
         #
+        #     * use a field query. Example: `project:12345`
+        #     * use a free text query. Example: `12345`
         #     * specify the `scope` field as this project in your search request.
+        # @!attribute [rw] folders
+        #   @return [::Array<::String>]
+        #     The folder(s) that this resource belongs to, in the form of
+        #     folders/\\{FOLDER_NUMBER}. This field is available when the resource
+        #     belongs to one or more folders.
+        #
+        #     To search against `folders`:
+        #
+        #     * use a field query. Example: `folders:(123 OR 456)`
+        #     * use a free text query. Example: `123`
+        #     * specify the `scope` field as this folder in your search request.
+        # @!attribute [rw] organization
+        #   @return [::String]
+        #     The organization that this resource belongs to, in the form of
+        #     organizations/\\{ORGANIZATION_NUMBER}. This field is available when the
+        #     resource belongs to an organization.
+        #
+        #     To search against `organization`:
+        #
+        #     * use a field query. Example: `organization:123`
+        #     * use a free text query. Example: `123`
+        #     * specify the `scope` field as this organization in your search request.
         # @!attribute [rw] display_name
         #   @return [::String]
-        #     The display name of this resource.
+        #     The display name of this resource. This field is available only when the
+        #     resource's proto contains it.
         #
         #     To search against the `display_name`:
         #
@@ -241,16 +273,18 @@ module Google
         # @!attribute [rw] description
         #   @return [::String]
         #     One or more paragraphs of text description of this resource. Maximum length
-        #     could be up to 1M bytes.
+        #     could be up to 1M bytes. This field is available only when the resource's
+        #     proto contains it.
         #
         #     To search against the `description`:
         #
-        #     * use a field query. Example: `description:"*important instance*"`
-        #     * use a free text query. Example: `"*important instance*"`
+        #     * use a field query. Example: `description:"important instance"`
+        #     * use a free text query. Example: `"important instance"`
         # @!attribute [rw] location
         #   @return [::String]
         #     Location can be `global`, regional like `us-east1`, or zonal like
-        #     `us-west1-b`.
+        #     `us-west1-b`. This field is available only when the resource's proto
+        #     contains it.
         #
         #     To search against the `location`:
         #
@@ -260,7 +294,8 @@ module Google
         #   @return [::Google::Protobuf::Map{::String => ::String}]
         #     Labels associated with this resource. See [Labelling and grouping GCP
         #     resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
-        #     for more information.
+        #     for more information. This field is available only when the resource's
+        #     proto contains it.
         #
         #     To search against the `labels`:
         #
@@ -274,12 +309,73 @@ module Google
         #     Network tags associated with this resource. Like labels, network tags are a
         #     type of annotations used to group GCP resources. See [Labelling GCP
         #     resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
-        #     for more information.
+        #     for more information. This field is available only when the resource's
+        #     proto contains it.
         #
         #     To search against the `network_tags`:
         #
         #     * use a field query. Example: `networkTags:internal`
         #     * use a free text query. Example: `internal`
+        # @!attribute [rw] kms_key
+        #   @return [::String]
+        #     The Cloud KMS
+        #     [CryptoKey](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys?hl=en)
+        #     name or
+        #     [CryptoKeyVersion](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions?hl=en)
+        #     name. This field is available only when the resource's proto contains it.
+        #
+        #     To search against the `kms_key`:
+        #
+        #     * use a field query. Example: `kmsKey:key`
+        #     * use a free text query. Example: `key`
+        # @!attribute [rw] create_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     The create timestamp of this resource, at which the resource was created.
+        #     The granularity is in seconds. Timestamp.nanos will always be 0. This field
+        #     is available only when the resource's proto contains it.
+        #
+        #     To search against `create_time`:
+        #
+        #     * use a field query.
+        #         - value in seconds since unix epoch. Example: `createTime > 1609459200`
+        #         - value in date string. Example: `createTime > 2021-01-01`
+        #         - value in date-time string (must be quoted). Example: `createTime >
+        #         "2021-01-01T00:00:00"`
+        # @!attribute [rw] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     The last update timestamp of this resource, at which the resource was last
+        #     modified or deleted. The granularity is in seconds. Timestamp.nanos will
+        #     always be 0. This field is available only when the resource's proto
+        #     contains it.
+        #
+        #     To search against `update_time`:
+        #
+        #     * use a field query.
+        #         - value in seconds since unix epoch. Example: `updateTime < 1609459200`
+        #         - value in date string. Example: `updateTime < 2021-01-01`
+        #         - value in date-time string (must be quoted). Example: `updateTime <
+        #         "2021-01-01T00:00:00"`
+        # @!attribute [rw] state
+        #   @return [::String]
+        #     The state of this resource. Different resources types have different state
+        #     definitions that are mapped from various fields of different resource
+        #     types. This field is available only when the resource's proto contains it.
+        #
+        #     Example:
+        #     If the resource is an instance provided by Compute Engine,
+        #     its state will include PROVISIONING, STAGING, RUNNING, STOPPING,
+        #     SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition
+        #     in [API
+        #     Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances).
+        #     If the resource is a project provided by Cloud Resource Manager, its state
+        #     will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and
+        #     DELETE_IN_PROGRESS. See `lifecycleState` definition in [API
+        #     Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects).
+        #
+        #     To search against the `state`:
+        #
+        #     * use a field query. Example: `state:RUNNING`
+        #     * use a free text query. Example: `RUNNING`
         # @!attribute [rw] additional_attributes
         #   @return [::Google::Protobuf::Struct]
         #     The additional searchable attributes of this resource. The attributes may
@@ -289,7 +385,7 @@ module Google
         #     corresponding GCP service (e.g., Compute Engine). see [API references and
         #     supported searchable
         #     attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types)
-        #     for more information.
+        #     to see which fields are included.
         #
         #     You can search values of these fields through free text search. However,
         #     you should not consume the field programically as the field names and
@@ -301,6 +397,25 @@ module Google
         #     * use a free text query to match the attributes values. Example: to search
         #       `additional_attributes = { dnsName: "foobar" }`, you can issue a query
         #       `foobar`.
+        # @!attribute [rw] parent_full_resource_name
+        #   @return [::String]
+        #     The full resource name of this resource's parent, if it has one.
+        #     To search against the `parent_full_resource_name`:
+        #
+        #     * use a field query. Example:
+        #     `parentFullResourceName:"project-name"`
+        #     * use a free text query. Example:
+        #     `project-name`
+        # @!attribute [rw] parent_asset_type
+        #   @return [::String]
+        #     The type of this resource's immediate parent, if there is one.
+        #
+        #     To search against the `parent_asset_type`:
+        #
+        #     * use a field query. Example:
+        #     `parentAssetType:"cloudresourcemanager.googleapis.com/Project"`
+        #     * use a free text query. Example:
+        #     `cloudresourcemanager.googleapis.com/Project`
         class ResourceSearchResult
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -334,7 +449,7 @@ module Google
         #     projects/\\{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
         #     instance, Cloud Storage bucket), the project field will indicate the
         #     project that contains the resource. If an IAM policy is set on a folder or
-        #     orgnization, the project field will be empty.
+        #     orgnization, this field will be empty.
         #
         #     To search against the `project`:
         #
@@ -415,6 +530,32 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # The Condition evaluation.
+        # @!attribute [rw] evaluation_value
+        #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation::EvaluationValue]
+        #     The evaluation result.
+        class ConditionEvaluation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Value of this expression.
+          module EvaluationValue
+            # Reserved for future use.
+            EVALUATION_VALUE_UNSPECIFIED = 0
+
+            # The evaluation result is `true`.
+            TRUE = 1
+
+            # The evaluation result is `false`.
+            FALSE = 2
+
+            # The evaluation result is `conditional` when the condition expression
+            # contains variables that are either missing input values or have not been
+            # supported by Analyzer yet.
+            CONDITIONAL = 3
+          end
+        end
+
         # IAM Policy analysis result, consisting of one IAM policy binding and derived
         # access control lists.
         # @!attribute [rw] attached_resource_full_name
@@ -537,6 +678,10 @@ module Google
           #     the full resource name of a parent resource and {::Google::Cloud::Asset::V1::IamPolicyAnalysisResult::Edge#target_node Edge.target_node}
           #     contains the full resource name of a child resource. This field is
           #     present only if the output_resource_edges option is enabled in request.
+          # @!attribute [rw] condition_evaluation
+          #   @return [::Google::Cloud::Asset::V1::ConditionEvaluation]
+          #     Condition evaluation for this AccessControlList, if there is a condition
+          #     defined in the above IAM policy binding.
           class AccessControlList
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods