google-cloud-asset-v1 0.9.0 → 0.13.0

data/lib/google/cloud/asset/v1/asset_service/operations.rb

@@ -103,8 +103,13 @@ module Google
             # Lists operations that match the specified filter in the request. If the
             # server doesn't support this method, it returns `UNIMPLEMENTED`.
             #
-            # NOTE: the `name` binding below allows API services to override the binding
-            # to use different resource name schemes, such as `users/*/operations`.
+            # NOTE: the `name` binding allows API services to override the binding
+            # to use different resource name schemes, such as `users/*/operations`. To
+            # override the binding, API services can add a binding such as
+            # `"/v1/{name=users/*}/operations"` to their service configuration.
+            # For backwards compatibility, the default name includes the operations
+            # collection id, however overriding users must ensure the name binding
+            # is the parent resource, without the operations collection id.
             #
             # @overload list_operations(request, options = nil)
             #   Pass arguments to `list_operations` via a request object, either of type
@@ -122,7 +127,7 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     The name of the operation collection.
+            #     The name of the operation's parent resource.
             #   @param filter [::String]
             #     The standard list filter.
             #   @param page_size [::Integer]
@@ -390,6 +395,79 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Waits for the specified long-running operation until it is done or reaches
+            # at most a specified timeout, returning the latest state.  If the operation
+            # is already done, the latest state is immediately returned.  If the timeout
+            # specified is greater than the default HTTP/RPC timeout, the HTTP/RPC
+            # timeout is used.  If the server does not support this method, it returns
+            # `google.rpc.Code.UNIMPLEMENTED`.
+            # Note that this method is on a best-effort basis.  It may return the latest
+            # state before the specified timeout (including immediately), meaning even an
+            # immediate response is no guarantee that the operation is done.
+            #
+            # @overload wait_operation(request, options = nil)
+            #   Pass arguments to `wait_operation` via a request object, either of type
+            #   {::Google::Longrunning::WaitOperationRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Longrunning::WaitOperationRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload wait_operation(name: nil, timeout: nil)
+            #   Pass arguments to `wait_operation` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     The name of the operation resource to wait on.
+            #   @param timeout [::Google::Protobuf::Duration, ::Hash]
+            #     The maximum duration to wait before timing out. If left blank, the wait
+            #     will be at most the time permitted by the underlying HTTP/RPC protocol.
+            #     If RPC context deadline is also specified, the shorter one will be used.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::Operation]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::Operation]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def wait_operation request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Longrunning::WaitOperationRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.wait_operation.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              options.apply_defaults timeout:      @config.rpcs.wait_operation.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.wait_operation.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @operations_stub.call_rpc :wait_operation, request, options: options do |response, operation|
+                response = ::Gapic::Operation.new response, @operations_client, options: options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the Operations API.
             #
@@ -482,7 +560,7 @@ module Google
               config_attr :scope,         nil, ::String, ::Array, nil
               config_attr :lib_name,      nil, ::String, nil
               config_attr :lib_version,   nil, ::String, nil
-              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
               config_attr :interceptors,  nil, ::Array, nil
               config_attr :timeout,       nil, ::Numeric, nil
               config_attr :metadata,      nil, ::Hash, nil
@@ -503,7 +581,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end
@@ -515,7 +593,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:
@@ -546,17 +624,24 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :cancel_operation
+                ##
+                # RPC-specific configuration for `wait_operation`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :wait_operation
 
                 # @private
                 def initialize parent_rpcs = nil
-                  list_operations_config = parent_rpcs&.list_operations if parent_rpcs&.respond_to? :list_operations
+                  list_operations_config = parent_rpcs.list_operations if parent_rpcs.respond_to? :list_operations
                   @list_operations = ::Gapic::Config::Method.new list_operations_config
-                  get_operation_config = parent_rpcs&.get_operation if parent_rpcs&.respond_to? :get_operation
+                  get_operation_config = parent_rpcs.get_operation if parent_rpcs.respond_to? :get_operation
                   @get_operation = ::Gapic::Config::Method.new get_operation_config
-                  delete_operation_config = parent_rpcs&.delete_operation if parent_rpcs&.respond_to? :delete_operation
+                  delete_operation_config = parent_rpcs.delete_operation if parent_rpcs.respond_to? :delete_operation
                   @delete_operation = ::Gapic::Config::Method.new delete_operation_config
-                  cancel_operation_config = parent_rpcs&.cancel_operation if parent_rpcs&.respond_to? :cancel_operation
+                  cancel_operation_config = parent_rpcs.cancel_operation if parent_rpcs.respond_to? :cancel_operation
                   @cancel_operation = ::Gapic::Config::Method.new cancel_operation_config
+                  wait_operation_config = parent_rpcs.wait_operation if parent_rpcs.respond_to? :wait_operation
+                  @wait_operation = ::Gapic::Config::Method.new wait_operation_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/asset/v1/asset_service/paths.rb

@@ -54,12 +54,12 @@ module Google
             # @return [::String]
             def feed_path **args
               resources = {
-                "feed:project"      => (proc do |project:, feed:|
+                "feed:project" => (proc do |project:, feed:|
                   raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
 
                   "projects/#{project}/feeds/#{feed}"
                 end),
-                "feed:folder"       => (proc do |folder:, feed:|
+                "feed:folder" => (proc do |folder:, feed:|
                   raise ::ArgumentError, "folder cannot contain /" if folder.to_s.include? "/"
 
                   "folders/#{folder}/feeds/#{feed}"

data/lib/google/cloud/asset/v1/asset_service_pb.rb

@@ -12,6 +12,7 @@ require 'google/longrunning/operations_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/empty_pb'
 require 'google/protobuf/field_mask_pb'
+require 'google/protobuf/struct_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/type/expr_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -28,6 +29,19 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :output_config, :message, 2, "google.cloud.asset.v1.OutputConfig"
       optional :output_result, :message, 3, "google.cloud.asset.v1.OutputResult"
     end
+    add_message "google.cloud.asset.v1.ListAssetsRequest" do
+      optional :parent, :string, 1
+      optional :read_time, :message, 2, "google.protobuf.Timestamp"
+      repeated :asset_types, :string, 3
+      optional :content_type, :enum, 4, "google.cloud.asset.v1.ContentType"
+      optional :page_size, :int32, 5
+      optional :page_token, :string, 6
+    end
+    add_message "google.cloud.asset.v1.ListAssetsResponse" do
+      optional :read_time, :message, 1, "google.protobuf.Timestamp"
+      repeated :assets, :message, 2, "google.cloud.asset.v1.Asset"
+      optional :next_page_token, :string, 3
+    end
     add_message "google.cloud.asset.v1.BatchGetAssetsHistoryRequest" do
       optional :parent, :string, 1
       repeated :asset_names, :string, 2
@@ -126,6 +140,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :query, :string, 2
       optional :page_size, :int32, 3
       optional :page_token, :string, 4
+      repeated :asset_types, :string, 5
+      optional :order_by, :string, 7
     end
     add_message "google.cloud.asset.v1.SearchAllIamPoliciesResponse" do
       repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
@@ -137,6 +153,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :identity_selector, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector"
       optional :access_selector, :message, 4, "google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector"
       optional :options, :message, 5, "google.cloud.asset.v1.IamPolicyAnalysisQuery.Options"
+      optional :condition_context, :message, 6, "google.cloud.asset.v1.IamPolicyAnalysisQuery.ConditionContext"
     end
     add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ResourceSelector" do
       optional :full_resource_name, :string, 1
@@ -156,6 +173,11 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :output_group_edges, :bool, 5
       optional :analyze_service_account_impersonation, :bool, 6
     end
+    add_message "google.cloud.asset.v1.IamPolicyAnalysisQuery.ConditionContext" do
+      oneof :TimeContext do
+        optional :access_time, :message, 1, "google.protobuf.Timestamp"
+      end
+    end
     add_message "google.cloud.asset.v1.AnalyzeIamPolicyRequest" do
       optional :analysis_query, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisQuery"
       optional :execution_timeout, :message, 2, "google.protobuf.Duration"
@@ -213,6 +235,8 @@ module Google
       module V1
         ExportAssetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportAssetsRequest").msgclass
         ExportAssetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ExportAssetsResponse").msgclass
+        ListAssetsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ListAssetsRequest").msgclass
+        ListAssetsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ListAssetsResponse").msgclass
         BatchGetAssetsHistoryRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.BatchGetAssetsHistoryRequest").msgclass
         BatchGetAssetsHistoryResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.BatchGetAssetsHistoryResponse").msgclass
         CreateFeedRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.CreateFeedRequest").msgclass
@@ -240,6 +264,7 @@ module Google
         IamPolicyAnalysisQuery::IdentitySelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.IdentitySelector").msgclass
         IamPolicyAnalysisQuery::AccessSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.AccessSelector").msgclass
         IamPolicyAnalysisQuery::Options = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.Options").msgclass
+        IamPolicyAnalysisQuery::ConditionContext = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisQuery.ConditionContext").msgclass
         AnalyzeIamPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyRequest").msgclass
         AnalyzeIamPolicyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse").msgclass
         AnalyzeIamPolicyResponse::IamPolicyAnalysis = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.AnalyzeIamPolicyResponse.IamPolicyAnalysis").msgclass

data/lib/google/cloud/asset/v1/asset_service_services_pb.rb

@@ -27,7 +27,7 @@ module Google
           # Asset service definition.
           class Service
 
-            include GRPC::GenericService
+            include ::GRPC::GenericService
 
             self.marshal_class_method = :encode
             self.unmarshal_class_method = :decode
@@ -44,6 +44,9 @@ module Google
             # result. For regular-size resource parent, the export operation usually
             # finishes within 5 minutes.
             rpc :ExportAssets, ::Google::Cloud::Asset::V1::ExportAssetsRequest, ::Google::Longrunning::Operation
+            # Lists assets with time and resource types and returns paged results in
+            # response.
+            rpc :ListAssets, ::Google::Cloud::Asset::V1::ListAssetsRequest, ::Google::Cloud::Asset::V1::ListAssetsResponse
             # Batch gets the update history of assets that overlap a time window.
             # For IAM_POLICY content, this API outputs history when the asset and its
             # attached IAM POLICY both exist. This can create gaps in the output history.

data/lib/google/cloud/asset/v1/assets_pb.rb

@@ -63,16 +63,27 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :asset_type, :string, 2
       optional :project, :string, 3
+      repeated :folders, :string, 17
+      optional :organization, :string, 18
       optional :display_name, :string, 4
       optional :description, :string, 5
       optional :location, :string, 6
       map :labels, :string, :string, 7
       repeated :network_tags, :string, 8
+      optional :kms_key, :string, 10
+      optional :create_time, :message, 11, "google.protobuf.Timestamp"
+      optional :update_time, :message, 12, "google.protobuf.Timestamp"
+      optional :state, :string, 13
       optional :additional_attributes, :message, 9, "google.protobuf.Struct"
+      optional :parent_full_resource_name, :string, 19
+      optional :parent_asset_type, :string, 103
     end
     add_message "google.cloud.asset.v1.IamPolicySearchResult" do
       optional :resource, :string, 1
+      optional :asset_type, :string, 5
       optional :project, :string, 2
+      repeated :folders, :string, 6
+      optional :organization, :string, 7
       optional :policy, :message, 3, "google.iam.v1.Policy"
       optional :explanation, :message, 4, "google.cloud.asset.v1.IamPolicySearchResult.Explanation"
     end
@@ -86,6 +97,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :code, :enum, 1, "google.rpc.Code"
       optional :cause, :string, 2
     end
+    add_message "google.cloud.asset.v1.ConditionEvaluation" do
+      optional :evaluation_value, :enum, 1, "google.cloud.asset.v1.ConditionEvaluation.EvaluationValue"
+    end
+    add_enum "google.cloud.asset.v1.ConditionEvaluation.EvaluationValue" do
+      value :EVALUATION_VALUE_UNSPECIFIED, 0
+      value :TRUE, 1
+      value :FALSE, 2
+      value :CONDITIONAL, 3
+    end
     add_message "google.cloud.asset.v1.IamPolicyAnalysisResult" do
       optional :attached_resource_full_name, :string, 1
       optional :iam_binding, :message, 2, "google.iam.v1.Binding"
@@ -116,6 +136,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :resources, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Resource"
       repeated :accesses, :message, 2, "google.cloud.asset.v1.IamPolicyAnalysisResult.Access"
       repeated :resource_edges, :message, 3, "google.cloud.asset.v1.IamPolicyAnalysisResult.Edge"
+      optional :condition_evaluation, :message, 4, "google.cloud.asset.v1.ConditionEvaluation"
     end
     add_message "google.cloud.asset.v1.IamPolicyAnalysisResult.IdentityList" do
       repeated :identities, :message, 1, "google.cloud.asset.v1.IamPolicyAnalysisResult.Identity"
@@ -138,6 +159,8 @@ module Google
         IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
         IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
         IamPolicyAnalysisState = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisState").msgclass
+        ConditionEvaluation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ConditionEvaluation").msgclass
+        ConditionEvaluation::EvaluationValue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ConditionEvaluation.EvaluationValue").enummodule
         IamPolicyAnalysisResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult").msgclass
         IamPolicyAnalysisResult::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Resource").msgclass
         IamPolicyAnalysisResult::Access = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicyAnalysisResult.Access").msgclass

data/lib/google/cloud/asset/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Asset
       module V1
-        VERSION = "0.9.0"
+        VERSION = "0.13.0"
       end
     end
   end

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/cloud/asset/v1/asset_service.rb

@@ -88,6 +88,75 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # ListAssets request.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Name of the organization or project the assets belong to. Format:
+        #     "organizations/[organization-number]" (such as "organizations/123"),
+        #     "projects/[project-id]" (such as "projects/my-project-id"), or
+        #     "projects/[project-number]" (such as "projects/12345").
+        # @!attribute [rw] read_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Timestamp to take an asset snapshot. This can only be set to a timestamp
+        #     between the current time and the current time minus 35 days (inclusive).
+        #     If not specified, the current time will be used. Due to delays in resource
+        #     data collection and indexing, there is a volatile window during which
+        #     running the same query may get different results.
+        # @!attribute [rw] asset_types
+        #   @return [::Array<::String>]
+        #     A list of asset types to take a snapshot for. For example:
+        #     "compute.googleapis.com/Disk".
+        #
+        #     Regular expression is also supported. For example:
+        #
+        #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+        #     with "compute.googleapis.com".
+        #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+        #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+        #
+        #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+        #     regular expression syntax. If the regular expression does not match any
+        #     supported asset type, an INVALID_ARGUMENT error will be returned.
+        #
+        #     If specified, only matching assets will be returned, otherwise, it will
+        #     snapshot all asset types. See [Introduction to Cloud Asset
+        #     Inventory](https://cloud.google.com/asset-inventory/docs/overview)
+        #     for all supported asset types.
+        # @!attribute [rw] content_type
+        #   @return [::Google::Cloud::Asset::V1::ContentType]
+        #     Asset content type. If not specified, no content but the asset name will
+        #     be returned.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of assets to be returned in a single response. Default
+        #     is 100, minimum is 1, and maximum is 1000.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     The `next_page_token` returned from the previous `ListAssetsResponse`, or
+        #     unspecified for the first `ListAssetsRequest`. It is a continuation of a
+        #     prior `ListAssets` call, and the API should return the next page of assets.
+        class ListAssetsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # ListAssets response.
+        # @!attribute [rw] read_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Time the snapshot was taken.
+        # @!attribute [rw] assets
+        #   @return [::Array<::Google::Cloud::Asset::V1::Asset>]
+        #     Assets.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     Token to retrieve the next page of results. It expires 72 hours after the
+        #     page token for the first page is generated. Set to empty if there are no
+        #     remaining results.
+        class ListAssetsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Batch get assets history request.
         # @!attribute [rw] parent
         #   @return [::String]
@@ -253,6 +322,10 @@ module Google
         #     Editing Object
         #     Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
         #     for more information.
+        #
+        #     If the specified Cloud Storage object already exists and there is no
+        #     [hold](https://cloud.google.com/storage/docs/object-holds), it will be
+        #     overwritten with the exported result.
         # @!attribute [rw] uri_prefix
         #   @return [::String]
         #     The uri prefix of all generated Cloud Storage objects. Example:
@@ -457,7 +530,7 @@ module Google
         #   @return [::String]
         #     Required. A scope can be a project, a folder, or an organization. The search is
         #     limited to the resources within the `scope`. The caller must be granted the
-        #     [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+        #     [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
         #     permission on the desired scope.
         #
         #     The allowed values are:
@@ -469,36 +542,41 @@ module Google
         # @!attribute [rw] query
         #   @return [::String]
         #     Optional. The query statement. See [how to construct a
-        #     query](http://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
         #     for more information. If not specified or empty, it will search all the
-        #     resources within the specified `scope`. Note that the query string is
-        #     compared against each Cloud IAM policy binding, including its members,
-        #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
-        #     contain the bindings that match your query. To learn more about the IAM
-        #     policy structure, see [IAM policy
-        #     doc](https://cloud.google.com/iam/docs/policies#structure).
+        #     resources within the specified `scope`.
         #
         #     Examples:
         #
         #     * `name:Important` to find Cloud resources whose name contains
         #       "Important" as a word.
+        #     * `name=Important` to find the Cloud resource whose name is exactly
+        #       "Important".
         #     * `displayName:Impor*` to find Cloud resources whose display name
-        #       contains "Impor" as a prefix.
-        #     * `description:*por*` to find Cloud resources whose description
-        #       contains "por" as a substring.
-        #     * `location:us-west*` to find Cloud resources whose location is
-        #       prefixed with "us-west".
+        #       contains "Impor" as a prefix of any word in the field.
+        #     * `location:us-west*` to find Cloud resources whose location contains both
+        #       "us" and "west" as prefixes.
         #     * `labels:prod` to find Cloud resources whose labels contain "prod" as
         #       a key or value.
         #     * `labels.env:prod` to find Cloud resources that have a label "env"
         #       and its value is "prod".
         #     * `labels.env:*` to find Cloud resources that have a label "env".
+        #     * `kmsKey:key` to find Cloud resources encrypted with a customer-managed
+        #       encryption key whose name contains the word "key".
+        #     * `state:ACTIVE` to find Cloud resources whose state contains "ACTIVE" as a
+        #       word.
+        #     * `NOT state:ACTIVE` to find \\{\\{gcp_name}} resources whose state
+        #       doesn't contain "ACTIVE" as a word.
+        #     * `createTime<1609459200` to find Cloud resources that were created before
+        #       "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
+        #       "2021-01-01 00:00:00 UTC" in seconds.
+        #     * `updateTime>1609459200` to find Cloud resources that were updated after
+        #       "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of
+        #       "2021-01-01 00:00:00 UTC" in seconds.
         #     * `Important` to find Cloud resources that contain "Important" as a word
         #       in any of the searchable fields.
-        #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix
-        #       in any of the searchable fields.
-        #     * `*por*` to find Cloud resources that contain "por" as a substring in
-        #       any of the searchable fields.
+        #     * `Impor*` to find Cloud resources that contain "Impor" as a prefix of any
+        #       word in any of the searchable fields.
         #     * `Important location:(us-west1 OR global)` to find Cloud
         #       resources that contain "Important" as a word in any of the searchable
         #       fields and are also located in the "us-west1" region or the "global"
@@ -508,6 +586,17 @@ module Google
         #     Optional. A list of asset types that this request searches for. If empty, it will
         #     search all the [searchable asset
         #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+        #
+        #     Regular expressions are also supported. For example:
+        #
+        #     * "compute.googleapis.com.*" snapshots resources whose asset type starts
+        #     with "compute.googleapis.com".
+        #     * ".*Instance" snapshots resources whose asset type ends with "Instance".
+        #     * ".*Instance.*" snapshots resources whose asset type contains "Instance".
+        #
+        #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+        #     regular expression syntax. If the regular expression does not match any
+        #     supported asset type, an INVALID_ARGUMENT error will be returned.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Optional. The page size for search result pagination. Page size is capped at 500 even
@@ -522,12 +611,24 @@ module Google
         #     identical to those in the previous call.
         # @!attribute [rw] order_by
         #   @return [::String]
-        #     Optional. A comma separated list of fields specifying the sorting order of the
+        #     Optional. A comma-separated list of fields specifying the sorting order of the
         #     results. The default order is ascending. Add " DESC" after the field name
         #     to indicate descending order. Redundant space characters are ignored.
-        #     Example: "location DESC, name". Only string fields in the response are
-        #     sortable, including `name`, `displayName`, `description`, `location`. All
-        #     the other fields such as repeated fields (e.g., `networkTags`), map
+        #     Example: "location DESC, name".
+        #     Only singular primitive fields in the response are sortable:
+        #       * name
+        #       * assetType
+        #       * project
+        #       * displayName
+        #       * description
+        #       * location
+        #       * kmsKey
+        #       * createTime
+        #       * updateTime
+        #       * state
+        #       * parentFullResourceName
+        #       * parentAssetType
+        #     All the other fields such as repeated fields (e.g., `networkTags`), map
         #     fields (e.g., `labels`) and struct fields (e.g., `additionalAttributes`)
         #     are not supported.
         class SearchAllResourcesRequest
@@ -556,7 +657,7 @@ module Google
         #     Required. A scope can be a project, a folder, or an organization. The search is
         #     limited to the IAM policies within the `scope`. The caller must be granted
         #     the
-        #     [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
+        #     [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)
         #     permission on the desired scope.
         #
         #     The allowed values are:
@@ -570,7 +671,12 @@ module Google
         #     Optional. The query statement. See [how to construct a
         #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
         #     for more information. If not specified or empty, it will search all the
-        #     IAM policies within the specified `scope`.
+        #     IAM policies within the specified `scope`. Note that the query string is
+        #     compared against each Cloud IAM policy binding, including its members,
+        #     roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
+        #     contain the bindings that match your query. To learn more about the IAM
+        #     policy structure, see [IAM policy
+        #     doc](https://cloud.google.com/iam/docs/policies#structure).
         #
         #     Examples:
         #
@@ -578,21 +684,32 @@ module Google
         #       "amy@gmail.com".
         #     * `policy:roles/compute.admin` to find IAM policy bindings that specify
         #       the Compute Admin role.
+        #     * `policy:comp*` to find IAM policy bindings that contain "comp" as a
+        #       prefix of any word in the binding.
         #     * `policy.role.permissions:storage.buckets.update` to find IAM policy
         #       bindings that specify a role containing "storage.buckets.update"
         #       permission. Note that if callers don't have `iam.roles.get` access to a
         #       role's included permissions, policy bindings that specify this role will
         #       be dropped from the search results.
+        #     * `policy.role.permissions:upd*` to find IAM policy bindings that specify a
+        #       role containing "upd" as a prefix of any word in the role permission.
+        #       Note that if callers don't have `iam.roles.get` access to a role's
+        #       included permissions, policy bindings that specify this role will be
+        #       dropped from the search results.
         #     * `resource:organizations/123456` to find IAM policy bindings
         #       that are set on "organizations/123456".
+        #     * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to
+        #       find IAM policy bindings that are set on the project named "myproject".
         #     * `Important` to find IAM policy bindings that contain "Important" as a
         #       word in any of the searchable fields (except for the included
         #       permissions).
-        #     * `*por*` to find IAM policy bindings that contain "por" as a substring
-        #       in any of the searchable fields (except for the included permissions).
         #     * `resource:(instance1 OR instance2) policy:amy` to find
         #       IAM policy bindings that are set on resources "instance1" or
         #       "instance2" and also specify user "amy".
+        #     * `roles:roles/compute.admin` to find IAM policy bindings that specify the
+        #       Compute Admin role.
+        #     * `memberTypes:user` to find IAM policy bindings that contain the "user"
+        #       member type.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Optional. The page size for search result pagination. Page size is capped at 500 even
@@ -605,6 +722,36 @@ module Google
         #     this method. `page_token` must be the value of `next_page_token` from the
         #     previous response. The values of all other method parameters must be
         #     identical to those in the previous call.
+        # @!attribute [rw] asset_types
+        #   @return [::Array<::String>]
+        #     Optional. A list of asset types that the IAM policies are attached to. If empty, it
+        #     will search the IAM policies that are attached to all the [searchable asset
+        #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+        #
+        #     Regular expressions are also supported. For example:
+        #
+        #     * "compute.googleapis.com.*" snapshots IAM policies attached to asset type
+        #     starts with "compute.googleapis.com".
+        #     * ".*Instance" snapshots IAM policies attached to asset type ends with
+        #     "Instance".
+        #     * ".*Instance.*" snapshots IAM policies attached to asset type contains
+        #     "Instance".
+        #
+        #     See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+        #     regular expression syntax. If the regular expression does not match any
+        #     supported asset type, an INVALID_ARGUMENT error will be returned.
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Optional. A comma-separated list of fields specifying the sorting order of the
+        #     results. The default order is ascending. Add " DESC" after the field name
+        #     to indicate descending order. Redundant space characters are ignored.
+        #     Example: "assetType DESC, resource".
+        #     Only singular primitive fields in the response are sortable:
+        #       * resource
+        #       * assetType
+        #       * project
+        #     All the other fields such as repeated fields (e.g., `folders`) and
+        #     non-primitive fields (e.g., `policy`) are not supported.
         class SearchAllIamPoliciesRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -625,7 +772,7 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # IAM policy analysis query message.
+        # ## IAM policy analysis query message.
         # @!attribute [rw] scope
         #   @return [::String]
         #     Required. The relative name of the root asset. Only resources and IAM policies within
@@ -652,6 +799,9 @@ module Google
         # @!attribute [rw] options
         #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::Options]
         #     Optional. The query options.
+        # @!attribute [rw] condition_context
+        #   @return [::Google::Cloud::Asset::V1::IamPolicyAnalysisQuery::ConditionContext]
+        #     Optional. The hypothetical context for IAM conditions evaluation.
         class IamPolicyAnalysisQuery
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -791,6 +941,17 @@ module Google
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
+
+          # The IAM conditions context.
+          # @!attribute [rw] access_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     The hypothetical access timestamp to evaluate IAM conditions. Note that
+          #     this value must not be earlier than the current time; otherwise, an
+          #     INVALID_ARGUMENT error will be returned.
+          class ConditionContext
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
         end
 
         # A request message for {::Google::Cloud::Asset::V1::AssetService::Client#analyze_iam_policy AssetService.AnalyzeIamPolicy}.
@@ -868,9 +1029,14 @@ module Google
           # @!attribute [rw] uri
           #   @return [::String]
           #     Required. The uri of the Cloud Storage object. It's the same uri that is used by
-          #     gsutil. For example: "gs://bucket_name/object_name". See
-          #     [Quickstart: Using the gsutil tool]
-          #     (https://cloud.google.com/storage/docs/quickstart-gsutil) for examples.
+          #     gsutil. Example: "gs://bucket_name/object_name". See [Viewing and
+          #     Editing Object
+          #     Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
+          #     for more information.
+          #
+          #     If the specified Cloud Storage object already exists and there is no
+          #     [hold](https://cloud.google.com/storage/docs/object-holds), it will be
+          #     overwritten with the analysis result.
           class GcsDestination
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods