google-cloud-asset-v1 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 146d92531ea9d255916e790bba685754e5dd33c40bda18a0bca7a5a41b65c463
-  data.tar.gz: d6ce7170c915fb035581a909bf716dd4d16271027f6c22256149d9a4739afd2d
+  metadata.gz: 63c0da330fd0dfa19728ed2ee58050a99ba60976ca286563677a7ad101e1a668
+  data.tar.gz: 36cd8caafc0a08f097c9700253efa87e66a44a8cad80987e453612025f382982
 SHA512:
-  metadata.gz: 5919727dae53db59a1409e5b011b7b97edf4d0af4b23cf2f7efc0b27275ef201ed7e51695630ffda06d9b0b6c27c6691dfc9503fba21fcbd261e867d139b93b2
-  data.tar.gz: ef8c73a1dc3da98c135aa199258a2f301ab591b50dfa21b85f755eab31ff49e8d3479adb64b01e2182bc421e3871bca1d8599264238e92b5c7a5af95bb9abfb6
+  metadata.gz: 6f3174d274d83a8fc97dab3379fe51eb6af7198eea093050603a015b3075639c088c2f3328a2319c6e5fc39c804050ef5da256347dfc30ea3a9946d4ffb4b621
+  data.tar.gz: '0789307e358b75ca69195776bc7805d05c96ce9aa54af2da99c8d3b820eb3987f3b2aa60e1a8608709b675eed7723c987dd19fa1c096e8e82f7f5a6227b859ad'

data/lib/google/cloud/asset/v1/asset_service/client.rb

@@ -75,6 +75,22 @@ module Google
                   retry_codes:   ["DEADLINE_EXCEEDED", "UNAVAILABLE"]
                 }
 
+                default_config.rpcs.search_all_resources.timeout = 15.0
+                default_config.rpcs.search_all_resources.retry_policy = {
+                  initial_delay: 0.1,
+                  max_delay:     60.0,
+                  multiplier:    1.3,
+                  retry_codes:   ["DEADLINE_EXCEEDED", "UNAVAILABLE"]
+                }
+
+                default_config.rpcs.search_all_iam_policies.timeout = 15.0
+                default_config.rpcs.search_all_iam_policies.retry_policy = {
+                  initial_delay: 0.1,
+                  max_delay:     60.0,
+                  multiplier:    1.3,
+                  retry_codes:   ["DEADLINE_EXCEEDED", "UNAVAILABLE"]
+                }
+
                 default_config
               end
               yield @configure if block_given?
@@ -168,8 +184,9 @@ module Google
             ##
             # Exports assets with time and resource types to a given Cloud Storage
             # location. The output format is newline-delimited JSON.
-            # This API implements the {::Google::Longrunning::Operation google.longrunning.Operation} API allowing you
-            # to keep track of the export.
+            # This API implements the
+            # {::Google::Longrunning::Operation google.longrunning.Operation} API allowing
+            # you to keep track of the export.
             #
             # @overload export_assets(request, options = nil)
             #   Pass arguments to `export_assets` via a request object, either of type
@@ -379,9 +396,8 @@ module Google
             #     Required. This is the client-assigned asset feed identifier and it needs to
             #     be unique under a specific parent project/folder/organization.
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The feed details. The field `name` must be empty and it will be generated
-            #     in the format of:
-            #     projects/project_number/feeds/feed_id
+            #     Required. The feed details. The field `name` must be empty and it will be
+            #     generated in the format of: projects/project_number/feeds/feed_id
             #     folders/folder_number/feeds/feed_id
             #     organizations/organization_number/feeds/feed_id
             #
@@ -586,8 +602,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param feed [::Google::Cloud::Asset::V1::Feed, ::Hash]
-            #     Required. The new values of feed details. It must match an existing feed and the
-            #     field `name` must be in the format of:
+            #     Required. The new values of feed details. It must match an existing feed
+            #     and the field `name` must be in the format of:
             #     projects/project_number/feeds/feed_id or
             #     folders/folder_number/feeds/feed_id or
             #     organizations/organization_number/feeds/feed_id.
@@ -710,6 +726,250 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Searches all the resources within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllResources permission upon the requested scope,
+            # otherwise the request will be rejected.
+            #
+            # @overload search_all_resources(request, options = nil)
+            #   Pass arguments to `search_all_resources` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::SearchAllResourcesRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::SearchAllResourcesRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload search_all_resources(scope: nil, query: nil, asset_types: nil, page_size: nil, page_token: nil, order_by: nil)
+            #   Pass arguments to `search_all_resources` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. A scope can be a project, a folder or an organization. The search
+            #     is limited to the resources within the `scope`.
+            #
+            #     The allowed values are:
+            #
+            #     * projects/\\{PROJECT_ID}
+            #     * projects/\\{PROJECT_NUMBER}
+            #     * folders/\\{FOLDER_NUMBER}
+            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #   @param query [::String]
+            #     Optional. The query statement. An empty query can be specified to search
+            #     all the resources of certain `asset_types` within the given `scope`.
+            #
+            #     Examples:
+            #
+            #     * `name : "Important"` to find Cloud resources whose name contains
+            #       "Important" as a word.
+            #     * `displayName : "Impor*"` to find Cloud resources whose display name
+            #       contains "Impor" as a word prefix.
+            #     * `description : "*por*"` to find Cloud resources whose description
+            #       contains "por" as a substring.
+            #     * `location : "us-west*"` to find Cloud resources whose location is
+            #       prefixed with "us-west".
+            #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+            #       a key or value.
+            #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+            #       and its value is "prod".
+            #     * `labels.env : *` to find Cloud resources which have a label "env".
+            #     * `"Important"` to find Cloud resources which contain "Important" as a word
+            #       in any of the searchable fields.
+            #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+            #       in any of the searchable fields.
+            #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+            #       any of the searchable fields.
+            #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
+            #       resources which contain "Important" as a word in any of the searchable
+            #       fields and are also located in the "us-west1" region or the "global"
+            #       location.
+            #
+            #     See [how to construct a
+            #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+            #     for more details.
+            #   @param asset_types [::Array<::String>]
+            #     Optional. A list of asset types that this request searches for. If empty,
+            #     it will search all the [searchable asset
+            #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+            #   @param page_size [::Integer]
+            #     Optional. The page size for search result pagination. Page size is capped
+            #     at 500 even if a larger value is given. If set to zero, server will pick an
+            #     appropriate default. Returned results may be fewer than requested. When
+            #     this happens, there could be more results as long as `next_page_token` is
+            #     returned.
+            #   @param page_token [::String]
+            #     Optional. If present, then retrieve the next batch of results from the
+            #     preceding call to this method. `page_token` must be the value of
+            #     `next_page_token` from the previous response. The values of all other
+            #     method parameters, must be identical to those in the previous call.
+            #   @param order_by [::String]
+            #     Optional. A comma separated list of fields specifying the sorting order of
+            #     the results. The default order is ascending. Add " DESC" after the field
+            #     name to indicate descending order. Redundant space characters are ignored.
+            #     Example: "location DESC, name". See [supported resource metadata
+            #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
+            #     for more details.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::ResourceSearchResult>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def search_all_resources request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::SearchAllResourcesRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.search_all_resources.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "scope" => request.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.search_all_resources.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.search_all_resources.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :search_all_resources, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :search_all_resources, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
+            ##
+            # Searches all the IAM policies within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+            # otherwise the request will be rejected.
+            #
+            # @overload search_all_iam_policies(request, options = nil)
+            #   Pass arguments to `search_all_iam_policies` via a request object, either of type
+            #   {::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload search_all_iam_policies(scope: nil, query: nil, page_size: nil, page_token: nil)
+            #   Pass arguments to `search_all_iam_policies` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param scope [::String]
+            #     Required. A scope can be a project, a folder or an organization. The search
+            #     is limited to the IAM policies within the `scope`.
+            #
+            #     The allowed values are:
+            #
+            #     * projects/\\{PROJECT_ID}
+            #     * projects/\\{PROJECT_NUMBER}
+            #     * folders/\\{FOLDER_NUMBER}
+            #     * organizations/\\{ORGANIZATION_NUMBER}
+            #   @param query [::String]
+            #     Optional. The query statement. An empty query can be specified to search
+            #     all the IAM policies within the given `scope`.
+            #
+            #     Examples:
+            #
+            #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
+            #       specify user "amy@gmail.com".
+            #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
+            #       specify the Compute Admin role.
+            #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
+            #       policy bindings that specify a role containing "storage.buckets.update"
+            #       permission.
+            #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
+            #       are set on "organizations/123".
+            #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
+            #       to find Cloud IAM policy bindings that are set on "organizations/123" or
+            #       "folders/1234", and also specify user "amy".
+            #
+            #     See [how to construct a
+            #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+            #     for more details.
+            #   @param page_size [::Integer]
+            #     Optional. The page size for search result pagination. Page size is capped
+            #     at 500 even if a larger value is given. If set to zero, server will pick an
+            #     appropriate default. Returned results may be fewer than requested. When
+            #     this happens, there could be more results as long as `next_page_token` is
+            #     returned.
+            #   @param page_token [::String]
+            #     Optional. If present, retrieve the next batch of results from the preceding
+            #     call to this method. `page_token` must be the value of `next_page_token`
+            #     from the previous response. The values of all other method parameters must
+            #     be identical to those in the previous call.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Gapic::PagedEnumerable<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def search_all_iam_policies request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Asset::V1::SearchAllIamPoliciesRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.search_all_iam_policies.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::Asset::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "scope" => request.scope
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.search_all_iam_policies.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.search_all_iam_policies.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @asset_service_stub.call_rpc :search_all_iam_policies, request, options: options do |response, operation|
+                response = ::Gapic::PagedEnumerable.new @asset_service_stub, :search_all_iam_policies, request, response, operation, options
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AssetService API.
             #
@@ -877,6 +1137,16 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :delete_feed
+                ##
+                # RPC-specific configuration for `search_all_resources`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :search_all_resources
+                ##
+                # RPC-specific configuration for `search_all_iam_policies`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :search_all_iam_policies
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -894,6 +1164,10 @@ module Google
                   @update_feed = ::Gapic::Config::Method.new update_feed_config
                   delete_feed_config = parent_rpcs&.delete_feed if parent_rpcs&.respond_to? :delete_feed
                   @delete_feed = ::Gapic::Config::Method.new delete_feed_config
+                  search_all_resources_config = parent_rpcs&.search_all_resources if parent_rpcs&.respond_to? :search_all_resources
+                  @search_all_resources = ::Gapic::Config::Method.new search_all_resources_config
+                  search_all_iam_policies_config = parent_rpcs&.search_all_iam_policies if parent_rpcs&.respond_to? :search_all_iam_policies
+                  @search_all_iam_policies = ::Gapic::Config::Method.new search_all_iam_policies_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/asset/v1/asset_service_pb.rb

@@ -88,6 +88,28 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :content_type, :enum, 4, "google.cloud.asset.v1.ContentType"
       optional :feed_output_config, :message, 5, "google.cloud.asset.v1.FeedOutputConfig"
     end
+    add_message "google.cloud.asset.v1.SearchAllResourcesRequest" do
+      optional :scope, :string, 1
+      optional :query, :string, 2
+      repeated :asset_types, :string, 3
+      optional :page_size, :int32, 4
+      optional :page_token, :string, 5
+      optional :order_by, :string, 6
+    end
+    add_message "google.cloud.asset.v1.SearchAllResourcesResponse" do
+      repeated :results, :message, 1, "google.cloud.asset.v1.ResourceSearchResult"
+      optional :next_page_token, :string, 2
+    end
+    add_message "google.cloud.asset.v1.SearchAllIamPoliciesRequest" do
+      optional :scope, :string, 1
+      optional :query, :string, 2
+      optional :page_size, :int32, 3
+      optional :page_token, :string, 4
+    end
+    add_message "google.cloud.asset.v1.SearchAllIamPoliciesResponse" do
+      repeated :results, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult"
+      optional :next_page_token, :string, 2
+    end
     add_enum "google.cloud.asset.v1.ContentType" do
       value :CONTENT_TYPE_UNSPECIFIED, 0
       value :RESOURCE, 1
@@ -118,6 +140,10 @@ module Google
         PubsubDestination = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.PubsubDestination").msgclass
         FeedOutputConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.FeedOutputConfig").msgclass
         Feed = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Feed").msgclass
+        SearchAllResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesRequest").msgclass
+        SearchAllResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllResourcesResponse").msgclass
+        SearchAllIamPoliciesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesRequest").msgclass
+        SearchAllIamPoliciesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.SearchAllIamPoliciesResponse").msgclass
         ContentType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ContentType").enummodule
       end
     end

data/lib/google/cloud/asset/v1/asset_service_services_pb.rb

@@ -35,8 +35,9 @@ module Google
 
             # Exports assets with time and resource types to a given Cloud Storage
             # location. The output format is newline-delimited JSON.
-            # This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
-            # to keep track of the export.
+            # This API implements the
+            # [google.longrunning.Operation][google.longrunning.Operation] API allowing
+            # you to keep track of the export.
             rpc :ExportAssets, ExportAssetsRequest, Google::Longrunning::Operation
             # Batch gets the update history of assets that overlap a time window.
             # For RESOURCE content, this API outputs history with asset in both
@@ -57,6 +58,16 @@ module Google
             rpc :UpdateFeed, UpdateFeedRequest, Feed
             # Deletes an asset feed.
             rpc :DeleteFeed, DeleteFeedRequest, Google::Protobuf::Empty
+            # Searches all the resources within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllResources permission upon the requested scope,
+            # otherwise the request will be rejected.
+            rpc :SearchAllResources, SearchAllResourcesRequest, SearchAllResourcesResponse
+            # Searches all the IAM policies within the given accessible scope (e.g., a
+            # project, a folder or an organization). Callers should have
+            # cloud.assets.SearchAllIamPolicies permission upon the requested scope,
+            # otherwise the request will be rejected.
+            rpc :SearchAllIamPolicies, SearchAllIamPoliciesRequest, SearchAllIamPoliciesResponse
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/cloud/asset/v1/assets_pb.rb

@@ -3,6 +3,7 @@
 
 require 'google/protobuf'
 
+require 'google/api/annotations_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/orgpolicy/v1/orgpolicy_pb'
 require 'google/iam/v1/policy_pb'
@@ -12,7 +13,6 @@ require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
 require 'google/protobuf/any_pb'
 require 'google/protobuf/struct_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/asset/v1/assets.proto", :syntax => :proto3) do
     add_message "google.cloud.asset.v1.TemporalAsset" do
@@ -44,6 +44,30 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :resource_url, :string, 4
       optional :parent, :string, 5
       optional :data, :message, 6, "google.protobuf.Struct"
+      optional :location, :string, 8
+    end
+    add_message "google.cloud.asset.v1.ResourceSearchResult" do
+      optional :name, :string, 1
+      optional :asset_type, :string, 2
+      optional :project, :string, 3
+      optional :display_name, :string, 4
+      optional :description, :string, 5
+      optional :location, :string, 6
+      map :labels, :string, :string, 7
+      repeated :network_tags, :string, 8
+      optional :additional_attributes, :message, 9, "google.protobuf.Struct"
+    end
+    add_message "google.cloud.asset.v1.IamPolicySearchResult" do
+      optional :resource, :string, 1
+      optional :project, :string, 2
+      optional :policy, :message, 3, "google.iam.v1.Policy"
+      optional :explanation, :message, 4, "google.cloud.asset.v1.IamPolicySearchResult.Explanation"
+    end
+    add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation" do
+      map :matched_permissions, :string, :message, 1, "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions"
+    end
+    add_message "google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions" do
+      repeated :permissions, :string, 1
     end
   end
 end
@@ -56,6 +80,10 @@ module Google
         TimeWindow = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.TimeWindow").msgclass
         Asset = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Asset").msgclass
         Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.Resource").msgclass
+        ResourceSearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.ResourceSearchResult").msgclass
+        IamPolicySearchResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult").msgclass
+        IamPolicySearchResult::Explanation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation").msgclass
+        IamPolicySearchResult::Explanation::Permissions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1.IamPolicySearchResult.Explanation.Permissions").msgclass
       end
     end
   end

data/lib/google/cloud/asset/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Asset
       module V1
-        VERSION = "0.2.3"
+        VERSION = "0.3.0"
       end
     end
   end

data/proto_docs/google/cloud/asset/v1/asset_service.rb

@@ -56,8 +56,10 @@ module Google
         end
 
         # The export asset response. This message is returned by the
-        # google.longrunning.Operations.GetOperation method in the returned
-        # {::Google::Longrunning::Operation#response google.longrunning.Operation.response} field.
+        # google.longrunning.Operations.GetOperation
+        # method in the returned
+        # {::Google::Longrunning::Operation#response google.longrunning.Operation.response}
+        # field.
         # @!attribute [rw] read_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Time the snapshot was taken.
@@ -127,9 +129,8 @@ module Google
         #     be unique under a specific parent project/folder/organization.
         # @!attribute [rw] feed
         #   @return [::Google::Cloud::Asset::V1::Feed]
-        #     Required. The feed details. The field `name` must be empty and it will be generated
-        #     in the format of:
-        #     projects/project_number/feeds/feed_id
+        #     Required. The feed details. The field `name` must be empty and it will be
+        #     generated in the format of: projects/project_number/feeds/feed_id
         #     folders/folder_number/feeds/feed_id
         #     organizations/organization_number/feeds/feed_id
         class CreateFeedRequest
@@ -171,8 +172,8 @@ module Google
         # Update asset feed request.
         # @!attribute [rw] feed
         #   @return [::Google::Cloud::Asset::V1::Feed]
-        #     Required. The new values of feed details. It must match an existing feed and the
-        #     field `name` must be in the format of:
+        #     Required. The new values of feed details. It must match an existing feed
+        #     and the field `name` must be in the format of:
         #     projects/project_number/feeds/feed_id or
         #     folders/folder_number/feeds/feed_id or
         #     organizations/organization_number/feeds/feed_id.
@@ -325,6 +326,166 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Search all resources request.
+        # @!attribute [rw] scope
+        #   @return [::String]
+        #     Required. A scope can be a project, a folder or an organization. The search
+        #     is limited to the resources within the `scope`.
+        #
+        #     The allowed values are:
+        #
+        #     * projects/\\{PROJECT_ID}
+        #     * projects/\\{PROJECT_NUMBER}
+        #     * folders/\\{FOLDER_NUMBER}
+        #     * organizations/\\{ORGANIZATION_NUMBER}
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     Optional. The query statement. An empty query can be specified to search
+        #     all the resources of certain `asset_types` within the given `scope`.
+        #
+        #     Examples:
+        #
+        #     * `name : "Important"` to find Cloud resources whose name contains
+        #       "Important" as a word.
+        #     * `displayName : "Impor*"` to find Cloud resources whose display name
+        #       contains "Impor" as a word prefix.
+        #     * `description : "*por*"` to find Cloud resources whose description
+        #       contains "por" as a substring.
+        #     * `location : "us-west*"` to find Cloud resources whose location is
+        #       prefixed with "us-west".
+        #     * `labels : "prod"` to find Cloud resources whose labels contain "prod" as
+        #       a key or value.
+        #     * `labels.env : "prod"` to find Cloud resources which have a label "env"
+        #       and its value is "prod".
+        #     * `labels.env : *` to find Cloud resources which have a label "env".
+        #     * `"Important"` to find Cloud resources which contain "Important" as a word
+        #       in any of the searchable fields.
+        #     * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
+        #       in any of the searchable fields.
+        #     * `"*por*"` to find Cloud resources which contain "por" as a substring in
+        #       any of the searchable fields.
+        #     * `("Important" AND location : ("us-west1" OR "global"))` to find Cloud
+        #       resources which contain "Important" as a word in any of the searchable
+        #       fields and are also located in the "us-west1" region or the "global"
+        #       location.
+        #
+        #     See [how to construct a
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
+        #     for more details.
+        # @!attribute [rw] asset_types
+        #   @return [::Array<::String>]
+        #     Optional. A list of asset types that this request searches for. If empty,
+        #     it will search all the [searchable asset
+        #     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. The page size for search result pagination. Page size is capped
+        #     at 500 even if a larger value is given. If set to zero, server will pick an
+        #     appropriate default. Returned results may be fewer than requested. When
+        #     this happens, there could be more results as long as `next_page_token` is
+        #     returned.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. If present, then retrieve the next batch of results from the
+        #     preceding call to this method. `page_token` must be the value of
+        #     `next_page_token` from the previous response. The values of all other
+        #     method parameters, must be identical to those in the previous call.
+        # @!attribute [rw] order_by
+        #   @return [::String]
+        #     Optional. A comma separated list of fields specifying the sorting order of
+        #     the results. The default order is ascending. Add " DESC" after the field
+        #     name to indicate descending order. Redundant space characters are ignored.
+        #     Example: "location DESC, name". See [supported resource metadata
+        #     fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
+        #     for more details.
+        class SearchAllResourcesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Search all resources response.
+        # @!attribute [rw] results
+        #   @return [::Array<::Google::Cloud::Asset::V1::ResourceSearchResult>]
+        #     A list of Resources that match the search query. It contains the resource
+        #     standard metadata information.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     If there are more results than those appearing in this response, then
+        #     `next_page_token` is included. To get the next set of results, call this
+        #     method again using the value of `next_page_token` as `page_token`.
+        class SearchAllResourcesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Search all IAM policies request.
+        # @!attribute [rw] scope
+        #   @return [::String]
+        #     Required. A scope can be a project, a folder or an organization. The search
+        #     is limited to the IAM policies within the `scope`.
+        #
+        #     The allowed values are:
+        #
+        #     * projects/\\{PROJECT_ID}
+        #     * projects/\\{PROJECT_NUMBER}
+        #     * folders/\\{FOLDER_NUMBER}
+        #     * organizations/\\{ORGANIZATION_NUMBER}
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     Optional. The query statement. An empty query can be specified to search
+        #     all the IAM policies within the given `scope`.
+        #
+        #     Examples:
+        #
+        #     * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
+        #       specify user "amy@gmail.com".
+        #     * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
+        #       specify the Compute Admin role.
+        #     * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
+        #       policy bindings that specify a role containing "storage.buckets.update"
+        #       permission.
+        #     * `resource : "organizations/123"` to find Cloud IAM policy bindings that
+        #       are set on "organizations/123".
+        #     * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
+        #       to find Cloud IAM policy bindings that are set on "organizations/123" or
+        #       "folders/1234", and also specify user "amy".
+        #
+        #     See [how to construct a
+        #     query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
+        #     for more details.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     Optional. The page size for search result pagination. Page size is capped
+        #     at 500 even if a larger value is given. If set to zero, server will pick an
+        #     appropriate default. Returned results may be fewer than requested. When
+        #     this happens, there could be more results as long as `next_page_token` is
+        #     returned.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     Optional. If present, retrieve the next batch of results from the preceding
+        #     call to this method. `page_token` must be the value of `next_page_token`
+        #     from the previous response. The values of all other method parameters must
+        #     be identical to those in the previous call.
+        class SearchAllIamPoliciesRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Search all IAM policies response.
+        # @!attribute [rw] results
+        #   @return [::Array<::Google::Cloud::Asset::V1::IamPolicySearchResult>]
+        #     A list of IamPolicy that match the search query. Related information such
+        #     as the associated resource is returned along with the policy.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     Set if there are more results than those appearing in this response; to get
+        #     the next set of results, call this method again, using this value as the
+        #     `page_token`.
+        class SearchAllIamPoliciesResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Asset content type.
         module ContentType
           # Unspecified content type.

data/proto_docs/google/cloud/asset/v1/assets.rb

@@ -155,10 +155,199 @@ module Google
         #   @return [::Google::Protobuf::Struct]
         #     The content of the resource, in which some sensitive fields are removed
         #     and may not be present.
+        # @!attribute [rw] location
+        #   @return [::String]
+        #     The location of the resource in Google Cloud, such as its zone and region.
+        #     For more information, see https://cloud.google.com/about/locations/.
         class Resource
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
+
+        # A result of Resource Search, containing information of a cloud resoure.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The full resource name of this resource. Example:
+        #     "//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1".
+        #     See [Cloud Asset Inventory Resource Name
+        #     Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+        #     for more information.
+        #
+        #     To search against the `name`:
+        #
+        #     * use a field query. Example: `name : "instance1"`
+        #     * use a free text query. Example: `"instance1"`
+        # @!attribute [rw] asset_type
+        #   @return [::String]
+        #     The type of this resource. Example: "compute.googleapis.com/Disk".
+        #
+        #     To search against the `asset_type`:
+        #
+        #     * specify the `asset_type` field in your search request.
+        # @!attribute [rw] project
+        #   @return [::String]
+        #     The project that this resource belongs to, in the form of
+        #     projects/\\{PROJECT_NUMBER}.
+        #
+        #     To search against the `project`:
+        #
+        #     * specify the `scope` field as this project in your search request.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     The display name of this resource.
+        #
+        #     To search against the `display_name`:
+        #
+        #     * use a field query. Example: `displayName : "My Instance"`
+        #     * use a free text query. Example: `"My Instance"`
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     One or more paragraphs of text description of this resource. Maximum length
+        #     could be up to 1M bytes.
+        #
+        #     To search against the `description`:
+        #
+        #     * use a field query. Example: `description : "*important instance*"`
+        #     * use a free text query. Example: `"*important instance*"`
+        # @!attribute [rw] location
+        #   @return [::String]
+        #     Location can be "global", regional like "us-east1", or zonal like
+        #     "us-west1-b".
+        #
+        #     To search against the `location`:
+        #
+        #     * use a field query. Example: `location : "us-west*"`
+        #     * use a free text query. Example: `"us-west*"`
+        # @!attribute [rw] labels
+        #   @return [::Google::Protobuf::Map{::String => ::String}]
+        #     Labels associated with this resource. See [Labelling and grouping GCP
+        #     resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
+        #     for more information.
+        #
+        #     To search against the `labels`:
+        #
+        #     * use a field query, as following:
+        #         - query on any label's key or value. Example: `labels : "prod"`
+        #         - query by a given label. Example: `labels.env : "prod"`
+        #         - query by a given label'sexistence. Example: `labels.env : *`
+        #     * use a free text query. Example: `"prod"`
+        # @!attribute [rw] network_tags
+        #   @return [::Array<::String>]
+        #     Network tags associated with this resource. Like labels, network tags are a
+        #     type of annotations used to group GCP resources. See [Labelling GCP
+        #     resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
+        #     for more information.
+        #
+        #     To search against the `network_tags`:
+        #
+        #     * use a field query. Example: `networkTags : "internal"`
+        #     * use a free text query. Example: `"internal"`
+        # @!attribute [rw] additional_attributes
+        #   @return [::Google::Protobuf::Struct]
+        #     The additional attributes of this resource. The attributes may vary from
+        #     one resource type to another. Examples: "projectId" for Project,
+        #     "dnsName" for DNS ManagedZone.
+        #
+        #     To search against the `additional_attributes`:
+        #
+        #     * use a free text query to match the attributes values. Example: to search
+        #       additional_attributes = { dnsName: "foobar" }, you can issue a query
+        #       `"foobar"`.
+        class ResourceSearchResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::String]
+          class LabelsEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # A result of IAM Policy search, containing information of an IAM policy.
+        # @!attribute [rw] resource
+        #   @return [::String]
+        #     The full resource name of the resource associated with this IAM policy.
+        #     Example:
+        #     "//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1".
+        #     See [Cloud Asset Inventory Resource Name
+        #     Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
+        #     for more information.
+        #
+        #     To search against the `resource`:
+        #
+        #     * use a field query. Example: `resource : "organizations/123"`
+        # @!attribute [rw] project
+        #   @return [::String]
+        #     The project that the associated GCP resource belongs to, in the form of
+        #     projects/\\{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
+        #     instance, Cloud Storage bucket), the project field will indicate the
+        #     project that contains the resource. If an IAM policy is set on a folder or
+        #     orgnization, the project field will be empty.
+        #
+        #     To search against the `project`:
+        #
+        #     * specify the `scope` field as this project in your search request.
+        # @!attribute [rw] policy
+        #   @return [::Google::Iam::V1::Policy]
+        #     The IAM policy directly set on the given resource. Note that the original
+        #     IAM policy can contain multiple bindings. This only contains the bindings
+        #     that match the given query. For queries that don't contain a constrain on
+        #     policies (e.g., an empty query), this contains all the bindings.
+        #
+        #     To search against the `policy` bindings:
+        #
+        #     * use a field query, as following:
+        #         - query by the policy contained members. Example:
+        #           `policy : "amy@gmail.com"`
+        #         - query by the policy contained roles. Example:
+        #           `policy : "roles/compute.admin"`
+        #         - query by the policy contained roles' implied permissions. Example:
+        #           `policy.role.permissions : "compute.instances.create"`
+        # @!attribute [rw] explanation
+        #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation]
+        #     Explanation about the IAM policy search result. It contains additional
+        #     information to explain why the search result matches the query.
+        class IamPolicySearchResult
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Explanation about the IAM policy search result.
+          # @!attribute [rw] matched_permissions
+          #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions}]
+          #     The map from roles to their included permissions that match the
+          #     permission query (i.e., a query containing `policy.role.permissions:`).
+          #     Example: if query `policy.role.permissions : "compute.disk.get"`
+          #     matches a policy binding that contains owner role, the
+          #     matched_permissions will be \\{"roles/owner": ["compute.disk.get"]}. The
+          #     roles can also be found in the returned `policy` bindings. Note that the
+          #     map is populated only for requests with permission queries.
+          class Explanation
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # IAM permissions
+            # @!attribute [rw] permissions
+            #   @return [::Array<::String>]
+            #     A list of permissions. A sample permission string: "compute.disk.get".
+            class Permissions
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # @!attribute [rw] key
+            #   @return [::String]
+            # @!attribute [rw] value
+            #   @return [::Google::Cloud::Asset::V1::IamPolicySearchResult::Explanation::Permissions]
+            class MatchedPermissionsEntry
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-asset-v1
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-05 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common