feat: [cloudasset] added new resource references to fields in Analyze…

…MoveRequest (#10138) * feat: added messages ExportAssetsResponse, BatchGetAssetsHistoryResponse feat: added Asset.access_policy, access_level, service_perimeter, org_policy feat: added resource definitions to some messages docs: updated comments chore: removed backend configuration from service config PiperOrigin-RevId: 589961470 Source-Link: googleapis/googleapis@02fbe75 Source-Link: googleapis/googleapis-gen@2a25ee3 Copy-Tag: eyJwIjoiamF2YS1hc3NldC8uT3dsQm90LnlhbWwiLCJoIjoiMmEyNWVlMzYzOGFiZGMyZWE1MjBjODdlMWQ0YzdjNTNmYzYyNGUzMCJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * feat: added new resource references to fields in AnalyzeMoveRequest docs: updated comments chore: removed backend configuration from service config PiperOrigin-RevId: 590982722 Source-Link: googleapis/googleapis@da09f4c Source-Link: googleapis/googleapis-gen@7dd789a Copy-Tag: eyJwIjoiamF2YS1hc3NldC8uT3dsQm90LnlhbWwiLCJoIjoiN2RkNzg5YTJjYWQ0ZDU0NGZiYjUzYTE1Y2U1OWRlYjQ2N2YzMGI2ZCJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * add accesscontextmanager and orgpolicy to asset/v1p2beta1 * correct license header year --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: diegomarquezp <diegomarquezp@google.com>
googleapis · Jan 2, 2024 · 66f99c3 · 66f99c3
1 parent cb5168c
commit 66f99c3
Show file tree

Hide file tree

Showing 70 changed files with 6,996 additions and 2,007 deletions.
diff --git a/java-asset/README.md b/java-asset/README.md
@@ -195,7 +195,7 @@ Java is a registered trademark of Oracle and/or its affiliates.
 [kokoro-badge-link-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/google-cloud-java/java11.html
 [stability-image]: https://img.shields.io/badge/stability-stable-green
 [maven-version-image]: https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-asset.svg
-[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-asset/3.34.0
+[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-asset/3.36.0
 [authentication]: https://github.com/googleapis/google-cloud-java#authentication
 [auth-scopes]: https://developers.google.com/identity/protocols/oauth2/scopes
 [predefined-iam-roles]: https://cloud.google.com/iam/docs/understanding-roles#predefined_roles

diff --git a/...-asset/google-cloud-asset/src/main/java/com/google/cloud/asset/v1/AssetServiceClient.java b/...-asset/google-cloud-asset/src/main/java/com/google/cloud/asset/v1/AssetServiceClient.java
@@ -1114,31 +1114,31 @@ public final UnaryCallable<DeleteFeedRequest, Empty> deleteFeedCallable() {
    *       <li>`labels.env:&#42;` to find Google Cloud resources that have a label `env`.
    *       <li>`tagKeys:env` to find Google Cloud resources that have directly attached tags where
    *           the
-   *           [`TagKey`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey)
-   *           .`namespacedName` contains `env`.
+   *           [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey)
+   *           contains `env`.
    *       <li>`tagValues:prod&#42;` to find Google Cloud resources that have directly attached tags
    *           where the
-   *           [`TagValue`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
-   *           .`namespacedName` contains a word prefixed by `prod`.
+   *           [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
+   *           contains a word prefixed by `prod`.
    *       <li>`tagValueIds=tagValues/123` to find Google Cloud resources that have directly
    *           attached tags where the
-   *           [`TagValue`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
-   *           .`name` is exactly `tagValues/123`.
+   *           [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
+   *           is exactly `tagValues/123`.
    *       <li>`effectiveTagKeys:env` to find Google Cloud resources that have directly attached or
    *           inherited tags where the
-   *           [`TagKey`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey)
-   *           .`namespacedName` contains `env`.
+   *           [`TagKey.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys#resource:-tagkey)
+   *           contains `env`.
    *       <li>`effectiveTagValues:prod&#42;` to find Google Cloud resources that have directly
    *           attached or inherited tags where the
-   *           [`TagValue`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
-   *           .`namespacedName` contains a word prefixed by `prod`.
+   *           [`TagValue.namespacedName`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
+   *           contains a word prefixed by `prod`.
    *       <li>`effectiveTagValueIds=tagValues/123` to find Google Cloud resources that have
    *           directly attached or inherited tags where the
-   *           [`TagValue`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
-   *           .`name` is exactly `tagValues/123`.
+   *           [`TagValue.name`](https://cloud.google.com/resource-manager/reference/rest/v3/tagValues#resource:-tagvalue)
+   *           is exactly `tagValues/123`.
    *       <li>`kmsKey:key` to find Google Cloud resources encrypted with a customer-managed
-   *           encryption key whose name contains `key` as a word. This field is deprecated. Please
-   *           use the `kmsKeys` field to retrieve Cloud KMS key information.
+   *           encryption key whose name contains `key` as a word. This field is deprecated. Use the
+   *           `kmsKeys` field to retrieve Cloud KMS key information.
    *       <li>`kmsKeys:key` to find Google Cloud resources encrypted with customer-managed
    *           encryption keys whose name contains the word `key`.
    *       <li>`relationships:instance-group-1` to find Google Cloud resources that have
@@ -1148,6 +1148,10 @@ public final UnaryCallable<DeleteFeedRequest, Empty> deleteFeedCallable() {
    *       <li>`relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1` to find Compute Engine
    *           instances that have relationships with `instance-group-1` in the Compute Engine
    *           instance group resource name, for relationship type `INSTANCE_TO_INSTANCEGROUP`.
+   *       <li>`sccSecurityMarks.key=value` to find Cloud resources that are attached with security
+   *           marks whose key is `key` and value is `value`.
+   *       <li>`sccSecurityMarks.key:&#42;` to find Cloud resources that are attached with security
+   *           marks whose key is `key`.
    *       <li>`state:ACTIVE` to find Google Cloud resources whose state contains `ACTIVE` as a
    *           word.
    *       <li>`NOT state:ACTIVE` to find Google Cloud resources whose state doesn't contain
@@ -1169,7 +1173,7 @@ public final UnaryCallable<DeleteFeedRequest, Empty> deleteFeedCallable() {
    *
    * @param assetTypes Optional. A list of asset types that this request searches for. If empty, it
    *     will search all the [searchable asset
-   *     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+   *     types](https://cloud.google.com/asset-inventory/docs/supported-asset-types).
    *     <p>Regular expressions are also supported. For example:
    *     <ul>
    *       <li>"compute.googleapis.com.&#42;" snapshots resources whose asset type starts with
@@ -1721,8 +1725,8 @@ public final AnalyzeIamPolicyResponse analyzeIamPolicy(AnalyzeIamPolicyRequest r
    * try (AssetServiceClient assetServiceClient = AssetServiceClient.create()) {
    *   AnalyzeMoveRequest request =
    *       AnalyzeMoveRequest.newBuilder()
-   *           .setResource("resource-341064690")
-   *           .setDestinationParent("destinationParent-1733659048")
+   *           .setResource(ProjectName.of("[PROJECT]").toString())
+   *           .setDestinationParent(FolderName.of("[FOLDER]").toString())
    *           .build();
    *   AnalyzeMoveResponse response = assetServiceClient.analyzeMove(request);
    * }
@@ -1753,8 +1757,8 @@ public final AnalyzeMoveResponse analyzeMove(AnalyzeMoveRequest request) {
    * try (AssetServiceClient assetServiceClient = AssetServiceClient.create()) {
    *   AnalyzeMoveRequest request =
    *       AnalyzeMoveRequest.newBuilder()
-   *           .setResource("resource-341064690")
-   *           .setDestinationParent("destinationParent-1733659048")
+   *           .setResource(ProjectName.of("[PROJECT]").toString())
+   *           .setDestinationParent(FolderName.of("[FOLDER]").toString())
    *           .build();
    *   ApiFuture<AnalyzeMoveResponse> future =
    *       assetServiceClient.analyzeMoveCallable().futureCall(request);
@@ -2764,11 +2768,15 @@ public final BatchGetEffectiveIamPoliciesResponse batchGetEffectiveIamPolicies(
    *     The response only contains analyzed organization policies for the provided constraint.
    * @param filter The expression to filter
    *     [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results].
-   *     The only supported field is `consolidated_policy.attached_resource`, and the only supported
-   *     operator is `=`.
-   *     <p>Example:
+   *     Filtering is currently available for bare literal values and the following fields:
+   *     <ul>
+   *       <li>consolidated_policy.attached_resource
+   *       <li>consolidated_policy.rules.enforce
+   *     </ul>
+   *     <p>When filtering by a specific field, the only supported operator is `=`. For example,
+   *     filtering by
    *     consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001"
-   *     will return the org policy results of"folders/001".
+   *     will return all the Organization Policy results attached to "folders/001".
    * @throws com.google.api.gax.rpc.ApiException if the remote call fails
    */
   public final AnalyzeOrgPoliciesPagedResponse analyzeOrgPolicies(
@@ -2931,9 +2939,15 @@ public final AnalyzeOrgPoliciesPagedResponse analyzeOrgPolicies(
    *
    * @param constraint Required. The name of the constraint to analyze governed containers for. The
    *     analysis only contains organization policies for the provided constraint.
-   * @param filter The expression to filter the governed containers in result. The only supported
-   *     field is `parent`, and the only supported operator is `=`.
-   *     <p>Example: parent="//cloudresourcemanager.googleapis.com/folders/001" will return all
+   * @param filter The expression to filter
+   *     [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers].
+   *     Filtering is currently available for bare literal values and the following fields:
+   *     <ul>
+   *       <li>parent
+   *       <li>consolidated_policy.rules.enforce
+   *     </ul>
+   *     <p>When filtering by a specific field, the only supported operator is `=`. For example,
+   *     filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" will return all the
    *     containers under "folders/001".
    * @throws com.google.api.gax.rpc.ApiException if the remote call fails
    */
@@ -3088,8 +3102,7 @@ public final AnalyzeOrgPolicyGovernedContainersPagedResponse analyzeOrgPolicyGov
    * </ul>
    *
    * <p>This RPC only returns either resources of types supported by [searchable asset
-   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types),
-   * or IAM policies.
+   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types), or IAM policies.
    *
    * <p>Sample code:
    *
@@ -3121,14 +3134,32 @@ public final AnalyzeOrgPolicyGovernedContainersPagedResponse analyzeOrgPolicyGov
    *
    * @param constraint Required. The name of the constraint to analyze governed assets for. The
    *     analysis only contains analyzed organization policies for the provided constraint.
-   * @param filter The expression to filter the governed assets in result. The only supported fields
-   *     for governed resources are `governed_resource.project` and `governed_resource.folders`. The
-   *     only supported fields for governed iam policies are `governed_iam_policy.project` and
-   *     `governed_iam_policy.folders`. The only supported operator is `=`.
-   *     <p>Example 1: governed_resource.project="projects/12345678" filter will return all governed
-   *     resources under projects/12345678 including the project ifself, if applicable.
-   *     <p>Example 2: governed_iam_policy.folders="folders/12345678" filter will return all
-   *     governed iam policies under folders/12345678, if applicable.
+   * @param filter The expression to filter
+   *     [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets].
+   *     <p>For governed resources, filtering is currently available for bare literal values and the
+   *     following fields:
+   *     <ul>
+   *       <li>governed_resource.project
+   *       <li>governed_resource.folders
+   *       <li>consolidated_policy.rules.enforce When filtering by `governed_resource.project` or
+   *           `consolidated_policy.rules.enforce`, the only supported operator is `=`. When
+   *           filtering by `governed_resource.folders`, the supported operators are `=` and `:`.
+   *           For example, filtering by `governed_resource.project="projects/12345678"` will return
+   *           all the governed resources under "projects/12345678", including the project itself if
+   *           applicable.
+   *     </ul>
+   *     <p>For governed IAM policies, filtering is currently available for bare literal values and
+   *     the following fields:
+   *     <ul>
+   *       <li>governed_iam_policy.project
+   *       <li>governed_iam_policy.folders
+   *       <li>consolidated_policy.rules.enforce When filtering by `governed_iam_policy.project` or
+   *           `consolidated_policy.rules.enforce`, the only supported operator is `=`. When
+   *           filtering by `governed_iam_policy.folders`, the supported operators are `=` and `:`.
+   *           For example, filtering by `governed_iam_policy.folders:"folders/12345678"` will
+   *           return all the governed IAM policies under "folders/001".
+   *     </ul>
+   *
    * @throws com.google.api.gax.rpc.ApiException if the remote call fails
    */
   public final AnalyzeOrgPolicyGovernedAssetsPagedResponse analyzeOrgPolicyGovernedAssets(
@@ -3161,8 +3192,7 @@ public final AnalyzeOrgPolicyGovernedAssetsPagedResponse analyzeOrgPolicyGoverne
    * </ul>
    *
    * <p>This RPC only returns either resources of types supported by [searchable asset
-   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types),
-   * or IAM policies.
+   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types), or IAM policies.
    *
    * <p>Sample code:
    *
@@ -3215,8 +3245,7 @@ public final AnalyzeOrgPolicyGovernedAssetsPagedResponse analyzeOrgPolicyGoverne
    * </ul>
    *
    * <p>This RPC only returns either resources of types supported by [searchable asset
-   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types),
-   * or IAM policies.
+   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types), or IAM policies.
    *
    * <p>Sample code:
    *
@@ -3270,8 +3299,7 @@ public final AnalyzeOrgPolicyGovernedAssetsPagedResponse analyzeOrgPolicyGoverne
    * </ul>
    *
    * <p>This RPC only returns either resources of types supported by [searchable asset
-   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types),
-   * or IAM policies.
+   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-types), or IAM policies.
    *
    * <p>Sample code:
    *

diff --git a/...google-cloud-asset/src/main/java/com/google/cloud/asset/v1p2beta1/AssetServiceClient.java b/...google-cloud-asset/src/main/java/com/google/cloud/asset/v1p2beta1/AssetServiceClient.java
@@ -184,7 +184,7 @@ public AssetServiceStub getStub() {
    *
    * @param parent Required. The name of the project/folder/organization where this feed should be
    *     created in. It can only be an organization number (such as "organizations/123"), a folder
-   *     number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a
+   *     number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a
    *     project number (such as "projects/12345").
    * @throws com.google.api.gax.rpc.ApiException if the remote call fails
    */