feat: [google-cloud-asset] Add asset_type field to `GovernedIamPoli…

…cy` and `GovernedResource` (#12418)

- [ ] Regenerate this pull request now.

BEGIN_COMMIT_OVERRIDE
feat: Add `effective_tags` field to `GovernedResource`
feat: Add fields `project`, `folders`, `organization` and
`effective_tags` to `GovernedContainer`
feat: Add fields `project`, `folders` and `organization` to
`OrgPolicyResult`
feat: Add field `condition_evaluation` to `AnalyzerOrgPolicy.Rule`
docs: Update comment for rpc `AnalyzeOrgPolicyGovernedAssets` to include
additional canned constraints
feat: Add `asset_type` field to `GovernedIamPolicy` and
`GovernedResource`
END_COMMIT_OVERRIDE


PiperOrigin-RevId: 612934037

Source-Link:
googleapis/googleapis@324b281

Source-Link:
googleapis/googleapis-gen@d50dfda
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWFzc2V0Ly5Pd2xCb3QueWFtbCIsImgiOiJkNTBkZmRhMDdhNjhjNjU0Yzk1ZDYzZDU3NjJlMWI4ZDA3MTdmYmM1In0=

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

packages/google-cloud-asset/google/cloud/asset_v1/services/asset_service/async_client.py

@@ -3151,18 +3151,49 @@ async def analyze_org_policy_governed_assets(
     ) -> pagers.AnalyzeOrgPolicyGovernedAssetsAsyncPager:
         r"""Analyzes organization policies governed assets (Google Cloud
         resources or policies) under a scope. This RPC supports custom
-        constraints and the following 10 canned constraints:
-
-        -  storage.uniformBucketLevelAccess
-        -  iam.disableServiceAccountKeyCreation
-        -  iam.allowedPolicyMemberDomains
-        -  compute.vmExternalIpAccess
-        -  appengine.enforceServiceAccountActAsCheck
-        -  gcp.resourceLocations
-        -  compute.trustedImageProjects
-        -  compute.skipDefaultNetworkCreation
-        -  compute.requireOsLogin
-        -  compute.disableNestedVirtualization
+        constraints and the following canned constraints:
+
+        -  constraints/ainotebooks.accessMode
+        -  constraints/ainotebooks.disableFileDownloads
+        -  constraints/ainotebooks.disableRootAccess
+        -  constraints/ainotebooks.disableTerminal
+        -  constraints/ainotebooks.environmentOptions
+        -  constraints/ainotebooks.requireAutoUpgradeSchedule
+        -  constraints/ainotebooks.restrictVpcNetworks
+        -  constraints/compute.disableGuestAttributesAccess
+        -  constraints/compute.disableInstanceDataAccessApis
+        -  constraints/compute.disableNestedVirtualization
+        -  constraints/compute.disableSerialPortAccess
+        -  constraints/compute.disableSerialPortLogging
+        -  constraints/compute.disableVpcExternalIpv6
+        -  constraints/compute.requireOsLogin
+        -  constraints/compute.requireShieldedVm
+        -  constraints/compute.restrictLoadBalancerCreationForTypes
+        -  constraints/compute.restrictProtocolForwardingCreationForTypes
+        -  constraints/compute.restrictXpnProjectLienRemoval
+        -  constraints/compute.setNewProjectDefaultToZonalDNSOnly
+        -  constraints/compute.skipDefaultNetworkCreation
+        -  constraints/compute.trustedImageProjects
+        -  constraints/compute.vmCanIpForward
+        -  constraints/compute.vmExternalIpAccess
+        -  constraints/gcp.detailedAuditLoggingMode
+        -  constraints/gcp.resourceLocations
+        -  constraints/iam.allowedPolicyMemberDomains
+        -  constraints/iam.automaticIamGrantsForDefaultServiceAccounts
+        -  constraints/iam.disableServiceAccountCreation
+        -  constraints/iam.disableServiceAccountKeyCreation
+        -  constraints/iam.disableServiceAccountKeyUpload
+        -  constraints/iam.restrictCrossProjectServiceAccountLienRemoval
+        -  constraints/iam.serviceAccountKeyExpiryHours
+        -  constraints/resourcemanager.accessBoundaries
+        -  constraints/resourcemanager.allowedExportDestinations
+        -  constraints/sql.restrictAuthorizedNetworks
+        -  constraints/sql.restrictNoncompliantDiagnosticDataAccess
+        -  constraints/sql.restrictNoncompliantResourceCreation
+        -  constraints/sql.restrictPublicIp
+        -  constraints/storage.publicAccessPrevention
+        -  constraints/storage.restrictAuthTypes
+        -  constraints/storage.uniformBucketLevelAccess
 
         This RPC only returns either resources of types `supported by
         search

packages/google-cloud-asset/google/cloud/asset_v1/services/asset_service/client.py

@@ -3521,18 +3521,49 @@ def analyze_org_policy_governed_assets(
     ) -> pagers.AnalyzeOrgPolicyGovernedAssetsPager:
         r"""Analyzes organization policies governed assets (Google Cloud
         resources or policies) under a scope. This RPC supports custom
-        constraints and the following 10 canned constraints:
-
-        -  storage.uniformBucketLevelAccess
-        -  iam.disableServiceAccountKeyCreation
-        -  iam.allowedPolicyMemberDomains
-        -  compute.vmExternalIpAccess
-        -  appengine.enforceServiceAccountActAsCheck
-        -  gcp.resourceLocations
-        -  compute.trustedImageProjects
-        -  compute.skipDefaultNetworkCreation
-        -  compute.requireOsLogin
-        -  compute.disableNestedVirtualization
+        constraints and the following canned constraints:
+
+        -  constraints/ainotebooks.accessMode
+        -  constraints/ainotebooks.disableFileDownloads
+        -  constraints/ainotebooks.disableRootAccess
+        -  constraints/ainotebooks.disableTerminal
+        -  constraints/ainotebooks.environmentOptions
+        -  constraints/ainotebooks.requireAutoUpgradeSchedule
+        -  constraints/ainotebooks.restrictVpcNetworks
+        -  constraints/compute.disableGuestAttributesAccess
+        -  constraints/compute.disableInstanceDataAccessApis
+        -  constraints/compute.disableNestedVirtualization
+        -  constraints/compute.disableSerialPortAccess
+        -  constraints/compute.disableSerialPortLogging
+        -  constraints/compute.disableVpcExternalIpv6
+        -  constraints/compute.requireOsLogin
+        -  constraints/compute.requireShieldedVm
+        -  constraints/compute.restrictLoadBalancerCreationForTypes
+        -  constraints/compute.restrictProtocolForwardingCreationForTypes
+        -  constraints/compute.restrictXpnProjectLienRemoval
+        -  constraints/compute.setNewProjectDefaultToZonalDNSOnly
+        -  constraints/compute.skipDefaultNetworkCreation
+        -  constraints/compute.trustedImageProjects
+        -  constraints/compute.vmCanIpForward
+        -  constraints/compute.vmExternalIpAccess
+        -  constraints/gcp.detailedAuditLoggingMode
+        -  constraints/gcp.resourceLocations
+        -  constraints/iam.allowedPolicyMemberDomains
+        -  constraints/iam.automaticIamGrantsForDefaultServiceAccounts
+        -  constraints/iam.disableServiceAccountCreation
+        -  constraints/iam.disableServiceAccountKeyCreation
+        -  constraints/iam.disableServiceAccountKeyUpload
+        -  constraints/iam.restrictCrossProjectServiceAccountLienRemoval
+        -  constraints/iam.serviceAccountKeyExpiryHours
+        -  constraints/resourcemanager.accessBoundaries
+        -  constraints/resourcemanager.allowedExportDestinations
+        -  constraints/sql.restrictAuthorizedNetworks
+        -  constraints/sql.restrictNoncompliantDiagnosticDataAccess
+        -  constraints/sql.restrictNoncompliantResourceCreation
+        -  constraints/sql.restrictPublicIp
+        -  constraints/storage.publicAccessPrevention
+        -  constraints/storage.restrictAuthTypes
+        -  constraints/storage.uniformBucketLevelAccess
 
         This RPC only returns either resources of types `supported by
         search

packages/google-cloud-asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py

@@ -927,18 +927,49 @@ def analyze_org_policy_governed_assets(
 
         Analyzes organization policies governed assets (Google Cloud
         resources or policies) under a scope. This RPC supports custom
-        constraints and the following 10 canned constraints:
-
-        -  storage.uniformBucketLevelAccess
-        -  iam.disableServiceAccountKeyCreation
-        -  iam.allowedPolicyMemberDomains
-        -  compute.vmExternalIpAccess
-        -  appengine.enforceServiceAccountActAsCheck
-        -  gcp.resourceLocations
-        -  compute.trustedImageProjects
-        -  compute.skipDefaultNetworkCreation
-        -  compute.requireOsLogin
-        -  compute.disableNestedVirtualization
+        constraints and the following canned constraints:
+
+        -  constraints/ainotebooks.accessMode
+        -  constraints/ainotebooks.disableFileDownloads
+        -  constraints/ainotebooks.disableRootAccess
+        -  constraints/ainotebooks.disableTerminal
+        -  constraints/ainotebooks.environmentOptions
+        -  constraints/ainotebooks.requireAutoUpgradeSchedule
+        -  constraints/ainotebooks.restrictVpcNetworks
+        -  constraints/compute.disableGuestAttributesAccess
+        -  constraints/compute.disableInstanceDataAccessApis
+        -  constraints/compute.disableNestedVirtualization
+        -  constraints/compute.disableSerialPortAccess
+        -  constraints/compute.disableSerialPortLogging
+        -  constraints/compute.disableVpcExternalIpv6
+        -  constraints/compute.requireOsLogin
+        -  constraints/compute.requireShieldedVm
+        -  constraints/compute.restrictLoadBalancerCreationForTypes
+        -  constraints/compute.restrictProtocolForwardingCreationForTypes
+        -  constraints/compute.restrictXpnProjectLienRemoval
+        -  constraints/compute.setNewProjectDefaultToZonalDNSOnly
+        -  constraints/compute.skipDefaultNetworkCreation
+        -  constraints/compute.trustedImageProjects
+        -  constraints/compute.vmCanIpForward
+        -  constraints/compute.vmExternalIpAccess
+        -  constraints/gcp.detailedAuditLoggingMode
+        -  constraints/gcp.resourceLocations
+        -  constraints/iam.allowedPolicyMemberDomains
+        -  constraints/iam.automaticIamGrantsForDefaultServiceAccounts
+        -  constraints/iam.disableServiceAccountCreation
+        -  constraints/iam.disableServiceAccountKeyCreation
+        -  constraints/iam.disableServiceAccountKeyUpload
+        -  constraints/iam.restrictCrossProjectServiceAccountLienRemoval
+        -  constraints/iam.serviceAccountKeyExpiryHours
+        -  constraints/resourcemanager.accessBoundaries
+        -  constraints/resourcemanager.allowedExportDestinations
+        -  constraints/sql.restrictAuthorizedNetworks
+        -  constraints/sql.restrictNoncompliantDiagnosticDataAccess
+        -  constraints/sql.restrictNoncompliantResourceCreation
+        -  constraints/sql.restrictPublicIp
+        -  constraints/storage.publicAccessPrevention
+        -  constraints/storage.restrictAuthTypes
+        -  constraints/storage.uniformBucketLevelAccess
 
         This RPC only returns either resources of types `supported by
         search

packages/google-cloud-asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py

@@ -949,18 +949,49 @@ def analyze_org_policy_governed_assets(
 
         Analyzes organization policies governed assets (Google Cloud
         resources or policies) under a scope. This RPC supports custom
-        constraints and the following 10 canned constraints:
-
-        -  storage.uniformBucketLevelAccess
-        -  iam.disableServiceAccountKeyCreation
-        -  iam.allowedPolicyMemberDomains
-        -  compute.vmExternalIpAccess
-        -  appengine.enforceServiceAccountActAsCheck
-        -  gcp.resourceLocations
-        -  compute.trustedImageProjects
-        -  compute.skipDefaultNetworkCreation
-        -  compute.requireOsLogin
-        -  compute.disableNestedVirtualization
+        constraints and the following canned constraints:
+
+        -  constraints/ainotebooks.accessMode
+        -  constraints/ainotebooks.disableFileDownloads
+        -  constraints/ainotebooks.disableRootAccess
+        -  constraints/ainotebooks.disableTerminal
+        -  constraints/ainotebooks.environmentOptions
+        -  constraints/ainotebooks.requireAutoUpgradeSchedule
+        -  constraints/ainotebooks.restrictVpcNetworks
+        -  constraints/compute.disableGuestAttributesAccess
+        -  constraints/compute.disableInstanceDataAccessApis
+        -  constraints/compute.disableNestedVirtualization
+        -  constraints/compute.disableSerialPortAccess
+        -  constraints/compute.disableSerialPortLogging
+        -  constraints/compute.disableVpcExternalIpv6
+        -  constraints/compute.requireOsLogin
+        -  constraints/compute.requireShieldedVm
+        -  constraints/compute.restrictLoadBalancerCreationForTypes
+        -  constraints/compute.restrictProtocolForwardingCreationForTypes
+        -  constraints/compute.restrictXpnProjectLienRemoval
+        -  constraints/compute.setNewProjectDefaultToZonalDNSOnly
+        -  constraints/compute.skipDefaultNetworkCreation
+        -  constraints/compute.trustedImageProjects
+        -  constraints/compute.vmCanIpForward
+        -  constraints/compute.vmExternalIpAccess
+        -  constraints/gcp.detailedAuditLoggingMode
+        -  constraints/gcp.resourceLocations
+        -  constraints/iam.allowedPolicyMemberDomains
+        -  constraints/iam.automaticIamGrantsForDefaultServiceAccounts
+        -  constraints/iam.disableServiceAccountCreation
+        -  constraints/iam.disableServiceAccountKeyCreation
+        -  constraints/iam.disableServiceAccountKeyUpload
+        -  constraints/iam.restrictCrossProjectServiceAccountLienRemoval
+        -  constraints/iam.serviceAccountKeyExpiryHours
+        -  constraints/resourcemanager.accessBoundaries
+        -  constraints/resourcemanager.allowedExportDestinations
+        -  constraints/sql.restrictAuthorizedNetworks
+        -  constraints/sql.restrictNoncompliantDiagnosticDataAccess
+        -  constraints/sql.restrictNoncompliantResourceCreation
+        -  constraints/sql.restrictPublicIp
+        -  constraints/storage.publicAccessPrevention
+        -  constraints/storage.restrictAuthTypes
+        -  constraints/storage.uniformBucketLevelAccess
 
         This RPC only returns either resources of types `supported by
         search