chore: Update discovery artifacts (#1291)
* chore: update docs/dyn/index.md
* chore(abusiveexperiencereport): update the api
* chore(acceleratedmobilepageurl): update the api
* chore(accessapproval): update the api
* chore(accesscontextmanager): update the api
* chore(adexchangebuyer2): update the api
* chore(adexperiencereport): update the api
* chore(admob): update the api
* chore(analytics): update the api
* chore(analyticsreporting): update the api
* chore(androiddeviceprovisioning): update the api
* chore(androidenterprise): update the api
* chore(androidpublisher): update the api
* chore(apigateway): update the api
* chore(artifactregistry): update the api
* chore(bigqueryconnection): update the api
* chore(bigquerydatatransfer): update the api
* chore(billingbudgets): update the api
* chore(binaryauthorization): update the api
* chore(blogger): update the api
* chore(books): update the api
* chore(calendar): update the api
* chore(chat): update the api
* chore(chromeuxreport): update the api
* chore(civicinfo): update the api
* chore(classroom): update the api
* chore(cloudbilling): update the api
* chore(cloudbuild): update the api
* chore(clouddebugger): update the api
* chore(clouderrorreporting): update the api
* chore(cloudfunctions): update the api
* chore(cloudidentity): update the api
* chore(cloudiot): update the api
* chore(cloudkms): update the api
* chore(cloudprofiler): update the api
* chore(cloudresourcemanager): update the api
* chore(cloudscheduler): update the api
* chore(cloudshell): update the api
* chore(cloudtasks): update the api
* chore(cloudtrace): update the api
* chore(composer): update the api
* chore(containeranalysis): update the api
* chore(content): update the api
* chore(customsearch): update the api
* chore(datacatalog): update the api
* chore(datafusion): update the api
* chore(datamigration): update the api
* chore(datastore): update the api
* chore(deploymentmanager): update the api
* chore(digitalassetlinks): update the api
* chore(displayvideo): update the api
* chore(dlp): update the api
* chore(dns): update the api
* chore(docs): update the api
* chore(domains): update the api
* chore(domainsrdap): update the api
* chore(doubleclickbidmanager): update the api
* chore(doubleclicksearch): update the api
* chore(drive): update the api
* chore(driveactivity): update the api
* chore(eventarc): update the api
* chore(factchecktools): update the api
* chore(fcm): update the api
* chore(file): update the api
* chore(firebase): update the api
* chore(firebasedatabase): update the api
* chore(firebasedynamiclinks): update the api
* chore(firebasehosting): update the api
* chore(firebaseml): update the api
* chore(firebaserules): update the api
* chore(firestore): update the api
* chore(fitness): update the api
* chore(gamesConfiguration): update the api
* chore(gamesManagement): update the api
* chore(gameservices): update the api
* chore(genomics): update the api
* chore(gmail): update the api
* chore(gmailpostmastertools): update the api
* chore(groupsmigration): update the api
* chore(groupssettings): update the api
* chore(healthcare): update the api
* chore(iam): update the api
* chore(iamcredentials): update the api
* chore(iap): update the api
* chore(identitytoolkit): update the api
* chore(indexing): update the api
* chore(jobs): update the api
* chore(kgsearch): update the api
* chore(language): update the api
* chore(libraryagent): update the api
* chore(licensing): update the api
* chore(lifesciences): update the api
* chore(logging): update the api
* chore(managedidentities): update the api
* chore(manufacturers): update the api
* chore(memcache): update the api
* chore(ml): update the api
* chore(monitoring): update the api
* chore(networkmanagement): update the api
* chore(osconfig): update the api
* chore(pagespeedonline): update the api
* chore(playablelocations): update the api
* chore(playcustomapp): update the api
* chore(policytroubleshooter): update the api
* chore(poly): update the api
* chore(privateca): update the api
* chore(prod_tt_sasportal): update the api
* chore(pubsub): update the api
* chore(pubsublite): update the api
* chore(realtimebidding): update the api
* chore(recommendationengine): update the api
* chore(recommender): update the api
* chore(redis): update the api
* chore(remotebuildexecution): update the api
* chore(reseller): update the api
* chore(runtimeconfig): update the api
* chore(safebrowsing): update the api
* chore(sasportal): update the api
* chore(script): update the api
* chore(searchconsole): update the api
* chore(secretmanager): update the api
* chore(servicecontrol): update the api
* chore(servicedirectory): update the api
* chore(siteVerification): update the api
* chore(slides): update the api
* chore(smartdevicemanagement): update the api
* chore(sourcerepo): update the api
* chore(sqladmin): update the api
* chore(storage): update the api
* chore(storagetransfer): update the api
* chore(streetviewpublish): update the api
* chore(sts): update the api
* chore(tagmanager): update the api
* chore(tasks): update the api
* chore(testing): update the api
* chore(texttospeech): update the api
* chore(toolresults): update the api
* chore(trafficdirector): update the api
* chore(transcoder): update the api
* chore(translate): update the api
* chore(vault): update the api
* chore(vectortile): update the api
* chore(verifiedaccess): update the api
* chore(videointelligence): update the api
* chore(vision): update the api
* chore(webfonts): update the api
* chore(webmasters): update the api
* chore(websecurityscanner): update the api
* chore(workflowexecutions): update the api
* chore(workflows): update the api
* chore(youtubeAnalytics): update the api
* chore(youtubereporting): update the api
* chore(docs): Add new discovery artifacts and reference documents
diff --git a/docs/dyn/cloudasset_v1.v1.html b/docs/dyn/cloudasset_v1.v1.html
index 9d03a37..9c09f70 100644
--- a/docs/dyn/cloudasset_v1.v1.html
+++ b/docs/dyn/cloudasset_v1.v1.html
@@ -75,7 +75,7 @@
<h1><a href="cloudasset_v1.html">Cloud Asset API</a> . <a href="cloudasset_v1.v1.html">v1</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
- <code><a href="#analyzeIamPolicy">analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, x__xgafv=None)</a></code></p>
+ <code><a href="#analyzeIamPolicy">analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_conditionContext_accessTime=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, x__xgafv=None)</a></code></p>
<p class="firstline">Analyzes IAM policies to answer which identities have what accesses on which resources.</p>
<p class="toc_element">
<code><a href="#analyzeIamPolicyLongrunning">analyzeIamPolicyLongrunning(scope, body=None, x__xgafv=None)</a></code></p>
@@ -103,13 +103,14 @@
<p class="firstline">Retrieves the next page of results.</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="analyzeIamPolicy">analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, x__xgafv=None)</code>
+ <code class="details" id="analyzeIamPolicy">analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_conditionContext_accessTime=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, x__xgafv=None)</code>
<pre>Analyzes IAM policies to answer which identities have what accesses on which resources.
Args:
scope: string, Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects). (required)
analysisQuery_accessSelector_permissions: string, Optional. The permissions to appear in result. (repeated)
analysisQuery_accessSelector_roles: string, Optional. The roles to appear in result. (repeated)
+ analysisQuery_conditionContext_accessTime: string, The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
analysisQuery_identitySelector_identity: string, Required. The identity appear in the form of members in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
analysisQuery_options_analyzeServiceAccountImpersonation: boolean, Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
analysisQuery_options_expandGroups: boolean, Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
@@ -139,6 +140,9 @@
"A String",
],
},
+ "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+ "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+ },
"identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
"identity": "A String", # Required. The identity appear in the form of members in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
},
@@ -169,6 +173,9 @@
"role": "A String", # The role.
},
],
+ "conditionEvaluation": { # The Condition evaluation. # Condition evaluation for this AccessControlList, if there is a condition defined in the above IAM policy binding.
+ "evaluationValue": "A String", # The evaluation result.
+ },
"resourceEdges": [ # Resource edges of the graph starting from the policy attached resource to any descendant resources. The Edge.source_node contains the full resource name of a parent resource and Edge.target_node contains the full resource name of a child resource. This field is present only if the output_resource_edges option is enabled in request.
{ # A directional edge.
"sourceNode": "A String", # The source node of the edge. For example, it could be a full resource name for a resource node or an email of an identity.
@@ -238,6 +245,9 @@
"A String",
],
},
+ "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+ "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+ },
"identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
"identity": "A String", # Required. The identity appear in the form of members in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
},
@@ -268,6 +278,9 @@
"role": "A String", # The role.
},
],
+ "conditionEvaluation": { # The Condition evaluation. # Condition evaluation for this AccessControlList, if there is a condition defined in the above IAM policy binding.
+ "evaluationValue": "A String", # The evaluation result.
+ },
"resourceEdges": [ # Resource edges of the graph starting from the policy attached resource to any descendant resources. The Edge.source_node contains the full resource name of a parent resource and Edge.target_node contains the full resource name of a child resource. This field is present only if the output_resource_edges option is enabled in request.
{ # A directional edge.
"sourceNode": "A String", # The source node of the edge. For example, it could be a full resource name for a resource node or an email of an identity.
@@ -349,6 +362,9 @@
"A String",
],
},
+ "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+ "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+ },
"identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
"identity": "A String", # Required. The identity appear in the form of members in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
},
@@ -1492,7 +1508,7 @@
],
"organization": "A String", # The organization that this resource belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs to an organization. To search against `organization`: * use a field query. Example: `organization:123` * use a free text query. Example: `123` * specify the `scope` field as this organization in your search request.
"parentAssetType": "A String", # The type of this resource's immediate parent, if there is one. To search against the `parent_asset_type`: * use a field query. Example: `parentAssetType:"cloudresourcemanager.googleapis.com/Project"` * use a free text query. Example: `cloudresourcemanager.googleapis.com/Project`
- "parentFullResourceName": "A String", # The full resource name of this resource's parent, if it has one.
+ "parentFullResourceName": "A String", # The full resource name of this resource's parent, if it has one. To search against the `parent_full_resource_name`: * use a field query. Example: `parentFullResourceName:"project-name"` * use a free text query. Example: `project-name`
"project": "A String", # The project that this resource belongs to, in the form of projects/{PROJECT_NUMBER}. This field is available when the resource belongs to a project. To search against `project`: * use a field query. Example: `project:12345` * use a free text query. Example: `12345` * specify the `scope` field as this project in your search request.
"state": "A String", # The state of this resource. Different resources types have different state definitions that are mapped from various fields of different resource types. This field is available only when the resource's proto contains it. Example: If the resource is an instance provided by Compute Engine, its state will include PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. See `status` definition in [API Reference](https://cloud.google.com/compute/docs/reference/rest/v1/instances). If the resource is a project provided by Cloud Resource Manager, its state will include LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED and DELETE_IN_PROGRESS. See `lifecycleState` definition in [API Reference](https://cloud.google.com/resource-manager/reference/rest/v1/projects). To search against the `state`: * use a field query. Example: `state:RUNNING` * use a free text query. Example: `RUNNING`
"updateTime": "A String", # The last update timestamp of this resource, at which the resource was last modified or deleted. The granularity is in seconds. Timestamp.nanos will always be 0. This field is available only when the resource's proto contains it. To search against `update_time`: * use a field query (value in seconds). Example: `updateTime < 1594294238`