docs: update generated docs (#981)
diff --git a/docs/dyn/cloudasset_v1p1beta1.iamPolicies.html b/docs/dyn/cloudasset_v1p1beta1.iamPolicies.html
index bb758b3..0b38742 100644
--- a/docs/dyn/cloudasset_v1p1beta1.iamPolicies.html
+++ b/docs/dyn/cloudasset_v1p1beta1.iamPolicies.html
@@ -75,40 +75,41 @@
<h1><a href="cloudasset_v1p1beta1.html">Cloud Asset API</a> . <a href="cloudasset_v1p1beta1.iamPolicies.html">iamPolicies</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
- <code><a href="#searchAll">searchAll(scope, query=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Searches all the IAM policies under a given accessible CRM scope</p>
+ <code><a href="#searchAll">searchAll(scope, pageSize=None, pageToken=None, query=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Searches all the IAM policies within a given accessible CRM scope</p>
<p class="toc_element">
<code><a href="#searchAll_next">searchAll_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="searchAll">searchAll(scope, query=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
- <pre>Searches all the IAM policies under a given accessible CRM scope
-(project/folder/organization). This RPC gives callers
-especially admins the ability to search all the IAM policies under a scope,
-even if they don't have .getIamPolicy permission of all the IAM policies.
-Callers should have cloud.assets.SearchAllIamPolicies permission on the
-requested scope, otherwise it will be rejected.
+ <code class="details" id="searchAll">searchAll(scope, pageSize=None, pageToken=None, query=None, x__xgafv=None)</code>
+ <pre>Searches all the IAM policies within a given accessible CRM scope
+(project/folder/organization). This RPC gives callers especially
+administrators the ability to search all the IAM policies within a scope,
+even if they don't have `.getIamPolicy` permission of all the IAM policies.
+Callers should have `cloud.assets.SearchAllIamPolicies` permission on the
+requested scope, otherwise the request will be rejected.
Args:
scope: string, Required. The relative name of an asset. The search is limited to the resources
within the `scope`. The allowed value must be:
+
* Organization number (such as "organizations/123")
* Folder number(such as "folders/1234")
* Project number (such as "projects/12345")
* Project id (such as "projects/abc") (required)
- query: string, Optional. The query statement.
-Examples:
-* "policy:myuser@mydomain.com"
-* "policy:(myuser@mydomain.com viewer)"
- pageToken: string, Optional. If present, retrieve the next batch of results from the preceding call to
-this method. `page_token` must be the value of `next_page_token` from the
-previous response. The values of all other method parameters must be
-identical to those in the previous call.
pageSize: integer, Optional. The page size for search result pagination. Page size is capped at 500 even
if a larger value is given. If set to zero, server will pick an appropriate
default. Returned results may be fewer than requested. When this happens,
there could be more results as long as `next_page_token` is returned.
+ pageToken: string, Optional. If present, retrieve the next batch of results from the preceding call to
+this method. `page_token` must be the value of `next_page_token` from the
+previous response. The values of all other method parameters must be
+identical to those in the previous call.
+ query: string, Optional. The query statement. Examples:
+
+* "policy:myuser@mydomain.com"
+* "policy:(myuser@mydomain.com viewer)"
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -118,6 +119,9 @@
An object of the form:
{ # Search all IAM policies response.
+ "nextPageToken": "A String", # Set if there are more results than those appearing in this response; to get
+ # the next set of results, call this method again, using this value as the
+ # `page_token`.
"results": [ # A list of IamPolicy that match the search query. Related information such
# as the associated resource is returned along with the policy.
{ # The result for a IAM Policy search.
@@ -126,6 +130,20 @@
# instance, Cloud Storage bucket), the project field will indicate the
# project that contains the resource. If an IAM policy is set on a folder or
# orgnization, the project field will be empty.
+ "explanation": { # Explanation about the IAM policy search result. # Explanation about the IAM policy search result. It contains additional
+ # information to explain why the search result matches the query.
+ "matchedPermissions": { # The map from roles to their included permission matching the permission
+ # query (e.g. containing `policy.role.permissions:`). A sample role string:
+ # "roles/compute.instanceAdmin". The roles can also be found in the
+ # returned `policy` bindings. Note that the map is populated only if
+ # requesting with a permission query.
+ "a_key": { # IAM permissions
+ "permissions": [ # A list of permissions. A sample permission string: "compute.disk.get".
+ "A String",
+ ],
+ },
+ },
+ },
"policy": { # An Identity and Access Management (IAM) policy, which specifies access # The IAM policy directly set on the given resource. Note that the original
# IAM policy can contain multiple bindings. This only contains the bindings
# that match the given query. For queries that don't contain a constrain on
@@ -196,18 +214,6 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
"version": 42, # Specifies the format of the policy.
#
# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -232,95 +238,12 @@
#
# To learn which resources support conditions in their IAM policies, see the
# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- "logType": "A String", # The log type that this config enables.
- },
- ],
- },
- ],
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
#
# If the condition evaluates to `true`, then this binding applies to the
@@ -363,15 +286,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
"description": "A String", # Optional. Description of the expression. This is a longer text which
# describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language
# syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -418,33 +341,111 @@
#
"A String",
],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # },
+ # {
+ # "log_type": "ADMIN_READ"
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ"
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "logType": "A String", # The log type that this config enables.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ },
+ ],
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
},
"resource": "A String", # The [full resource
# name](https://cloud.google.com/apis/design/resource_names#full_resource_name)
# of the resource associated with this IAM policy.
- "explanation": { # Explanation about the IAM policy search result. # Explanation about the IAM policy search result. It contains additional
- # information to explain why the search result matches the query.
- "matchedPermissions": { # The map from roles to their included permission matching the permission
- # query (e.g. containing `policy.role.permissions:`). A sample role string:
- # "roles/compute.instanceAdmin". The roles can also be found in the
- # returned `policy` bindings. Note that the map is populated only if
- # requesting with a permission query.
- "a_key": { # IAM permissions
- "permissions": [ # A list of permissions. A sample permission string: "compute.disk.get".
- "A String",
- ],
- },
- },
- },
},
],
- "nextPageToken": "A String", # Set if there are more results than those appearing in this response; to get
- # the next set of results, call this method again, using this value as the
- # `page_token`.
}</pre>
</div>