feat: add new searchable fields (memberTypes, roles, project, folders…

… and organization), new request fields (assetTypes and orderBy) and new response fields (assetType, folders and organization) in SearchAllIamPolicies (#768) PiperOrigin-RevId: 381145907 Source-Link: googleapis/googleapis@5d301f9 Source-Link: googleapis/googleapis-gen@9b332fd
googleapis · Jul 5, 2021 · ee08408 · ee08408
1 parent 92a0034
commit ee08408
Show file tree

Hide file tree

Showing 10 changed files with 2,049 additions and 192 deletions.
diff --git a/google-cloud-asset/src/main/java/com/google/cloud/asset/v1/AssetServiceClient.java b/google-cloud-asset/src/main/java/com/google/cloud/asset/v1/AssetServiceClient.java
@@ -1138,6 +1138,9 @@ public final SearchAllResourcesPagedResponse searchAllResources(
    *           the searchable fields (except for the included permissions).
    *       <li>`resource:(instance1 OR instance2) policy:amy` to find IAM policy bindings that are
    *           set on resources "instance1" or "instance2" and also specify user "amy".
+   *       <li>`roles:roles/compute.admin` to find IAM policy bindings that specify the Compute
+   *           Admin role.
+   *       <li>`memberTypes:user` to find IAM policy bindings that contain the "user" member type.
    *     </ul>
    *
    * @throws com.google.api.gax.rpc.ApiException if the remote call fails
@@ -1164,6 +1167,8 @@ public final SearchAllIamPoliciesPagedResponse searchAllIamPolicies(String scope
    *           .setQuery("query107944136")
    *           .setPageSize(883849137)
    *           .setPageToken("pageToken873572522")
+   *           .addAllAssetTypes(new ArrayList<String>())
+   *           .setOrderBy("orderBy-1207110587")
    *           .build();
    *   for (IamPolicySearchResult element :
    *       assetServiceClient.searchAllIamPolicies(request).iterateAll()) {
@@ -1196,6 +1201,8 @@ public final SearchAllIamPoliciesPagedResponse searchAllIamPolicies(
    *           .setQuery("query107944136")
    *           .setPageSize(883849137)
    *           .setPageToken("pageToken873572522")
+   *           .addAllAssetTypes(new ArrayList<String>())
+   *           .setOrderBy("orderBy-1207110587")
    *           .build();
    *   ApiFuture<IamPolicySearchResult> future =
    *       assetServiceClient.searchAllIamPoliciesPagedCallable().futureCall(request);
@@ -1227,6 +1234,8 @@ public final SearchAllIamPoliciesPagedResponse searchAllIamPolicies(
    *           .setQuery("query107944136")
    *           .setPageSize(883849137)
    *           .setPageToken("pageToken873572522")
+   *           .addAllAssetTypes(new ArrayList<String>())
+   *           .setOrderBy("orderBy-1207110587")
    *           .build();
    *   while (true) {
    *     SearchAllIamPoliciesResponse response =

diff --git a/...le-cloud-asset/src/main/java/com/google/cloud/asset/v1/stub/AssetServiceStubSettings.java b/...le-cloud-asset/src/main/java/com/google/cloud/asset/v1/stub/AssetServiceStubSettings.java
@@ -560,9 +560,7 @@ public static class Builder extends StubSettings.Builder<AssetServiceStubSetting
                   StatusCode.Code.DEADLINE_EXCEEDED, StatusCode.Code.UNAVAILABLE)));
       definitions.put(
           "retry_policy_2_codes",
-          ImmutableSet.copyOf(
-              Lists.<StatusCode.Code>newArrayList(
-                  StatusCode.Code.DEADLINE_EXCEEDED, StatusCode.Code.UNAVAILABLE)));
+          ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList(StatusCode.Code.UNAVAILABLE)));
       definitions.put(
           "retry_policy_3_codes",
           ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList(StatusCode.Code.UNAVAILABLE)));
@@ -598,10 +596,10 @@ public static class Builder extends StubSettings.Builder<AssetServiceStubSetting
               .setInitialRetryDelay(Duration.ofMillis(100L))
               .setRetryDelayMultiplier(1.3)
               .setMaxRetryDelay(Duration.ofMillis(60000L))
-              .setInitialRpcTimeout(Duration.ofMillis(15000L))
+              .setInitialRpcTimeout(Duration.ofMillis(30000L))
               .setRpcTimeoutMultiplier(1.0)
-              .setMaxRpcTimeout(Duration.ofMillis(15000L))
-              .setTotalTimeout(Duration.ofMillis(15000L))
+              .setMaxRpcTimeout(Duration.ofMillis(30000L))
+              .setTotalTimeout(Duration.ofMillis(30000L))
               .build();
       definitions.put("retry_policy_2_params", settings);
       settings =

diff --git a/proto-google-cloud-asset-v1/src/main/java/com/google/cloud/asset/v1/AssetProto.java b/proto-google-cloud-asset-v1/src/main/java/com/google/cloud/asset/v1/AssetProto.java
@@ -171,60 +171,61 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "_attributes\030\t \001(\0132\027.google.protobuf.Stru"
           + "ct\022!\n\031parent_full_resource_name\030\023 \001(\t\022\031\n"
           + "\021parent_asset_type\030g \001(\t\032-\n\013LabelsEntry\022"
-          + "\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"\324\003\n\025IamP"
-          + "olicySearchResult\022\020\n\010resource\030\001 \001(\t\022\017\n\007p"
-          + "roject\030\002 \001(\t\022%\n\006policy\030\003 \001(\0132\025.google.ia"
-          + "m.v1.Policy\022M\n\013explanation\030\004 \001(\01328.googl"
-          + "e.cloud.asset.v1.IamPolicySearchResult.E"
-          + "xplanation\032\241\002\n\013Explanation\022m\n\023matched_pe"
-          + "rmissions\030\001 \003(\0132P.google.cloud.asset.v1."
-          + "IamPolicySearchResult.Explanation.Matche"
-          + "dPermissionsEntry\032\"\n\013Permissions\022\023\n\013perm"
-          + "issions\030\001 \003(\t\032\177\n\027MatchedPermissionsEntry"
-          + "\022\013\n\003key\030\001 \001(\t\022S\n\005value\030\002 \001(\0132D.google.cl"
-          + "oud.asset.v1.IamPolicySearchResult.Expla"
-          + "nation.Permissions:\0028\001\"G\n\026IamPolicyAnaly"
-          + "sisState\022\036\n\004code\030\001 \001(\0162\020.google.rpc.Code"
-          + "\022\r\n\005cause\030\002 \001(\t\"\306\001\n\023ConditionEvaluation\022"
-          + "T\n\020evaluation_value\030\001 \001(\0162:.google.cloud"
-          + ".asset.v1.ConditionEvaluation.Evaluation"
-          + "Value\"Y\n\017EvaluationValue\022 \n\034EVALUATION_V"
-          + "ALUE_UNSPECIFIED\020\000\022\010\n\004TRUE\020\001\022\t\n\005FALSE\020\002\022"
-          + "\017\n\013CONDITIONAL\020\003\"\253\t\n\027IamPolicyAnalysisRe"
-          + "sult\022#\n\033attached_resource_full_name\030\001 \001("
-          + "\t\022+\n\013iam_binding\030\002 \001(\0132\026.google.iam.v1.B"
-          + "inding\022^\n\024access_control_lists\030\003 \003(\0132@.g"
-          + "oogle.cloud.asset.v1.IamPolicyAnalysisRe"
-          + "sult.AccessControlList\022R\n\ridentity_list\030"
-          + "\004 \001(\0132;.google.cloud.asset.v1.IamPolicyA"
-          + "nalysisResult.IdentityList\022\026\n\016fully_expl"
-          + "ored\030\005 \001(\010\032m\n\010Resource\022\032\n\022full_resource_"
-          + "name\030\001 \001(\t\022E\n\016analysis_state\030\002 \001(\0132-.goo"
-          + "gle.cloud.asset.v1.IamPolicyAnalysisStat"
-          + "e\032\205\001\n\006Access\022\016\n\004role\030\001 \001(\tH\000\022\024\n\npermissi"
-          + "on\030\002 \001(\tH\000\022E\n\016analysis_state\030\003 \001(\0132-.goo"
-          + "gle.cloud.asset.v1.IamPolicyAnalysisStat"
-          + "eB\016\n\014oneof_access\032_\n\010Identity\022\014\n\004name\030\001 "
-          + "\001(\t\022E\n\016analysis_state\030\002 \001(\0132-.google.clo"
-          + "ud.asset.v1.IamPolicyAnalysisState\0320\n\004Ed"
-          + "ge\022\023\n\013source_node\030\001 \001(\t\022\023\n\013target_node\030\002"
-          + " \001(\t\032\277\002\n\021AccessControlList\022J\n\tresources\030"
-          + "\001 \003(\01327.google.cloud.asset.v1.IamPolicyA"
-          + "nalysisResult.Resource\022G\n\010accesses\030\002 \003(\013"
-          + "25.google.cloud.asset.v1.IamPolicyAnalys"
-          + "isResult.Access\022K\n\016resource_edges\030\003 \003(\0132"
-          + "3.google.cloud.asset.v1.IamPolicyAnalysi"
-          + "sResult.Edge\022H\n\024condition_evaluation\030\004 \001"
-          + "(\0132*.google.cloud.asset.v1.ConditionEval"
-          + "uation\032\245\001\n\014IdentityList\022K\n\nidentities\030\001 "
-          + "\003(\01327.google.cloud.asset.v1.IamPolicyAna"
-          + "lysisResult.Identity\022H\n\013group_edges\030\002 \003("
-          + "\01323.google.cloud.asset.v1.IamPolicyAnaly"
-          + "sisResult.EdgeB\230\001\n\031com.google.cloud.asse"
-          + "t.v1B\nAssetProtoP\001Z:google.golang.org/ge"
-          + "nproto/googleapis/cloud/asset/v1;asset\370\001"
-          + "\001\252\002\025Google.Cloud.Asset.V1\312\002\025Google\\Cloud"
-          + "\\Asset\\V1b\006proto3"
+          + "\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\"\217\004\n\025IamP"
+          + "olicySearchResult\022\020\n\010resource\030\001 \001(\t\022\022\n\na"
+          + "sset_type\030\005 \001(\t\022\017\n\007project\030\002 \001(\t\022\017\n\007fold"
+          + "ers\030\006 \003(\t\022\024\n\014organization\030\007 \001(\t\022%\n\006polic"
+          + "y\030\003 \001(\0132\025.google.iam.v1.Policy\022M\n\013explan"
+          + "ation\030\004 \001(\01328.google.cloud.asset.v1.IamP"
+          + "olicySearchResult.Explanation\032\241\002\n\013Explan"
+          + "ation\022m\n\023matched_permissions\030\001 \003(\0132P.goo"
+          + "gle.cloud.asset.v1.IamPolicySearchResult"
+          + ".Explanation.MatchedPermissionsEntry\032\"\n\013"
+          + "Permissions\022\023\n\013permissions\030\001 \003(\t\032\177\n\027Matc"
+          + "hedPermissionsEntry\022\013\n\003key\030\001 \001(\t\022S\n\005valu"
+          + "e\030\002 \001(\0132D.google.cloud.asset.v1.IamPolic"
+          + "ySearchResult.Explanation.Permissions:\0028"
+          + "\001\"G\n\026IamPolicyAnalysisState\022\036\n\004code\030\001 \001("
+          + "\0162\020.google.rpc.Code\022\r\n\005cause\030\002 \001(\t\"\306\001\n\023C"
+          + "onditionEvaluation\022T\n\020evaluation_value\030\001"
+          + " \001(\0162:.google.cloud.asset.v1.ConditionEv"
+          + "aluation.EvaluationValue\"Y\n\017EvaluationVa"
+          + "lue\022 \n\034EVALUATION_VALUE_UNSPECIFIED\020\000\022\010\n"
+          + "\004TRUE\020\001\022\t\n\005FALSE\020\002\022\017\n\013CONDITIONAL\020\003\"\253\t\n\027"
+          + "IamPolicyAnalysisResult\022#\n\033attached_reso"
+          + "urce_full_name\030\001 \001(\t\022+\n\013iam_binding\030\002 \001("
+          + "\0132\026.google.iam.v1.Binding\022^\n\024access_cont"
+          + "rol_lists\030\003 \003(\0132@.google.cloud.asset.v1."
+          + "IamPolicyAnalysisResult.AccessControlLis"
+          + "t\022R\n\ridentity_list\030\004 \001(\0132;.google.cloud."
+          + "asset.v1.IamPolicyAnalysisResult.Identit"
+          + "yList\022\026\n\016fully_explored\030\005 \001(\010\032m\n\010Resourc"
+          + "e\022\032\n\022full_resource_name\030\001 \001(\t\022E\n\016analysi"
+          + "s_state\030\002 \001(\0132-.google.cloud.asset.v1.Ia"
+          + "mPolicyAnalysisState\032\205\001\n\006Access\022\016\n\004role\030"
+          + "\001 \001(\tH\000\022\024\n\npermission\030\002 \001(\tH\000\022E\n\016analysi"
+          + "s_state\030\003 \001(\0132-.google.cloud.asset.v1.Ia"
+          + "mPolicyAnalysisStateB\016\n\014oneof_access\032_\n\010"
+          + "Identity\022\014\n\004name\030\001 \001(\t\022E\n\016analysis_state"
+          + "\030\002 \001(\0132-.google.cloud.asset.v1.IamPolicy"
+          + "AnalysisState\0320\n\004Edge\022\023\n\013source_node\030\001 \001"
+          + "(\t\022\023\n\013target_node\030\002 \001(\t\032\277\002\n\021AccessContro"
+          + "lList\022J\n\tresources\030\001 \003(\01327.google.cloud."
+          + "asset.v1.IamPolicyAnalysisResult.Resourc"
+          + "e\022G\n\010accesses\030\002 \003(\01325.google.cloud.asset"
+          + ".v1.IamPolicyAnalysisResult.Access\022K\n\016re"
+          + "source_edges\030\003 \003(\01323.google.cloud.asset."
+          + "v1.IamPolicyAnalysisResult.Edge\022H\n\024condi"
+          + "tion_evaluation\030\004 \001(\0132*.google.cloud.ass"
+          + "et.v1.ConditionEvaluation\032\245\001\n\014IdentityLi"
+          + "st\022K\n\nidentities\030\001 \003(\01327.google.cloud.as"
+          + "set.v1.IamPolicyAnalysisResult.Identity\022"
+          + "H\n\013group_edges\030\002 \003(\01323.google.cloud.asse"
+          + "t.v1.IamPolicyAnalysisResult.EdgeB\230\001\n\031co"
+          + "m.google.cloud.asset.v1B\nAssetProtoP\001Z:g"
+          + "oogle.golang.org/genproto/googleapis/clo"
+          + "ud/asset/v1;asset\370\001\001\252\002\025Google.Cloud.Asse"
+          + "t.V1\312\002\025Google\\Cloud\\Asset\\V1b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -332,7 +333,13 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
         new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
             internal_static_google_cloud_asset_v1_IamPolicySearchResult_descriptor,
             new java.lang.String[] {
-              "Resource", "Project", "Policy", "Explanation",
+              "Resource",
+              "AssetType",
+              "Project",
+              "Folders",
+              "Organization",
+              "Policy",
+              "Explanation",
             });
     internal_static_google_cloud_asset_v1_IamPolicySearchResult_Explanation_descriptor =
         internal_static_google_cloud_asset_v1_IamPolicySearchResult_descriptor