feat: add new searchable fields (memberTypes, roles, project, folders…

… and organization), new request fields (assetTypes and orderBy) and new response fields (assetType, folders and organization) in SearchAllIamPolicies (#511) * feat: add new searchable fields (memberTypes, roles, project, folders and organization), new request fields (assetTypes and orderBy) and new response fields (assetType, folders and organization) in SearchAllIamPolicies PiperOrigin-RevId: 381145907 Source-Link: googleapis/googleapis@5d301f9 Source-Link: googleapis/googleapis-gen@9b332fd * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Benjamin E. Coe <[email protected]> Co-authored-by: Jeffrey Rennie <[email protected]>
googleapis · Jun 29, 2021 · 3bb1b39 · 3bb1b39
1 parent 5d4e4a8
commit 3bb1b39
Show file tree

Hide file tree

Showing 7 changed files with 366 additions and 4 deletions.
diff --git a/packages/google-cloud-asset/protos/google/cloud/asset/v1/asset_service.proto b/packages/google-cloud-asset/protos/google/cloud/asset/v1/asset_service.proto
@@ -838,6 +838,10 @@ message SearchAllIamPoliciesRequest {
   // * `resource:(instance1 OR instance2) policy:amy` to find
   //   IAM policy bindings that are set on resources "instance1" or
   //   "instance2" and also specify user "amy".
+  // * `roles:roles/compute.admin` to find IAM policy bindings that specify the
+  //   Compute Admin role.
+  // * `memberTypes:user` to find IAM policy bindings that contain the "user"
+  //   member type.
   string query = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Optional. The page size for search result pagination. Page size is capped at 500 even
@@ -851,6 +855,36 @@ message SearchAllIamPoliciesRequest {
   // previous response. The values of all other method parameters must be
   // identical to those in the previous call.
   string page_token = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A list of asset types that the IAM policies are attached to. If empty, it
+  // will search the IAM policies that are attached to all the [searchable asset
+  // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+  //
+  // Regular expressions are also supported. For example:
+  //
+  // * "compute.googleapis.com.*" snapshots IAM policies attached to asset type
+  // starts with "compute.googleapis.com".
+  // * ".*Instance" snapshots IAM policies attached to asset type ends with
+  // "Instance".
+  // * ".*Instance.*" snapshots IAM policies attached to asset type contains
+  // "Instance".
+  //
+  // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+  // regular expression syntax. If the regular expression does not match any
+  // supported asset type, an INVALID_ARGUMENT error will be returned.
+  repeated string asset_types = 5 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A comma-separated list of fields specifying the sorting order of the
+  // results. The default order is ascending. Add " DESC" after the field name
+  // to indicate descending order. Redundant space characters are ignored.
+  // Example: "assetType DESC, resource".
+  // Only singular primitive fields in the response are sortable:
+  //   * resource
+  //   * assetType
+  //   * project
+  // All the other fields such as repeated fields (e.g., `folders`) and
+  // non-primitive fields (e.g., `policy`) are not supported.
+  string order_by = 7 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Search all IAM policies response.

diff --git a/packages/google-cloud-asset/protos/google/cloud/asset/v1/assets.proto b/packages/google-cloud-asset/protos/google/cloud/asset/v1/assets.proto
@@ -463,6 +463,14 @@ message IamPolicySearchResult {
   // * use a field query. Example: `resource:organizations/123`
   string resource = 1;
 
+  // The type of the resource associated with this IAM policy. Example:
+  // `compute.googleapis.com/Disk`.
+  //
+  // To search against the `asset_type`:
+  //
+  // * specify the `asset_types` field in your search request.
+  string asset_type = 5;
+
   // The project that the associated GCP resource belongs to, in the form of
   // projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
   // instance, Cloud Storage bucket), the project field will indicate the
@@ -474,6 +482,28 @@ message IamPolicySearchResult {
   // * specify the `scope` field as this project in your search request.
   string project = 2;
 
+  // The folder(s) that the IAM policy belongs to, in the form of
+  // folders/{FOLDER_NUMBER}. This field is available when the IAM policy
+  // belongs to one or more folders.
+  //
+  // To search against `folders`:
+  //
+  // * use a field query. Example: `folders:(123 OR 456)`
+  // * use a free text query. Example: `123`
+  // * specify the `scope` field as this folder in your search request.
+  repeated string folders = 6;
+
+  // The organization that the IAM policy belongs to, in the form
+  // of organizations/{ORGANIZATION_NUMBER}. This field is available when the
+  // IAM policy belongs to an organization.
+  //
+  // To search against `organization`:
+  //
+  // * use a field query. Example: `organization:123`
+  // * use a free text query. Example: `123`
+  // * specify the `scope` field as this organization in your search request.
+  string organization = 7;
+
   // The IAM policy directly set on the given resource. Note that the original
   // IAM policy can contain multiple bindings. This only contains the bindings
   // that match the given query. For queries that don't contain a constrain on

diff --git a/packages/google-cloud-asset/protos/protos.d.ts b/packages/google-cloud-asset/protos/protos.d.ts