From ebc38bf1e9ad03347f7e2eda960027b982295df9 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Fri, 23 Jan 2026 12:05:20 +0000 Subject: [PATCH 1/5] Fix pager test assertions for ListValue and Struct types Relax assertion checks in generated pager tests to allow `Sequence` for `struct_pb2.ListValue` and `Mapping` for `struct_pb2.Struct`, as `proto-plus` converts these WKTs to native Python types. Also handles `struct_pb2.Value` mapping to `Any`. This fixes an `AssertionError` where tests expected `struct_pb2.ListValue` instances but received list-like objects (e.g. `RepeatedComposite` or `list`). --- .../%name_%version/%sub/test_%service.py.j2 | 1 + .../gapic/%name_%version/%sub/test_macros.j2 | 30 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 index c0e92cd9d6..78f5ad469d 100644 --- a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 +++ b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_%service.py.j2 @@ -26,6 +26,7 @@ from google.protobuf import json_format import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_macros.j2 b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_macros.j2 index f15326d670..2ab58f5cb8 100644 --- a/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_macros.j2 +++ b/gapic/templates/tests/unit/gapic/%name_%version/%sub/test_macros.j2 @@ -752,8 +752,18 @@ def test_{{ method_name }}_pager(transport_name: str = "grpc"): results = list(pager) assert len(results) == 6 + {% if method.paged_result_field.type.ident|string == 'struct_pb2.ListValue' %} + assert all(isinstance(i, Sequence) + for i in results) + {% elif method.paged_result_field.type.ident|string == 'struct_pb2.Struct' %} + assert all(isinstance(i, Mapping) + for i in results) + {% elif method.paged_result_field.type.ident|string == 'struct_pb2.Value' %} + assert all(True for i in results) + {% else %} assert all(isinstance(i, {{ method.paged_result_field.type.ident }}) for i in results) + {% endif %} {% endif %} def test_{{ method_name }}_pages(transport_name: str = "grpc"): client = {{ service.client_name }}( @@ -913,9 +923,19 @@ async def test_{{ method_name }}_async_pager(): assert async_pager.get('a') is None assert isinstance(async_pager.get('h'), {{ method.paged_result_field.type.fields.get('value').ident }}) {% else %} + {% if method.paged_result_field.type.ident|string == 'struct_pb2.ListValue' %} + assert all(isinstance(i, Sequence) + for i in responses) + {% elif method.paged_result_field.type.ident|string == 'struct_pb2.Struct' %} + assert all(isinstance(i, Mapping) + for i in responses) + {% elif method.paged_result_field.type.ident|string == 'struct_pb2.Value' %} + assert all(True for i in responses) + {% else %} assert all(isinstance(i, {{ method.paged_result_field.type.ident }}) for i in responses) {% endif %} + {% endif %} @pytest.mark.asyncio @@ -1412,9 +1432,19 @@ def test_{{ method_name }}_rest_pager(transport: str = 'rest'): assert pager.get('a') is None assert isinstance(pager.get('h'), {{ method.paged_result_field.type.fields.get('value').ident }}) {% else %} + {% if method.paged_result_field.type.ident|string == 'struct_pb2.ListValue' %} + assert all(isinstance(i, Sequence) + for i in results) + {% elif method.paged_result_field.type.ident|string == 'struct_pb2.Struct' %} + assert all(isinstance(i, Mapping) + for i in results) + {% elif method.paged_result_field.type.ident|string == 'struct_pb2.Value' %} + assert all(True for i in results) + {% else %} assert all(isinstance(i, {{ method.paged_result_field.type.ident }}) for i in results) {% endif %} + {% endif %} pages = list(client.{{ method_name }}(request=sample_request).pages) for page_, token in zip(pages, ['abc','def','ghi', '']): From dbc1a973ded0ffa6d7e242364f55b98aad061751 Mon Sep 17 00:00:00 2001 From: chalmer lowe Date: Tue, 3 Feb 2026 13:45:48 -0500 Subject: [PATCH 2/5] updates goldens --- .../asset/google/cloud/asset/__init__.py | 4 + .../asset/google/cloud/asset_v1/__init__.py | 4 + .../services/asset_service/async_client.py | 253 +++++++---- .../asset_v1/services/asset_service/client.py | 253 +++++++---- .../services/asset_service/transports/grpc.py | 73 +++- .../asset_service/transports/grpc_asyncio.py | 73 +++- .../google/cloud/asset_v1/types/__init__.py | 4 + .../cloud/asset_v1/types/asset_service.py | 411 ++++++++++++------ .../google/cloud/asset_v1/types/assets.py | 204 ++++++++- .../unit/gapic/asset_v1/test_asset_service.py | 1 + .../credentials_v1/test_iam_credentials.py | 1 + .../unit/gapic/eventarc_v1/test_eventarc.py | 1 + .../logging_v2/test_config_service_v2.py | 1 + .../logging_v2/test_logging_service_v2.py | 1 + .../logging_v2/test_metrics_service_v2.py | 1 + .../logging_v2/test_config_service_v2.py | 1 + .../logging_v2/test_logging_service_v2.py | 1 + .../logging_v2/test_metrics_service_v2.py | 1 + .../unit/gapic/redis_v1/test_cloud_redis.py | 1 + .../unit/gapic/redis_v1/test_cloud_redis.py | 1 + 20 files changed, 941 insertions(+), 349 deletions(-) diff --git a/tests/integration/goldens/asset/google/cloud/asset/__init__.py b/tests/integration/goldens/asset/google/cloud/asset/__init__.py index fd9404f4b6..225b797f49 100755 --- a/tests/integration/goldens/asset/google/cloud/asset/__init__.py +++ b/tests/integration/goldens/asset/google/cloud/asset/__init__.py @@ -85,6 +85,7 @@ from google.cloud.asset_v1.types.assets import Asset from google.cloud.asset_v1.types.assets import AttachedResource from google.cloud.asset_v1.types.assets import ConditionEvaluation +from google.cloud.asset_v1.types.assets import EffectiveTagDetails from google.cloud.asset_v1.types.assets import IamPolicyAnalysisResult from google.cloud.asset_v1.types.assets import IamPolicyAnalysisState from google.cloud.asset_v1.types.assets import IamPolicySearchResult @@ -95,6 +96,7 @@ from google.cloud.asset_v1.types.assets import RelationshipAttributes from google.cloud.asset_v1.types.assets import Resource from google.cloud.asset_v1.types.assets import ResourceSearchResult +from google.cloud.asset_v1.types.assets import Tag from google.cloud.asset_v1.types.assets import TemporalAsset from google.cloud.asset_v1.types.assets import TimeWindow from google.cloud.asset_v1.types.assets import VersionedResource @@ -165,6 +167,7 @@ 'Asset', 'AttachedResource', 'ConditionEvaluation', + 'EffectiveTagDetails', 'IamPolicyAnalysisResult', 'IamPolicyAnalysisState', 'IamPolicySearchResult', @@ -175,6 +178,7 @@ 'RelationshipAttributes', 'Resource', 'ResourceSearchResult', + 'Tag', 'TemporalAsset', 'TimeWindow', 'VersionedResource', diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py b/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py index 31068ac472..125e175091 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py @@ -95,6 +95,7 @@ from .types.assets import Asset from .types.assets import AttachedResource from .types.assets import ConditionEvaluation +from .types.assets import EffectiveTagDetails from .types.assets import IamPolicyAnalysisResult from .types.assets import IamPolicyAnalysisState from .types.assets import IamPolicySearchResult @@ -105,6 +106,7 @@ from .types.assets import RelationshipAttributes from .types.assets import Resource from .types.assets import ResourceSearchResult +from .types.assets import Tag from .types.assets import TemporalAsset from .types.assets import TimeWindow from .types.assets import VersionedResource @@ -224,6 +226,7 @@ def _get_version(dependency_name): 'CreateSavedQueryRequest', 'DeleteFeedRequest', 'DeleteSavedQueryRequest', +'EffectiveTagDetails', 'ExportAssetsRequest', 'ExportAssetsResponse', 'Feed', @@ -268,6 +271,7 @@ def _get_version(dependency_name): 'SearchAllResourcesResponse', 'TableFieldSchema', 'TableSchema', +'Tag', 'TemporalAsset', 'TimeWindow', 'UpdateFeedRequest', diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py index 6671f3a75f..5dff65e7f4 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py @@ -1233,62 +1233,97 @@ async def sample_search_all_resources(): Examples: - ``name:Important`` to find Google Cloud resources - whose name contains "Important" as a word. + whose name contains ``Important`` as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly "Important". + whose name is exactly ``Important``. - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains "Impor" as a prefix of any - word in the field. + whose display name contains ``Impor`` as a prefix of + any word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both "us" and "west" as + whose location contains both ``us`` and ``west`` as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain "prod" as a key or value. + labels contain ``prod`` as a key or value. - ``labels.env:prod`` to find Google Cloud resources - that have a label "env" and its value is "prod". + that have a label ``env`` and its value is ``prod``. - ``labels.env:*`` to find Google Cloud resources that - have a label "env". + have a label ``env``. + - ``tagKeys:env`` to find Google Cloud resources that + have directly attached tags where the + ```TagKey.namespacedName`` `__ + contains ``env``. + - ``tagValues:prod*`` to find Google Cloud resources + that have directly attached tags where the + ```TagValue.namespacedName`` `__ + contains a word prefixed by ``prod``. + - ``tagValueIds=tagValues/123`` to find Google Cloud + resources that have directly attached tags where the + ```TagValue.name`` `__ + is exactly ``tagValues/123``. + - ``effectiveTagKeys:env`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagKey.namespacedName`` `__ + contains ``env``. + - ``effectiveTagValues:prod*`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagValue.namespacedName`` `__ + contains a word prefixed by ``prod``. + - ``effectiveTagValueIds=tagValues/123`` to find Google + Cloud resources that have directly attached or + inherited tags where the + ```TagValue.name`` `__ + is exactly ``tagValues/123``. - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose - name contains "key" as a word. This field is - deprecated. Please use the ``kmsKeys`` field to - retrieve Cloud KMS key information. + name contains ``key`` as a word. This field is + deprecated. Use the ``kmsKeys`` field to retrieve + Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose - name contains the word "key". + name contains the word ``key``. - ``relationships:instance-group-1`` to find Google Cloud resources that have relationships with - "instance-group-1" in the related resource name. + ``instance-group-1`` in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of - type "INSTANCE_TO_INSTANCEGROUP". + type ``INSTANCE_TO_INSTANCEGROUP``. - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have - relationships with "instance-group-1" in the Compute + relationships with ``instance-group-1`` in the Compute Engine instance group resource name, for relationship - type "INSTANCE_TO_INSTANCEGROUP". + type ``INSTANCE_TO_INSTANCEGROUP``. + - ``sccSecurityMarks.key=value`` to find Cloud resources + that are attached with security marks whose key is + ``key`` and value is ``value``. + - ``sccSecurityMarks.key:*`` to find Cloud resources + that are attached with security marks whose key is + ``key``. - ``state:ACTIVE`` to find Google Cloud resources whose - state contains "ACTIVE" as a word. + state contains ``ACTIVE`` as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources - whose state doesn't contain "ACTIVE" as a word. + whose state doesn't contain ``ACTIVE`` as a word. - ``createTime<1609459200`` to find Google Cloud - resources that were created before "2021-01-01 - 00:00:00 UTC". 1609459200 is the epoch timestamp of - "2021-01-01 00:00:00 UTC" in seconds. + resources that were created before + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``updateTime>1609459200`` to find Google Cloud - resources that were updated after "2021-01-01 00:00:00 - UTC". 1609459200 is the epoch timestamp of "2021-01-01 - 00:00:00 UTC" in seconds. + resources that were updated after + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``Important`` to find Google Cloud resources that - contain "Important" as a word in any of the searchable - fields. + contain ``Important`` as a word in any of the + searchable fields. - ``Impor*`` to find Google Cloud resources that contain - "Impor" as a prefix of any word in any of the + ``Impor`` as a prefix of any word in any of the searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain "Important" as a + Google Cloud resources that contain ``Important`` as a word in any of the searchable fields and are also - located in the "us-west1" region or the "global" + located in the ``us-west1`` region or the ``global`` location. This corresponds to the ``query`` field @@ -1296,9 +1331,9 @@ async def sample_search_all_resources(): should not be set. asset_types (:class:`MutableSequence[str]`): Optional. A list of asset types that this request - searches for. If empty, it will search all the - `searchable asset - types `__. + searches for. If empty, it will search all the asset + types `supported by search + APIs `__. Regular expressions are also supported. For example: @@ -1892,8 +1927,8 @@ async def query_assets(self, metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), ) -> asset_service.QueryAssetsResponse: r"""Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -1904,9 +1939,9 @@ async def query_assets(self, ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. .. code-block:: python @@ -2727,13 +2762,17 @@ async def sample_analyze_org_policies(): filter (:class:`str`): The expression to filter [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results]. - The only supported field is - ``consolidated_policy.attached_resource``, and the only - supported operator is ``=``. + Filtering is currently available for bare literal values + and the following fields: + + - consolidated_policy.attached_resource + - consolidated_policy.rules.enforce - Example: + When filtering by a specific field, the only supported + operator is ``=``. For example, filtering by consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" - will return the org policy results of"folders/001". + will return all the Organization Policy results attached + to "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -2882,13 +2921,18 @@ async def sample_analyze_org_policy_governed_containers(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (:class:`str`): - The expression to filter the governed containers in - result. The only supported field is ``parent``, and the - only supported operator is ``=``. + The expression to filter + [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers]. + Filtering is currently available for bare literal values + and the following fields: - Example: + - parent + - consolidated_policy.rules.enforce + + When filtering by a specific field, the only supported + operator is ``=``. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" - will return all containers under "folders/001". + will return all the containers under "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -2982,22 +3026,53 @@ async def analyze_org_policy_governed_assets(self, ) -> pagers.AnalyzeOrgPolicyGovernedAssetsAsyncPager: r"""Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following 10 canned constraints: - - - storage.uniformBucketLevelAccess - - iam.disableServiceAccountKeyCreation - - iam.allowedPolicyMemberDomains - - compute.vmExternalIpAccess - - appengine.enforceServiceAccountActAsCheck - - gcp.resourceLocations - - compute.trustedImageProjects - - compute.skipDefaultNetworkCreation - - compute.requireOsLogin - - compute.disableNestedVirtualization - - This RPC only returns either resources of types supported by - `searchable asset - types `__, + constraints and the following canned constraints: + + - constraints/ainotebooks.accessMode + - constraints/ainotebooks.disableFileDownloads + - constraints/ainotebooks.disableRootAccess + - constraints/ainotebooks.disableTerminal + - constraints/ainotebooks.environmentOptions + - constraints/ainotebooks.requireAutoUpgradeSchedule + - constraints/ainotebooks.restrictVpcNetworks + - constraints/compute.disableGuestAttributesAccess + - constraints/compute.disableInstanceDataAccessApis + - constraints/compute.disableNestedVirtualization + - constraints/compute.disableSerialPortAccess + - constraints/compute.disableSerialPortLogging + - constraints/compute.disableVpcExternalIpv6 + - constraints/compute.requireOsLogin + - constraints/compute.requireShieldedVm + - constraints/compute.restrictLoadBalancerCreationForTypes + - constraints/compute.restrictProtocolForwardingCreationForTypes + - constraints/compute.restrictXpnProjectLienRemoval + - constraints/compute.setNewProjectDefaultToZonalDNSOnly + - constraints/compute.skipDefaultNetworkCreation + - constraints/compute.trustedImageProjects + - constraints/compute.vmCanIpForward + - constraints/compute.vmExternalIpAccess + - constraints/gcp.detailedAuditLoggingMode + - constraints/gcp.resourceLocations + - constraints/iam.allowedPolicyMemberDomains + - constraints/iam.automaticIamGrantsForDefaultServiceAccounts + - constraints/iam.disableServiceAccountCreation + - constraints/iam.disableServiceAccountKeyCreation + - constraints/iam.disableServiceAccountKeyUpload + - constraints/iam.restrictCrossProjectServiceAccountLienRemoval + - constraints/iam.serviceAccountKeyExpiryHours + - constraints/resourcemanager.accessBoundaries + - constraints/resourcemanager.allowedExportDestinations + - constraints/sql.restrictAuthorizedNetworks + - constraints/sql.restrictNoncompliantDiagnosticDataAccess + - constraints/sql.restrictNoncompliantResourceCreation + - constraints/sql.restrictPublicIp + - constraints/storage.publicAccessPrevention + - constraints/storage.restrictAuthTypes + - constraints/storage.uniformBucketLevelAccess + + This RPC only returns either resources of types `supported by + search + APIs `__ or IAM policies. .. code-block:: python @@ -3055,24 +3130,40 @@ async def sample_analyze_org_policy_governed_assets(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (:class:`str`): - The expression to filter the governed assets in result. - The only supported fields for governed resources are - ``governed_resource.project`` and - ``governed_resource.folders``. The only supported fields - for governed iam policies are - ``governed_iam_policy.project`` and - ``governed_iam_policy.folders``. The only supported - operator is ``=``. - - Example 1: governed_resource.project="projects/12345678" - filter will return all governed resources under - projects/12345678 including the project ifself, if - applicable. - - Example 2: - governed_iam_policy.folders="folders/12345678" filter - will return all governed iam policies under - folders/12345678, if applicable. + The expression to filter + [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets]. + + For governed resources, filtering is currently available + for bare literal values and the following fields: + + - governed_resource.project + - governed_resource.folders + - consolidated_policy.rules.enforce When filtering by + ``governed_resource.project`` or + ``consolidated_policy.rules.enforce``, the only + supported operator is ``=``. When filtering by + ``governed_resource.folders``, the supported operators + are ``=`` and ``:``. For example, filtering by + ``governed_resource.project="projects/12345678"`` will + return all the governed resources under + "projects/12345678", including the project itself if + applicable. + + For governed IAM policies, filtering is currently + available for bare literal values and the following + fields: + + - governed_iam_policy.project + - governed_iam_policy.folders + - consolidated_policy.rules.enforce When filtering by + ``governed_iam_policy.project`` or + ``consolidated_policy.rules.enforce``, the only + supported operator is ``=``. When filtering by + ``governed_iam_policy.folders``, the supported + operators are ``=`` and ``:``. For example, filtering + by ``governed_iam_policy.folders:"folders/12345678"`` + will return all the governed IAM policies under + "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py index 79fb1058cb..3e67a6c8ba 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py @@ -1650,62 +1650,97 @@ def sample_search_all_resources(): Examples: - ``name:Important`` to find Google Cloud resources - whose name contains "Important" as a word. + whose name contains ``Important`` as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly "Important". + whose name is exactly ``Important``. - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains "Impor" as a prefix of any - word in the field. + whose display name contains ``Impor`` as a prefix of + any word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both "us" and "west" as + whose location contains both ``us`` and ``west`` as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain "prod" as a key or value. + labels contain ``prod`` as a key or value. - ``labels.env:prod`` to find Google Cloud resources - that have a label "env" and its value is "prod". + that have a label ``env`` and its value is ``prod``. - ``labels.env:*`` to find Google Cloud resources that - have a label "env". + have a label ``env``. + - ``tagKeys:env`` to find Google Cloud resources that + have directly attached tags where the + ```TagKey.namespacedName`` `__ + contains ``env``. + - ``tagValues:prod*`` to find Google Cloud resources + that have directly attached tags where the + ```TagValue.namespacedName`` `__ + contains a word prefixed by ``prod``. + - ``tagValueIds=tagValues/123`` to find Google Cloud + resources that have directly attached tags where the + ```TagValue.name`` `__ + is exactly ``tagValues/123``. + - ``effectiveTagKeys:env`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagKey.namespacedName`` `__ + contains ``env``. + - ``effectiveTagValues:prod*`` to find Google Cloud + resources that have directly attached or inherited + tags where the + ```TagValue.namespacedName`` `__ + contains a word prefixed by ``prod``. + - ``effectiveTagValueIds=tagValues/123`` to find Google + Cloud resources that have directly attached or + inherited tags where the + ```TagValue.name`` `__ + is exactly ``tagValues/123``. - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose - name contains "key" as a word. This field is - deprecated. Please use the ``kmsKeys`` field to - retrieve Cloud KMS key information. + name contains ``key`` as a word. This field is + deprecated. Use the ``kmsKeys`` field to retrieve + Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose - name contains the word "key". + name contains the word ``key``. - ``relationships:instance-group-1`` to find Google Cloud resources that have relationships with - "instance-group-1" in the related resource name. + ``instance-group-1`` in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of - type "INSTANCE_TO_INSTANCEGROUP". + type ``INSTANCE_TO_INSTANCEGROUP``. - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have - relationships with "instance-group-1" in the Compute + relationships with ``instance-group-1`` in the Compute Engine instance group resource name, for relationship - type "INSTANCE_TO_INSTANCEGROUP". + type ``INSTANCE_TO_INSTANCEGROUP``. + - ``sccSecurityMarks.key=value`` to find Cloud resources + that are attached with security marks whose key is + ``key`` and value is ``value``. + - ``sccSecurityMarks.key:*`` to find Cloud resources + that are attached with security marks whose key is + ``key``. - ``state:ACTIVE`` to find Google Cloud resources whose - state contains "ACTIVE" as a word. + state contains ``ACTIVE`` as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources - whose state doesn't contain "ACTIVE" as a word. + whose state doesn't contain ``ACTIVE`` as a word. - ``createTime<1609459200`` to find Google Cloud - resources that were created before "2021-01-01 - 00:00:00 UTC". 1609459200 is the epoch timestamp of - "2021-01-01 00:00:00 UTC" in seconds. + resources that were created before + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``updateTime>1609459200`` to find Google Cloud - resources that were updated after "2021-01-01 00:00:00 - UTC". 1609459200 is the epoch timestamp of "2021-01-01 - 00:00:00 UTC" in seconds. + resources that were updated after + ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the + epoch timestamp of ``2021-01-01 00:00:00 UTC`` in + seconds. - ``Important`` to find Google Cloud resources that - contain "Important" as a word in any of the searchable - fields. + contain ``Important`` as a word in any of the + searchable fields. - ``Impor*`` to find Google Cloud resources that contain - "Impor" as a prefix of any word in any of the + ``Impor`` as a prefix of any word in any of the searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain "Important" as a + Google Cloud resources that contain ``Important`` as a word in any of the searchable fields and are also - located in the "us-west1" region or the "global" + located in the ``us-west1`` region or the ``global`` location. This corresponds to the ``query`` field @@ -1713,9 +1748,9 @@ def sample_search_all_resources(): should not be set. asset_types (MutableSequence[str]): Optional. A list of asset types that this request - searches for. If empty, it will search all the - `searchable asset - types `__. + searches for. If empty, it will search all the asset + types `supported by search + APIs `__. Regular expressions are also supported. For example: @@ -2307,8 +2342,8 @@ def query_assets(self, metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), ) -> asset_service.QueryAssetsResponse: r"""Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -2319,9 +2354,9 @@ def query_assets(self, ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. .. code-block:: python @@ -3137,13 +3172,17 @@ def sample_analyze_org_policies(): filter (str): The expression to filter [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results]. - The only supported field is - ``consolidated_policy.attached_resource``, and the only - supported operator is ``=``. + Filtering is currently available for bare literal values + and the following fields: + + - consolidated_policy.attached_resource + - consolidated_policy.rules.enforce - Example: + When filtering by a specific field, the only supported + operator is ``=``. For example, filtering by consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" - will return the org policy results of"folders/001". + will return all the Organization Policy results attached + to "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -3291,13 +3330,18 @@ def sample_analyze_org_policy_governed_containers(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (str): - The expression to filter the governed containers in - result. The only supported field is ``parent``, and the - only supported operator is ``=``. + The expression to filter + [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers]. + Filtering is currently available for bare literal values + and the following fields: - Example: + - parent + - consolidated_policy.rules.enforce + + When filtering by a specific field, the only supported + operator is ``=``. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" - will return all containers under "folders/001". + will return all the containers under "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -3390,22 +3434,53 @@ def analyze_org_policy_governed_assets(self, ) -> pagers.AnalyzeOrgPolicyGovernedAssetsPager: r"""Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following 10 canned constraints: - - - storage.uniformBucketLevelAccess - - iam.disableServiceAccountKeyCreation - - iam.allowedPolicyMemberDomains - - compute.vmExternalIpAccess - - appengine.enforceServiceAccountActAsCheck - - gcp.resourceLocations - - compute.trustedImageProjects - - compute.skipDefaultNetworkCreation - - compute.requireOsLogin - - compute.disableNestedVirtualization - - This RPC only returns either resources of types supported by - `searchable asset - types `__, + constraints and the following canned constraints: + + - constraints/ainotebooks.accessMode + - constraints/ainotebooks.disableFileDownloads + - constraints/ainotebooks.disableRootAccess + - constraints/ainotebooks.disableTerminal + - constraints/ainotebooks.environmentOptions + - constraints/ainotebooks.requireAutoUpgradeSchedule + - constraints/ainotebooks.restrictVpcNetworks + - constraints/compute.disableGuestAttributesAccess + - constraints/compute.disableInstanceDataAccessApis + - constraints/compute.disableNestedVirtualization + - constraints/compute.disableSerialPortAccess + - constraints/compute.disableSerialPortLogging + - constraints/compute.disableVpcExternalIpv6 + - constraints/compute.requireOsLogin + - constraints/compute.requireShieldedVm + - constraints/compute.restrictLoadBalancerCreationForTypes + - constraints/compute.restrictProtocolForwardingCreationForTypes + - constraints/compute.restrictXpnProjectLienRemoval + - constraints/compute.setNewProjectDefaultToZonalDNSOnly + - constraints/compute.skipDefaultNetworkCreation + - constraints/compute.trustedImageProjects + - constraints/compute.vmCanIpForward + - constraints/compute.vmExternalIpAccess + - constraints/gcp.detailedAuditLoggingMode + - constraints/gcp.resourceLocations + - constraints/iam.allowedPolicyMemberDomains + - constraints/iam.automaticIamGrantsForDefaultServiceAccounts + - constraints/iam.disableServiceAccountCreation + - constraints/iam.disableServiceAccountKeyCreation + - constraints/iam.disableServiceAccountKeyUpload + - constraints/iam.restrictCrossProjectServiceAccountLienRemoval + - constraints/iam.serviceAccountKeyExpiryHours + - constraints/resourcemanager.accessBoundaries + - constraints/resourcemanager.allowedExportDestinations + - constraints/sql.restrictAuthorizedNetworks + - constraints/sql.restrictNoncompliantDiagnosticDataAccess + - constraints/sql.restrictNoncompliantResourceCreation + - constraints/sql.restrictPublicIp + - constraints/storage.publicAccessPrevention + - constraints/storage.restrictAuthTypes + - constraints/storage.uniformBucketLevelAccess + + This RPC only returns either resources of types `supported by + search + APIs `__ or IAM policies. .. code-block:: python @@ -3463,24 +3538,40 @@ def sample_analyze_org_policy_governed_assets(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (str): - The expression to filter the governed assets in result. - The only supported fields for governed resources are - ``governed_resource.project`` and - ``governed_resource.folders``. The only supported fields - for governed iam policies are - ``governed_iam_policy.project`` and - ``governed_iam_policy.folders``. The only supported - operator is ``=``. - - Example 1: governed_resource.project="projects/12345678" - filter will return all governed resources under - projects/12345678 including the project ifself, if - applicable. - - Example 2: - governed_iam_policy.folders="folders/12345678" filter - will return all governed iam policies under - folders/12345678, if applicable. + The expression to filter + [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets]. + + For governed resources, filtering is currently available + for bare literal values and the following fields: + + - governed_resource.project + - governed_resource.folders + - consolidated_policy.rules.enforce When filtering by + ``governed_resource.project`` or + ``consolidated_policy.rules.enforce``, the only + supported operator is ``=``. When filtering by + ``governed_resource.folders``, the supported operators + are ``=`` and ``:``. For example, filtering by + ``governed_resource.project="projects/12345678"`` will + return all the governed resources under + "projects/12345678", including the project itself if + applicable. + + For governed IAM policies, filtering is currently + available for bare literal values and the following + fields: + + - governed_iam_policy.project + - governed_iam_policy.folders + - consolidated_policy.rules.enforce When filtering by + ``governed_iam_policy.project`` or + ``consolidated_policy.rules.enforce``, the only + supported operator is ``=``. When filtering by + ``governed_iam_policy.folders``, the supported + operators are ``=`` and ``:``. For example, filtering + by ``governed_iam_policy.folders:"folders/12345678"`` + will return all the governed IAM policies under + "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py index daa6a60e7e..c5b8206318 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py @@ -720,8 +720,8 @@ def query_assets(self) -> Callable[ r"""Return a callable for the query assets method over gRPC. Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -732,9 +732,9 @@ def query_assets(self) -> Callable[ ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. Returns: Callable[[~.QueryAssetsRequest], @@ -976,22 +976,53 @@ def analyze_org_policy_governed_assets(self) -> Callable[ Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following 10 canned constraints: - - - storage.uniformBucketLevelAccess - - iam.disableServiceAccountKeyCreation - - iam.allowedPolicyMemberDomains - - compute.vmExternalIpAccess - - appengine.enforceServiceAccountActAsCheck - - gcp.resourceLocations - - compute.trustedImageProjects - - compute.skipDefaultNetworkCreation - - compute.requireOsLogin - - compute.disableNestedVirtualization - - This RPC only returns either resources of types supported by - `searchable asset - types `__, + constraints and the following canned constraints: + + - constraints/ainotebooks.accessMode + - constraints/ainotebooks.disableFileDownloads + - constraints/ainotebooks.disableRootAccess + - constraints/ainotebooks.disableTerminal + - constraints/ainotebooks.environmentOptions + - constraints/ainotebooks.requireAutoUpgradeSchedule + - constraints/ainotebooks.restrictVpcNetworks + - constraints/compute.disableGuestAttributesAccess + - constraints/compute.disableInstanceDataAccessApis + - constraints/compute.disableNestedVirtualization + - constraints/compute.disableSerialPortAccess + - constraints/compute.disableSerialPortLogging + - constraints/compute.disableVpcExternalIpv6 + - constraints/compute.requireOsLogin + - constraints/compute.requireShieldedVm + - constraints/compute.restrictLoadBalancerCreationForTypes + - constraints/compute.restrictProtocolForwardingCreationForTypes + - constraints/compute.restrictXpnProjectLienRemoval + - constraints/compute.setNewProjectDefaultToZonalDNSOnly + - constraints/compute.skipDefaultNetworkCreation + - constraints/compute.trustedImageProjects + - constraints/compute.vmCanIpForward + - constraints/compute.vmExternalIpAccess + - constraints/gcp.detailedAuditLoggingMode + - constraints/gcp.resourceLocations + - constraints/iam.allowedPolicyMemberDomains + - constraints/iam.automaticIamGrantsForDefaultServiceAccounts + - constraints/iam.disableServiceAccountCreation + - constraints/iam.disableServiceAccountKeyCreation + - constraints/iam.disableServiceAccountKeyUpload + - constraints/iam.restrictCrossProjectServiceAccountLienRemoval + - constraints/iam.serviceAccountKeyExpiryHours + - constraints/resourcemanager.accessBoundaries + - constraints/resourcemanager.allowedExportDestinations + - constraints/sql.restrictAuthorizedNetworks + - constraints/sql.restrictNoncompliantDiagnosticDataAccess + - constraints/sql.restrictNoncompliantResourceCreation + - constraints/sql.restrictPublicIp + - constraints/storage.publicAccessPrevention + - constraints/storage.restrictAuthTypes + - constraints/storage.uniformBucketLevelAccess + + This RPC only returns either resources of types `supported by + search + APIs `__ or IAM policies. Returns: diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py index ef1bd83e28..8c07e9cd21 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py @@ -726,8 +726,8 @@ def query_assets(self) -> Callable[ r"""Return a callable for the query assets method over gRPC. Issue a job that queries assets using a SQL statement compatible - with `BigQuery Standard - SQL `__. + with `BigQuery + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -738,9 +738,9 @@ def query_assets(self) -> Callable[ ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by BigQuery - https://cloud.google.com/bigquery/docs/best-practices-performance-output, - queries return larger results will result in errors. + enforced by + `BigQuery `__. + Queries return larger results will result in errors. Returns: Callable[[~.QueryAssetsRequest], @@ -982,22 +982,53 @@ def analyze_org_policy_governed_assets(self) -> Callable[ Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following 10 canned constraints: - - - storage.uniformBucketLevelAccess - - iam.disableServiceAccountKeyCreation - - iam.allowedPolicyMemberDomains - - compute.vmExternalIpAccess - - appengine.enforceServiceAccountActAsCheck - - gcp.resourceLocations - - compute.trustedImageProjects - - compute.skipDefaultNetworkCreation - - compute.requireOsLogin - - compute.disableNestedVirtualization - - This RPC only returns either resources of types supported by - `searchable asset - types `__, + constraints and the following canned constraints: + + - constraints/ainotebooks.accessMode + - constraints/ainotebooks.disableFileDownloads + - constraints/ainotebooks.disableRootAccess + - constraints/ainotebooks.disableTerminal + - constraints/ainotebooks.environmentOptions + - constraints/ainotebooks.requireAutoUpgradeSchedule + - constraints/ainotebooks.restrictVpcNetworks + - constraints/compute.disableGuestAttributesAccess + - constraints/compute.disableInstanceDataAccessApis + - constraints/compute.disableNestedVirtualization + - constraints/compute.disableSerialPortAccess + - constraints/compute.disableSerialPortLogging + - constraints/compute.disableVpcExternalIpv6 + - constraints/compute.requireOsLogin + - constraints/compute.requireShieldedVm + - constraints/compute.restrictLoadBalancerCreationForTypes + - constraints/compute.restrictProtocolForwardingCreationForTypes + - constraints/compute.restrictXpnProjectLienRemoval + - constraints/compute.setNewProjectDefaultToZonalDNSOnly + - constraints/compute.skipDefaultNetworkCreation + - constraints/compute.trustedImageProjects + - constraints/compute.vmCanIpForward + - constraints/compute.vmExternalIpAccess + - constraints/gcp.detailedAuditLoggingMode + - constraints/gcp.resourceLocations + - constraints/iam.allowedPolicyMemberDomains + - constraints/iam.automaticIamGrantsForDefaultServiceAccounts + - constraints/iam.disableServiceAccountCreation + - constraints/iam.disableServiceAccountKeyCreation + - constraints/iam.disableServiceAccountKeyUpload + - constraints/iam.restrictCrossProjectServiceAccountLienRemoval + - constraints/iam.serviceAccountKeyExpiryHours + - constraints/resourcemanager.accessBoundaries + - constraints/resourcemanager.allowedExportDestinations + - constraints/sql.restrictAuthorizedNetworks + - constraints/sql.restrictNoncompliantDiagnosticDataAccess + - constraints/sql.restrictNoncompliantResourceCreation + - constraints/sql.restrictPublicIp + - constraints/storage.publicAccessPrevention + - constraints/storage.restrictAuthTypes + - constraints/storage.uniformBucketLevelAccess + + This RPC only returns either resources of types `supported by + search + APIs `__ or IAM policies. Returns: diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py b/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py index d8a9b7f910..380fb7c3dc 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py @@ -80,6 +80,7 @@ Asset, AttachedResource, ConditionEvaluation, + EffectiveTagDetails, IamPolicyAnalysisResult, IamPolicyAnalysisState, IamPolicySearchResult, @@ -90,6 +91,7 @@ RelationshipAttributes, Resource, ResourceSearchResult, + Tag, TemporalAsset, TimeWindow, VersionedResource, @@ -160,6 +162,7 @@ 'Asset', 'AttachedResource', 'ConditionEvaluation', + 'EffectiveTagDetails', 'IamPolicyAnalysisResult', 'IamPolicyAnalysisState', 'IamPolicySearchResult', @@ -170,6 +173,7 @@ 'RelationshipAttributes', 'Resource', 'ResourceSearchResult', + 'Tag', 'TemporalAsset', 'TimeWindow', 'VersionedResource', diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py b/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py index 371873f896..78c42225e0 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py @@ -1096,63 +1096,95 @@ class SearchAllResourcesRequest(proto.Message): Examples: - ``name:Important`` to find Google Cloud resources whose - name contains "Important" as a word. + name contains ``Important`` as a word. - ``name=Important`` to find the Google Cloud resource whose - name is exactly "Important". + name is exactly ``Important``. - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains "Impor" as a prefix of any + whose display name contains ``Impor`` as a prefix of any word in the field. - ``location:us-west*`` to find Google Cloud resources whose - location contains both "us" and "west" as prefixes. + location contains both ``us`` and ``west`` as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain "prod" as a key or value. + labels contain ``prod`` as a key or value. - ``labels.env:prod`` to find Google Cloud resources that - have a label "env" and its value is "prod". + have a label ``env`` and its value is ``prod``. - ``labels.env:*`` to find Google Cloud resources that have - a label "env". + a label ``env``. + - ``tagKeys:env`` to find Google Cloud resources that have + directly attached tags where the + ```TagKey.namespacedName`` `__ + contains ``env``. + - ``tagValues:prod*`` to find Google Cloud resources that + have directly attached tags where the + ```TagValue.namespacedName`` `__ + contains a word prefixed by ``prod``. + - ``tagValueIds=tagValues/123`` to find Google Cloud + resources that have directly attached tags where the + ```TagValue.name`` `__ + is exactly ``tagValues/123``. + - ``effectiveTagKeys:env`` to find Google Cloud resources + that have directly attached or inherited tags where the + ```TagKey.namespacedName`` `__ + contains ``env``. + - ``effectiveTagValues:prod*`` to find Google Cloud + resources that have directly attached or inherited tags + where the + ```TagValue.namespacedName`` `__ + contains a word prefixed by ``prod``. + - ``effectiveTagValueIds=tagValues/123`` to find Google + Cloud resources that have directly attached or inherited + tags where the + ```TagValue.name`` `__ + is exactly ``tagValues/123``. - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains - "key" as a word. This field is deprecated. Please use the + ``key`` as a word. This field is deprecated. Use the ``kmsKeys`` field to retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains - the word "key". + the word ``key``. - ``relationships:instance-group-1`` to find Google Cloud - resources that have relationships with "instance-group-1" - in the related resource name. + resources that have relationships with + ``instance-group-1`` in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of type - "INSTANCE_TO_INSTANCEGROUP". + ``INSTANCE_TO_INSTANCEGROUP``. - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have relationships - with "instance-group-1" in the Compute Engine instance + with ``instance-group-1`` in the Compute Engine instance group resource name, for relationship type - "INSTANCE_TO_INSTANCEGROUP". + ``INSTANCE_TO_INSTANCEGROUP``. + - ``sccSecurityMarks.key=value`` to find Cloud resources + that are attached with security marks whose key is ``key`` + and value is ``value``. + - ``sccSecurityMarks.key:*`` to find Cloud resources that + are attached with security marks whose key is ``key``. - ``state:ACTIVE`` to find Google Cloud resources whose - state contains "ACTIVE" as a word. + state contains ``ACTIVE`` as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources whose - state doesn't contain "ACTIVE" as a word. + state doesn't contain ``ACTIVE`` as a word. - ``createTime<1609459200`` to find Google Cloud resources - that were created before "2021-01-01 00:00:00 UTC". - 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 - UTC" in seconds. + that were created before ``2021-01-01 00:00:00 UTC``. + ``1609459200`` is the epoch timestamp of + ``2021-01-01 00:00:00 UTC`` in seconds. - ``updateTime>1609459200`` to find Google Cloud resources - that were updated after "2021-01-01 00:00:00 UTC". - 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 - UTC" in seconds. + that were updated after ``2021-01-01 00:00:00 UTC``. + ``1609459200`` is the epoch timestamp of + ``2021-01-01 00:00:00 UTC`` in seconds. - ``Important`` to find Google Cloud resources that contain - "Important" as a word in any of the searchable fields. + ``Important`` as a word in any of the searchable fields. - ``Impor*`` to find Google Cloud resources that contain - "Impor" as a prefix of any word in any of the searchable + ``Impor`` as a prefix of any word in any of the searchable fields. - ``Important location:(us-west1 OR global)`` to find Google - Cloud resources that contain "Important" as a word in any - of the searchable fields and are also located in the - "us-west1" region or the "global" location. + Cloud resources that contain ``Important`` as a word in + any of the searchable fields and are also located in the + ``us-west1`` region or the ``global`` location. asset_types (MutableSequence[str]): Optional. A list of asset types that this request searches - for. If empty, it will search all the `searchable asset - types `__. + for. If empty, it will search all the asset types `supported + by search + APIs `__. Regular expressions are also supported. For example: @@ -1170,10 +1202,10 @@ class SearchAllResourcesRequest(proto.Message): page_size (int): Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If - set to zero, server will pick an appropriate default. - Returned results may be fewer than requested. When this - happens, there could be more results as long as - ``next_page_token`` is returned. + set to zero or a negative value, server will pick an + appropriate default. Returned results may be fewer than + requested. When this happens, there could be more results as + long as ``next_page_token`` is returned. page_token (str): Optional. If present, then retrieve the next batch of results from the preceding call to this method. @@ -1185,8 +1217,8 @@ class SearchAllResourcesRequest(proto.Message): sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. - Example: "location DESC, name". Only singular primitive - fields in the response are sortable: + Example: "location DESC, name". Only the following fields in + the response are sortable: - name - assetType @@ -1199,47 +1231,40 @@ class SearchAllResourcesRequest(proto.Message): - state - parentFullResourceName - parentAssetType - - All the other fields such as repeated fields (e.g., - ``networkTags``, ``kmsKeys``), map fields (e.g., ``labels``) - and struct fields (e.g., ``additionalAttributes``) are not - supported. read_mask (google.protobuf.field_mask_pb2.FieldMask): - Optional. A comma-separated list of fields specifying which - fields to be returned in ResourceSearchResult. Only '\*' or - combination of top level fields can be specified. Field - names of both snake_case and camelCase are supported. - Examples: ``"*"``, ``"name,location"``, - ``"name,versionedResources"``. - - The read_mask paths must be valid field paths listed but not - limited to (both snake_case and camelCase are supported): - - - name - - assetType - - project - - displayName - - description - - location - - tagKeys - - tagValues - - tagValueIds - - labels - - networkTags - - kmsKey (This field is deprecated. Please use the - ``kmsKeys`` field to retrieve Cloud KMS key information.) - - kmsKeys - - createTime - - updateTime - - state - - additionalAttributes - - versionedResources - - If read_mask is not specified, all fields except - versionedResources will be returned. If only '\*' is - specified, all fields including versionedResources will be - returned. Any invalid field path will trigger - INVALID_ARGUMENT error. + Optional. A comma-separated list of fields that you want + returned in the results. The following fields are returned + by default if not specified: + + - ``name`` + - ``assetType`` + - ``project`` + - ``folders`` + - ``organization`` + - ``displayName`` + - ``description`` + - ``location`` + - ``labels`` + - ``tags`` + - ``effectiveTags`` + - ``networkTags`` + - ``kmsKeys`` + - ``createTime`` + - ``updateTime`` + - ``state`` + - ``additionalAttributes`` + - ``parentFullResourceName`` + - ``parentAssetType`` + + Some fields of large size, such as ``versionedResources``, + ``attachedResources``, ``effectiveTags`` etc., are not + returned by default, but you can specify them in the + ``read_mask`` parameter if you want to include them. If + ``"*"`` is specified, all `available + fields `__ + are returned. Examples: ``"name,location"``, + ``"name,versionedResources"``, ``"*"``. Any invalid field + path will trigger INVALID_ARGUMENT error. """ scope: str = proto.Field( @@ -1371,10 +1396,10 @@ class SearchAllIamPoliciesRequest(proto.Message): page_size (int): Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If - set to zero, server will pick an appropriate default. - Returned results may be fewer than requested. When this - happens, there could be more results as long as - ``next_page_token`` is returned. + set to zero or a negative value, server will pick an + appropriate default. Returned results may be fewer than + requested. When this happens, there could be more results as + long as ``next_page_token`` is returned. page_token (str): Optional. If present, retrieve the next batch of results from the preceding call to this method. ``page_token`` must @@ -1384,8 +1409,8 @@ class SearchAllIamPoliciesRequest(proto.Message): asset_types (MutableSequence[str]): Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that - are attached to all the `searchable asset - types `__. + are attached to all the asset types `supported by search + APIs `__ Regular expressions are also supported. For example: @@ -1487,10 +1512,10 @@ class IamPolicyAnalysisQuery(proto.Message): "projects/my-project-id"), or a project number (such as "projects/12345"). - To know how to get organization id, visit + To know how to get organization ID, visit `here `__. - To know how to get folder or project id, visit + To know how to get folder or project ID, visit `here `__. resource_selector (google.cloud.asset_v1.types.IamPolicyAnalysisQuery.ResourceSelector): Optional. Specifies a resource for analysis. @@ -1779,8 +1804,8 @@ class AnalyzeIamPolicyRequest(proto.Message): If both ``analysis_query`` and ``saved_analysis_query`` are provided, they will be merged together with the ``saved_analysis_query`` as base and the ``analysis_query`` - as overrides. For more details of the merge behavior, please - refer to the + as overrides. For more details of the merge behavior, refer + to the `MergeFrom `__ page. @@ -2053,8 +2078,8 @@ class AnalyzeIamPolicyLongrunningRequest(proto.Message): If both ``analysis_query`` and ``saved_analysis_query`` are provided, they will be merged together with the ``saved_analysis_query`` as base and the ``analysis_query`` - as overrides. For more details of the merge behavior, please - refer to the + as overrides. For more details of the merge behavior, refer + to the `MergeFrom `__ doc. @@ -2619,8 +2644,7 @@ class QueryAssetsRequest(proto.Message): Only assets belonging to the ``parent`` will be returned. statement (str): Optional. A SQL statement that's compatible with `BigQuery - Standard - SQL `__. + SQL `__. This field is a member of `oneof`_ ``query``. job_reference (str): @@ -2920,16 +2944,16 @@ class BatchGetEffectiveIamPoliciesRequest(proto.Message): "projects/my-project-id"), or a project number (such as "projects/12345"). - To know how to get organization id, visit + To know how to get organization ID, visit `here `__. - To know how to get folder or project id, visit + To know how to get folder or project ID, visit `here `__. names (MutableSequence[str]): Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) - of `searchable asset - types `__. + of the asset types `supported by search + APIs `__. A maximum of 20 resources' effective policies can be retrieved in a batch. """ @@ -3074,7 +3098,11 @@ class AnalyzerOrgPolicy(proto.Message): """ class Rule(proto.Message): - r"""Represents a rule defined in an organization policy + r"""This rule message is a customized version of the one defined + in the Organization Policy system. In addition to the fields + defined in the original organization policy, it contains + additional field(s) under specific circumstances to support + analysis results. This message has `oneof`_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. @@ -3085,9 +3113,9 @@ class Rule(proto.Message): Attributes: values (google.cloud.asset_v1.types.AnalyzerOrgPolicy.Rule.StringValues): - List of values to be used for this - PolicyRule. This field can be set only in - Policies for list constraints. + List of values to be used for this policy + rule. This field can be set only in policies for + list constraints. This field is a member of `oneof`_ ``kind``. allow_all (bool): @@ -3110,6 +3138,21 @@ class Rule(proto.Message): This field is a member of `oneof`_ ``kind``. condition (google.type.expr_pb2.Expr): The evaluating condition for this rule. + condition_evaluation (google.cloud.asset_v1.types.ConditionEvaluation): + The condition evaluation result for this rule. Only + populated if it meets all the following criteria: + + - There is a + [condition][google.cloud.asset.v1.AnalyzerOrgPolicy.Rule.condition] + defined for this rule. + - This rule is within + [AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy], + or + [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy] + when the + [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset] + has + [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource]. """ class StringValues(proto.Message): @@ -3157,6 +3200,11 @@ class StringValues(proto.Message): number=7, message=expr_pb2.Expr, ) + condition_evaluation: gca_assets.ConditionEvaluation = proto.Field( + proto.MESSAGE, + number=8, + message=gca_assets.ConditionEvaluation, + ) attached_resource: str = proto.Field( proto.STRING, @@ -3469,13 +3517,17 @@ class AnalyzeOrgPoliciesRequest(proto.Message): filter (str): The expression to filter [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results]. - The only supported field is - ``consolidated_policy.attached_resource``, and the only - supported operator is ``=``. + Filtering is currently available for bare literal values and + the following fields: - Example: + - consolidated_policy.attached_resource + - consolidated_policy.rules.enforce + + When filtering by a specific field, the only supported + operator is ``=``. For example, filtering by consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" - will return the org policy results of"folders/001". + will return all the Organization Policy results attached to + "folders/001". page_size (int): The maximum number of items to return per page. If unspecified, @@ -3547,6 +3599,20 @@ class OrgPolicyResult(proto.Message): If the constraint is defined with default policy, it will also appear in the list. + project (str): + The project that this consolidated policy belongs to, in the + format of projects/{PROJECT_NUMBER}. This field is available + when the consolidated policy belongs to a project. + folders (MutableSequence[str]): + The folder(s) that this consolidated policy belongs to, in + the format of folders/{FOLDER_NUMBER}. This field is + available when the consolidated policy belongs (directly or + cascadingly) to one or more folders. + organization (str): + The organization that this consolidated policy belongs to, + in the format of organizations/{ORGANIZATION_NUMBER}. This + field is available when the consolidated policy belongs + (directly or cascadingly) to an organization. """ consolidated_policy: 'AnalyzerOrgPolicy' = proto.Field( @@ -3559,6 +3625,18 @@ class OrgPolicyResult(proto.Message): number=2, message='AnalyzerOrgPolicy', ) + project: str = proto.Field( + proto.STRING, + number=3, + ) + folders: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=4, + ) + organization: str = proto.Field( + proto.STRING, + number=5, + ) @property def raw_page(self): @@ -3602,13 +3680,18 @@ class AnalyzeOrgPolicyGovernedContainersRequest(proto.Message): only contains organization policies for the provided constraint. filter (str): - The expression to filter the governed containers in result. - The only supported field is ``parent``, and the only - supported operator is ``=``. + The expression to filter + [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers]. + Filtering is currently available for bare literal values and + the following fields: - Example: + - parent + - consolidated_policy.rules.enforce + + When filtering by a specific field, the only supported + operator is ``=``. For example, filtering by parent="//cloudresourcemanager.googleapis.com/folders/001" - will return all containers under "folders/001". + will return all the containers under "folders/001". page_size (int): The maximum number of items to return per page. If unspecified, @@ -3689,6 +3772,22 @@ class GovernedContainer(proto.Message): If the constraint is defined with default policy, it will also appear in the list. + project (str): + The project that this resource belongs to, in the format of + projects/{PROJECT_NUMBER}. This field is available when the + resource belongs to a project. + folders (MutableSequence[str]): + The folder(s) that this resource belongs to, in the format + of folders/{FOLDER_NUMBER}. This field is available when the + resource belongs (directly or cascadingly) to one or more + folders. + organization (str): + The organization that this resource belongs to, in the + format of organizations/{ORGANIZATION_NUMBER}. This field is + available when the resource belongs (directly or + cascadingly) to an organization. + effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): + The effective tags on this resource. """ full_resource_name: str = proto.Field( @@ -3709,6 +3808,23 @@ class GovernedContainer(proto.Message): number=4, message='AnalyzerOrgPolicy', ) + project: str = proto.Field( + proto.STRING, + number=5, + ) + folders: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=6, + ) + organization: str = proto.Field( + proto.STRING, + number=7, + ) + effective_tags: MutableSequence[gca_assets.EffectiveTagDetails] = proto.RepeatedField( + proto.MESSAGE, + number=8, + message=gca_assets.EffectiveTagDetails, + ) @property def raw_page(self): @@ -3752,22 +3868,38 @@ class AnalyzeOrgPolicyGovernedAssetsRequest(proto.Message): contains analyzed organization policies for the provided constraint. filter (str): - The expression to filter the governed assets in result. The - only supported fields for governed resources are - ``governed_resource.project`` and - ``governed_resource.folders``. The only supported fields for - governed iam policies are ``governed_iam_policy.project`` - and ``governed_iam_policy.folders``. The only supported - operator is ``=``. - - Example 1: governed_resource.project="projects/12345678" - filter will return all governed resources under - projects/12345678 including the project ifself, if - applicable. - - Example 2: governed_iam_policy.folders="folders/12345678" - filter will return all governed iam policies under - folders/12345678, if applicable. + The expression to filter + [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets]. + + For governed resources, filtering is currently available for + bare literal values and the following fields: + + - governed_resource.project + - governed_resource.folders + - consolidated_policy.rules.enforce When filtering by + ``governed_resource.project`` or + ``consolidated_policy.rules.enforce``, the only supported + operator is ``=``. When filtering by + ``governed_resource.folders``, the supported operators are + ``=`` and ``:``. For example, filtering by + ``governed_resource.project="projects/12345678"`` will + return all the governed resources under + "projects/12345678", including the project itself if + applicable. + + For governed IAM policies, filtering is currently available + for bare literal values and the following fields: + + - governed_iam_policy.project + - governed_iam_policy.folders + - consolidated_policy.rules.enforce When filtering by + ``governed_iam_policy.project`` or + ``consolidated_policy.rules.enforce``, the only supported + operator is ``=``. When filtering by + ``governed_iam_policy.folders``, the supported operators + are ``=`` and ``:``. For example, filtering by + ``governed_iam_policy.folders:"folders/12345678"`` will + return all the governed IAM policies under "folders/001". page_size (int): The maximum number of items to return per page. If unspecified, @@ -3847,6 +3979,15 @@ class GovernedResource(proto.Message): format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization. + asset_type (str): + The asset type of the + [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name] + Example: ``cloudresourcemanager.googleapis.com/Project`` See + `Cloud Asset Inventory Supported Asset + Types `__ + for all supported asset types. + effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): + The effective tags on this resource. """ full_resource_name: str = proto.Field( @@ -3869,6 +4010,15 @@ class GovernedResource(proto.Message): proto.STRING, number=7, ) + asset_type: str = proto.Field( + proto.STRING, + number=8, + ) + effective_tags: MutableSequence[gca_assets.EffectiveTagDetails] = proto.RepeatedField( + proto.MESSAGE, + number=9, + message=gca_assets.EffectiveTagDetails, + ) class GovernedIamPolicy(proto.Message): r"""The IAM policies governed by the organization policies of the @@ -3876,8 +4026,8 @@ class GovernedIamPolicy(proto.Message): Attributes: attached_resource (str): - The full resource name of the resource associated with this - IAM policy. Example: + The full resource name of the resource on which this IAM + policy is set. Example: ``//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1``. See `Cloud Asset Inventory Resource Name Format `__ @@ -3899,6 +4049,13 @@ class GovernedIamPolicy(proto.Message): format of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to an organization. + asset_type (str): + The asset type of the + [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource]. + Example: ``cloudresourcemanager.googleapis.com/Project`` See + `Cloud Asset Inventory Supported Asset + Types `__ + for all supported asset types. """ attached_resource: str = proto.Field( @@ -3922,6 +4079,10 @@ class GovernedIamPolicy(proto.Message): proto.STRING, number=7, ) + asset_type: str = proto.Field( + proto.STRING, + number=8, + ) class GovernedAsset(proto.Message): r"""Represents a Google Cloud asset(resource or IAM policy) governed by diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py b/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py index e3e94d6271..acfc456895 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py @@ -40,6 +40,8 @@ 'RelatedAssets', 'RelationshipAttributes', 'RelatedAsset', + 'Tag', + 'EffectiveTagDetails', 'ResourceSearchResult', 'VersionedResource', 'AttachedResource', @@ -199,17 +201,17 @@ class Asset(proto.Message): There can be more than one organization policy with different constraints set on a given resource. access_policy (google.identity.accesscontextmanager.v1.access_policy_pb2.AccessPolicy): - Please also refer to the `access policy user + Also refer to the `access policy user guide `__. This field is a member of `oneof`_ ``access_context_policy``. access_level (google.identity.accesscontextmanager.v1.access_level_pb2.AccessLevel): - Please also refer to the `access level user + Also refer to the `access level user guide `__. This field is a member of `oneof`_ ``access_context_policy``. service_perimeter (google.identity.accesscontextmanager.v1.service_perimeter_pb2.ServicePerimeter): - Please also refer to the `service perimeter user + Also refer to the `service perimeter user guide `__. This field is a member of `oneof`_ ``access_context_policy``. @@ -343,8 +345,6 @@ class Resource(proto.Message): hierarchy `__. Example: ``//cloudresourcemanager.googleapis.com/projects/my_project_123`` - - For third-party assets, this field may be set differently. data (google.protobuf.struct_pb2.Struct): The content of the resource, in which some sensitive fields are removed and may not be @@ -509,9 +509,99 @@ class RelatedAsset(proto.Message): ) +class Tag(proto.Message): + r"""The key and value for a + `tag `__. + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + tag_key (str): + TagKey namespaced name, in the format of + {ORG_ID}/{TAG_KEY_SHORT_NAME}. + + This field is a member of `oneof`_ ``_tag_key``. + tag_key_id (str): + TagKey ID, in the format of tagKeys/{TAG_KEY_ID}. + + This field is a member of `oneof`_ ``_tag_key_id``. + tag_value (str): + TagValue namespaced name, in the format of + {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. + + This field is a member of `oneof`_ ``_tag_value``. + tag_value_id (str): + TagValue ID, in the format of tagValues/{TAG_VALUE_ID}. + + This field is a member of `oneof`_ ``_tag_value_id``. + """ + + tag_key: str = proto.Field( + proto.STRING, + number=1, + optional=True, + ) + tag_key_id: str = proto.Field( + proto.STRING, + number=2, + optional=True, + ) + tag_value: str = proto.Field( + proto.STRING, + number=3, + optional=True, + ) + tag_value_id: str = proto.Field( + proto.STRING, + number=4, + optional=True, + ) + + +class EffectiveTagDetails(proto.Message): + r"""The effective tags and the ancestor resources from which they + were inherited. + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + attached_resource (str): + The `full resource + name `__ + of the ancestor from which an [effective_tag][] is + inherited, according to `tag + inheritance `__. + + This field is a member of `oneof`_ ``_attached_resource``. + effective_tags (MutableSequence[google.cloud.asset_v1.types.Tag]): + The effective tags inherited from the + [attached_resource][google.cloud.asset.v1.EffectiveTagDetails.attached_resource]. + Note that tags with the same key but different values may + attach to resources at a different hierarchy levels. The + lower hierarchy tag value will overwrite the higher + hierarchy tag value of the same tag key. In this case, the + tag value at the higher hierarchy level will be removed. For + more information, see `tag + inheritance `__. + """ + + attached_resource: str = proto.Field( + proto.STRING, + number=1, + optional=True, + ) + effective_tags: MutableSequence['Tag'] = proto.RepeatedField( + proto.MESSAGE, + number=2, + message='Tag', + ) + + class ResourceSearchResult(proto.Message): r"""A result of Resource Search, containing information of a - cloud resource. Next ID: 32 + cloud resource. Next ID: 34 Attributes: name (str): @@ -630,10 +720,10 @@ class ResourceSearchResult(proto.Message): name. This field only presents for the purpose of backward - compatibility. Please use the ``kms_keys`` field to retrieve - Cloud KMS key information. This field is available only when - the resource's Protobuf contains it and will only be - populated for `these resource + compatibility. Use the ``kms_keys`` field to retrieve Cloud + KMS key information. This field is available only when the + resource's Protobuf contains it and will only be populated + for `these resource types `__ for backward compatible purposes. @@ -715,7 +805,7 @@ class ResourceSearchResult(proto.Message): provided by the corresponding Google Cloud service (e.g., Compute Engine). see `API references and supported searchable - attributes `__ + attributes `__ to see which fields are included. You can search values of these fields through free text @@ -764,6 +854,9 @@ class ResourceSearchResult(proto.Message): ``INSTANCE_TO_INSTANCEGROUP``. See `supported relationship types `__. tag_keys (MutableSequence[str]): + This field is only present for the purpose of backward + compatibility. Use the ``tags`` field instead. + TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the ``tagKeys``: @@ -778,6 +871,9 @@ class ResourceSearchResult(proto.Message): - ``env`` tag_values (MutableSequence[str]): + This field is only present for the purpose of backward + compatibility. Use the ``tags`` field instead. + TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the ``tagValues``: @@ -793,17 +889,59 @@ class ResourceSearchResult(proto.Message): - ``prod`` tag_value_ids (MutableSequence[str]): + This field is only present for the purpose of backward + compatibility. Use the ``tags`` field instead. + TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the ``tagValueIds``: - Use a field query. Example: - - ``tagValueIds:"456"`` - ``tagValueIds="tagValues/456"`` - Use a free text query. Example: - ``456`` + tags (MutableSequence[google.cloud.asset_v1.types.Tag]): + The tags directly attached to this resource. + + To search against the ``tags``: + + - Use a field query. Example: + + - ``tagKeys:"123456789/env*"`` + - ``tagKeys="123456789/env"`` + - ``tagKeys:"env"`` + - ``tagKeyIds="tagKeys/123"`` + - ``tagValues:"env"`` + - ``tagValues:"env/prod"`` + - ``tagValues:"123456789/env/prod*"`` + - ``tagValues="123456789/env/prod"`` + - ``tagValueIds="tagValues/456"`` + + - Use a free text query. Example: + + - ``env/prod`` + effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): + The effective tags on this resource. All of the tags that + are both attached to and inherited by a resource are + collectively called the effective tags. For more + information, see `tag + inheritance `__. + + To search against the ``effective_tags``: + + - Use a field query. Example: + + - ``effectiveTagKeys:"123456789/env*"`` + - ``effectiveTagKeys="123456789/env"`` + - ``effectiveTagKeys:"env"`` + - ``effectiveTagKeyIds="tagKeys/123"`` + - ``effectiveTagValues:"env"`` + - ``effectiveTagValues:"env/prod"`` + - ``effectiveTagValues:"123456789/env/prod*"`` + - ``effectiveTagValues="123456789/env/prod"`` + - ``effectiveTagValueIds="tagValues/456"`` parent_asset_type (str): The type of this resource's immediate parent, if there is one. @@ -814,6 +952,18 @@ class ResourceSearchResult(proto.Message): ``parentAssetType:"cloudresourcemanager.googleapis.com/Project"`` - Use a free text query. Example: ``cloudresourcemanager.googleapis.com/Project`` + scc_security_marks (MutableMapping[str, str]): + The actual content of Security Command Center security marks + associated with the asset. + + To search against SCC SecurityMarks field: + + - Use a field query: + + - query by a given key value pair. Example: + ``sccSecurityMarks.foo=bar`` + - query by a given key's existence. Example: + ``sccSecurityMarks.foo:*`` """ name: str = proto.Field( @@ -916,10 +1066,25 @@ class ResourceSearchResult(proto.Message): proto.STRING, number=26, ) + tags: MutableSequence['Tag'] = proto.RepeatedField( + proto.MESSAGE, + number=29, + message='Tag', + ) + effective_tags: MutableSequence['EffectiveTagDetails'] = proto.RepeatedField( + proto.MESSAGE, + number=30, + message='EffectiveTagDetails', + ) parent_asset_type: str = proto.Field( proto.STRING, number=103, ) + scc_security_marks: MutableMapping[str, str] = proto.MapField( + proto.STRING, + proto.STRING, + number=32, + ) class VersionedResource(proto.Message): @@ -945,7 +1110,7 @@ class VersionedResource(proto.Message): You can find the resource definition for each supported resource type in this table: - ``https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`` + ``https://cloud.google.com/asset-inventory/docs/supported-asset-types`` """ version: str = proto.Field( @@ -972,7 +1137,7 @@ class AttachedResource(proto.Message): You can find the supported attached asset types of each resource in this table: - ``https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`` + ``https://cloud.google.com/asset-inventory/docs/supported-asset-types`` versioned_resources (MutableSequence[google.cloud.asset_v1.types.VersionedResource]): Versioned resource representations of this attached resource. This is repeated because @@ -1213,7 +1378,7 @@ class IamPolicyAnalysisState(proto.Message): class ConditionEvaluation(proto.Message): - r"""The Condition evaluation. + r"""The condition evaluation. Attributes: evaluation_value (google.cloud.asset_v1.types.ConditionEvaluation.EvaluationValue): @@ -1232,7 +1397,7 @@ class EvaluationValue(proto.Enum): CONDITIONAL (3): The evaluation result is ``conditional`` when the condition expression contains variables that are either missing input - values or have not been supported by Analyzer yet. + values or have not been supported by Policy Analyzer yet. """ EVALUATION_VALUE_UNSPECIFIED = 0 TRUE = 1 @@ -1340,10 +1505,10 @@ class Identity(proto.Message): Attributes: name (str): - The identity name in any form of members appear in `IAM + The identity of members, formatted as appear in an `IAM policy - binding `__, - such as: + binding `__. + For example, they might be formatted like the following: - user:foo@google.com - group:group1@google.com @@ -1351,7 +1516,6 @@ class Identity(proto.Message): - projectOwner:some_project_id - domain:google.com - allUsers - - etc. analysis_state (google.cloud.asset_v1.types.IamPolicyAnalysisState): The analysis state of this identity. """ diff --git a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py index fa466d554f..ca243f67aa 100755 --- a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py +++ b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py index 4f6edbe175..7f145edd40 100755 --- a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py +++ b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py b/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py index fe8e04769b..0f51ab3838 100755 --- a/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py +++ b/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py index b614a42929..2e5a4bf1ea 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py index 65e5ea8ddc..f5b0e03c67 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index 3f1c3b92a6..eced7f0f49 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py index 9a74e0973f..8720112bed 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py index 65e5ea8ddc..f5b0e03c67 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index f2e2530d7c..33f3e8e104 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py index ba763932d3..3f3dafe4de 100755 --- a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py index f58069c220..da97232fb4 100755 --- a/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers From fd7a285d2027741d66b560acef9bb0c1e394abca Mon Sep 17 00:00:00 2001 From: chalmer lowe Date: Tue, 3 Feb 2026 19:02:12 -0500 Subject: [PATCH 3/5] Revert "updates goldens" This reverts commit dbc1a973ded0ffa6d7e242364f55b98aad061751. --- .../asset/google/cloud/asset/__init__.py | 4 - .../asset/google/cloud/asset_v1/__init__.py | 4 - .../services/asset_service/async_client.py | 253 ++++------- .../asset_v1/services/asset_service/client.py | 253 ++++------- .../services/asset_service/transports/grpc.py | 73 +--- .../asset_service/transports/grpc_asyncio.py | 73 +--- .../google/cloud/asset_v1/types/__init__.py | 4 - .../cloud/asset_v1/types/asset_service.py | 411 ++++++------------ .../google/cloud/asset_v1/types/assets.py | 204 +-------- .../unit/gapic/asset_v1/test_asset_service.py | 1 - .../credentials_v1/test_iam_credentials.py | 1 - .../unit/gapic/eventarc_v1/test_eventarc.py | 1 - .../logging_v2/test_config_service_v2.py | 1 - .../logging_v2/test_logging_service_v2.py | 1 - .../logging_v2/test_metrics_service_v2.py | 1 - .../logging_v2/test_config_service_v2.py | 1 - .../logging_v2/test_logging_service_v2.py | 1 - .../logging_v2/test_metrics_service_v2.py | 1 - .../unit/gapic/redis_v1/test_cloud_redis.py | 1 - .../unit/gapic/redis_v1/test_cloud_redis.py | 1 - 20 files changed, 349 insertions(+), 941 deletions(-) diff --git a/tests/integration/goldens/asset/google/cloud/asset/__init__.py b/tests/integration/goldens/asset/google/cloud/asset/__init__.py index 225b797f49..fd9404f4b6 100755 --- a/tests/integration/goldens/asset/google/cloud/asset/__init__.py +++ b/tests/integration/goldens/asset/google/cloud/asset/__init__.py @@ -85,7 +85,6 @@ from google.cloud.asset_v1.types.assets import Asset from google.cloud.asset_v1.types.assets import AttachedResource from google.cloud.asset_v1.types.assets import ConditionEvaluation -from google.cloud.asset_v1.types.assets import EffectiveTagDetails from google.cloud.asset_v1.types.assets import IamPolicyAnalysisResult from google.cloud.asset_v1.types.assets import IamPolicyAnalysisState from google.cloud.asset_v1.types.assets import IamPolicySearchResult @@ -96,7 +95,6 @@ from google.cloud.asset_v1.types.assets import RelationshipAttributes from google.cloud.asset_v1.types.assets import Resource from google.cloud.asset_v1.types.assets import ResourceSearchResult -from google.cloud.asset_v1.types.assets import Tag from google.cloud.asset_v1.types.assets import TemporalAsset from google.cloud.asset_v1.types.assets import TimeWindow from google.cloud.asset_v1.types.assets import VersionedResource @@ -167,7 +165,6 @@ 'Asset', 'AttachedResource', 'ConditionEvaluation', - 'EffectiveTagDetails', 'IamPolicyAnalysisResult', 'IamPolicyAnalysisState', 'IamPolicySearchResult', @@ -178,7 +175,6 @@ 'RelationshipAttributes', 'Resource', 'ResourceSearchResult', - 'Tag', 'TemporalAsset', 'TimeWindow', 'VersionedResource', diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py b/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py index 125e175091..31068ac472 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/__init__.py @@ -95,7 +95,6 @@ from .types.assets import Asset from .types.assets import AttachedResource from .types.assets import ConditionEvaluation -from .types.assets import EffectiveTagDetails from .types.assets import IamPolicyAnalysisResult from .types.assets import IamPolicyAnalysisState from .types.assets import IamPolicySearchResult @@ -106,7 +105,6 @@ from .types.assets import RelationshipAttributes from .types.assets import Resource from .types.assets import ResourceSearchResult -from .types.assets import Tag from .types.assets import TemporalAsset from .types.assets import TimeWindow from .types.assets import VersionedResource @@ -226,7 +224,6 @@ def _get_version(dependency_name): 'CreateSavedQueryRequest', 'DeleteFeedRequest', 'DeleteSavedQueryRequest', -'EffectiveTagDetails', 'ExportAssetsRequest', 'ExportAssetsResponse', 'Feed', @@ -271,7 +268,6 @@ def _get_version(dependency_name): 'SearchAllResourcesResponse', 'TableFieldSchema', 'TableSchema', -'Tag', 'TemporalAsset', 'TimeWindow', 'UpdateFeedRequest', diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py index 5dff65e7f4..6671f3a75f 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/async_client.py @@ -1233,97 +1233,62 @@ async def sample_search_all_resources(): Examples: - ``name:Important`` to find Google Cloud resources - whose name contains ``Important`` as a word. + whose name contains "Important" as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly ``Important``. + whose name is exactly "Important". - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains ``Impor`` as a prefix of - any word in the field. + whose display name contains "Impor" as a prefix of any + word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both ``us`` and ``west`` as + whose location contains both "us" and "west" as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain ``prod`` as a key or value. + labels contain "prod" as a key or value. - ``labels.env:prod`` to find Google Cloud resources - that have a label ``env`` and its value is ``prod``. + that have a label "env" and its value is "prod". - ``labels.env:*`` to find Google Cloud resources that - have a label ``env``. - - ``tagKeys:env`` to find Google Cloud resources that - have directly attached tags where the - ```TagKey.namespacedName`` `__ - contains ``env``. - - ``tagValues:prod*`` to find Google Cloud resources - that have directly attached tags where the - ```TagValue.namespacedName`` `__ - contains a word prefixed by ``prod``. - - ``tagValueIds=tagValues/123`` to find Google Cloud - resources that have directly attached tags where the - ```TagValue.name`` `__ - is exactly ``tagValues/123``. - - ``effectiveTagKeys:env`` to find Google Cloud - resources that have directly attached or inherited - tags where the - ```TagKey.namespacedName`` `__ - contains ``env``. - - ``effectiveTagValues:prod*`` to find Google Cloud - resources that have directly attached or inherited - tags where the - ```TagValue.namespacedName`` `__ - contains a word prefixed by ``prod``. - - ``effectiveTagValueIds=tagValues/123`` to find Google - Cloud resources that have directly attached or - inherited tags where the - ```TagValue.name`` `__ - is exactly ``tagValues/123``. + have a label "env". - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose - name contains ``key`` as a word. This field is - deprecated. Use the ``kmsKeys`` field to retrieve - Cloud KMS key information. + name contains "key" as a word. This field is + deprecated. Please use the ``kmsKeys`` field to + retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose - name contains the word ``key``. + name contains the word "key". - ``relationships:instance-group-1`` to find Google Cloud resources that have relationships with - ``instance-group-1`` in the related resource name. + "instance-group-1" in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of - type ``INSTANCE_TO_INSTANCEGROUP``. + type "INSTANCE_TO_INSTANCEGROUP". - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have - relationships with ``instance-group-1`` in the Compute + relationships with "instance-group-1" in the Compute Engine instance group resource name, for relationship - type ``INSTANCE_TO_INSTANCEGROUP``. - - ``sccSecurityMarks.key=value`` to find Cloud resources - that are attached with security marks whose key is - ``key`` and value is ``value``. - - ``sccSecurityMarks.key:*`` to find Cloud resources - that are attached with security marks whose key is - ``key``. + type "INSTANCE_TO_INSTANCEGROUP". - ``state:ACTIVE`` to find Google Cloud resources whose - state contains ``ACTIVE`` as a word. + state contains "ACTIVE" as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources - whose state doesn't contain ``ACTIVE`` as a word. + whose state doesn't contain "ACTIVE" as a word. - ``createTime<1609459200`` to find Google Cloud - resources that were created before - ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the - epoch timestamp of ``2021-01-01 00:00:00 UTC`` in - seconds. + resources that were created before "2021-01-01 + 00:00:00 UTC". 1609459200 is the epoch timestamp of + "2021-01-01 00:00:00 UTC" in seconds. - ``updateTime>1609459200`` to find Google Cloud - resources that were updated after - ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the - epoch timestamp of ``2021-01-01 00:00:00 UTC`` in - seconds. + resources that were updated after "2021-01-01 00:00:00 + UTC". 1609459200 is the epoch timestamp of "2021-01-01 + 00:00:00 UTC" in seconds. - ``Important`` to find Google Cloud resources that - contain ``Important`` as a word in any of the - searchable fields. + contain "Important" as a word in any of the searchable + fields. - ``Impor*`` to find Google Cloud resources that contain - ``Impor`` as a prefix of any word in any of the + "Impor" as a prefix of any word in any of the searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain ``Important`` as a + Google Cloud resources that contain "Important" as a word in any of the searchable fields and are also - located in the ``us-west1`` region or the ``global`` + located in the "us-west1" region or the "global" location. This corresponds to the ``query`` field @@ -1331,9 +1296,9 @@ async def sample_search_all_resources(): should not be set. asset_types (:class:`MutableSequence[str]`): Optional. A list of asset types that this request - searches for. If empty, it will search all the asset - types `supported by search - APIs `__. + searches for. If empty, it will search all the + `searchable asset + types `__. Regular expressions are also supported. For example: @@ -1927,8 +1892,8 @@ async def query_assets(self, metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), ) -> asset_service.QueryAssetsResponse: r"""Issue a job that queries assets using a SQL statement compatible - with `BigQuery - SQL `__. + with `BigQuery Standard + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -1939,9 +1904,9 @@ async def query_assets(self, ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by - `BigQuery `__. - Queries return larger results will result in errors. + enforced by BigQuery + https://cloud.google.com/bigquery/docs/best-practices-performance-output, + queries return larger results will result in errors. .. code-block:: python @@ -2762,17 +2727,13 @@ async def sample_analyze_org_policies(): filter (:class:`str`): The expression to filter [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results]. - Filtering is currently available for bare literal values - and the following fields: - - - consolidated_policy.attached_resource - - consolidated_policy.rules.enforce + The only supported field is + ``consolidated_policy.attached_resource``, and the only + supported operator is ``=``. - When filtering by a specific field, the only supported - operator is ``=``. For example, filtering by + Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" - will return all the Organization Policy results attached - to "folders/001". + will return the org policy results of"folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -2921,18 +2882,13 @@ async def sample_analyze_org_policy_governed_containers(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (:class:`str`): - The expression to filter - [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers]. - Filtering is currently available for bare literal values - and the following fields: + The expression to filter the governed containers in + result. The only supported field is ``parent``, and the + only supported operator is ``=``. - - parent - - consolidated_policy.rules.enforce - - When filtering by a specific field, the only supported - operator is ``=``. For example, filtering by + Example: parent="//cloudresourcemanager.googleapis.com/folders/001" - will return all the containers under "folders/001". + will return all containers under "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -3026,53 +2982,22 @@ async def analyze_org_policy_governed_assets(self, ) -> pagers.AnalyzeOrgPolicyGovernedAssetsAsyncPager: r"""Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following canned constraints: - - - constraints/ainotebooks.accessMode - - constraints/ainotebooks.disableFileDownloads - - constraints/ainotebooks.disableRootAccess - - constraints/ainotebooks.disableTerminal - - constraints/ainotebooks.environmentOptions - - constraints/ainotebooks.requireAutoUpgradeSchedule - - constraints/ainotebooks.restrictVpcNetworks - - constraints/compute.disableGuestAttributesAccess - - constraints/compute.disableInstanceDataAccessApis - - constraints/compute.disableNestedVirtualization - - constraints/compute.disableSerialPortAccess - - constraints/compute.disableSerialPortLogging - - constraints/compute.disableVpcExternalIpv6 - - constraints/compute.requireOsLogin - - constraints/compute.requireShieldedVm - - constraints/compute.restrictLoadBalancerCreationForTypes - - constraints/compute.restrictProtocolForwardingCreationForTypes - - constraints/compute.restrictXpnProjectLienRemoval - - constraints/compute.setNewProjectDefaultToZonalDNSOnly - - constraints/compute.skipDefaultNetworkCreation - - constraints/compute.trustedImageProjects - - constraints/compute.vmCanIpForward - - constraints/compute.vmExternalIpAccess - - constraints/gcp.detailedAuditLoggingMode - - constraints/gcp.resourceLocations - - constraints/iam.allowedPolicyMemberDomains - - constraints/iam.automaticIamGrantsForDefaultServiceAccounts - - constraints/iam.disableServiceAccountCreation - - constraints/iam.disableServiceAccountKeyCreation - - constraints/iam.disableServiceAccountKeyUpload - - constraints/iam.restrictCrossProjectServiceAccountLienRemoval - - constraints/iam.serviceAccountKeyExpiryHours - - constraints/resourcemanager.accessBoundaries - - constraints/resourcemanager.allowedExportDestinations - - constraints/sql.restrictAuthorizedNetworks - - constraints/sql.restrictNoncompliantDiagnosticDataAccess - - constraints/sql.restrictNoncompliantResourceCreation - - constraints/sql.restrictPublicIp - - constraints/storage.publicAccessPrevention - - constraints/storage.restrictAuthTypes - - constraints/storage.uniformBucketLevelAccess - - This RPC only returns either resources of types `supported by - search - APIs `__ + constraints and the following 10 canned constraints: + + - storage.uniformBucketLevelAccess + - iam.disableServiceAccountKeyCreation + - iam.allowedPolicyMemberDomains + - compute.vmExternalIpAccess + - appengine.enforceServiceAccountActAsCheck + - gcp.resourceLocations + - compute.trustedImageProjects + - compute.skipDefaultNetworkCreation + - compute.requireOsLogin + - compute.disableNestedVirtualization + + This RPC only returns either resources of types supported by + `searchable asset + types `__, or IAM policies. .. code-block:: python @@ -3130,40 +3055,24 @@ async def sample_analyze_org_policy_governed_assets(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (:class:`str`): - The expression to filter - [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets]. - - For governed resources, filtering is currently available - for bare literal values and the following fields: - - - governed_resource.project - - governed_resource.folders - - consolidated_policy.rules.enforce When filtering by - ``governed_resource.project`` or - ``consolidated_policy.rules.enforce``, the only - supported operator is ``=``. When filtering by - ``governed_resource.folders``, the supported operators - are ``=`` and ``:``. For example, filtering by - ``governed_resource.project="projects/12345678"`` will - return all the governed resources under - "projects/12345678", including the project itself if - applicable. - - For governed IAM policies, filtering is currently - available for bare literal values and the following - fields: - - - governed_iam_policy.project - - governed_iam_policy.folders - - consolidated_policy.rules.enforce When filtering by - ``governed_iam_policy.project`` or - ``consolidated_policy.rules.enforce``, the only - supported operator is ``=``. When filtering by - ``governed_iam_policy.folders``, the supported - operators are ``=`` and ``:``. For example, filtering - by ``governed_iam_policy.folders:"folders/12345678"`` - will return all the governed IAM policies under - "folders/001". + The expression to filter the governed assets in result. + The only supported fields for governed resources are + ``governed_resource.project`` and + ``governed_resource.folders``. The only supported fields + for governed iam policies are + ``governed_iam_policy.project`` and + ``governed_iam_policy.folders``. The only supported + operator is ``=``. + + Example 1: governed_resource.project="projects/12345678" + filter will return all governed resources under + projects/12345678 including the project ifself, if + applicable. + + Example 2: + governed_iam_policy.folders="folders/12345678" filter + will return all governed iam policies under + folders/12345678, if applicable. This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py index 3e67a6c8ba..79fb1058cb 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/client.py @@ -1650,97 +1650,62 @@ def sample_search_all_resources(): Examples: - ``name:Important`` to find Google Cloud resources - whose name contains ``Important`` as a word. + whose name contains "Important" as a word. - ``name=Important`` to find the Google Cloud resource - whose name is exactly ``Important``. + whose name is exactly "Important". - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains ``Impor`` as a prefix of - any word in the field. + whose display name contains "Impor" as a prefix of any + word in the field. - ``location:us-west*`` to find Google Cloud resources - whose location contains both ``us`` and ``west`` as + whose location contains both "us" and "west" as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain ``prod`` as a key or value. + labels contain "prod" as a key or value. - ``labels.env:prod`` to find Google Cloud resources - that have a label ``env`` and its value is ``prod``. + that have a label "env" and its value is "prod". - ``labels.env:*`` to find Google Cloud resources that - have a label ``env``. - - ``tagKeys:env`` to find Google Cloud resources that - have directly attached tags where the - ```TagKey.namespacedName`` `__ - contains ``env``. - - ``tagValues:prod*`` to find Google Cloud resources - that have directly attached tags where the - ```TagValue.namespacedName`` `__ - contains a word prefixed by ``prod``. - - ``tagValueIds=tagValues/123`` to find Google Cloud - resources that have directly attached tags where the - ```TagValue.name`` `__ - is exactly ``tagValues/123``. - - ``effectiveTagKeys:env`` to find Google Cloud - resources that have directly attached or inherited - tags where the - ```TagKey.namespacedName`` `__ - contains ``env``. - - ``effectiveTagValues:prod*`` to find Google Cloud - resources that have directly attached or inherited - tags where the - ```TagValue.namespacedName`` `__ - contains a word prefixed by ``prod``. - - ``effectiveTagValueIds=tagValues/123`` to find Google - Cloud resources that have directly attached or - inherited tags where the - ```TagValue.name`` `__ - is exactly ``tagValues/123``. + have a label "env". - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose - name contains ``key`` as a word. This field is - deprecated. Use the ``kmsKeys`` field to retrieve - Cloud KMS key information. + name contains "key" as a word. This field is + deprecated. Please use the ``kmsKeys`` field to + retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose - name contains the word ``key``. + name contains the word "key". - ``relationships:instance-group-1`` to find Google Cloud resources that have relationships with - ``instance-group-1`` in the related resource name. + "instance-group-1" in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of - type ``INSTANCE_TO_INSTANCEGROUP``. + type "INSTANCE_TO_INSTANCEGROUP". - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have - relationships with ``instance-group-1`` in the Compute + relationships with "instance-group-1" in the Compute Engine instance group resource name, for relationship - type ``INSTANCE_TO_INSTANCEGROUP``. - - ``sccSecurityMarks.key=value`` to find Cloud resources - that are attached with security marks whose key is - ``key`` and value is ``value``. - - ``sccSecurityMarks.key:*`` to find Cloud resources - that are attached with security marks whose key is - ``key``. + type "INSTANCE_TO_INSTANCEGROUP". - ``state:ACTIVE`` to find Google Cloud resources whose - state contains ``ACTIVE`` as a word. + state contains "ACTIVE" as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources - whose state doesn't contain ``ACTIVE`` as a word. + whose state doesn't contain "ACTIVE" as a word. - ``createTime<1609459200`` to find Google Cloud - resources that were created before - ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the - epoch timestamp of ``2021-01-01 00:00:00 UTC`` in - seconds. + resources that were created before "2021-01-01 + 00:00:00 UTC". 1609459200 is the epoch timestamp of + "2021-01-01 00:00:00 UTC" in seconds. - ``updateTime>1609459200`` to find Google Cloud - resources that were updated after - ``2021-01-01 00:00:00 UTC``. ``1609459200`` is the - epoch timestamp of ``2021-01-01 00:00:00 UTC`` in - seconds. + resources that were updated after "2021-01-01 00:00:00 + UTC". 1609459200 is the epoch timestamp of "2021-01-01 + 00:00:00 UTC" in seconds. - ``Important`` to find Google Cloud resources that - contain ``Important`` as a word in any of the - searchable fields. + contain "Important" as a word in any of the searchable + fields. - ``Impor*`` to find Google Cloud resources that contain - ``Impor`` as a prefix of any word in any of the + "Impor" as a prefix of any word in any of the searchable fields. - ``Important location:(us-west1 OR global)`` to find - Google Cloud resources that contain ``Important`` as a + Google Cloud resources that contain "Important" as a word in any of the searchable fields and are also - located in the ``us-west1`` region or the ``global`` + located in the "us-west1" region or the "global" location. This corresponds to the ``query`` field @@ -1748,9 +1713,9 @@ def sample_search_all_resources(): should not be set. asset_types (MutableSequence[str]): Optional. A list of asset types that this request - searches for. If empty, it will search all the asset - types `supported by search - APIs `__. + searches for. If empty, it will search all the + `searchable asset + types `__. Regular expressions are also supported. For example: @@ -2342,8 +2307,8 @@ def query_assets(self, metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), ) -> asset_service.QueryAssetsResponse: r"""Issue a job that queries assets using a SQL statement compatible - with `BigQuery - SQL `__. + with `BigQuery Standard + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -2354,9 +2319,9 @@ def query_assets(self, ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by - `BigQuery `__. - Queries return larger results will result in errors. + enforced by BigQuery + https://cloud.google.com/bigquery/docs/best-practices-performance-output, + queries return larger results will result in errors. .. code-block:: python @@ -3172,17 +3137,13 @@ def sample_analyze_org_policies(): filter (str): The expression to filter [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results]. - Filtering is currently available for bare literal values - and the following fields: - - - consolidated_policy.attached_resource - - consolidated_policy.rules.enforce + The only supported field is + ``consolidated_policy.attached_resource``, and the only + supported operator is ``=``. - When filtering by a specific field, the only supported - operator is ``=``. For example, filtering by + Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" - will return all the Organization Policy results attached - to "folders/001". + will return the org policy results of"folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -3330,18 +3291,13 @@ def sample_analyze_org_policy_governed_containers(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (str): - The expression to filter - [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers]. - Filtering is currently available for bare literal values - and the following fields: + The expression to filter the governed containers in + result. The only supported field is ``parent``, and the + only supported operator is ``=``. - - parent - - consolidated_policy.rules.enforce - - When filtering by a specific field, the only supported - operator is ``=``. For example, filtering by + Example: parent="//cloudresourcemanager.googleapis.com/folders/001" - will return all the containers under "folders/001". + will return all containers under "folders/001". This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this @@ -3434,53 +3390,22 @@ def analyze_org_policy_governed_assets(self, ) -> pagers.AnalyzeOrgPolicyGovernedAssetsPager: r"""Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following canned constraints: - - - constraints/ainotebooks.accessMode - - constraints/ainotebooks.disableFileDownloads - - constraints/ainotebooks.disableRootAccess - - constraints/ainotebooks.disableTerminal - - constraints/ainotebooks.environmentOptions - - constraints/ainotebooks.requireAutoUpgradeSchedule - - constraints/ainotebooks.restrictVpcNetworks - - constraints/compute.disableGuestAttributesAccess - - constraints/compute.disableInstanceDataAccessApis - - constraints/compute.disableNestedVirtualization - - constraints/compute.disableSerialPortAccess - - constraints/compute.disableSerialPortLogging - - constraints/compute.disableVpcExternalIpv6 - - constraints/compute.requireOsLogin - - constraints/compute.requireShieldedVm - - constraints/compute.restrictLoadBalancerCreationForTypes - - constraints/compute.restrictProtocolForwardingCreationForTypes - - constraints/compute.restrictXpnProjectLienRemoval - - constraints/compute.setNewProjectDefaultToZonalDNSOnly - - constraints/compute.skipDefaultNetworkCreation - - constraints/compute.trustedImageProjects - - constraints/compute.vmCanIpForward - - constraints/compute.vmExternalIpAccess - - constraints/gcp.detailedAuditLoggingMode - - constraints/gcp.resourceLocations - - constraints/iam.allowedPolicyMemberDomains - - constraints/iam.automaticIamGrantsForDefaultServiceAccounts - - constraints/iam.disableServiceAccountCreation - - constraints/iam.disableServiceAccountKeyCreation - - constraints/iam.disableServiceAccountKeyUpload - - constraints/iam.restrictCrossProjectServiceAccountLienRemoval - - constraints/iam.serviceAccountKeyExpiryHours - - constraints/resourcemanager.accessBoundaries - - constraints/resourcemanager.allowedExportDestinations - - constraints/sql.restrictAuthorizedNetworks - - constraints/sql.restrictNoncompliantDiagnosticDataAccess - - constraints/sql.restrictNoncompliantResourceCreation - - constraints/sql.restrictPublicIp - - constraints/storage.publicAccessPrevention - - constraints/storage.restrictAuthTypes - - constraints/storage.uniformBucketLevelAccess - - This RPC only returns either resources of types `supported by - search - APIs `__ + constraints and the following 10 canned constraints: + + - storage.uniformBucketLevelAccess + - iam.disableServiceAccountKeyCreation + - iam.allowedPolicyMemberDomains + - compute.vmExternalIpAccess + - appengine.enforceServiceAccountActAsCheck + - gcp.resourceLocations + - compute.trustedImageProjects + - compute.skipDefaultNetworkCreation + - compute.requireOsLogin + - compute.disableNestedVirtualization + + This RPC only returns either resources of types supported by + `searchable asset + types `__, or IAM policies. .. code-block:: python @@ -3538,40 +3463,24 @@ def sample_analyze_org_policy_governed_assets(): on the ``request`` instance; if ``request`` is provided, this should not be set. filter (str): - The expression to filter - [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets]. - - For governed resources, filtering is currently available - for bare literal values and the following fields: - - - governed_resource.project - - governed_resource.folders - - consolidated_policy.rules.enforce When filtering by - ``governed_resource.project`` or - ``consolidated_policy.rules.enforce``, the only - supported operator is ``=``. When filtering by - ``governed_resource.folders``, the supported operators - are ``=`` and ``:``. For example, filtering by - ``governed_resource.project="projects/12345678"`` will - return all the governed resources under - "projects/12345678", including the project itself if - applicable. - - For governed IAM policies, filtering is currently - available for bare literal values and the following - fields: - - - governed_iam_policy.project - - governed_iam_policy.folders - - consolidated_policy.rules.enforce When filtering by - ``governed_iam_policy.project`` or - ``consolidated_policy.rules.enforce``, the only - supported operator is ``=``. When filtering by - ``governed_iam_policy.folders``, the supported - operators are ``=`` and ``:``. For example, filtering - by ``governed_iam_policy.folders:"folders/12345678"`` - will return all the governed IAM policies under - "folders/001". + The expression to filter the governed assets in result. + The only supported fields for governed resources are + ``governed_resource.project`` and + ``governed_resource.folders``. The only supported fields + for governed iam policies are + ``governed_iam_policy.project`` and + ``governed_iam_policy.folders``. The only supported + operator is ``=``. + + Example 1: governed_resource.project="projects/12345678" + filter will return all governed resources under + projects/12345678 including the project ifself, if + applicable. + + Example 2: + governed_iam_policy.folders="folders/12345678" filter + will return all governed iam policies under + folders/12345678, if applicable. This corresponds to the ``filter`` field on the ``request`` instance; if ``request`` is provided, this diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py index c5b8206318..daa6a60e7e 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc.py @@ -720,8 +720,8 @@ def query_assets(self) -> Callable[ r"""Return a callable for the query assets method over gRPC. Issue a job that queries assets using a SQL statement compatible - with `BigQuery - SQL `__. + with `BigQuery Standard + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -732,9 +732,9 @@ def query_assets(self) -> Callable[ ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by - `BigQuery `__. - Queries return larger results will result in errors. + enforced by BigQuery + https://cloud.google.com/bigquery/docs/best-practices-performance-output, + queries return larger results will result in errors. Returns: Callable[[~.QueryAssetsRequest], @@ -976,53 +976,22 @@ def analyze_org_policy_governed_assets(self) -> Callable[ Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following canned constraints: - - - constraints/ainotebooks.accessMode - - constraints/ainotebooks.disableFileDownloads - - constraints/ainotebooks.disableRootAccess - - constraints/ainotebooks.disableTerminal - - constraints/ainotebooks.environmentOptions - - constraints/ainotebooks.requireAutoUpgradeSchedule - - constraints/ainotebooks.restrictVpcNetworks - - constraints/compute.disableGuestAttributesAccess - - constraints/compute.disableInstanceDataAccessApis - - constraints/compute.disableNestedVirtualization - - constraints/compute.disableSerialPortAccess - - constraints/compute.disableSerialPortLogging - - constraints/compute.disableVpcExternalIpv6 - - constraints/compute.requireOsLogin - - constraints/compute.requireShieldedVm - - constraints/compute.restrictLoadBalancerCreationForTypes - - constraints/compute.restrictProtocolForwardingCreationForTypes - - constraints/compute.restrictXpnProjectLienRemoval - - constraints/compute.setNewProjectDefaultToZonalDNSOnly - - constraints/compute.skipDefaultNetworkCreation - - constraints/compute.trustedImageProjects - - constraints/compute.vmCanIpForward - - constraints/compute.vmExternalIpAccess - - constraints/gcp.detailedAuditLoggingMode - - constraints/gcp.resourceLocations - - constraints/iam.allowedPolicyMemberDomains - - constraints/iam.automaticIamGrantsForDefaultServiceAccounts - - constraints/iam.disableServiceAccountCreation - - constraints/iam.disableServiceAccountKeyCreation - - constraints/iam.disableServiceAccountKeyUpload - - constraints/iam.restrictCrossProjectServiceAccountLienRemoval - - constraints/iam.serviceAccountKeyExpiryHours - - constraints/resourcemanager.accessBoundaries - - constraints/resourcemanager.allowedExportDestinations - - constraints/sql.restrictAuthorizedNetworks - - constraints/sql.restrictNoncompliantDiagnosticDataAccess - - constraints/sql.restrictNoncompliantResourceCreation - - constraints/sql.restrictPublicIp - - constraints/storage.publicAccessPrevention - - constraints/storage.restrictAuthTypes - - constraints/storage.uniformBucketLevelAccess - - This RPC only returns either resources of types `supported by - search - APIs `__ + constraints and the following 10 canned constraints: + + - storage.uniformBucketLevelAccess + - iam.disableServiceAccountKeyCreation + - iam.allowedPolicyMemberDomains + - compute.vmExternalIpAccess + - appengine.enforceServiceAccountActAsCheck + - gcp.resourceLocations + - compute.trustedImageProjects + - compute.skipDefaultNetworkCreation + - compute.requireOsLogin + - compute.disableNestedVirtualization + + This RPC only returns either resources of types supported by + `searchable asset + types `__, or IAM policies. Returns: diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py index 8c07e9cd21..ef1bd83e28 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/services/asset_service/transports/grpc_asyncio.py @@ -726,8 +726,8 @@ def query_assets(self) -> Callable[ r"""Return a callable for the query assets method over gRPC. Issue a job that queries assets using a SQL statement compatible - with `BigQuery - SQL `__. + with `BigQuery Standard + SQL `__. If the query execution finishes within timeout and there's no pagination, the full query results will be returned in the @@ -738,9 +738,9 @@ def query_assets(self) -> Callable[ ``QueryAssets`` call. Note, the query result has approximately 10 GB limitation - enforced by - `BigQuery `__. - Queries return larger results will result in errors. + enforced by BigQuery + https://cloud.google.com/bigquery/docs/best-practices-performance-output, + queries return larger results will result in errors. Returns: Callable[[~.QueryAssetsRequest], @@ -982,53 +982,22 @@ def analyze_org_policy_governed_assets(self) -> Callable[ Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom - constraints and the following canned constraints: - - - constraints/ainotebooks.accessMode - - constraints/ainotebooks.disableFileDownloads - - constraints/ainotebooks.disableRootAccess - - constraints/ainotebooks.disableTerminal - - constraints/ainotebooks.environmentOptions - - constraints/ainotebooks.requireAutoUpgradeSchedule - - constraints/ainotebooks.restrictVpcNetworks - - constraints/compute.disableGuestAttributesAccess - - constraints/compute.disableInstanceDataAccessApis - - constraints/compute.disableNestedVirtualization - - constraints/compute.disableSerialPortAccess - - constraints/compute.disableSerialPortLogging - - constraints/compute.disableVpcExternalIpv6 - - constraints/compute.requireOsLogin - - constraints/compute.requireShieldedVm - - constraints/compute.restrictLoadBalancerCreationForTypes - - constraints/compute.restrictProtocolForwardingCreationForTypes - - constraints/compute.restrictXpnProjectLienRemoval - - constraints/compute.setNewProjectDefaultToZonalDNSOnly - - constraints/compute.skipDefaultNetworkCreation - - constraints/compute.trustedImageProjects - - constraints/compute.vmCanIpForward - - constraints/compute.vmExternalIpAccess - - constraints/gcp.detailedAuditLoggingMode - - constraints/gcp.resourceLocations - - constraints/iam.allowedPolicyMemberDomains - - constraints/iam.automaticIamGrantsForDefaultServiceAccounts - - constraints/iam.disableServiceAccountCreation - - constraints/iam.disableServiceAccountKeyCreation - - constraints/iam.disableServiceAccountKeyUpload - - constraints/iam.restrictCrossProjectServiceAccountLienRemoval - - constraints/iam.serviceAccountKeyExpiryHours - - constraints/resourcemanager.accessBoundaries - - constraints/resourcemanager.allowedExportDestinations - - constraints/sql.restrictAuthorizedNetworks - - constraints/sql.restrictNoncompliantDiagnosticDataAccess - - constraints/sql.restrictNoncompliantResourceCreation - - constraints/sql.restrictPublicIp - - constraints/storage.publicAccessPrevention - - constraints/storage.restrictAuthTypes - - constraints/storage.uniformBucketLevelAccess - - This RPC only returns either resources of types `supported by - search - APIs `__ + constraints and the following 10 canned constraints: + + - storage.uniformBucketLevelAccess + - iam.disableServiceAccountKeyCreation + - iam.allowedPolicyMemberDomains + - compute.vmExternalIpAccess + - appengine.enforceServiceAccountActAsCheck + - gcp.resourceLocations + - compute.trustedImageProjects + - compute.skipDefaultNetworkCreation + - compute.requireOsLogin + - compute.disableNestedVirtualization + + This RPC only returns either resources of types supported by + `searchable asset + types `__, or IAM policies. Returns: diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py b/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py index 380fb7c3dc..d8a9b7f910 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/types/__init__.py @@ -80,7 +80,6 @@ Asset, AttachedResource, ConditionEvaluation, - EffectiveTagDetails, IamPolicyAnalysisResult, IamPolicyAnalysisState, IamPolicySearchResult, @@ -91,7 +90,6 @@ RelationshipAttributes, Resource, ResourceSearchResult, - Tag, TemporalAsset, TimeWindow, VersionedResource, @@ -162,7 +160,6 @@ 'Asset', 'AttachedResource', 'ConditionEvaluation', - 'EffectiveTagDetails', 'IamPolicyAnalysisResult', 'IamPolicyAnalysisState', 'IamPolicySearchResult', @@ -173,7 +170,6 @@ 'RelationshipAttributes', 'Resource', 'ResourceSearchResult', - 'Tag', 'TemporalAsset', 'TimeWindow', 'VersionedResource', diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py b/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py index 78c42225e0..371873f896 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/types/asset_service.py @@ -1096,95 +1096,63 @@ class SearchAllResourcesRequest(proto.Message): Examples: - ``name:Important`` to find Google Cloud resources whose - name contains ``Important`` as a word. + name contains "Important" as a word. - ``name=Important`` to find the Google Cloud resource whose - name is exactly ``Important``. + name is exactly "Important". - ``displayName:Impor*`` to find Google Cloud resources - whose display name contains ``Impor`` as a prefix of any + whose display name contains "Impor" as a prefix of any word in the field. - ``location:us-west*`` to find Google Cloud resources whose - location contains both ``us`` and ``west`` as prefixes. + location contains both "us" and "west" as prefixes. - ``labels:prod`` to find Google Cloud resources whose - labels contain ``prod`` as a key or value. + labels contain "prod" as a key or value. - ``labels.env:prod`` to find Google Cloud resources that - have a label ``env`` and its value is ``prod``. + have a label "env" and its value is "prod". - ``labels.env:*`` to find Google Cloud resources that have - a label ``env``. - - ``tagKeys:env`` to find Google Cloud resources that have - directly attached tags where the - ```TagKey.namespacedName`` `__ - contains ``env``. - - ``tagValues:prod*`` to find Google Cloud resources that - have directly attached tags where the - ```TagValue.namespacedName`` `__ - contains a word prefixed by ``prod``. - - ``tagValueIds=tagValues/123`` to find Google Cloud - resources that have directly attached tags where the - ```TagValue.name`` `__ - is exactly ``tagValues/123``. - - ``effectiveTagKeys:env`` to find Google Cloud resources - that have directly attached or inherited tags where the - ```TagKey.namespacedName`` `__ - contains ``env``. - - ``effectiveTagValues:prod*`` to find Google Cloud - resources that have directly attached or inherited tags - where the - ```TagValue.namespacedName`` `__ - contains a word prefixed by ``prod``. - - ``effectiveTagValueIds=tagValues/123`` to find Google - Cloud resources that have directly attached or inherited - tags where the - ```TagValue.name`` `__ - is exactly ``tagValues/123``. + a label "env". - ``kmsKey:key`` to find Google Cloud resources encrypted with a customer-managed encryption key whose name contains - ``key`` as a word. This field is deprecated. Use the + "key" as a word. This field is deprecated. Please use the ``kmsKeys`` field to retrieve Cloud KMS key information. - ``kmsKeys:key`` to find Google Cloud resources encrypted with customer-managed encryption keys whose name contains - the word ``key``. + the word "key". - ``relationships:instance-group-1`` to find Google Cloud - resources that have relationships with - ``instance-group-1`` in the related resource name. + resources that have relationships with "instance-group-1" + in the related resource name. - ``relationships:INSTANCE_TO_INSTANCEGROUP`` to find Compute Engine instances that have relationships of type - ``INSTANCE_TO_INSTANCEGROUP``. + "INSTANCE_TO_INSTANCEGROUP". - ``relationships.INSTANCE_TO_INSTANCEGROUP:instance-group-1`` to find Compute Engine instances that have relationships - with ``instance-group-1`` in the Compute Engine instance + with "instance-group-1" in the Compute Engine instance group resource name, for relationship type - ``INSTANCE_TO_INSTANCEGROUP``. - - ``sccSecurityMarks.key=value`` to find Cloud resources - that are attached with security marks whose key is ``key`` - and value is ``value``. - - ``sccSecurityMarks.key:*`` to find Cloud resources that - are attached with security marks whose key is ``key``. + "INSTANCE_TO_INSTANCEGROUP". - ``state:ACTIVE`` to find Google Cloud resources whose - state contains ``ACTIVE`` as a word. + state contains "ACTIVE" as a word. - ``NOT state:ACTIVE`` to find Google Cloud resources whose - state doesn't contain ``ACTIVE`` as a word. + state doesn't contain "ACTIVE" as a word. - ``createTime<1609459200`` to find Google Cloud resources - that were created before ``2021-01-01 00:00:00 UTC``. - ``1609459200`` is the epoch timestamp of - ``2021-01-01 00:00:00 UTC`` in seconds. + that were created before "2021-01-01 00:00:00 UTC". + 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 + UTC" in seconds. - ``updateTime>1609459200`` to find Google Cloud resources - that were updated after ``2021-01-01 00:00:00 UTC``. - ``1609459200`` is the epoch timestamp of - ``2021-01-01 00:00:00 UTC`` in seconds. + that were updated after "2021-01-01 00:00:00 UTC". + 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 + UTC" in seconds. - ``Important`` to find Google Cloud resources that contain - ``Important`` as a word in any of the searchable fields. + "Important" as a word in any of the searchable fields. - ``Impor*`` to find Google Cloud resources that contain - ``Impor`` as a prefix of any word in any of the searchable + "Impor" as a prefix of any word in any of the searchable fields. - ``Important location:(us-west1 OR global)`` to find Google - Cloud resources that contain ``Important`` as a word in - any of the searchable fields and are also located in the - ``us-west1`` region or the ``global`` location. + Cloud resources that contain "Important" as a word in any + of the searchable fields and are also located in the + "us-west1" region or the "global" location. asset_types (MutableSequence[str]): Optional. A list of asset types that this request searches - for. If empty, it will search all the asset types `supported - by search - APIs `__. + for. If empty, it will search all the `searchable asset + types `__. Regular expressions are also supported. For example: @@ -1202,10 +1170,10 @@ class SearchAllResourcesRequest(proto.Message): page_size (int): Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If - set to zero or a negative value, server will pick an - appropriate default. Returned results may be fewer than - requested. When this happens, there could be more results as - long as ``next_page_token`` is returned. + set to zero, server will pick an appropriate default. + Returned results may be fewer than requested. When this + happens, there could be more results as long as + ``next_page_token`` is returned. page_token (str): Optional. If present, then retrieve the next batch of results from the preceding call to this method. @@ -1217,8 +1185,8 @@ class SearchAllResourcesRequest(proto.Message): sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. - Example: "location DESC, name". Only the following fields in - the response are sortable: + Example: "location DESC, name". Only singular primitive + fields in the response are sortable: - name - assetType @@ -1231,40 +1199,47 @@ class SearchAllResourcesRequest(proto.Message): - state - parentFullResourceName - parentAssetType + + All the other fields such as repeated fields (e.g., + ``networkTags``, ``kmsKeys``), map fields (e.g., ``labels``) + and struct fields (e.g., ``additionalAttributes``) are not + supported. read_mask (google.protobuf.field_mask_pb2.FieldMask): - Optional. A comma-separated list of fields that you want - returned in the results. The following fields are returned - by default if not specified: - - - ``name`` - - ``assetType`` - - ``project`` - - ``folders`` - - ``organization`` - - ``displayName`` - - ``description`` - - ``location`` - - ``labels`` - - ``tags`` - - ``effectiveTags`` - - ``networkTags`` - - ``kmsKeys`` - - ``createTime`` - - ``updateTime`` - - ``state`` - - ``additionalAttributes`` - - ``parentFullResourceName`` - - ``parentAssetType`` - - Some fields of large size, such as ``versionedResources``, - ``attachedResources``, ``effectiveTags`` etc., are not - returned by default, but you can specify them in the - ``read_mask`` parameter if you want to include them. If - ``"*"`` is specified, all `available - fields `__ - are returned. Examples: ``"name,location"``, - ``"name,versionedResources"``, ``"*"``. Any invalid field - path will trigger INVALID_ARGUMENT error. + Optional. A comma-separated list of fields specifying which + fields to be returned in ResourceSearchResult. Only '\*' or + combination of top level fields can be specified. Field + names of both snake_case and camelCase are supported. + Examples: ``"*"``, ``"name,location"``, + ``"name,versionedResources"``. + + The read_mask paths must be valid field paths listed but not + limited to (both snake_case and camelCase are supported): + + - name + - assetType + - project + - displayName + - description + - location + - tagKeys + - tagValues + - tagValueIds + - labels + - networkTags + - kmsKey (This field is deprecated. Please use the + ``kmsKeys`` field to retrieve Cloud KMS key information.) + - kmsKeys + - createTime + - updateTime + - state + - additionalAttributes + - versionedResources + + If read_mask is not specified, all fields except + versionedResources will be returned. If only '\*' is + specified, all fields including versionedResources will be + returned. Any invalid field path will trigger + INVALID_ARGUMENT error. """ scope: str = proto.Field( @@ -1396,10 +1371,10 @@ class SearchAllIamPoliciesRequest(proto.Message): page_size (int): Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If - set to zero or a negative value, server will pick an - appropriate default. Returned results may be fewer than - requested. When this happens, there could be more results as - long as ``next_page_token`` is returned. + set to zero, server will pick an appropriate default. + Returned results may be fewer than requested. When this + happens, there could be more results as long as + ``next_page_token`` is returned. page_token (str): Optional. If present, retrieve the next batch of results from the preceding call to this method. ``page_token`` must @@ -1409,8 +1384,8 @@ class SearchAllIamPoliciesRequest(proto.Message): asset_types (MutableSequence[str]): Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that - are attached to all the asset types `supported by search - APIs `__ + are attached to all the `searchable asset + types `__. Regular expressions are also supported. For example: @@ -1512,10 +1487,10 @@ class IamPolicyAnalysisQuery(proto.Message): "projects/my-project-id"), or a project number (such as "projects/12345"). - To know how to get organization ID, visit + To know how to get organization id, visit `here `__. - To know how to get folder or project ID, visit + To know how to get folder or project id, visit `here `__. resource_selector (google.cloud.asset_v1.types.IamPolicyAnalysisQuery.ResourceSelector): Optional. Specifies a resource for analysis. @@ -1804,8 +1779,8 @@ class AnalyzeIamPolicyRequest(proto.Message): If both ``analysis_query`` and ``saved_analysis_query`` are provided, they will be merged together with the ``saved_analysis_query`` as base and the ``analysis_query`` - as overrides. For more details of the merge behavior, refer - to the + as overrides. For more details of the merge behavior, please + refer to the `MergeFrom `__ page. @@ -2078,8 +2053,8 @@ class AnalyzeIamPolicyLongrunningRequest(proto.Message): If both ``analysis_query`` and ``saved_analysis_query`` are provided, they will be merged together with the ``saved_analysis_query`` as base and the ``analysis_query`` - as overrides. For more details of the merge behavior, refer - to the + as overrides. For more details of the merge behavior, please + refer to the `MergeFrom `__ doc. @@ -2644,7 +2619,8 @@ class QueryAssetsRequest(proto.Message): Only assets belonging to the ``parent`` will be returned. statement (str): Optional. A SQL statement that's compatible with `BigQuery - SQL `__. + Standard + SQL `__. This field is a member of `oneof`_ ``query``. job_reference (str): @@ -2944,16 +2920,16 @@ class BatchGetEffectiveIamPoliciesRequest(proto.Message): "projects/my-project-id"), or a project number (such as "projects/12345"). - To know how to get organization ID, visit + To know how to get organization id, visit `here `__. - To know how to get folder or project ID, visit + To know how to get folder or project id, visit `here `__. names (MutableSequence[str]): Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) - of the asset types `supported by search - APIs `__. + of `searchable asset + types `__. A maximum of 20 resources' effective policies can be retrieved in a batch. """ @@ -3098,11 +3074,7 @@ class AnalyzerOrgPolicy(proto.Message): """ class Rule(proto.Message): - r"""This rule message is a customized version of the one defined - in the Organization Policy system. In addition to the fields - defined in the original organization policy, it contains - additional field(s) under specific circumstances to support - analysis results. + r"""Represents a rule defined in an organization policy This message has `oneof`_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. @@ -3113,9 +3085,9 @@ class Rule(proto.Message): Attributes: values (google.cloud.asset_v1.types.AnalyzerOrgPolicy.Rule.StringValues): - List of values to be used for this policy - rule. This field can be set only in policies for - list constraints. + List of values to be used for this + PolicyRule. This field can be set only in + Policies for list constraints. This field is a member of `oneof`_ ``kind``. allow_all (bool): @@ -3138,21 +3110,6 @@ class Rule(proto.Message): This field is a member of `oneof`_ ``kind``. condition (google.type.expr_pb2.Expr): The evaluating condition for this rule. - condition_evaluation (google.cloud.asset_v1.types.ConditionEvaluation): - The condition evaluation result for this rule. Only - populated if it meets all the following criteria: - - - There is a - [condition][google.cloud.asset.v1.AnalyzerOrgPolicy.Rule.condition] - defined for this rule. - - This rule is within - [AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer.consolidated_policy], - or - [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.consolidated_policy] - when the - [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset] - has - [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedAsset.governed_resource]. """ class StringValues(proto.Message): @@ -3200,11 +3157,6 @@ class StringValues(proto.Message): number=7, message=expr_pb2.Expr, ) - condition_evaluation: gca_assets.ConditionEvaluation = proto.Field( - proto.MESSAGE, - number=8, - message=gca_assets.ConditionEvaluation, - ) attached_resource: str = proto.Field( proto.STRING, @@ -3517,17 +3469,13 @@ class AnalyzeOrgPoliciesRequest(proto.Message): filter (str): The expression to filter [AnalyzeOrgPoliciesResponse.org_policy_results][google.cloud.asset.v1.AnalyzeOrgPoliciesResponse.org_policy_results]. - Filtering is currently available for bare literal values and - the following fields: - - - consolidated_policy.attached_resource - - consolidated_policy.rules.enforce + The only supported field is + ``consolidated_policy.attached_resource``, and the only + supported operator is ``=``. - When filtering by a specific field, the only supported - operator is ``=``. For example, filtering by + Example: consolidated_policy.attached_resource="//cloudresourcemanager.googleapis.com/folders/001" - will return all the Organization Policy results attached to - "folders/001". + will return the org policy results of"folders/001". page_size (int): The maximum number of items to return per page. If unspecified, @@ -3599,20 +3547,6 @@ class OrgPolicyResult(proto.Message): If the constraint is defined with default policy, it will also appear in the list. - project (str): - The project that this consolidated policy belongs to, in the - format of projects/{PROJECT_NUMBER}. This field is available - when the consolidated policy belongs to a project. - folders (MutableSequence[str]): - The folder(s) that this consolidated policy belongs to, in - the format of folders/{FOLDER_NUMBER}. This field is - available when the consolidated policy belongs (directly or - cascadingly) to one or more folders. - organization (str): - The organization that this consolidated policy belongs to, - in the format of organizations/{ORGANIZATION_NUMBER}. This - field is available when the consolidated policy belongs - (directly or cascadingly) to an organization. """ consolidated_policy: 'AnalyzerOrgPolicy' = proto.Field( @@ -3625,18 +3559,6 @@ class OrgPolicyResult(proto.Message): number=2, message='AnalyzerOrgPolicy', ) - project: str = proto.Field( - proto.STRING, - number=3, - ) - folders: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=4, - ) - organization: str = proto.Field( - proto.STRING, - number=5, - ) @property def raw_page(self): @@ -3680,18 +3602,13 @@ class AnalyzeOrgPolicyGovernedContainersRequest(proto.Message): only contains organization policies for the provided constraint. filter (str): - The expression to filter - [AnalyzeOrgPolicyGovernedContainersResponse.governed_containers][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.governed_containers]. - Filtering is currently available for bare literal values and - the following fields: + The expression to filter the governed containers in result. + The only supported field is ``parent``, and the only + supported operator is ``=``. - - parent - - consolidated_policy.rules.enforce - - When filtering by a specific field, the only supported - operator is ``=``. For example, filtering by + Example: parent="//cloudresourcemanager.googleapis.com/folders/001" - will return all the containers under "folders/001". + will return all containers under "folders/001". page_size (int): The maximum number of items to return per page. If unspecified, @@ -3772,22 +3689,6 @@ class GovernedContainer(proto.Message): If the constraint is defined with default policy, it will also appear in the list. - project (str): - The project that this resource belongs to, in the format of - projects/{PROJECT_NUMBER}. This field is available when the - resource belongs to a project. - folders (MutableSequence[str]): - The folder(s) that this resource belongs to, in the format - of folders/{FOLDER_NUMBER}. This field is available when the - resource belongs (directly or cascadingly) to one or more - folders. - organization (str): - The organization that this resource belongs to, in the - format of organizations/{ORGANIZATION_NUMBER}. This field is - available when the resource belongs (directly or - cascadingly) to an organization. - effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): - The effective tags on this resource. """ full_resource_name: str = proto.Field( @@ -3808,23 +3709,6 @@ class GovernedContainer(proto.Message): number=4, message='AnalyzerOrgPolicy', ) - project: str = proto.Field( - proto.STRING, - number=5, - ) - folders: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=6, - ) - organization: str = proto.Field( - proto.STRING, - number=7, - ) - effective_tags: MutableSequence[gca_assets.EffectiveTagDetails] = proto.RepeatedField( - proto.MESSAGE, - number=8, - message=gca_assets.EffectiveTagDetails, - ) @property def raw_page(self): @@ -3868,38 +3752,22 @@ class AnalyzeOrgPolicyGovernedAssetsRequest(proto.Message): contains analyzed organization policies for the provided constraint. filter (str): - The expression to filter - [AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.governed_assets]. - - For governed resources, filtering is currently available for - bare literal values and the following fields: - - - governed_resource.project - - governed_resource.folders - - consolidated_policy.rules.enforce When filtering by - ``governed_resource.project`` or - ``consolidated_policy.rules.enforce``, the only supported - operator is ``=``. When filtering by - ``governed_resource.folders``, the supported operators are - ``=`` and ``:``. For example, filtering by - ``governed_resource.project="projects/12345678"`` will - return all the governed resources under - "projects/12345678", including the project itself if - applicable. - - For governed IAM policies, filtering is currently available - for bare literal values and the following fields: - - - governed_iam_policy.project - - governed_iam_policy.folders - - consolidated_policy.rules.enforce When filtering by - ``governed_iam_policy.project`` or - ``consolidated_policy.rules.enforce``, the only supported - operator is ``=``. When filtering by - ``governed_iam_policy.folders``, the supported operators - are ``=`` and ``:``. For example, filtering by - ``governed_iam_policy.folders:"folders/12345678"`` will - return all the governed IAM policies under "folders/001". + The expression to filter the governed assets in result. The + only supported fields for governed resources are + ``governed_resource.project`` and + ``governed_resource.folders``. The only supported fields for + governed iam policies are ``governed_iam_policy.project`` + and ``governed_iam_policy.folders``. The only supported + operator is ``=``. + + Example 1: governed_resource.project="projects/12345678" + filter will return all governed resources under + projects/12345678 including the project ifself, if + applicable. + + Example 2: governed_iam_policy.folders="folders/12345678" + filter will return all governed iam policies under + folders/12345678, if applicable. page_size (int): The maximum number of items to return per page. If unspecified, @@ -3979,15 +3847,6 @@ class GovernedResource(proto.Message): format of organizations/{ORGANIZATION_NUMBER}. This field is available when the resource belongs (directly or cascadingly) to an organization. - asset_type (str): - The asset type of the - [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name] - Example: ``cloudresourcemanager.googleapis.com/Project`` See - `Cloud Asset Inventory Supported Asset - Types `__ - for all supported asset types. - effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): - The effective tags on this resource. """ full_resource_name: str = proto.Field( @@ -4010,15 +3869,6 @@ class GovernedResource(proto.Message): proto.STRING, number=7, ) - asset_type: str = proto.Field( - proto.STRING, - number=8, - ) - effective_tags: MutableSequence[gca_assets.EffectiveTagDetails] = proto.RepeatedField( - proto.MESSAGE, - number=9, - message=gca_assets.EffectiveTagDetails, - ) class GovernedIamPolicy(proto.Message): r"""The IAM policies governed by the organization policies of the @@ -4026,8 +3876,8 @@ class GovernedIamPolicy(proto.Message): Attributes: attached_resource (str): - The full resource name of the resource on which this IAM - policy is set. Example: + The full resource name of the resource associated with this + IAM policy. Example: ``//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1``. See `Cloud Asset Inventory Resource Name Format `__ @@ -4049,13 +3899,6 @@ class GovernedIamPolicy(proto.Message): format of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs (directly or cascadingly) to an organization. - asset_type (str): - The asset type of the - [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource]. - Example: ``cloudresourcemanager.googleapis.com/Project`` See - `Cloud Asset Inventory Supported Asset - Types `__ - for all supported asset types. """ attached_resource: str = proto.Field( @@ -4079,10 +3922,6 @@ class GovernedIamPolicy(proto.Message): proto.STRING, number=7, ) - asset_type: str = proto.Field( - proto.STRING, - number=8, - ) class GovernedAsset(proto.Message): r"""Represents a Google Cloud asset(resource or IAM policy) governed by diff --git a/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py b/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py index acfc456895..e3e94d6271 100755 --- a/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py +++ b/tests/integration/goldens/asset/google/cloud/asset_v1/types/assets.py @@ -40,8 +40,6 @@ 'RelatedAssets', 'RelationshipAttributes', 'RelatedAsset', - 'Tag', - 'EffectiveTagDetails', 'ResourceSearchResult', 'VersionedResource', 'AttachedResource', @@ -201,17 +199,17 @@ class Asset(proto.Message): There can be more than one organization policy with different constraints set on a given resource. access_policy (google.identity.accesscontextmanager.v1.access_policy_pb2.AccessPolicy): - Also refer to the `access policy user + Please also refer to the `access policy user guide `__. This field is a member of `oneof`_ ``access_context_policy``. access_level (google.identity.accesscontextmanager.v1.access_level_pb2.AccessLevel): - Also refer to the `access level user + Please also refer to the `access level user guide `__. This field is a member of `oneof`_ ``access_context_policy``. service_perimeter (google.identity.accesscontextmanager.v1.service_perimeter_pb2.ServicePerimeter): - Also refer to the `service perimeter user + Please also refer to the `service perimeter user guide `__. This field is a member of `oneof`_ ``access_context_policy``. @@ -345,6 +343,8 @@ class Resource(proto.Message): hierarchy `__. Example: ``//cloudresourcemanager.googleapis.com/projects/my_project_123`` + + For third-party assets, this field may be set differently. data (google.protobuf.struct_pb2.Struct): The content of the resource, in which some sensitive fields are removed and may not be @@ -509,99 +509,9 @@ class RelatedAsset(proto.Message): ) -class Tag(proto.Message): - r"""The key and value for a - `tag `__. - - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - tag_key (str): - TagKey namespaced name, in the format of - {ORG_ID}/{TAG_KEY_SHORT_NAME}. - - This field is a member of `oneof`_ ``_tag_key``. - tag_key_id (str): - TagKey ID, in the format of tagKeys/{TAG_KEY_ID}. - - This field is a member of `oneof`_ ``_tag_key_id``. - tag_value (str): - TagValue namespaced name, in the format of - {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. - - This field is a member of `oneof`_ ``_tag_value``. - tag_value_id (str): - TagValue ID, in the format of tagValues/{TAG_VALUE_ID}. - - This field is a member of `oneof`_ ``_tag_value_id``. - """ - - tag_key: str = proto.Field( - proto.STRING, - number=1, - optional=True, - ) - tag_key_id: str = proto.Field( - proto.STRING, - number=2, - optional=True, - ) - tag_value: str = proto.Field( - proto.STRING, - number=3, - optional=True, - ) - tag_value_id: str = proto.Field( - proto.STRING, - number=4, - optional=True, - ) - - -class EffectiveTagDetails(proto.Message): - r"""The effective tags and the ancestor resources from which they - were inherited. - - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - attached_resource (str): - The `full resource - name `__ - of the ancestor from which an [effective_tag][] is - inherited, according to `tag - inheritance `__. - - This field is a member of `oneof`_ ``_attached_resource``. - effective_tags (MutableSequence[google.cloud.asset_v1.types.Tag]): - The effective tags inherited from the - [attached_resource][google.cloud.asset.v1.EffectiveTagDetails.attached_resource]. - Note that tags with the same key but different values may - attach to resources at a different hierarchy levels. The - lower hierarchy tag value will overwrite the higher - hierarchy tag value of the same tag key. In this case, the - tag value at the higher hierarchy level will be removed. For - more information, see `tag - inheritance `__. - """ - - attached_resource: str = proto.Field( - proto.STRING, - number=1, - optional=True, - ) - effective_tags: MutableSequence['Tag'] = proto.RepeatedField( - proto.MESSAGE, - number=2, - message='Tag', - ) - - class ResourceSearchResult(proto.Message): r"""A result of Resource Search, containing information of a - cloud resource. Next ID: 34 + cloud resource. Next ID: 32 Attributes: name (str): @@ -720,10 +630,10 @@ class ResourceSearchResult(proto.Message): name. This field only presents for the purpose of backward - compatibility. Use the ``kms_keys`` field to retrieve Cloud - KMS key information. This field is available only when the - resource's Protobuf contains it and will only be populated - for `these resource + compatibility. Please use the ``kms_keys`` field to retrieve + Cloud KMS key information. This field is available only when + the resource's Protobuf contains it and will only be + populated for `these resource types `__ for backward compatible purposes. @@ -805,7 +715,7 @@ class ResourceSearchResult(proto.Message): provided by the corresponding Google Cloud service (e.g., Compute Engine). see `API references and supported searchable - attributes `__ + attributes `__ to see which fields are included. You can search values of these fields through free text @@ -854,9 +764,6 @@ class ResourceSearchResult(proto.Message): ``INSTANCE_TO_INSTANCEGROUP``. See `supported relationship types `__. tag_keys (MutableSequence[str]): - This field is only present for the purpose of backward - compatibility. Use the ``tags`` field instead. - TagKey namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}. To search against the ``tagKeys``: @@ -871,9 +778,6 @@ class ResourceSearchResult(proto.Message): - ``env`` tag_values (MutableSequence[str]): - This field is only present for the purpose of backward - compatibility. Use the ``tags`` field instead. - TagValue namespaced names, in the format of {ORG_ID}/{TAG_KEY_SHORT_NAME}/{TAG_VALUE_SHORT_NAME}. To search against the ``tagValues``: @@ -889,59 +793,17 @@ class ResourceSearchResult(proto.Message): - ``prod`` tag_value_ids (MutableSequence[str]): - This field is only present for the purpose of backward - compatibility. Use the ``tags`` field instead. - TagValue IDs, in the format of tagValues/{TAG_VALUE_ID}. To search against the ``tagValueIds``: - Use a field query. Example: + - ``tagValueIds:"456"`` - ``tagValueIds="tagValues/456"`` - Use a free text query. Example: - ``456`` - tags (MutableSequence[google.cloud.asset_v1.types.Tag]): - The tags directly attached to this resource. - - To search against the ``tags``: - - - Use a field query. Example: - - - ``tagKeys:"123456789/env*"`` - - ``tagKeys="123456789/env"`` - - ``tagKeys:"env"`` - - ``tagKeyIds="tagKeys/123"`` - - ``tagValues:"env"`` - - ``tagValues:"env/prod"`` - - ``tagValues:"123456789/env/prod*"`` - - ``tagValues="123456789/env/prod"`` - - ``tagValueIds="tagValues/456"`` - - - Use a free text query. Example: - - - ``env/prod`` - effective_tags (MutableSequence[google.cloud.asset_v1.types.EffectiveTagDetails]): - The effective tags on this resource. All of the tags that - are both attached to and inherited by a resource are - collectively called the effective tags. For more - information, see `tag - inheritance `__. - - To search against the ``effective_tags``: - - - Use a field query. Example: - - - ``effectiveTagKeys:"123456789/env*"`` - - ``effectiveTagKeys="123456789/env"`` - - ``effectiveTagKeys:"env"`` - - ``effectiveTagKeyIds="tagKeys/123"`` - - ``effectiveTagValues:"env"`` - - ``effectiveTagValues:"env/prod"`` - - ``effectiveTagValues:"123456789/env/prod*"`` - - ``effectiveTagValues="123456789/env/prod"`` - - ``effectiveTagValueIds="tagValues/456"`` parent_asset_type (str): The type of this resource's immediate parent, if there is one. @@ -952,18 +814,6 @@ class ResourceSearchResult(proto.Message): ``parentAssetType:"cloudresourcemanager.googleapis.com/Project"`` - Use a free text query. Example: ``cloudresourcemanager.googleapis.com/Project`` - scc_security_marks (MutableMapping[str, str]): - The actual content of Security Command Center security marks - associated with the asset. - - To search against SCC SecurityMarks field: - - - Use a field query: - - - query by a given key value pair. Example: - ``sccSecurityMarks.foo=bar`` - - query by a given key's existence. Example: - ``sccSecurityMarks.foo:*`` """ name: str = proto.Field( @@ -1066,25 +916,10 @@ class ResourceSearchResult(proto.Message): proto.STRING, number=26, ) - tags: MutableSequence['Tag'] = proto.RepeatedField( - proto.MESSAGE, - number=29, - message='Tag', - ) - effective_tags: MutableSequence['EffectiveTagDetails'] = proto.RepeatedField( - proto.MESSAGE, - number=30, - message='EffectiveTagDetails', - ) parent_asset_type: str = proto.Field( proto.STRING, number=103, ) - scc_security_marks: MutableMapping[str, str] = proto.MapField( - proto.STRING, - proto.STRING, - number=32, - ) class VersionedResource(proto.Message): @@ -1110,7 +945,7 @@ class VersionedResource(proto.Message): You can find the resource definition for each supported resource type in this table: - ``https://cloud.google.com/asset-inventory/docs/supported-asset-types`` + ``https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`` """ version: str = proto.Field( @@ -1137,7 +972,7 @@ class AttachedResource(proto.Message): You can find the supported attached asset types of each resource in this table: - ``https://cloud.google.com/asset-inventory/docs/supported-asset-types`` + ``https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types`` versioned_resources (MutableSequence[google.cloud.asset_v1.types.VersionedResource]): Versioned resource representations of this attached resource. This is repeated because @@ -1378,7 +1213,7 @@ class IamPolicyAnalysisState(proto.Message): class ConditionEvaluation(proto.Message): - r"""The condition evaluation. + r"""The Condition evaluation. Attributes: evaluation_value (google.cloud.asset_v1.types.ConditionEvaluation.EvaluationValue): @@ -1397,7 +1232,7 @@ class EvaluationValue(proto.Enum): CONDITIONAL (3): The evaluation result is ``conditional`` when the condition expression contains variables that are either missing input - values or have not been supported by Policy Analyzer yet. + values or have not been supported by Analyzer yet. """ EVALUATION_VALUE_UNSPECIFIED = 0 TRUE = 1 @@ -1505,10 +1340,10 @@ class Identity(proto.Message): Attributes: name (str): - The identity of members, formatted as appear in an `IAM + The identity name in any form of members appear in `IAM policy - binding `__. - For example, they might be formatted like the following: + binding `__, + such as: - user:foo@google.com - group:group1@google.com @@ -1516,6 +1351,7 @@ class Identity(proto.Message): - projectOwner:some_project_id - domain:google.com - allUsers + - etc. analysis_state (google.cloud.asset_v1.types.IamPolicyAnalysisState): The analysis state of this identity. """ diff --git a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py index ca243f67aa..fa466d554f 100755 --- a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py +++ b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py @@ -28,7 +28,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py index 7f145edd40..4f6edbe175 100755 --- a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py +++ b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py @@ -28,7 +28,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py b/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py index 0f51ab3838..fe8e04769b 100755 --- a/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py +++ b/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py @@ -28,7 +28,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py index 2e5a4bf1ea..b614a42929 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -26,7 +26,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py index f5b0e03c67..65e5ea8ddc 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -26,7 +26,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index eced7f0f49..3f1c3b92a6 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -26,7 +26,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py index 8720112bed..9a74e0973f 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -26,7 +26,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py index f5b0e03c67..65e5ea8ddc 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -26,7 +26,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index 33f3e8e104..f2e2530d7c 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -26,7 +26,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py index 3f3dafe4de..ba763932d3 100755 --- a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -28,7 +28,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py index da97232fb4..f58069c220 100755 --- a/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -28,7 +28,6 @@ import json import math import pytest -from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers From 30a62f4258da9702885a1afe2f2309a93ae027d7 Mon Sep 17 00:00:00 2001 From: chalmer lowe Date: Tue, 3 Feb 2026 20:14:10 -0500 Subject: [PATCH 4/5] update goldens --- .../asset/tests/unit/gapic/asset_v1/test_asset_service.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py index fa466d554f..ca243f67aa 100755 --- a/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py +++ b/tests/integration/goldens/asset/tests/unit/gapic/asset_v1/test_asset_service.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers From 306f2ededbd254e340ca714bd48353e7283677e3 Mon Sep 17 00:00:00 2001 From: chalmer lowe Date: Wed, 4 Feb 2026 05:49:14 -0500 Subject: [PATCH 5/5] updates goldens with related changes --- .../tests/unit/gapic/credentials_v1/test_iam_credentials.py | 1 + .../eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py | 1 + .../tests/unit/gapic/logging_v2/test_config_service_v2.py | 1 + .../tests/unit/gapic/logging_v2/test_logging_service_v2.py | 1 + .../tests/unit/gapic/logging_v2/test_metrics_service_v2.py | 1 + .../tests/unit/gapic/logging_v2/test_config_service_v2.py | 1 + .../tests/unit/gapic/logging_v2/test_logging_service_v2.py | 1 + .../tests/unit/gapic/logging_v2/test_metrics_service_v2.py | 1 + .../goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py | 1 + .../tests/unit/gapic/redis_v1/test_cloud_redis.py | 1 + 10 files changed, 10 insertions(+) diff --git a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py index 4f6edbe175..7f145edd40 100755 --- a/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py +++ b/tests/integration/goldens/credentials/tests/unit/gapic/credentials_v1/test_iam_credentials.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py b/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py index fe8e04769b..0f51ab3838 100755 --- a/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py +++ b/tests/integration/goldens/eventarc/tests/unit/gapic/eventarc_v1/test_eventarc.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py index b614a42929..2e5a4bf1ea 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py index 65e5ea8ddc..f5b0e03c67 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index 3f1c3b92a6..eced7f0f49 100755 --- a/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py index 9a74e0973f..8720112bed 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_config_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py index 65e5ea8ddc..f5b0e03c67 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_logging_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py index f2e2530d7c..33f3e8e104 100755 --- a/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py +++ b/tests/integration/goldens/logging_internal/tests/unit/gapic/logging_v2/test_metrics_service_v2.py @@ -26,6 +26,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py index ba763932d3..3f3dafe4de 100755 --- a/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers diff --git a/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py b/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py index f58069c220..da97232fb4 100755 --- a/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py +++ b/tests/integration/goldens/redis_selective/tests/unit/gapic/redis_v1/test_cloud_redis.py @@ -28,6 +28,7 @@ import json import math import pytest +from collections.abc import Sequence, Mapping from google.api_core import api_core_version from proto.marshal.rules.dates import DurationRule, TimestampRule from proto.marshal.rules import wrappers