feat: add new searchable fields (memberTypes, roles, project, folders and organization), new request fields (assetTypes and orderBy) and new response fields (assetType, folders and organization) in SearchAllIamPolicies (#511)

* feat: add new searchable fields (memberTypes, roles, project, folders and organization), new request fields (assetTypes and orderBy) and new response fields (assetType, folders and organization) in SearchAllIamPolicies PiperOrigin-RevId: 381145907 Source-Link: googleapis/googleapis@5d301f9 Source-Link: https://github.com/googleapis/googleapis-gen/commit/9b332fd884d84662522abad820fa5835cae8688a * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Benjamin E. Coe <bencoe@google.com> Co-authored-by: Jeffrey Rennie <rennie@google.com>

Author: 3 people

protos/google/cloud/asset/v1/asset_service.proto

@@ -838,6 +838,10 @@ message SearchAllIamPoliciesRequest {
  // * `resource:(instance1 OR instance2) policy:amy` to find
  // IAM policy bindings that are set on resources "instance1" or
  // "instance2" and also specify user "amy".
+ // * `roles:roles/compute.admin` to find IAM policy bindings that specify the
+ // Compute Admin role.
+ // * `memberTypes:user` to find IAM policy bindings that contain the "user"
+ // member type.
  string query = 2 [(google.api.field_behavior) = OPTIONAL];
 
  // Optional. The page size for search result pagination. Page size is capped at 500 even
@@ -851,6 +855,36 @@ message SearchAllIamPoliciesRequest {
  // previous response. The values of all other method parameters must be
  // identical to those in the previous call.
  string page_token = 4 [(google.api.field_behavior) = OPTIONAL];
+
+ // Optional. A list of asset types that the IAM policies are attached to. If empty, it
+ // will search the IAM policies that are attached to all the [searchable asset
+ // types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types).
+ //
+ // Regular expressions are also supported. For example:
+ //
+ // * "compute.googleapis.com.*" snapshots IAM policies attached to asset type
+ // starts with "compute.googleapis.com".
+ // * ".*Instance" snapshots IAM policies attached to asset type ends with
+ // "Instance".
+ // * ".*Instance.*" snapshots IAM policies attached to asset type contains
+ // "Instance".
+ //
+ // See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported
+ // regular expression syntax. If the regular expression does not match any
+ // supported asset type, an INVALID_ARGUMENT error will be returned.
+ repeated string asset_types = 5 [(google.api.field_behavior) = OPTIONAL];
+
+ // Optional. A comma-separated list of fields specifying the sorting order of the
+ // results. The default order is ascending. Add " DESC" after the field name
+ // to indicate descending order. Redundant space characters are ignored.
+ // Example: "assetType DESC, resource".
+ // Only singular primitive fields in the response are sortable:
+ // * resource
+ // * assetType
+ // * project
+ // All the other fields such as repeated fields (e.g., `folders`) and
+ // non-primitive fields (e.g., `policy`) are not supported.
+ string order_by = 7 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Search all IAM policies response.

protos/google/cloud/asset/v1/assets.proto

@@ -463,6 +463,14 @@ message IamPolicySearchResult {
  // * use a field query. Example: `resource:organizations/123`
  string resource = 1;
 
+ // The type of the resource associated with this IAM policy. Example:
+ // `compute.googleapis.com/Disk`.
+ //
+ // To search against the `asset_type`:
+ //
+ // * specify the `asset_types` field in your search request.
+ string asset_type = 5;
+
  // The project that the associated GCP resource belongs to, in the form of
  // projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
  // instance, Cloud Storage bucket), the project field will indicate the
@@ -474,6 +482,28 @@ message IamPolicySearchResult {
  // * specify the `scope` field as this project in your search request.
  string project = 2;
 
+ // The folder(s) that the IAM policy belongs to, in the form of
+ // folders/{FOLDER_NUMBER}. This field is available when the IAM policy
+ // belongs to one or more folders.
+ //
+ // To search against `folders`:
+ //
+ // * use a field query. Example: `folders:(123 OR 456)`
+ // * use a free text query. Example: `123`
+ // * specify the `scope` field as this folder in your search request.
+ repeated string folders = 6;
+
+ // The organization that the IAM policy belongs to, in the form
+ // of organizations/{ORGANIZATION_NUMBER}. This field is available when the
+ // IAM policy belongs to an organization.
+ //
+ // To search against `organization`:
+ //
+ // * use a field query. Example: `organization:123`
+ // * use a free text query. Example: `123`
+ // * specify the `scope` field as this organization in your search request.
+ string organization = 7;
+
  // The IAM policy directly set on the given resource. Note that the original
  // IAM policy can contain multiple bindings. This only contains the bindings
  // that match the given query. For queries that don't contain a constrain on