googleapis
diff --git a/‎packages/google-cloud-asset/protos/google/cloud/asset/v1/asset_service.proto
Lines changed: 109 additions & 12 deletions b/‎packages/google-cloud-asset/protos/google/cloud/asset/v1/asset_service.proto
Lines changed: 109 additions & 12 deletions
@@ -291,18 +291,49 @@ service AssetService {
 
   // Analyzes organization policies governed assets (Google Cloud resources or
   // policies) under a scope. This RPC supports custom constraints and the
-  // following 10 canned constraints:
-  //
-  // * storage.uniformBucketLevelAccess
-  // * iam.disableServiceAccountKeyCreation
-  // * iam.allowedPolicyMemberDomains
-  // * compute.vmExternalIpAccess
-  // * appengine.enforceServiceAccountActAsCheck
-  // * gcp.resourceLocations
-  // * compute.trustedImageProjects
-  // * compute.skipDefaultNetworkCreation
-  // * compute.requireOsLogin
-  // * compute.disableNestedVirtualization
+  // following canned constraints:
+  //
+  // * constraints/ainotebooks.accessMode
+  // * constraints/ainotebooks.disableFileDownloads
+  // * constraints/ainotebooks.disableRootAccess
+  // * constraints/ainotebooks.disableTerminal
+  // * constraints/ainotebooks.environmentOptions
+  // * constraints/ainotebooks.requireAutoUpgradeSchedule
+  // * constraints/ainotebooks.restrictVpcNetworks
+  // * constraints/compute.disableGuestAttributesAccess
+  // * constraints/compute.disableInstanceDataAccessApis
+  // * constraints/compute.disableNestedVirtualization
+  // * constraints/compute.disableSerialPortAccess
+  // * constraints/compute.disableSerialPortLogging
+  // * constraints/compute.disableVpcExternalIpv6
+  // * constraints/compute.requireOsLogin
+  // * constraints/compute.requireShieldedVm
+  // * constraints/compute.restrictLoadBalancerCreationForTypes
+  // * constraints/compute.restrictProtocolForwardingCreationForTypes
+  // * constraints/compute.restrictXpnProjectLienRemoval
+  // * constraints/compute.setNewProjectDefaultToZonalDNSOnly
+  // * constraints/compute.skipDefaultNetworkCreation
+  // * constraints/compute.trustedImageProjects
+  // * constraints/compute.vmCanIpForward
+  // * constraints/compute.vmExternalIpAccess
+  // * constraints/gcp.detailedAuditLoggingMode
+  // * constraints/gcp.resourceLocations
+  // * constraints/iam.allowedPolicyMemberDomains
+  // * constraints/iam.automaticIamGrantsForDefaultServiceAccounts
+  // * constraints/iam.disableServiceAccountCreation
+  // * constraints/iam.disableServiceAccountKeyCreation
+  // * constraints/iam.disableServiceAccountKeyUpload
+  // * constraints/iam.restrictCrossProjectServiceAccountLienRemoval
+  // * constraints/iam.serviceAccountKeyExpiryHours
+  // * constraints/resourcemanager.accessBoundaries
+  // * constraints/resourcemanager.allowedExportDestinations
+  // * constraints/sql.restrictAuthorizedNetworks
+  // * constraints/sql.restrictNoncompliantDiagnosticDataAccess
+  // * constraints/sql.restrictNoncompliantResourceCreation
+  // * constraints/sql.restrictPublicIp
+  // * constraints/storage.publicAccessPrevention
+  // * constraints/storage.restrictAuthTypes
+  // * constraints/storage.uniformBucketLevelAccess
   //
   // This RPC only returns either resources of types [supported by search
   // APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
@@ -2170,6 +2201,18 @@ message AnalyzerOrgPolicy {
 
     // The evaluating condition for this rule.
     google.type.Expr condition = 7;
+
+    // The condition evaluation result for this rule.
+    // Only populated if it meets all the following criteria:
+    // * there is a
+    // [condition][google.cloud.asset.v1.AnalyzerOrgPolicy.Rule.condition]
+    // defined for this rule
+    // * this rule is within a consolidated_policy
+    // * the consolidated_policy is within
+    //   [AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedContainersResponse.GovernedContainer]
+    //   or
+    //   [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource]
+    ConditionEvaluation condition_evaluation = 8;
   }
 
   // The [full resource name]
@@ -2405,6 +2448,21 @@ message AnalyzeOrgPoliciesResponse {
     // If the constraint is defined with default policy, it will also appear in
     // the list.
     repeated AnalyzerOrgPolicy policy_bundle = 2;
+
+    // The project that this consolidated policy belongs to, in the format of
+    // projects/{PROJECT_NUMBER}. This field is available when the consolidated
+    // policy belongs to a project.
+    string project = 3;
+
+    // The folder(s) that this consolidated policy belongs to, in the format of
+    // folders/{FOLDER_NUMBER}. This field is available when the consolidated
+    // policy belongs (directly or cascadingly) to one or more folders.
+    repeated string folders = 4;
+
+    // The organization that this consolidated policy belongs to, in the format
+    // of organizations/{ORGANIZATION_NUMBER}. This field is available when the
+    // consolidated policy belongs (directly or cascadingly) to an organization.
+    string organization = 5;
   }
 
   // The organization policies under the
@@ -2491,6 +2549,24 @@ message AnalyzeOrgPolicyGovernedContainersResponse {
     // If the constraint is defined with default policy, it will also appear in
     // the list.
     repeated AnalyzerOrgPolicy policy_bundle = 4;
+
+    // The project that this resource belongs to, in the format of
+    // projects/{PROJECT_NUMBER}. This field is available when the resource
+    // belongs to a project.
+    string project = 5;
+
+    // The folder(s) that this resource belongs to, in the format of
+    // folders/{FOLDER_NUMBER}. This field is available when the resource
+    // belongs (directly or cascadingly) to one or more folders.
+    repeated string folders = 6;
+
+    // The organization that this resource belongs to, in the format of
+    // organizations/{ORGANIZATION_NUMBER}. This field is available when the
+    // resource belongs (directly or cascadingly) to an organization.
+    string organization = 7;
+
+    // The effective tags on this resource.
+    repeated EffectiveTagDetails effective_tags = 8;
   }
 
   // The list of the analyzed governed containers.
@@ -2589,6 +2665,18 @@ message AnalyzeOrgPolicyGovernedAssetsResponse {
     // organizations/{ORGANIZATION_NUMBER}. This field is available when the
     // resource belongs (directly or cascadingly) to an organization.
     string organization = 7;
+
+    // The asset type of the
+    // [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedResource.full_resource_name]
+    // Example:
+    // `cloudresourcemanager.googleapis.com/Project`
+    // See [Cloud Asset Inventory Supported Asset
+    // Types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
+    // for all supported asset types.
+    string asset_type = 8;
+
+    // The effective tags on this resource.
+    repeated EffectiveTagDetails effective_tags = 9;
   }
 
   // The IAM policies governed by the organization policies of the
@@ -2619,6 +2707,15 @@ message AnalyzeOrgPolicyGovernedAssetsResponse {
     // organizations/{ORGANIZATION_NUMBER}. This field is available when the
     // IAM policy belongs (directly or cascadingly) to an organization.
     string organization = 7;
+
+    // The asset type of the
+    // [AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource][google.cloud.asset.v1.AnalyzeOrgPolicyGovernedAssetsResponse.GovernedIamPolicy.attached_resource].
+    // Example:
+    // `cloudresourcemanager.googleapis.com/Project`
+    // See [Cloud Asset Inventory Supported Asset
+    // Types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
+    // for all supported asset types.
+    string asset_type = 8;
   }
 
   // Represents a Google Cloud asset(resource or IAM policy) governed by the