1<?php
2/*
3 * Copyright 2014 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
6 * use this file except in compliance with the License. You may obtain a copy of
7 * the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 * License for the specific language governing permissions and limitations under
15 * the License.
16 */
17
18namespace Google\Service\CloudAsset\Resource;
19
20use Google\Service\CloudAsset\AnalyzeIamPolicyLongrunningRequest;
21use Google\Service\CloudAsset\AnalyzeIamPolicyResponse;
22use Google\Service\CloudAsset\AnalyzeMoveResponse;
23use Google\Service\CloudAsset\BatchGetAssetsHistoryResponse;
24use Google\Service\CloudAsset\ExportAssetsRequest;
25use Google\Service\CloudAsset\Operation;
26use Google\Service\CloudAsset\SearchAllIamPoliciesResponse;
27use Google\Service\CloudAsset\SearchAllResourcesResponse;
28
29/**
30 * The "v1" collection of methods.
31 * Typical usage is:
32 *  <code>
33 *   $cloudassetService = new Google\Service\CloudAsset(...);
34 *   $v1 = $cloudassetService->v1;
35 *  </code>
36 */
37class V1 extends \Google\Service\Resource
38{
39  /**
40   * Analyzes IAM policies to answer which identities have what accesses on which
41   * resources. (v1.analyzeIamPolicy)
42   *
43   * @param string $scope Required. The relative name of the root asset. Only
44   * resources and IAM policies within the scope will be analyzed. This can only
45   * be an organization number (such as "organizations/123"), a folder number
46   * (such as "folders/123"), a project ID (such as "projects/my-project-id"), or
47   * a project number (such as "projects/12345"). To know how to get organization
48   * id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-
49   * managing-organization#retrieving_your_organization_id). To know how to get
50   * folder or project id, visit [here ](https://cloud.google.com/resource-
51   * manager/docs/creating-managing-
52   * folders#viewing_or_listing_folders_and_projects).
53   * @param array $optParams Optional parameters.
54   *
55   * @opt_param string analysisQuery.accessSelector.permissions Optional. The
56   * permissions to appear in result.
57   * @opt_param string analysisQuery.accessSelector.roles Optional. The roles to
58   * appear in result.
59   * @opt_param string analysisQuery.conditionContext.accessTime The hypothetical
60   * access timestamp to evaluate IAM conditions. Note that this value must not be
61   * earlier than the current time; otherwise, an INVALID_ARGUMENT error will be
62   * returned.
63   * @opt_param string analysisQuery.identitySelector.identity Required. The
64   * identity appear in the form of principals in [IAM policy
65   * binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The
66   * examples of supported forms are: "user:mike@example.com",
67   * "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-
68   * id@appspot.gserviceaccount.com". Notice that wildcard characters (such as *
69   * and ?) are not supported. You must give a specific identity.
70   * @opt_param bool analysisQuery.options.analyzeServiceAccountImpersonation
71   * Optional. If true, the response will include access analysis from identities
72   * to resources via service account impersonation. This is a very expensive
73   * operation, because many derived queries will be executed. We highly recommend
74   * you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if
75   * the request analyzes for which resources user A has permission P, and there's
76   * an IAM policy states user A has iam.serviceAccounts.getAccessToken permission
77   * to a service account SA, and there's another IAM policy states service
78   * account SA has permission P to a GCP folder F, then user A potentially has
79   * access to the GCP folder F. And those advanced analysis results will be
80   * included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
81   * Another example, if the request analyzes for who has permission P to a GCP
82   * folder F, and there's an IAM policy states user A has
83   * iam.serviceAccounts.actAs permission to a service account SA, and there's
84   * another IAM policy states service account SA has permission P to the GCP
85   * folder F, then user A potentially has access to the GCP folder F. And those
86   * advanced analysis results will be included in
87   * AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Only the
88   * following permissions are considered in this analysis: *
89   * `iam.serviceAccounts.actAs` * `iam.serviceAccounts.signBlob` *
90   * `iam.serviceAccounts.signJwt` * `iam.serviceAccounts.getAccessToken` *
91   * `iam.serviceAccounts.getOpenIdToken` *
92   * `iam.serviceAccounts.implicitDelegation` Default is false.
93   * @opt_param bool analysisQuery.options.expandGroups Optional. If true, the
94   * identities section of the result will expand any Google groups appearing in
95   * an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is
96   * specified, the identity in the result will be determined by the selector, and
97   * this flag is not allowed to set. If true, the default max expansion per group
98   * is 1000 for AssetService.AnalyzeIamPolicy][]. Default is false.
99   * @opt_param bool analysisQuery.options.expandResources Optional. If true and
100   * IamPolicyAnalysisQuery.resource_selector is not specified, the resource
101   * section of the result will expand any resource attached to an IAM policy to
102   * include resources lower in the resource hierarchy. For example, if the
103   * request analyzes for which resources user A has permission P, and the results
104   * include an IAM policy with P on a GCP folder, the results will also include
105   * resources in that folder with permission P. If true and
106   * IamPolicyAnalysisQuery.resource_selector is specified, the resource section
107   * of the result will expand the specified resource to include resources lower
108   * in the resource hierarchy. Only project or lower resources are supported.
109   * Folder and organization resource cannot be used together with this option.
110   * For example, if the request analyzes for which users have permission P on a
111   * GCP project with this option enabled, the results will include all users who
112   * have permission P on that project or any lower resource. If true, the default
113   * max expansion per resource is 1000 for AssetService.AnalyzeIamPolicy][] and
114   * 100000 for AssetService.AnalyzeIamPolicyLongrunning][]. Default is false.
115   * @opt_param bool analysisQuery.options.expandRoles Optional. If true, the
116   * access section of result will expand any roles appearing in IAM policy
117   * bindings to include their permissions. If
118   * IamPolicyAnalysisQuery.access_selector is specified, the access section of
119   * the result will be determined by the selector, and this flag is not allowed
120   * to set. Default is false.
121   * @opt_param bool analysisQuery.options.outputGroupEdges Optional. If true, the
122   * result will output the relevant membership relationships between groups and
123   * other groups, and between groups and principals. Default is false.
124   * @opt_param bool analysisQuery.options.outputResourceEdges Optional. If true,
125   * the result will output the relevant parent/child relationships between
126   * resources. Default is false.
127   * @opt_param string analysisQuery.resourceSelector.fullResourceName Required.
128   * The [full resource name] (https://cloud.google.com/asset-inventory/docs
129   * /resource-name-format) of a resource of [supported resource
130   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-
131   * types#analyzable_asset_types).
132   * @opt_param string executionTimeout Optional. Amount of time executable has to
133   * complete. See JSON representation of [Duration](https://developers.google.com
134   * /protocol-buffers/docs/proto3#json). If this field is set with a value less
135   * than the RPC deadline, and the execution of your query hasn't finished in the
136   * specified execution timeout, you will get a response with partial result.
137   * Otherwise, your query's execution will continue until the RPC deadline. If
138   * it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default
139   * is empty.
140   * @opt_param string savedAnalysisQuery Optional. The name of a saved query,
141   * which must be in the format of: *
142   * projects/project_number/savedQueries/saved_query_id *
143   * folders/folder_number/savedQueries/saved_query_id *
144   * organizations/organization_number/savedQueries/saved_query_id If both
145   * `analysis_query` and `saved_analysis_query` are provided, they will be merged
146   * together with the `saved_analysis_query` as base and the `analysis_query` as
147   * overrides. For more details of the merge behavior, please refer to the
148   * [MergeFrom](https://developers.google.com/protocol-
149   * buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details)
150   * page. Note that you cannot override primitive fields with default value, such
151   * as 0 or empty string, etc., because we use proto3, which doesn't support
152   * field presence yet.
153   * @return AnalyzeIamPolicyResponse
154   */
155  public function analyzeIamPolicy($scope, $optParams = [])
156  {
157    $params = ['scope' => $scope];
158    $params = array_merge($params, $optParams);
159    return $this->call('analyzeIamPolicy', [$params], AnalyzeIamPolicyResponse::class);
160  }
161  /**
162   * Analyzes IAM policies asynchronously to answer which identities have what
163   * accesses on which resources, and writes the analysis results to a Google
164   * Cloud Storage or a BigQuery destination. For Cloud Storage destination, the
165   * output format is the JSON format that represents a AnalyzeIamPolicyResponse.
166   * This method implements the google.longrunning.Operation, which allows you to
167   * track the operation status. We recommend intervals of at least 2 seconds with
168   * exponential backoff retry to poll the operation result. The metadata contains
169   * the metadata for the long-running operation. (v1.analyzeIamPolicyLongrunning)
170   *
171   * @param string $scope Required. The relative name of the root asset. Only
172   * resources and IAM policies within the scope will be analyzed. This can only
173   * be an organization number (such as "organizations/123"), a folder number
174   * (such as "folders/123"), a project ID (such as "projects/my-project-id"), or
175   * a project number (such as "projects/12345"). To know how to get organization
176   * id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-
177   * managing-organization#retrieving_your_organization_id). To know how to get
178   * folder or project id, visit [here ](https://cloud.google.com/resource-
179   * manager/docs/creating-managing-
180   * folders#viewing_or_listing_folders_and_projects).
181   * @param AnalyzeIamPolicyLongrunningRequest $postBody
182   * @param array $optParams Optional parameters.
183   * @return Operation
184   */
185  public function analyzeIamPolicyLongrunning($scope, AnalyzeIamPolicyLongrunningRequest $postBody, $optParams = [])
186  {
187    $params = ['scope' => $scope, 'postBody' => $postBody];
188    $params = array_merge($params, $optParams);
189    return $this->call('analyzeIamPolicyLongrunning', [$params], Operation::class);
190  }
191  /**
192   * Analyze moving a resource to a specified destination without kicking off the
193   * actual move. The analysis is best effort depending on the user's permissions
194   * of viewing different hierarchical policies and configurations. The policies
195   * and configuration are subject to change before the actual resource migration
196   * takes place. (v1.analyzeMove)
197   *
198   * @param string $resource Required. Name of the resource to perform the
199   * analysis against. Only GCP Project are supported as of today. Hence, this can
200   * only be Project ID (such as "projects/my-project-id") or a Project Number
201   * (such as "projects/12345").
202   * @param array $optParams Optional parameters.
203   *
204   * @opt_param string destinationParent Required. Name of the GCP Folder or
205   * Organization to reparent the target resource. The analysis will be performed
206   * against hypothetically moving the resource to this specified desitination
207   * parent. This can only be a Folder number (such as "folders/123") or an
208   * Organization number (such as "organizations/123").
209   * @opt_param string view Analysis view indicating what information should be
210   * included in the analysis response. If unspecified, the default view is FULL.
211   * @return AnalyzeMoveResponse
212   */
213  public function analyzeMove($resource, $optParams = [])
214  {
215    $params = ['resource' => $resource];
216    $params = array_merge($params, $optParams);
217    return $this->call('analyzeMove', [$params], AnalyzeMoveResponse::class);
218  }
219  /**
220   * Batch gets the update history of assets that overlap a time window. For
221   * IAM_POLICY content, this API outputs history when the asset and its attached
222   * IAM POLICY both exist. This can create gaps in the output history. Otherwise,
223   * this API outputs history with asset in both non-delete or deleted status. If
224   * a specified asset does not exist, this API returns an INVALID_ARGUMENT error.
225   * (v1.batchGetAssetsHistory)
226   *
227   * @param string $parent Required. The relative name of the root asset. It can
228   * only be an organization number (such as "organizations/123"), a project ID
229   * (such as "projects/my-project-id")", or a project number (such as
230   * "projects/12345").
231   * @param array $optParams Optional parameters.
232   *
233   * @opt_param string assetNames A list of the full names of the assets. See:
234   * https://cloud.google.com/asset-inventory/docs/resource-name-format Example: `
235   * //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instan
236   * ce1`. The request becomes a no-op if the asset name list is empty, and the
237   * max size of the asset name list is 100 in one request.
238   * @opt_param string contentType Optional. The content type.
239   * @opt_param string readTimeWindow.endTime End time of the time window
240   * (inclusive). If not specified, the current timestamp is used instead.
241   * @opt_param string readTimeWindow.startTime Start time of the time window
242   * (exclusive).
243   * @opt_param string relationshipTypes Optional. A list of relationship types to
244   * output, for example: `INSTANCE_TO_INSTANCEGROUP`. This field should only be
245   * specified if content_type=RELATIONSHIP. * If specified: it outputs specified
246   * relationships' history on the [asset_names]. It returns an error if any of
247   * the [relationship_types] doesn't belong to the supported relationship types
248   * of the [asset_names] or if any of the [asset_names]'s types doesn't belong to
249   * the source types of the [relationship_types]. * Otherwise: it outputs the
250   * supported relationships' history on the [asset_names] or returns an error if
251   * any of the [asset_names]'s types has no relationship support. See
252   * [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-
253   * inventory/docs/overview) for all supported asset types and relationship
254   * types.
255   * @return BatchGetAssetsHistoryResponse
256   */
257  public function batchGetAssetsHistory($parent, $optParams = [])
258  {
259    $params = ['parent' => $parent];
260    $params = array_merge($params, $optParams);
261    return $this->call('batchGetAssetsHistory', [$params], BatchGetAssetsHistoryResponse::class);
262  }
263  /**
264   * Exports assets with time and resource types to a given Cloud Storage
265   * location/BigQuery table. For Cloud Storage location destinations, the output
266   * format is newline-delimited JSON. Each line represents a
267   * google.cloud.asset.v1.Asset in the JSON format; for BigQuery table
268   * destinations, the output table stores the fields in asset Protobuf as
269   * columns. This API implements the google.longrunning.Operation API, which
270   * allows you to keep track of the export. We recommend intervals of at least 2
271   * seconds with exponential retry to poll the export operation result. For
272   * regular-size resource parent, the export operation usually finishes within 5
273   * minutes. (v1.exportAssets)
274   *
275   * @param string $parent Required. The relative name of the root asset. This can
276   * only be an organization number (such as "organizations/123"), a project ID
277   * (such as "projects/my-project-id"), or a project number (such as
278   * "projects/12345"), or a folder number (such as "folders/123").
279   * @param ExportAssetsRequest $postBody
280   * @param array $optParams Optional parameters.
281   * @return Operation
282   */
283  public function exportAssets($parent, ExportAssetsRequest $postBody, $optParams = [])
284  {
285    $params = ['parent' => $parent, 'postBody' => $postBody];
286    $params = array_merge($params, $optParams);
287    return $this->call('exportAssets', [$params], Operation::class);
288  }
289  /**
290   * Searches all IAM policies within the specified scope, such as a project,
291   * folder, or organization. The caller must be granted the
292   * `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
293   * otherwise the request will be rejected. (v1.searchAllIamPolicies)
294   *
295   * @param string $scope Required. A scope can be a project, a folder, or an
296   * organization. The search is limited to the IAM policies within the `scope`.
297   * The caller must be granted the
298   * [`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-
299   * inventory/docs/access-control#required_permissions) permission on the desired
300   * scope. The allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-
301   * bar") * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") *
302   * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") *
303   * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
304   * @param array $optParams Optional parameters.
305   *
306   * @opt_param string assetTypes Optional. A list of asset types that the IAM
307   * policies are attached to. If empty, it will search the IAM policies that are
308   * attached to all the [searchable asset types](https://cloud.google.com/asset-
309   * inventory/docs/supported-asset-types#searchable_asset_types). Regular
310   * expressions are also supported. For example: * "compute.googleapis.com.*"
311   * snapshots IAM policies attached to asset type starts with
312   * "compute.googleapis.com". * ".*Instance" snapshots IAM policies attached to
313   * asset type ends with "Instance". * ".*Instance.*" snapshots IAM policies
314   * attached to asset type contains "Instance". See
315   * [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular
316   * expression syntax. If the regular expression does not match any supported
317   * asset type, an INVALID_ARGUMENT error will be returned.
318   * @opt_param string orderBy Optional. A comma-separated list of fields
319   * specifying the sorting order of the results. The default order is ascending.
320   * Add " DESC" after the field name to indicate descending order. Redundant
321   * space characters are ignored. Example: "assetType DESC, resource". Only
322   * singular primitive fields in the response are sortable: * resource *
323   * assetType * project All the other fields such as repeated fields (e.g.,
324   * `folders`) and non-primitive fields (e.g., `policy`) are not supported.
325   * @opt_param int pageSize Optional. The page size for search result pagination.
326   * Page size is capped at 500 even if a larger value is given. If set to zero,
327   * server will pick an appropriate default. Returned results may be fewer than
328   * requested. When this happens, there could be more results as long as
329   * `next_page_token` is returned.
330   * @opt_param string pageToken Optional. If present, retrieve the next batch of
331   * results from the preceding call to this method. `page_token` must be the
332   * value of `next_page_token` from the previous response. The values of all
333   * other method parameters must be identical to those in the previous call.
334   * @opt_param string query Optional. The query statement. See [how to construct
335   * a query](https://cloud.google.com/asset-inventory/docs/searching-iam-
336   * policies#how_to_construct_a_query) for more information. If not specified or
337   * empty, it will search all the IAM policies within the specified `scope`. Note
338   * that the query string is compared against each Cloud IAM policy binding,
339   * including its principals, roles, and Cloud IAM conditions. The returned Cloud
340   * IAM policies will only contain the bindings that match your query. To learn
341   * more about the IAM policy structure, see [IAM policy
342   * doc](https://cloud.google.com/iam/docs/policies#structure). Examples: *
343   * `policy:amy@gmail.com` to find IAM policy bindings that specify user
344   * "amy@gmail.com". * `policy:roles/compute.admin` to find IAM policy bindings
345   * that specify the Compute Admin role. * `policy:comp*` to find IAM policy
346   * bindings that contain "comp" as a prefix of any word in the binding. *
347   * `policy.role.permissions:storage.buckets.update` to find IAM policy bindings
348   * that specify a role containing "storage.buckets.update" permission. Note that
349   * if callers don't have `iam.roles.get` access to a role's included
350   * permissions, policy bindings that specify this role will be dropped from the
351   * search results. * `policy.role.permissions:upd*` to find IAM policy bindings
352   * that specify a role containing "upd" as a prefix of any word in the role
353   * permission. Note that if callers don't have `iam.roles.get` access to a
354   * role's included permissions, policy bindings that specify this role will be
355   * dropped from the search results. * `resource:organizations/123456` to find
356   * IAM policy bindings that are set on "organizations/123456". *
357   * `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to find
358   * IAM policy bindings that are set on the project named "myproject". *
359   * `Important` to find IAM policy bindings that contain "Important" as a word in
360   * any of the searchable fields (except for the included permissions). *
361   * `resource:(instance1 OR instance2) policy:amy` to find IAM policy bindings
362   * that are set on resources "instance1" or "instance2" and also specify user
363   * "amy". * `roles:roles/compute.admin` to find IAM policy bindings that specify
364   * the Compute Admin role. * `memberTypes:user` to find IAM policy bindings that
365   * contain the principal type "user".
366   * @return SearchAllIamPoliciesResponse
367   */
368  public function searchAllIamPolicies($scope, $optParams = [])
369  {
370    $params = ['scope' => $scope];
371    $params = array_merge($params, $optParams);
372    return $this->call('searchAllIamPolicies', [$params], SearchAllIamPoliciesResponse::class);
373  }
374  /**
375   * Searches all Cloud resources within the specified scope, such as a project,
376   * folder, or organization. The caller must be granted the
377   * `cloudasset.assets.searchAllResources` permission on the desired scope,
378   * otherwise the request will be rejected. (v1.searchAllResources)
379   *
380   * @param string $scope Required. A scope can be a project, a folder, or an
381   * organization. The search is limited to the resources within the `scope`. The
382   * caller must be granted the
383   * [`cloudasset.assets.searchAllResources`](https://cloud.google.com/asset-
384   * inventory/docs/access-control#required_permissions) permission on the desired
385   * scope. The allowed values are: * projects/{PROJECT_ID} (e.g., "projects/foo-
386   * bar") * projects/{PROJECT_NUMBER} (e.g., "projects/12345678") *
387   * folders/{FOLDER_NUMBER} (e.g., "folders/1234567") *
388   * organizations/{ORGANIZATION_NUMBER} (e.g., "organizations/123456")
389   * @param array $optParams Optional parameters.
390   *
391   * @opt_param string assetTypes Optional. A list of asset types that this
392   * request searches for. If empty, it will search all the [searchable asset
393   * types](https://cloud.google.com/asset-inventory/docs/supported-asset-
394   * types#searchable_asset_types). Regular expressions are also supported. For
395   * example: * "compute.googleapis.com.*" snapshots resources whose asset type
396   * starts with "compute.googleapis.com". * ".*Instance" snapshots resources
397   * whose asset type ends with "Instance". * ".*Instance.*" snapshots resources
398   * whose asset type contains "Instance". See
399   * [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular
400   * expression syntax. If the regular expression does not match any supported
401   * asset type, an INVALID_ARGUMENT error will be returned.
402   * @opt_param string orderBy Optional. A comma-separated list of fields
403   * specifying the sorting order of the results. The default order is ascending.
404   * Add " DESC" after the field name to indicate descending order. Redundant
405   * space characters are ignored. Example: "location DESC, name". Only singular
406   * primitive fields in the response are sortable: * name * assetType * project *
407   * displayName * description * location * kmsKey * createTime * updateTime *
408   * state * parentFullResourceName * parentAssetType All the other fields such as
409   * repeated fields (e.g., `networkTags`), map fields (e.g., `labels`) and struct
410   * fields (e.g., `additionalAttributes`) are not supported.
411   * @opt_param int pageSize Optional. The page size for search result pagination.
412   * Page size is capped at 500 even if a larger value is given. If set to zero,
413   * server will pick an appropriate default. Returned results may be fewer than
414   * requested. When this happens, there could be more results as long as
415   * `next_page_token` is returned.
416   * @opt_param string pageToken Optional. If present, then retrieve the next
417   * batch of results from the preceding call to this method. `page_token` must be
418   * the value of `next_page_token` from the previous response. The values of all
419   * other method parameters, must be identical to those in the previous call.
420   * @opt_param string query Optional. The query statement. See [how to construct
421   * a query](https://cloud.google.com/asset-inventory/docs/searching-
422   * resources#how_to_construct_a_query) for more information. If not specified or
423   * empty, it will search all the resources within the specified `scope`.
424   * Examples: * `name:Important` to find Cloud resources whose name contains
425   * "Important" as a word. * `name=Important` to find the Cloud resource whose
426   * name is exactly "Important". * `displayName:Impor*` to find Cloud resources
427   * whose display name contains "Impor" as a prefix of any word in the field. *
428   * `location:us-west*` to find Cloud resources whose location contains both "us"
429   * and "west" as prefixes. * `labels:prod` to find Cloud resources whose labels
430   * contain "prod" as a key or value. * `labels.env:prod` to find Cloud resources
431   * that have a label "env" and its value is "prod". * `labels.env:*` to find
432   * Cloud resources that have a label "env". * `kmsKey:key` to find Cloud
433   * resources encrypted with a customer-managed encryption key whose name
434   * contains the word "key". * `state:ACTIVE` to find Cloud resources whose state
435   * contains "ACTIVE" as a word. * `NOT state:ACTIVE` to find Cloud resources
436   * whose state doesn't contain "ACTIVE" as a word. * `createTime<1609459200` to
437   * find Cloud resources that were created before "2021-01-01 00:00:00 UTC".
438   * 1609459200 is the epoch timestamp of "2021-01-01 00:00:00 UTC" in seconds. *
439   * `updateTime>1609459200` to find Cloud resources that were updated after
440   * "2021-01-01 00:00:00 UTC". 1609459200 is the epoch timestamp of "2021-01-01
441   * 00:00:00 UTC" in seconds. * `Important` to find Cloud resources that contain
442   * "Important" as a word in any of the searchable fields. * `Impor*` to find
443   * Cloud resources that contain "Impor" as a prefix of any word in any of the
444   * searchable fields. * `Important location:(us-west1 OR global)` to find Cloud
445   * resources that contain "Important" as a word in any of the searchable fields
446   * and are also located in the "us-west1" region or the "global" location.
447   * @opt_param string readMask Optional. A comma-separated list of fields
448   * specifying which fields to be returned in ResourceSearchResult. Only '*' or
449   * combination of top level fields can be specified. Field names of both
450   * snake_case and camelCase are supported. Examples: `"*"`, `"name,location"`,
451   * `"name,versionedResources"`. The read_mask paths must be valid field paths
452   * listed but not limited to (both snake_case and camelCase are supported): *
453   * name * assetType * project * displayName * description * location * tagKeys *
454   * tagValues * tagValueIds * labels * networkTags * kmsKey * createTime *
455   * updateTime * state * additionalAttributes * versionedResources If read_mask
456   * is not specified, all fields except versionedResources will be returned. If
457   * only '*' is specified, all fields including versionedResources will be
458   * returned. Any invalid field path will trigger INVALID_ARGUMENT error.
459   * @return SearchAllResourcesResponse
460   */
461  public function searchAllResources($scope, $optParams = [])
462  {
463    $params = ['scope' => $scope];
464    $params = array_merge($params, $optParams);
465    return $this->call('searchAllResources', [$params], SearchAllResourcesResponse::class);
466  }
467}
468
469// Adding a class alias for backwards compatibility with the previous class name.
470class_alias(V1::class, 'Google_Service_CloudAsset_Resource_V1');
471