google-cloud-access_approval-v1 0.4.4 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aaceebb716cb57bffd24524976b59ed3fd126ae6f893d61a457c3f3ae0edbdd1
4
- data.tar.gz: ba9452d416c5a5aaac34330d523035f8de0989075b99b00e5b691d875b18de88
3
+ metadata.gz: 39ee179d20badb6b1447d9218c5be243db4f3087881a20a0c8952c765519960f
4
+ data.tar.gz: bd3435892e9afe88ba7cfde44b8625d5c19cc754c46c9c7919636f762c284b68
5
5
  SHA512:
6
- metadata.gz: 98643b03ca09b2ef679d4b11cd2e87a9e6711cedfd25aa3eba910a3f85b56d033344d21ec429af252241f7a090dc55cb5b248eb7eb6c2998744dc41d2ecc8dc2
7
- data.tar.gz: d1135cf4bf0e24d7f8f666f0e9ea0edaac706e802042b504c5165c140939eeb64923846a323c07f160863e367e74895d62aa7d5ea59ff65ea731e339cf012c0d
6
+ metadata.gz: 6acdc47e360b57314cd84832368471f415c7f5b40888313a96bd048d4a5efcecd2c735df5e0f2a72de53580b3d95d86bb0c9d0d459d0672fea71c666002a1fe0
7
+ data.tar.gz: 5b8900a860c9ddd2d06ac39c66b93e1e71eb40ed57e07c55229cec7b26bdc499d6424fed71ec332ab159282573de49531fb7364c194ea61128db644c5e45c83e
data/.yardopts CHANGED
@@ -1,5 +1,5 @@
1
1
  --no-private
2
- --title=Access Approval V1 API
2
+ --title="Access Approval V1 API"
3
3
  --exclude _pb\.rb$
4
4
  --markup markdown
5
5
  --markup-provider redcarpet
data/AUTHENTICATION.md CHANGED
@@ -120,15 +120,6 @@ To configure your system for this, simply:
120
120
  **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
121
121
  *should* only be used during development.
122
122
 
123
- [gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
124
- [dev-console]: https://console.cloud.google.com/project
125
-
126
- [enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
127
-
128
- [create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
129
- [create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
130
- [reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
131
-
132
123
  ## Creating a Service Account
133
124
 
134
125
  Google Cloud requires **Service Account Credentials** to
@@ -139,31 +130,22 @@ If you are not running this client within
139
130
  [Google Cloud Platform environments](#google-cloud-platform-environments), you
140
131
  need a Google Developers service account.
141
132
 
142
- 1. Visit the [Google Developers Console][dev-console].
133
+ 1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
143
134
  2. Create a new project or click on an existing project.
144
- 3. Activate the slide-out navigation tray and select **API Manager**. From
135
+ 3. Activate the menu in the upper left and select **APIs & Services**. From
145
136
  here, you will enable the APIs that your application requires.
146
137
 
147
- ![Enable the APIs that your application requires][enable-apis]
148
-
149
138
  *Note: You may need to enable billing in order to use these services.*
150
139
 
151
140
  4. Select **Credentials** from the side navigation.
152
141
 
153
- You should see a screen like one of the following.
154
-
155
- ![Create a new service account][create-new-service-account]
156
-
157
- ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
158
-
159
- Find the "Add credentials" drop down and select "Service account" to be
160
- guided through downloading a new JSON key file.
142
+ Find the "Create credentials" drop down near the top of the page, and select
143
+ "Service account" to be guided through downloading a new JSON key file.
161
144
 
162
145
  If you want to re-use an existing service account, you can easily generate a
163
- new key file. Just select the account you wish to re-use, and click "Generate
164
- new JSON key":
165
-
166
- ![Re-use an existing service account][reuse-service-account]
146
+ new key file. Just select the account you wish to re-use, click the pencil
147
+ tool on the right side to edit the service account, select the **Keys** tab,
148
+ and then select **Add Key**.
167
149
 
168
150
  The key file you download will be used by this library to authenticate API
169
151
  requests and should be stored in a secure location.
data/README.md CHANGED
@@ -37,7 +37,7 @@ request = ::Google::Cloud::AccessApproval::V1::ListApprovalRequestsMessage.new #
37
37
  response = client.list_approval_requests request
38
38
  ```
39
39
 
40
- View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-access_approval-v1/latest)
40
+ View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/google-cloud-access_approval-v1/latest)
41
41
  for class and method documentation.
42
42
 
43
43
  See also the [Product Documentation](https://cloud.google.com/access-approval/)
@@ -69,6 +69,11 @@ module GRPC
69
69
  end
70
70
  ```
71
71
 
72
+
73
+ ## Google Cloud Samples
74
+
75
+ To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
76
+
72
77
  ## Supported Ruby Versions
73
78
 
74
79
  This library is supported on Ruby 2.5+.
@@ -32,17 +32,17 @@ module Google
32
32
  #
33
33
  # - The API has a collection of
34
34
  # {::Google::Cloud::AccessApproval::V1::ApprovalRequest ApprovalRequest}
35
- # resources, named `approvalRequests/{approval_request_id}`
35
+ # resources, named `approvalRequests/{approval_request}`
36
36
  # - The API has top-level settings per Project/Folder/Organization, named
37
37
  # `accessApprovalSettings`
38
38
  #
39
39
  # The service also periodically emails a list of recipients, defined at the
40
40
  # Project/Folder/Organization level in the accessApprovalSettings, when there
41
41
  # is a pending ApprovalRequest for them to act on. The ApprovalRequests can
42
- # also optionally be published to a Cloud Pub/Sub topic owned by the customer
43
- # (for Beta, the Pub/Sub setup is managed manually).
42
+ # also optionally be published to a Pub/Sub topic owned by the customer
43
+ # (contact support if you would like to enable Pub/Sub notifications).
44
44
  #
45
- # ApprovalRequests can be approved or dismissed. Google personel can only
45
+ # ApprovalRequests can be approved or dismissed. Google personnel can only
46
46
  # access the indicated resource or resources if the request is approved
47
47
  # (subject to some exclusions:
48
48
  # https://cloud.google.com/access-approval/docs/overview#exclusions).
@@ -62,6 +62,8 @@ module Google
62
62
  # If a request is not approved or dismissed, we call it pending.
63
63
  #
64
64
  class Client
65
+ include Paths
66
+
65
67
  # @private
66
68
  attr_reader :access_approval_stub
67
69
 
@@ -108,6 +110,8 @@ module Google
108
110
 
109
111
  default_config.rpcs.dismiss_approval_request.timeout = 600.0
110
112
 
113
+ default_config.rpcs.invalidate_approval_request.timeout = 600.0
114
+
111
115
  default_config.rpcs.get_access_approval_settings.timeout = 600.0
112
116
  default_config.rpcs.get_access_approval_settings.retry_policy = {
113
117
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14]
@@ -218,17 +222,21 @@ module Google
218
222
  # the default parameter values, pass an empty Hash as a request object (see above).
219
223
  #
220
224
  # @param parent [::String]
221
- # The parent resource. This may be "projects/\\{project_id}",
222
- # "folders/\\{folder_id}", or "organizations/\\{organization_id}".
225
+ # The parent resource. This may be "projects/\\{project}",
226
+ # "folders/\\{folder}", or "organizations/\\{organization}".
223
227
  # @param filter [::String]
224
228
  # A filter on the type of approval requests to retrieve. Must be one of the
225
229
  # following values:
226
230
  #
227
- # - [not set]: Requests that are pending or have active approvals.
228
- # - ALL: All requests.
229
- # - PENDING: Only pending requests.
230
- # - ACTIVE: Only active (i.e. currently approved) requests.
231
- # - DISMISSED: Only dismissed (including expired) requests.
231
+ # * [not set]: Requests that are pending or have active approvals.
232
+ # * ALL: All requests.
233
+ # * PENDING: Only pending requests.
234
+ # * ACTIVE: Only active (i.e. currently approved) requests.
235
+ # * DISMISSED: Only requests that have been dismissed, or requests that
236
+ # are not approved and past expiration.
237
+ # * EXPIRED: Only requests that have been approved, and the approval has
238
+ # expired.
239
+ # * HISTORY: Active, dismissed and expired requests.
232
240
  # @param page_size [::Integer]
233
241
  # Requested page size.
234
242
  # @param page_token [::String]
@@ -324,7 +332,9 @@ module Google
324
332
  # the default parameter values, pass an empty Hash as a request object (see above).
325
333
  #
326
334
  # @param name [::String]
327
- # Name of the approval request to retrieve.
335
+ # The name of the approval request to retrieve.
336
+ # Format:
337
+ # "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request}"
328
338
  #
329
339
  # @yield [response, operation] Access the result along with the RPC operation
330
340
  # @yieldparam response [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
@@ -574,6 +584,98 @@ module Google
574
584
  raise ::Google::Cloud::Error.from_error(e)
575
585
  end
576
586
 
587
+ ##
588
+ # Invalidates an existing ApprovalRequest. Returns the updated
589
+ # ApprovalRequest.
590
+ #
591
+ # NOTE: This does not deny access to the resource if another request has been
592
+ # made and approved. It only invalidates a single approval.
593
+ #
594
+ # Returns FAILED_PRECONDITION if the request exists but is not in an approved
595
+ # state.
596
+ #
597
+ # @overload invalidate_approval_request(request, options = nil)
598
+ # Pass arguments to `invalidate_approval_request` via a request object, either of type
599
+ # {::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage} or an equivalent Hash.
600
+ #
601
+ # @param request [::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Hash]
602
+ # A request object representing the call parameters. Required. To specify no
603
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
604
+ # @param options [::Gapic::CallOptions, ::Hash]
605
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
606
+ #
607
+ # @overload invalidate_approval_request(name: nil)
608
+ # Pass arguments to `invalidate_approval_request` via keyword arguments. Note that at
609
+ # least one keyword argument is required. To specify no parameters, or to keep all
610
+ # the default parameter values, pass an empty Hash as a request object (see above).
611
+ #
612
+ # @param name [::String]
613
+ # Name of the ApprovalRequest to invalidate.
614
+ #
615
+ # @yield [response, operation] Access the result along with the RPC operation
616
+ # @yieldparam response [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
617
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
618
+ #
619
+ # @return [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
620
+ #
621
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
622
+ #
623
+ # @example Basic example
624
+ # require "google/cloud/access_approval/v1"
625
+ #
626
+ # # Create a client object. The client can be reused for multiple calls.
627
+ # client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
628
+ #
629
+ # # Create a request. To set request fields, pass in keyword arguments.
630
+ # request = Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage.new
631
+ #
632
+ # # Call the invalidate_approval_request method.
633
+ # result = client.invalidate_approval_request request
634
+ #
635
+ # # The returned object is of type Google::Cloud::AccessApproval::V1::ApprovalRequest.
636
+ # p result
637
+ #
638
+ def invalidate_approval_request request, options = nil
639
+ raise ::ArgumentError, "request must be provided" if request.nil?
640
+
641
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage
642
+
643
+ # Converts hash and nil to an options object
644
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
645
+
646
+ # Customize the options with defaults
647
+ metadata = @config.rpcs.invalidate_approval_request.metadata.to_h
648
+
649
+ # Set x-goog-api-client and x-goog-user-project headers
650
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
651
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
652
+ gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
653
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
654
+
655
+ header_params = {}
656
+ if request.name
657
+ header_params["name"] = request.name
658
+ end
659
+
660
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
661
+ metadata[:"x-goog-request-params"] ||= request_params_header
662
+
663
+ options.apply_defaults timeout: @config.rpcs.invalidate_approval_request.timeout,
664
+ metadata: metadata,
665
+ retry_policy: @config.rpcs.invalidate_approval_request.retry_policy
666
+
667
+ options.apply_defaults timeout: @config.timeout,
668
+ metadata: @config.metadata,
669
+ retry_policy: @config.retry_policy
670
+
671
+ @access_approval_stub.call_rpc :invalidate_approval_request, request, options: options do |response, operation|
672
+ yield response, operation if block_given?
673
+ return response
674
+ end
675
+ rescue ::GRPC::BadStatus => e
676
+ raise ::Google::Cloud::Error.from_error(e)
677
+ end
678
+
577
679
  ##
578
680
  # Gets the settings associated with a project, folder, or organization.
579
681
  #
@@ -593,7 +695,8 @@ module Google
593
695
  # the default parameter values, pass an empty Hash as a request object (see above).
594
696
  #
595
697
  # @param name [::String]
596
- # Name of the AccessApprovalSettings to retrieve.
698
+ # The name of the AccessApprovalSettings to retrieve.
699
+ # Format: "\\{projects|folders|organizations}/\\{id}/accessApprovalSettings"
597
700
  #
598
701
  # @yield [response, operation] Access the result along with the RPC operation
599
702
  # @yieldparam response [::Google::Cloud::AccessApproval::V1::AccessApprovalSettings]
@@ -846,6 +949,92 @@ module Google
846
949
  raise ::Google::Cloud::Error.from_error(e)
847
950
  end
848
951
 
952
+ ##
953
+ # Retrieves the service account that is used by Access Approval to access KMS
954
+ # keys for signing approved approval requests.
955
+ #
956
+ # @overload get_access_approval_service_account(request, options = nil)
957
+ # Pass arguments to `get_access_approval_service_account` via a request object, either of type
958
+ # {::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage} or an equivalent Hash.
959
+ #
960
+ # @param request [::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Hash]
961
+ # A request object representing the call parameters. Required. To specify no
962
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
963
+ # @param options [::Gapic::CallOptions, ::Hash]
964
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
965
+ #
966
+ # @overload get_access_approval_service_account(name: nil)
967
+ # Pass arguments to `get_access_approval_service_account` via keyword arguments. Note that at
968
+ # least one keyword argument is required. To specify no parameters, or to keep all
969
+ # the default parameter values, pass an empty Hash as a request object (see above).
970
+ #
971
+ # @param name [::String]
972
+ # Name of the AccessApprovalServiceAccount to retrieve.
973
+ #
974
+ # @yield [response, operation] Access the result along with the RPC operation
975
+ # @yieldparam response [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
976
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
977
+ #
978
+ # @return [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
979
+ #
980
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
981
+ #
982
+ # @example Basic example
983
+ # require "google/cloud/access_approval/v1"
984
+ #
985
+ # # Create a client object. The client can be reused for multiple calls.
986
+ # client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
987
+ #
988
+ # # Create a request. To set request fields, pass in keyword arguments.
989
+ # request = Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage.new
990
+ #
991
+ # # Call the get_access_approval_service_account method.
992
+ # result = client.get_access_approval_service_account request
993
+ #
994
+ # # The returned object is of type Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount.
995
+ # p result
996
+ #
997
+ def get_access_approval_service_account request, options = nil
998
+ raise ::ArgumentError, "request must be provided" if request.nil?
999
+
1000
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage
1001
+
1002
+ # Converts hash and nil to an options object
1003
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1004
+
1005
+ # Customize the options with defaults
1006
+ metadata = @config.rpcs.get_access_approval_service_account.metadata.to_h
1007
+
1008
+ # Set x-goog-api-client and x-goog-user-project headers
1009
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1010
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1011
+ gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
1012
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1013
+
1014
+ header_params = {}
1015
+ if request.name
1016
+ header_params["name"] = request.name
1017
+ end
1018
+
1019
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1020
+ metadata[:"x-goog-request-params"] ||= request_params_header
1021
+
1022
+ options.apply_defaults timeout: @config.rpcs.get_access_approval_service_account.timeout,
1023
+ metadata: metadata,
1024
+ retry_policy: @config.rpcs.get_access_approval_service_account.retry_policy
1025
+
1026
+ options.apply_defaults timeout: @config.timeout,
1027
+ metadata: @config.metadata,
1028
+ retry_policy: @config.retry_policy
1029
+
1030
+ @access_approval_stub.call_rpc :get_access_approval_service_account, request, options: options do |response, operation|
1031
+ yield response, operation if block_given?
1032
+ return response
1033
+ end
1034
+ rescue ::GRPC::BadStatus => e
1035
+ raise ::Google::Cloud::Error.from_error(e)
1036
+ end
1037
+
849
1038
  ##
850
1039
  # Configuration class for the AccessApproval API.
851
1040
  #
@@ -1002,6 +1191,11 @@ module Google
1002
1191
  #
1003
1192
  attr_reader :dismiss_approval_request
1004
1193
  ##
1194
+ # RPC-specific configuration for `invalidate_approval_request`
1195
+ # @return [::Gapic::Config::Method]
1196
+ #
1197
+ attr_reader :invalidate_approval_request
1198
+ ##
1005
1199
  # RPC-specific configuration for `get_access_approval_settings`
1006
1200
  # @return [::Gapic::Config::Method]
1007
1201
  #
@@ -1016,6 +1210,11 @@ module Google
1016
1210
  # @return [::Gapic::Config::Method]
1017
1211
  #
1018
1212
  attr_reader :delete_access_approval_settings
1213
+ ##
1214
+ # RPC-specific configuration for `get_access_approval_service_account`
1215
+ # @return [::Gapic::Config::Method]
1216
+ #
1217
+ attr_reader :get_access_approval_service_account
1019
1218
 
1020
1219
  # @private
1021
1220
  def initialize parent_rpcs = nil
@@ -1027,12 +1226,16 @@ module Google
1027
1226
  @approve_approval_request = ::Gapic::Config::Method.new approve_approval_request_config
1028
1227
  dismiss_approval_request_config = parent_rpcs.dismiss_approval_request if parent_rpcs.respond_to? :dismiss_approval_request
1029
1228
  @dismiss_approval_request = ::Gapic::Config::Method.new dismiss_approval_request_config
1229
+ invalidate_approval_request_config = parent_rpcs.invalidate_approval_request if parent_rpcs.respond_to? :invalidate_approval_request
1230
+ @invalidate_approval_request = ::Gapic::Config::Method.new invalidate_approval_request_config
1030
1231
  get_access_approval_settings_config = parent_rpcs.get_access_approval_settings if parent_rpcs.respond_to? :get_access_approval_settings
1031
1232
  @get_access_approval_settings = ::Gapic::Config::Method.new get_access_approval_settings_config
1032
1233
  update_access_approval_settings_config = parent_rpcs.update_access_approval_settings if parent_rpcs.respond_to? :update_access_approval_settings
1033
1234
  @update_access_approval_settings = ::Gapic::Config::Method.new update_access_approval_settings_config
1034
1235
  delete_access_approval_settings_config = parent_rpcs.delete_access_approval_settings if parent_rpcs.respond_to? :delete_access_approval_settings
1035
1236
  @delete_access_approval_settings = ::Gapic::Config::Method.new delete_access_approval_settings_config
1237
+ get_access_approval_service_account_config = parent_rpcs.get_access_approval_service_account if parent_rpcs.respond_to? :get_access_approval_service_account
1238
+ @get_access_approval_service_account = ::Gapic::Config::Method.new get_access_approval_service_account_config
1036
1239
 
1037
1240
  yield self if block_given?
1038
1241
  end
@@ -0,0 +1,170 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module AccessApproval
23
+ module V1
24
+ module AccessApproval
25
+ # Path helper methods for the AccessApproval API.
26
+ module Paths
27
+ ##
28
+ # Create a fully-qualified AccessApprovalSettings resource string.
29
+ #
30
+ # @overload access_approval_settings_path(project:)
31
+ # The resource will be in the following format:
32
+ #
33
+ # `projects/{project}/accessApprovalSettings`
34
+ #
35
+ # @param project [String]
36
+ #
37
+ # @overload access_approval_settings_path(folder:)
38
+ # The resource will be in the following format:
39
+ #
40
+ # `folders/{folder}/accessApprovalSettings`
41
+ #
42
+ # @param folder [String]
43
+ #
44
+ # @overload access_approval_settings_path(organization:)
45
+ # The resource will be in the following format:
46
+ #
47
+ # `organizations/{organization}/accessApprovalSettings`
48
+ #
49
+ # @param organization [String]
50
+ #
51
+ # @return [::String]
52
+ def access_approval_settings_path **args
53
+ resources = {
54
+ "project" => (proc do |project:|
55
+ "projects/#{project}/accessApprovalSettings"
56
+ end),
57
+ "folder" => (proc do |folder:|
58
+ "folders/#{folder}/accessApprovalSettings"
59
+ end),
60
+ "organization" => (proc do |organization:|
61
+ "organizations/#{organization}/accessApprovalSettings"
62
+ end)
63
+ }
64
+
65
+ resource = resources[args.keys.sort.join(":")]
66
+ raise ::ArgumentError, "no resource found for values #{args.keys}" if resource.nil?
67
+ resource.call(**args)
68
+ end
69
+
70
+ ##
71
+ # Create a fully-qualified ApprovalRequest resource string.
72
+ #
73
+ # @overload approval_request_path(project:, approval_request:)
74
+ # The resource will be in the following format:
75
+ #
76
+ # `projects/{project}/approvalRequests/{approval_request}`
77
+ #
78
+ # @param project [String]
79
+ # @param approval_request [String]
80
+ #
81
+ # @overload approval_request_path(folder:, approval_request:)
82
+ # The resource will be in the following format:
83
+ #
84
+ # `folders/{folder}/approvalRequests/{approval_request}`
85
+ #
86
+ # @param folder [String]
87
+ # @param approval_request [String]
88
+ #
89
+ # @overload approval_request_path(organization:, approval_request:)
90
+ # The resource will be in the following format:
91
+ #
92
+ # `organizations/{organization}/approvalRequests/{approval_request}`
93
+ #
94
+ # @param organization [String]
95
+ # @param approval_request [String]
96
+ #
97
+ # @return [::String]
98
+ def approval_request_path **args
99
+ resources = {
100
+ "approval_request:project" => (proc do |project:, approval_request:|
101
+ raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
102
+
103
+ "projects/#{project}/approvalRequests/#{approval_request}"
104
+ end),
105
+ "approval_request:folder" => (proc do |folder:, approval_request:|
106
+ raise ::ArgumentError, "folder cannot contain /" if folder.to_s.include? "/"
107
+
108
+ "folders/#{folder}/approvalRequests/#{approval_request}"
109
+ end),
110
+ "approval_request:organization" => (proc do |organization:, approval_request:|
111
+ raise ::ArgumentError, "organization cannot contain /" if organization.to_s.include? "/"
112
+
113
+ "organizations/#{organization}/approvalRequests/#{approval_request}"
114
+ end)
115
+ }
116
+
117
+ resource = resources[args.keys.sort.join(":")]
118
+ raise ::ArgumentError, "no resource found for values #{args.keys}" if resource.nil?
119
+ resource.call(**args)
120
+ end
121
+
122
+ ##
123
+ # Create a fully-qualified Folder resource string.
124
+ #
125
+ # The resource will be in the following format:
126
+ #
127
+ # `folders/{folder}`
128
+ #
129
+ # @param folder [String]
130
+ #
131
+ # @return [::String]
132
+ def folder_path folder:
133
+ "folders/#{folder}"
134
+ end
135
+
136
+ ##
137
+ # Create a fully-qualified Organization resource string.
138
+ #
139
+ # The resource will be in the following format:
140
+ #
141
+ # `organizations/{organization}`
142
+ #
143
+ # @param organization [String]
144
+ #
145
+ # @return [::String]
146
+ def organization_path organization:
147
+ "organizations/#{organization}"
148
+ end
149
+
150
+ ##
151
+ # Create a fully-qualified Project resource string.
152
+ #
153
+ # The resource will be in the following format:
154
+ #
155
+ # `projects/{project}`
156
+ #
157
+ # @param project [String]
158
+ #
159
+ # @return [::String]
160
+ def project_path project:
161
+ "projects/#{project}"
162
+ end
163
+
164
+ extend self
165
+ end
166
+ end
167
+ end
168
+ end
169
+ end
170
+ end
@@ -23,6 +23,7 @@ require "gapic/config/method"
23
23
  require "google/cloud/access_approval/v1/version"
24
24
 
25
25
  require "google/cloud/access_approval/v1/access_approval/credentials"
26
+ require "google/cloud/access_approval/v1/access_approval/paths"
26
27
  require "google/cloud/access_approval/v1/access_approval/client"
27
28
 
28
29
  module Google
@@ -35,17 +36,17 @@ module Google
35
36
  #
36
37
  # - The API has a collection of
37
38
  # {::Google::Cloud::AccessApproval::V1::ApprovalRequest ApprovalRequest}
38
- # resources, named `approvalRequests/{approval_request_id}`
39
+ # resources, named `approvalRequests/{approval_request}`
39
40
  # - The API has top-level settings per Project/Folder/Organization, named
40
41
  # `accessApprovalSettings`
41
42
  #
42
43
  # The service also periodically emails a list of recipients, defined at the
43
44
  # Project/Folder/Organization level in the accessApprovalSettings, when there
44
45
  # is a pending ApprovalRequest for them to act on. The ApprovalRequests can
45
- # also optionally be published to a Cloud Pub/Sub topic owned by the customer
46
- # (for Beta, the Pub/Sub setup is managed manually).
46
+ # also optionally be published to a Pub/Sub topic owned by the customer
47
+ # (contact support if you would like to enable Pub/Sub notifications).
47
48
  #
48
- # ApprovalRequests can be approved or dismissed. Google personel can only
49
+ # ApprovalRequests can be approved or dismissed. Google personnel can only
49
50
  # access the indicated resource or resources if the request is approved
50
51
  # (subject to some exclusions:
51
52
  # https://cloud.google.com/access-approval/docs/overview#exclusions).
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module AccessApproval
23
23
  module V1
24
- VERSION = "0.4.4"
24
+ VERSION = "0.6.0"
25
25
  end
26
26
  end
27
27
  end
@@ -25,6 +25,8 @@ module Google
25
25
  ##
26
26
  # To load this package, including all its services, and instantiate a client:
27
27
  #
28
+ # @example
29
+ #
28
30
  # require "google/cloud/access_approval/v1"
29
31
  # client = ::Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
30
32
  #
@@ -1,13 +1,15 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/accessapproval/v1/accessapproval.proto
3
3
 
4
+ require 'google/protobuf'
5
+
4
6
  require 'google/api/annotations_pb'
5
7
  require 'google/api/client_pb'
6
8
  require 'google/api/field_behavior_pb'
9
+ require 'google/api/resource_pb'
7
10
  require 'google/protobuf/empty_pb'
8
11
  require 'google/protobuf/field_mask_pb'
9
12
  require 'google/protobuf/timestamp_pb'
10
- require 'google/protobuf'
11
13
 
12
14
  Google::Protobuf::DescriptorPool.generated_pool.build do
13
15
  add_file("google/cloud/accessapproval/v1/accessapproval.proto", :syntax => :proto3) do
@@ -24,13 +26,26 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
24
26
  value :CUSTOMER_INITIATED_SUPPORT, 1
25
27
  value :GOOGLE_INITIATED_SERVICE, 2
26
28
  value :GOOGLE_INITIATED_REVIEW, 3
29
+ value :THIRD_PARTY_DATA_REQUEST, 4
30
+ value :GOOGLE_RESPONSE_TO_PRODUCTION_ALERT, 5
31
+ end
32
+ add_message "google.cloud.accessapproval.v1.SignatureInfo" do
33
+ optional :signature, :bytes, 1
34
+ oneof :verification_info do
35
+ optional :google_public_key_pem, :string, 2
36
+ optional :customer_kms_key_version, :string, 3
37
+ end
27
38
  end
28
39
  add_message "google.cloud.accessapproval.v1.ApproveDecision" do
29
40
  optional :approve_time, :message, 1, "google.protobuf.Timestamp"
30
41
  optional :expire_time, :message, 2, "google.protobuf.Timestamp"
42
+ optional :invalidate_time, :message, 3, "google.protobuf.Timestamp"
43
+ optional :signature_info, :message, 4, "google.cloud.accessapproval.v1.SignatureInfo"
44
+ optional :auto_approved, :bool, 5
31
45
  end
32
46
  add_message "google.cloud.accessapproval.v1.DismissDecision" do
33
47
  optional :dismiss_time, :message, 1, "google.protobuf.Timestamp"
48
+ optional :implicit, :bool, 2
34
49
  end
35
50
  add_message "google.cloud.accessapproval.v1.ResourceProperties" do
36
51
  optional :excludes_descendants, :bool, 1
@@ -57,6 +72,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
57
72
  repeated :notification_emails, :string, 2
58
73
  repeated :enrolled_services, :message, 3, "google.cloud.accessapproval.v1.EnrolledService"
59
74
  optional :enrolled_ancestor, :bool, 4
75
+ optional :active_key_version, :string, 6
76
+ optional :ancestor_has_active_key_version, :bool, 7
77
+ optional :invalid_key_version, :bool, 8
78
+ end
79
+ add_message "google.cloud.accessapproval.v1.AccessApprovalServiceAccount" do
80
+ optional :name, :string, 1
81
+ optional :account_email, :string, 2
60
82
  end
61
83
  add_message "google.cloud.accessapproval.v1.ListApprovalRequestsMessage" do
62
84
  optional :parent, :string, 1
@@ -78,6 +100,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
78
100
  add_message "google.cloud.accessapproval.v1.DismissApprovalRequestMessage" do
79
101
  optional :name, :string, 1
80
102
  end
103
+ add_message "google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage" do
104
+ optional :name, :string, 1
105
+ end
81
106
  add_message "google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage" do
82
107
  optional :name, :string, 1
83
108
  end
@@ -88,6 +113,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
88
113
  add_message "google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage" do
89
114
  optional :name, :string, 1
90
115
  end
116
+ add_message "google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage" do
117
+ optional :name, :string, 1
118
+ end
91
119
  add_enum "google.cloud.accessapproval.v1.EnrollmentLevel" do
92
120
  value :ENROLLMENT_LEVEL_UNSPECIFIED, 0
93
121
  value :BLOCK_ALL, 1
@@ -102,20 +130,24 @@ module Google
102
130
  AccessLocations = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessLocations").msgclass
103
131
  AccessReason = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason").msgclass
104
132
  AccessReason::Type = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason.Type").enummodule
133
+ SignatureInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.SignatureInfo").msgclass
105
134
  ApproveDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveDecision").msgclass
106
135
  DismissDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissDecision").msgclass
107
136
  ResourceProperties = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ResourceProperties").msgclass
108
137
  ApprovalRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApprovalRequest").msgclass
109
138
  EnrolledService = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrolledService").msgclass
110
139
  AccessApprovalSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalSettings").msgclass
140
+ AccessApprovalServiceAccount = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalServiceAccount").msgclass
111
141
  ListApprovalRequestsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsMessage").msgclass
112
142
  ListApprovalRequestsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsResponse").msgclass
113
143
  GetApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetApprovalRequestMessage").msgclass
114
144
  ApproveApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveApprovalRequestMessage").msgclass
115
145
  DismissApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissApprovalRequestMessage").msgclass
146
+ InvalidateApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage").msgclass
116
147
  GetAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage").msgclass
117
148
  UpdateAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.UpdateAccessApprovalSettingsMessage").msgclass
118
149
  DeleteAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage").msgclass
150
+ GetAccessApprovalServiceAccountMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage").msgclass
119
151
  EnrollmentLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrollmentLevel").enummodule
120
152
  end
121
153
  end
@@ -29,17 +29,17 @@ module Google
29
29
  #
30
30
  # - The API has a collection of
31
31
  # [ApprovalRequest][google.cloud.accessapproval.v1.ApprovalRequest]
32
- # resources, named `approvalRequests/{approval_request_id}`
32
+ # resources, named `approvalRequests/{approval_request}`
33
33
  # - The API has top-level settings per Project/Folder/Organization, named
34
34
  # `accessApprovalSettings`
35
35
  #
36
36
  # The service also periodically emails a list of recipients, defined at the
37
37
  # Project/Folder/Organization level in the accessApprovalSettings, when there
38
38
  # is a pending ApprovalRequest for them to act on. The ApprovalRequests can
39
- # also optionally be published to a Cloud Pub/Sub topic owned by the customer
40
- # (for Beta, the Pub/Sub setup is managed manually).
39
+ # also optionally be published to a Pub/Sub topic owned by the customer
40
+ # (contact support if you would like to enable Pub/Sub notifications).
41
41
  #
42
- # ApprovalRequests can be approved or dismissed. Google personel can only
42
+ # ApprovalRequests can be approved or dismissed. Google personnel can only
43
43
  # access the indicated resource or resources if the request is approved
44
44
  # (subject to some exclusions:
45
45
  # https://cloud.google.com/access-approval/docs/overview#exclusions).
@@ -87,6 +87,15 @@ module Google
87
87
  # Returns FAILED_PRECONDITION if the request exists but is not in a pending
88
88
  # state.
89
89
  rpc :DismissApprovalRequest, ::Google::Cloud::AccessApproval::V1::DismissApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
90
+ # Invalidates an existing ApprovalRequest. Returns the updated
91
+ # ApprovalRequest.
92
+ #
93
+ # NOTE: This does not deny access to the resource if another request has been
94
+ # made and approved. It only invalidates a single approval.
95
+ #
96
+ # Returns FAILED_PRECONDITION if the request exists but is not in an approved
97
+ # state.
98
+ rpc :InvalidateApprovalRequest, ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
90
99
  # Gets the settings associated with a project, folder, or organization.
91
100
  rpc :GetAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalSettingsMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalSettings
92
101
  # Updates the settings associated with a project, folder, or organization.
@@ -99,6 +108,9 @@ module Google
99
108
  # hierarchy, then Access Approval will still be enabled at this level as
100
109
  # the settings are inherited.
101
110
  rpc :DeleteAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::DeleteAccessApprovalSettingsMessage, ::Google::Protobuf::Empty
111
+ # Retrieves the service account that is used by Access Approval to access KMS
112
+ # keys for signing approved approval requests.
113
+ rpc :GetAccessApprovalServiceAccount, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount
102
114
  end
103
115
 
104
116
  Stub = Service.rpc_stub_class
@@ -33,11 +33,7 @@ module Google
33
33
  # // For Kubernetes resources, the format is {api group}/{kind}.
34
34
  # option (google.api.resource) = {
35
35
  # type: "pubsub.googleapis.com/Topic"
36
- # name_descriptor: {
37
- # pattern: "projects/{project}/topics/{topic}"
38
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
39
- # parent_name_extractor: "projects/{project}"
40
- # }
36
+ # pattern: "projects/{project}/topics/{topic}"
41
37
  # };
42
38
  # }
43
39
  #
@@ -45,10 +41,7 @@ module Google
45
41
  #
46
42
  # resources:
47
43
  # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/{project}/topics/{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/{project}"
44
+ # pattern: "projects/{project}/topics/{topic}"
52
45
  #
53
46
  # Sometimes, resources have multiple patterns, typically because they can
54
47
  # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
58
51
  # message LogEntry {
59
52
  # option (google.api.resource) = {
60
53
  # type: "logging.googleapis.com/LogEntry"
61
- # name_descriptor: {
62
- # pattern: "projects/{project}/logs/{log}"
63
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
64
- # parent_name_extractor: "projects/{project}"
65
- # }
66
- # name_descriptor: {
67
- # pattern: "folders/{folder}/logs/{log}"
68
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
69
- # parent_name_extractor: "folders/{folder}"
70
- # }
71
- # name_descriptor: {
72
- # pattern: "organizations/{organization}/logs/{log}"
73
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
74
- # parent_name_extractor: "organizations/{organization}"
75
- # }
76
- # name_descriptor: {
77
- # pattern: "billingAccounts/{billing_account}/logs/{log}"
78
- # parent_type: "billing.googleapis.com/BillingAccount"
79
- # parent_name_extractor: "billingAccounts/{billing_account}"
80
- # }
54
+ # pattern: "projects/{project}/logs/{log}"
55
+ # pattern: "folders/{folder}/logs/{log}"
56
+ # pattern: "organizations/{organization}/logs/{log}"
57
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
81
58
  # };
82
59
  # }
83
60
  #
@@ -85,48 +62,10 @@ module Google
85
62
  #
86
63
  # resources:
87
64
  # - type: 'logging.googleapis.com/LogEntry'
88
- # name_descriptor:
89
- # - pattern: "projects/{project}/logs/{log}"
90
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
91
- # parent_name_extractor: "projects/{project}"
92
- # - pattern: "folders/{folder}/logs/{log}"
93
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
94
- # parent_name_extractor: "folders/{folder}"
95
- # - pattern: "organizations/{organization}/logs/{log}"
96
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
97
- # parent_name_extractor: "organizations/{organization}"
98
- # - pattern: "billingAccounts/{billing_account}/logs/{log}"
99
- # parent_type: "billing.googleapis.com/BillingAccount"
100
- # parent_name_extractor: "billingAccounts/{billing_account}"
101
- #
102
- # For flexible resources, the resource name doesn't contain parent names, but
103
- # the resource itself has parents for policy evaluation.
104
- #
105
- # Example:
106
- #
107
- # message Shelf {
108
- # option (google.api.resource) = {
109
- # type: "library.googleapis.com/Shelf"
110
- # name_descriptor: {
111
- # pattern: "shelves/{shelf}"
112
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
113
- # }
114
- # name_descriptor: {
115
- # pattern: "shelves/{shelf}"
116
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
117
- # }
118
- # };
119
- # }
120
- #
121
- # The ResourceDescriptor Yaml config will look like:
122
- #
123
- # resources:
124
- # - type: 'library.googleapis.com/Shelf'
125
- # name_descriptor:
126
- # - pattern: "shelves/{shelf}"
127
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
128
- # - pattern: "shelves/{shelf}"
129
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
65
+ # pattern: "projects/{project}/logs/{log}"
66
+ # pattern: "folders/{folder}/logs/{log}"
67
+ # pattern: "organizations/{organization}/logs/{log}"
68
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
130
69
  # @!attribute [rw] type
131
70
  # @return [::String]
132
71
  # The resource type. It must be in the format of
@@ -30,14 +30,14 @@ module Google
30
30
  # of a country code.
31
31
  # Possible Region Codes:
32
32
  #
33
- # - ASI: Asia
34
- # - EUR: Europe
35
- # - OCE: Oceania
36
- # - AFR: Africa
37
- # - NAM: North America
38
- # - SAM: South America
39
- # - ANT: Antarctica
40
- # - ANY: Any location
33
+ # * ASI: Asia
34
+ # * EUR: Europe
35
+ # * OCE: Oceania
36
+ # * AFR: Africa
37
+ # * NAM: North America
38
+ # * SAM: South America
39
+ # * ANT: Antarctica
40
+ # * ANY: Any location
41
41
  # @!attribute [rw] principal_physical_location_country
42
42
  # @return [::String]
43
43
  # Physical location of the principal at the time of the access. A
@@ -46,14 +46,14 @@ module Google
46
46
  # a region code instead of a country code.
47
47
  # Possible Region Codes:
48
48
  #
49
- # - ASI: Asia
50
- # - EUR: Europe
51
- # - OCE: Oceania
52
- # - AFR: Africa
53
- # - NAM: North America
54
- # - SAM: South America
55
- # - ANT: Antarctica
56
- # - ANY: Any location
49
+ # * ASI: Asia
50
+ # * EUR: Europe
51
+ # * OCE: Oceania
52
+ # * AFR: Africa
53
+ # * NAM: North America
54
+ # * SAM: South America
55
+ # * ANT: Antarctica
56
+ # * ANY: Any location
57
57
  class AccessLocations
58
58
  include ::Google::Protobuf::MessageExts
59
59
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -77,26 +77,52 @@ module Google
77
77
  # Customer made a request or raised an issue that required the principal to
78
78
  # access customer data. `detail` is of the form ("#####" is the issue ID):
79
79
  #
80
- # - "Feedback Report: #####"
81
- # - "Case Number: #####"
82
- # - "Case ID: #####"
83
- # - "E-PIN Reference: #####"
84
- # - "Google-#####"
85
- # - "T-#####"
80
+ # * "Feedback Report: #####"
81
+ # * "Case Number: #####"
82
+ # * "Case ID: #####"
83
+ # * "E-PIN Reference: #####"
84
+ # * "Google-#####"
85
+ # * "T-#####"
86
86
  CUSTOMER_INITIATED_SUPPORT = 1
87
87
 
88
88
  # The principal accessed customer data in order to diagnose or resolve a
89
- # suspected issue in services or a known outage. Often this access is used
90
- # to confirm that customers are not affected by a suspected service issue
91
- # or to remediate a reversible system issue.
89
+ # suspected issue in services. Often this access is used to confirm that
90
+ # customers are not affected by a suspected service issue or to remediate a
91
+ # reversible system issue.
92
92
  GOOGLE_INITIATED_SERVICE = 2
93
93
 
94
94
  # Google initiated service for security, fraud, abuse, or compliance
95
95
  # purposes.
96
96
  GOOGLE_INITIATED_REVIEW = 3
97
+
98
+ # The principal was compelled to access customer data in order to respond
99
+ # to a legal third party data request or process, including legal processes
100
+ # from customers themselves.
101
+ THIRD_PARTY_DATA_REQUEST = 4
102
+
103
+ # The principal accessed customer data in order to diagnose or resolve a
104
+ # suspected issue in services or a known outage.
105
+ GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5
97
106
  end
98
107
  end
99
108
 
109
+ # Information about the digital signature of the resource.
110
+ # @!attribute [rw] signature
111
+ # @return [::String]
112
+ # The digital signature.
113
+ # @!attribute [rw] google_public_key_pem
114
+ # @return [::String]
115
+ # The public key for the Google default signing, encoded in PEM format. The
116
+ # signature was created using a private key which may be verified using
117
+ # this public key.
118
+ # @!attribute [rw] customer_kms_key_version
119
+ # @return [::String]
120
+ # The resource name of the customer CryptoKeyVersion used for signing.
121
+ class SignatureInfo
122
+ include ::Google::Protobuf::MessageExts
123
+ extend ::Google::Protobuf::MessageExts::ClassMethods
124
+ end
125
+
100
126
  # A decision that has been made to approve access to a resource.
101
127
  # @!attribute [rw] approve_time
102
128
  # @return [::Google::Protobuf::Timestamp]
@@ -104,6 +130,15 @@ module Google
104
130
  # @!attribute [rw] expire_time
105
131
  # @return [::Google::Protobuf::Timestamp]
106
132
  # The time at which the approval expires.
133
+ # @!attribute [rw] invalidate_time
134
+ # @return [::Google::Protobuf::Timestamp]
135
+ # If set, denotes the timestamp at which the approval is invalidated.
136
+ # @!attribute [rw] signature_info
137
+ # @return [::Google::Cloud::AccessApproval::V1::SignatureInfo]
138
+ # The signature for the ApprovalRequest and details on how it was signed.
139
+ # @!attribute [rw] auto_approved
140
+ # @return [::Boolean]
141
+ # True when the request has been auto-approved.
107
142
  class ApproveDecision
108
143
  include ::Google::Protobuf::MessageExts
109
144
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -113,6 +148,11 @@ module Google
113
148
  # @!attribute [rw] dismiss_time
114
149
  # @return [::Google::Protobuf::Timestamp]
115
150
  # The time at which the approval request was dismissed.
151
+ # @!attribute [rw] implicit
152
+ # @return [::Boolean]
153
+ # This field will be true if the ApprovalRequest was implicitly dismissed due
154
+ # to inaction by the access approval approvers (the request is not acted
155
+ # on by the approvers before the exiration time).
116
156
  class DismissDecision
117
157
  include ::Google::Protobuf::MessageExts
118
158
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -132,7 +172,7 @@ module Google
132
172
  # @!attribute [rw] name
133
173
  # @return [::String]
134
174
  # The resource name of the request. Format is
135
- # "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request_id}".
175
+ # "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request}".
136
176
  # @!attribute [rw] requested_resource_name
137
177
  # @return [::String]
138
178
  # The resource for which approval is being requested. The format of the
@@ -175,16 +215,61 @@ module Google
175
215
  # The product for which Access Approval will be enrolled. Allowed values are
176
216
  # listed below (case-sensitive):
177
217
  #
178
- # - all
179
- # - appengine.googleapis.com
180
- # - bigquery.googleapis.com
181
- # - bigtable.googleapis.com
182
- # - cloudkms.googleapis.com
183
- # - compute.googleapis.com
184
- # - dataflow.googleapis.com
185
- # - iam.googleapis.com
186
- # - pubsub.googleapis.com
187
- # - storage.googleapis.com
218
+ # * all
219
+ # * GA
220
+ # * App Engine
221
+ # * BigQuery
222
+ # * Cloud Bigtable
223
+ # * Cloud Key Management Service
224
+ # * Compute Engine
225
+ # * Cloud Dataflow
226
+ # * Cloud DLP
227
+ # * Cloud EKM
228
+ # * Cloud HSM
229
+ # * Cloud Identity and Access Management
230
+ # * Cloud Logging
231
+ # * Cloud Pub/Sub
232
+ # * Cloud Spanner
233
+ # * Cloud SQL
234
+ # * Cloud Storage
235
+ # * Google Kubernetes Engine
236
+ # * Organization Policy Serivice
237
+ # * Persistent Disk
238
+ # * Resource Manager
239
+ # * Speaker ID
240
+ #
241
+ # Note: These values are supported as input for legacy purposes, but will not
242
+ # be returned from the API.
243
+ #
244
+ # * all
245
+ # * ga-only
246
+ # * appengine.googleapis.com
247
+ # * bigquery.googleapis.com
248
+ # * bigtable.googleapis.com
249
+ # * container.googleapis.com
250
+ # * cloudkms.googleapis.com
251
+ # * cloudresourcemanager.googleapis.com
252
+ # * cloudsql.googleapis.com
253
+ # * compute.googleapis.com
254
+ # * dataflow.googleapis.com
255
+ # * dlp.googleapis.com
256
+ # * iam.googleapis.com
257
+ # * logging.googleapis.com
258
+ # * orgpolicy.googleapis.com
259
+ # * pubsub.googleapis.com
260
+ # * spanner.googleapis.com
261
+ # * speakerid.googleapis.com
262
+ # * storage.googleapis.com
263
+ #
264
+ # Calls to UpdateAccessApprovalSettings using 'all' or any of the
265
+ # XXX.googleapis.com will be translated to the associated product name
266
+ # ('all', 'App Engine', etc.).
267
+ #
268
+ # Note: 'all' will enroll the resource in all products supported at both 'GA'
269
+ # and 'Preview' levels.
270
+ #
271
+ # More information about levels of support is available at
272
+ # https://cloud.google.com/access-approval/docs/supported-services
188
273
  # @!attribute [rw] enrollment_level
189
274
  # @return [::Google::Cloud::AccessApproval::V1::EnrollmentLevel]
190
275
  # The enrollment level of the service.
@@ -198,9 +283,9 @@ module Google
198
283
  # @return [::String]
199
284
  # The resource name of the settings. Format is one of:
200
285
  #
201
- # - "projects/\\{project_id}/accessApprovalSettings"
202
- # - "folders/\\{folder_id}/accessApprovalSettings"
203
- # - "organizations/\\{organization_id}/accessApprovalSettings"
286
+ # * "projects/\\{project}/accessApprovalSettings"
287
+ # * "folders/\\{folder}/accessApprovalSettings"
288
+ # * "organizations/\\{organization}/accessApprovalSettings"
204
289
  # @!attribute [rw] notification_emails
205
290
  # @return [::Array<::String>]
206
291
  # A list of email addresses to which notifications relating to approval
@@ -223,30 +308,71 @@ module Google
223
308
  # @!attribute [r] enrolled_ancestor
224
309
  # @return [::Boolean]
225
310
  # Output only. This field is read only (not settable via
226
- # UpdateAccessAccessApprovalSettings method). If the field is true, that
311
+ # UpdateAccessApprovalSettings method). If the field is true, that
227
312
  # indicates that at least one service is enrolled for Access Approval in one
228
313
  # or more ancestors of the Project or Folder (this field will always be
229
314
  # unset for the organization since organizations do not have ancestors).
315
+ # @!attribute [rw] active_key_version
316
+ # @return [::String]
317
+ # The asymmetric crypto key version to use for signing approval requests.
318
+ # Empty active_key_version indicates that a Google-managed key should be used
319
+ # for signing. This property will be ignored if set by an ancestor of this
320
+ # resource, and new non-empty values may not be set.
321
+ # @!attribute [r] ancestor_has_active_key_version
322
+ # @return [::Boolean]
323
+ # Output only. This field is read only (not settable via UpdateAccessApprovalSettings
324
+ # method). If the field is true, that indicates that an ancestor of this
325
+ # Project or Folder has set active_key_version (this field will always be
326
+ # unset for the organization since organizations do not have ancestors).
327
+ # @!attribute [r] invalid_key_version
328
+ # @return [::Boolean]
329
+ # Output only. This field is read only (not settable via UpdateAccessApprovalSettings
330
+ # method). If the field is true, that indicates that there is some
331
+ # configuration issue with the active_key_version configured at this level in
332
+ # the resource hierarchy (e.g. it doesn't exist or the Access Approval
333
+ # service account doesn't have the correct permissions on it, etc.) This key
334
+ # version is not necessarily the effective key version at this level, as key
335
+ # versions are inherited top-down.
230
336
  class AccessApprovalSettings
231
337
  include ::Google::Protobuf::MessageExts
232
338
  extend ::Google::Protobuf::MessageExts::ClassMethods
233
339
  end
234
340
 
341
+ # Access Approval service account related to a project/folder/organization.
342
+ # @!attribute [rw] name
343
+ # @return [::String]
344
+ # The resource name of the Access Approval service account. Format is one of:
345
+ #
346
+ # * "projects/\\{project}/serviceAccount"
347
+ # * "folders/\\{folder}/serviceAccount"
348
+ # * "organizations/\\{organization}/serviceAccount"
349
+ # @!attribute [rw] account_email
350
+ # @return [::String]
351
+ # Email address of the service account.
352
+ class AccessApprovalServiceAccount
353
+ include ::Google::Protobuf::MessageExts
354
+ extend ::Google::Protobuf::MessageExts::ClassMethods
355
+ end
356
+
235
357
  # Request to list approval requests.
236
358
  # @!attribute [rw] parent
237
359
  # @return [::String]
238
- # The parent resource. This may be "projects/\\{project_id}",
239
- # "folders/\\{folder_id}", or "organizations/\\{organization_id}".
360
+ # The parent resource. This may be "projects/\\{project}",
361
+ # "folders/\\{folder}", or "organizations/\\{organization}".
240
362
  # @!attribute [rw] filter
241
363
  # @return [::String]
242
364
  # A filter on the type of approval requests to retrieve. Must be one of the
243
365
  # following values:
244
366
  #
245
- # - [not set]: Requests that are pending or have active approvals.
246
- # - ALL: All requests.
247
- # - PENDING: Only pending requests.
248
- # - ACTIVE: Only active (i.e. currently approved) requests.
249
- # - DISMISSED: Only dismissed (including expired) requests.
367
+ # * [not set]: Requests that are pending or have active approvals.
368
+ # * ALL: All requests.
369
+ # * PENDING: Only pending requests.
370
+ # * ACTIVE: Only active (i.e. currently approved) requests.
371
+ # * DISMISSED: Only requests that have been dismissed, or requests that
372
+ # are not approved and past expiration.
373
+ # * EXPIRED: Only requests that have been approved, and the approval has
374
+ # expired.
375
+ # * HISTORY: Active, dismissed and expired requests.
250
376
  # @!attribute [rw] page_size
251
377
  # @return [::Integer]
252
378
  # Requested page size.
@@ -273,7 +399,9 @@ module Google
273
399
  # Request to get an approval request.
274
400
  # @!attribute [rw] name
275
401
  # @return [::String]
276
- # Name of the approval request to retrieve.
402
+ # The name of the approval request to retrieve.
403
+ # Format:
404
+ # "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request}"
277
405
  class GetApprovalRequestMessage
278
406
  include ::Google::Protobuf::MessageExts
279
407
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -300,10 +428,20 @@ module Google
300
428
  extend ::Google::Protobuf::MessageExts::ClassMethods
301
429
  end
302
430
 
431
+ # Request to invalidate an existing approval.
432
+ # @!attribute [rw] name
433
+ # @return [::String]
434
+ # Name of the ApprovalRequest to invalidate.
435
+ class InvalidateApprovalRequestMessage
436
+ include ::Google::Protobuf::MessageExts
437
+ extend ::Google::Protobuf::MessageExts::ClassMethods
438
+ end
439
+
303
440
  # Request to get access approval settings.
304
441
  # @!attribute [rw] name
305
442
  # @return [::String]
306
- # Name of the AccessApprovalSettings to retrieve.
443
+ # The name of the AccessApprovalSettings to retrieve.
444
+ # Format: "\\{projects|folders|organizations}/\\{id}/accessApprovalSettings"
307
445
  class GetAccessApprovalSettingsMessage
308
446
  include ::Google::Protobuf::MessageExts
309
447
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -339,6 +477,15 @@ module Google
339
477
  extend ::Google::Protobuf::MessageExts::ClassMethods
340
478
  end
341
479
 
480
+ # Request to get an Access Approval service account.
481
+ # @!attribute [rw] name
482
+ # @return [::String]
483
+ # Name of the AccessApprovalServiceAccount to retrieve.
484
+ class GetAccessApprovalServiceAccountMessage
485
+ include ::Google::Protobuf::MessageExts
486
+ extend ::Google::Protobuf::MessageExts::ClassMethods
487
+ end
488
+
342
489
  # Represents the type of enrollment for a given service to Access Approval.
343
490
  module EnrollmentLevel
344
491
  # Default value for proto, shouldn't be used.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-access_approval-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.4
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-08 00:00:00.000000000 Z
11
+ date: 2022-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -174,6 +174,7 @@ files:
174
174
  - lib/google/cloud/access_approval/v1/access_approval.rb
175
175
  - lib/google/cloud/access_approval/v1/access_approval/client.rb
176
176
  - lib/google/cloud/access_approval/v1/access_approval/credentials.rb
177
+ - lib/google/cloud/access_approval/v1/access_approval/paths.rb
177
178
  - lib/google/cloud/access_approval/v1/version.rb
178
179
  - lib/google/cloud/accessapproval/v1/accessapproval_pb.rb
179
180
  - lib/google/cloud/accessapproval/v1/accessapproval_services_pb.rb
@@ -203,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
203
204
  - !ruby/object:Gem::Version
204
205
  version: '0'
205
206
  requirements: []
206
- rubygems_version: 3.2.17
207
+ rubygems_version: 3.3.5
207
208
  signing_key:
208
209
  specification_version: 4
209
210
  summary: API Client library for the Access Approval V1 API