google-cloud-access_approval-v1 0.4.4 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aaceebb716cb57bffd24524976b59ed3fd126ae6f893d61a457c3f3ae0edbdd1
-  data.tar.gz: ba9452d416c5a5aaac34330d523035f8de0989075b99b00e5b691d875b18de88
+  metadata.gz: 39ee179d20badb6b1447d9218c5be243db4f3087881a20a0c8952c765519960f
+  data.tar.gz: bd3435892e9afe88ba7cfde44b8625d5c19cc754c46c9c7919636f762c284b68
 SHA512:
-  metadata.gz: 98643b03ca09b2ef679d4b11cd2e87a9e6711cedfd25aa3eba910a3f85b56d033344d21ec429af252241f7a090dc55cb5b248eb7eb6c2998744dc41d2ecc8dc2
-  data.tar.gz: d1135cf4bf0e24d7f8f666f0e9ea0edaac706e802042b504c5165c140939eeb64923846a323c07f160863e367e74895d62aa7d5ea59ff65ea731e339cf012c0d
+  metadata.gz: 6acdc47e360b57314cd84832368471f415c7f5b40888313a96bd048d4a5efcecd2c735df5e0f2a72de53580b3d95d86bb0c9d0d459d0672fea71c666002a1fe0
+  data.tar.gz: 5b8900a860c9ddd2d06ac39c66b93e1e71eb40ed57e07c55229cec7b26bdc499d6424fed71ec332ab159282573de49531fb7364c194ea61128db644c5e45c83e

data/.yardopts

@@ -1,5 +1,5 @@
 --no-private
---title=Access Approval V1 API
+--title="Access Approval V1 API"
 --exclude _pb\.rb$
 --markup markdown
 --markup-provider redcarpet

data/AUTHENTICATION.md

@@ -120,15 +120,6 @@ To configure your system for this, simply:
 **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
 *should* only be used during development.
 
-[gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
-[dev-console]: https://console.cloud.google.com/project
-
-[enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
-
-[create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
-[create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
-[reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
-
 ## Creating a Service Account
 
 Google Cloud requires **Service Account Credentials** to
@@ -139,31 +130,22 @@ If you are not running this client within
 [Google Cloud Platform environments](#google-cloud-platform-environments), you
 need a Google Developers service account.
 
-1. Visit the [Google Developers Console][dev-console].
+1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
 2. Create a new project or click on an existing project.
-3. Activate the slide-out navigation tray and select **API Manager**. From
+3. Activate the menu in the upper left and select **APIs & Services**. From
    here, you will enable the APIs that your application requires.
 
-   ![Enable the APIs that your application requires][enable-apis]
-
    *Note: You may need to enable billing in order to use these services.*
 
 4. Select **Credentials** from the side navigation.
 
-   You should see a screen like one of the following.
-
-   ![Create a new service account][create-new-service-account]
-
-   ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
-
-   Find the "Add credentials" drop down and select "Service account" to be
-   guided through downloading a new JSON key file.
+   Find the "Create credentials" drop down near the top of the page, and select
+   "Service account" to be guided through downloading a new JSON key file.
 
    If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, and click "Generate
-   new JSON key":
-
-   ![Re-use an existing service account][reuse-service-account]
+   new key file. Just select the account you wish to re-use, click the pencil
+   tool on the right side to edit the service account, select the **Keys** tab,
+   and then select **Add Key**.
 
    The key file you download will be used by this library to authenticate API
    requests and should be stored in a secure location.

data/README.md

@@ -37,7 +37,7 @@ request = ::Google::Cloud::AccessApproval::V1::ListApprovalRequestsMessage.new #
 response = client.list_approval_requests request
 ```
 
-View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-access_approval-v1/latest)
+View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/google-cloud-access_approval-v1/latest)
 for class and method documentation.
 
 See also the [Product Documentation](https://cloud.google.com/access-approval/)
@@ -69,6 +69,11 @@ module GRPC
 end
 ```
 
+
+## Google Cloud Samples
+
+To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
+
 ## Supported Ruby Versions
 
 This library is supported on Ruby 2.5+.

data/lib/google/cloud/access_approval/v1/access_approval/client.rb

@@ -32,17 +32,17 @@ module Google
           #
           # - The API has a collection of
           #   {::Google::Cloud::AccessApproval::V1::ApprovalRequest ApprovalRequest}
-          #   resources, named `approvalRequests/{approval_request_id}`
+          #   resources, named `approvalRequests/{approval_request}`
           # - The API has top-level settings per Project/Folder/Organization, named
           #   `accessApprovalSettings`
           #
           # The service also periodically emails a list of recipients, defined at the
           # Project/Folder/Organization level in the accessApprovalSettings, when there
           # is a pending ApprovalRequest for them to act on. The ApprovalRequests can
-          # also optionally be published to a Cloud Pub/Sub topic owned by the customer
-          # (for Beta, the Pub/Sub setup is managed manually).
+          # also optionally be published to a Pub/Sub topic owned by the customer
+          # (contact support if you would like to enable Pub/Sub notifications).
           #
-          # ApprovalRequests can be approved or dismissed. Google personel can only
+          # ApprovalRequests can be approved or dismissed. Google personnel can only
           # access the indicated resource or resources if the request is approved
           # (subject to some exclusions:
           # https://cloud.google.com/access-approval/docs/overview#exclusions).
@@ -62,6 +62,8 @@ module Google
           # If a request is not approved or dismissed, we call it pending.
           #
           class Client
+            include Paths
+
             # @private
             attr_reader :access_approval_stub
 
@@ -108,6 +110,8 @@ module Google
 
                 default_config.rpcs.dismiss_approval_request.timeout = 600.0
 
+                default_config.rpcs.invalidate_approval_request.timeout = 600.0
+
                 default_config.rpcs.get_access_approval_settings.timeout = 600.0
                 default_config.rpcs.get_access_approval_settings.retry_policy = {
                   initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14]
@@ -218,17 +222,21 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param parent [::String]
-            #     The parent resource. This may be "projects/\\{project_id}",
-            #     "folders/\\{folder_id}", or "organizations/\\{organization_id}".
+            #     The parent resource. This may be "projects/\\{project}",
+            #     "folders/\\{folder}", or "organizations/\\{organization}".
             #   @param filter [::String]
             #     A filter on the type of approval requests to retrieve. Must be one of the
             #     following values:
             #
-            #     - [not set]: Requests that are pending or have active approvals.
-            #     - ALL: All requests.
-            #     - PENDING: Only pending requests.
-            #     - ACTIVE: Only active (i.e. currently approved) requests.
-            #     - DISMISSED: Only dismissed (including expired) requests.
+            #       * [not set]: Requests that are pending or have active approvals.
+            #       * ALL: All requests.
+            #       * PENDING: Only pending requests.
+            #       * ACTIVE: Only active (i.e. currently approved) requests.
+            #       * DISMISSED: Only requests that have been dismissed, or requests that
+            #         are not approved and past expiration.
+            #       * EXPIRED: Only requests that have been approved, and the approval has
+            #         expired.
+            #       * HISTORY: Active, dismissed and expired requests.
             #   @param page_size [::Integer]
             #     Requested page size.
             #   @param page_token [::String]
@@ -324,7 +332,9 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Name of the approval request to retrieve.
+            #     The name of the approval request to retrieve.
+            #     Format:
+            #     "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request}"
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
@@ -574,6 +584,98 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Invalidates an existing ApprovalRequest. Returns the updated
+            # ApprovalRequest.
+            #
+            # NOTE: This does not deny access to the resource if another request has been
+            # made and approved. It only invalidates a single approval.
+            #
+            # Returns FAILED_PRECONDITION if the request exists but is not in an approved
+            # state.
+            #
+            # @overload invalidate_approval_request(request, options = nil)
+            #   Pass arguments to `invalidate_approval_request` via a request object, either of type
+            #   {::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload invalidate_approval_request(name: nil)
+            #   Pass arguments to `invalidate_approval_request` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Name of the ApprovalRequest to invalidate.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/access_approval/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage.new
+            #
+            #   # Call the invalidate_approval_request method.
+            #   result = client.invalidate_approval_request request
+            #
+            #   # The returned object is of type Google::Cloud::AccessApproval::V1::ApprovalRequest.
+            #   p result
+            #
+            def invalidate_approval_request request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.invalidate_approval_request.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.invalidate_approval_request.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.invalidate_approval_request.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @access_approval_stub.call_rpc :invalidate_approval_request, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Gets the settings associated with a project, folder, or organization.
             #
@@ -593,7 +695,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Name of the AccessApprovalSettings to retrieve.
+            #     The name of the AccessApprovalSettings to retrieve.
+            #     Format: "\\{projects|folders|organizations}/\\{id}/accessApprovalSettings"
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::AccessApproval::V1::AccessApprovalSettings]
@@ -846,6 +949,92 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Retrieves the service account that is used by Access Approval to access KMS
+            # keys for signing approved approval requests.
+            #
+            # @overload get_access_approval_service_account(request, options = nil)
+            #   Pass arguments to `get_access_approval_service_account` via a request object, either of type
+            #   {::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload get_access_approval_service_account(name: nil)
+            #   Pass arguments to `get_access_approval_service_account` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Name of the AccessApprovalServiceAccount to retrieve.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/access_approval/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage.new
+            #
+            #   # Call the get_access_approval_service_account method.
+            #   result = client.get_access_approval_service_account request
+            #
+            #   # The returned object is of type Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount.
+            #   p result
+            #
+            def get_access_approval_service_account request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.get_access_approval_service_account.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.get_access_approval_service_account.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.get_access_approval_service_account.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @access_approval_stub.call_rpc :get_access_approval_service_account, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AccessApproval API.
             #
@@ -1002,6 +1191,11 @@ module Google
                 #
                 attr_reader :dismiss_approval_request
                 ##
+                # RPC-specific configuration for `invalidate_approval_request`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :invalidate_approval_request
+                ##
                 # RPC-specific configuration for `get_access_approval_settings`
                 # @return [::Gapic::Config::Method]
                 #
@@ -1016,6 +1210,11 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :delete_access_approval_settings
+                ##
+                # RPC-specific configuration for `get_access_approval_service_account`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :get_access_approval_service_account
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -1027,12 +1226,16 @@ module Google
                   @approve_approval_request = ::Gapic::Config::Method.new approve_approval_request_config
                   dismiss_approval_request_config = parent_rpcs.dismiss_approval_request if parent_rpcs.respond_to? :dismiss_approval_request
                   @dismiss_approval_request = ::Gapic::Config::Method.new dismiss_approval_request_config
+                  invalidate_approval_request_config = parent_rpcs.invalidate_approval_request if parent_rpcs.respond_to? :invalidate_approval_request
+                  @invalidate_approval_request = ::Gapic::Config::Method.new invalidate_approval_request_config
                   get_access_approval_settings_config = parent_rpcs.get_access_approval_settings if parent_rpcs.respond_to? :get_access_approval_settings
                   @get_access_approval_settings = ::Gapic::Config::Method.new get_access_approval_settings_config
                   update_access_approval_settings_config = parent_rpcs.update_access_approval_settings if parent_rpcs.respond_to? :update_access_approval_settings
                   @update_access_approval_settings = ::Gapic::Config::Method.new update_access_approval_settings_config
                   delete_access_approval_settings_config = parent_rpcs.delete_access_approval_settings if parent_rpcs.respond_to? :delete_access_approval_settings
                   @delete_access_approval_settings = ::Gapic::Config::Method.new delete_access_approval_settings_config
+                  get_access_approval_service_account_config = parent_rpcs.get_access_approval_service_account if parent_rpcs.respond_to? :get_access_approval_service_account
+                  @get_access_approval_service_account = ::Gapic::Config::Method.new get_access_approval_service_account_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/access_approval/v1/access_approval/paths.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module AccessApproval
+      module V1
+        module AccessApproval
+          # Path helper methods for the AccessApproval API.
+          module Paths
+            ##
+            # Create a fully-qualified AccessApprovalSettings resource string.
+            #
+            # @overload access_approval_settings_path(project:)
+            #   The resource will be in the following format:
+            #
+            #   `projects/{project}/accessApprovalSettings`
+            #
+            #   @param project [String]
+            #
+            # @overload access_approval_settings_path(folder:)
+            #   The resource will be in the following format:
+            #
+            #   `folders/{folder}/accessApprovalSettings`
+            #
+            #   @param folder [String]
+            #
+            # @overload access_approval_settings_path(organization:)
+            #   The resource will be in the following format:
+            #
+            #   `organizations/{organization}/accessApprovalSettings`
+            #
+            #   @param organization [String]
+            #
+            # @return [::String]
+            def access_approval_settings_path **args
+              resources = {
+                "project" => (proc do |project:|
+                  "projects/#{project}/accessApprovalSettings"
+                end),
+                "folder" => (proc do |folder:|
+                  "folders/#{folder}/accessApprovalSettings"
+                end),
+                "organization" => (proc do |organization:|
+                  "organizations/#{organization}/accessApprovalSettings"
+                end)
+              }
+
+              resource = resources[args.keys.sort.join(":")]
+              raise ::ArgumentError, "no resource found for values #{args.keys}" if resource.nil?
+              resource.call(**args)
+            end
+
+            ##
+            # Create a fully-qualified ApprovalRequest resource string.
+            #
+            # @overload approval_request_path(project:, approval_request:)
+            #   The resource will be in the following format:
+            #
+            #   `projects/{project}/approvalRequests/{approval_request}`
+            #
+            #   @param project [String]
+            #   @param approval_request [String]
+            #
+            # @overload approval_request_path(folder:, approval_request:)
+            #   The resource will be in the following format:
+            #
+            #   `folders/{folder}/approvalRequests/{approval_request}`
+            #
+            #   @param folder [String]
+            #   @param approval_request [String]
+            #
+            # @overload approval_request_path(organization:, approval_request:)
+            #   The resource will be in the following format:
+            #
+            #   `organizations/{organization}/approvalRequests/{approval_request}`
+            #
+            #   @param organization [String]
+            #   @param approval_request [String]
+            #
+            # @return [::String]
+            def approval_request_path **args
+              resources = {
+                "approval_request:project" => (proc do |project:, approval_request:|
+                  raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
+
+                  "projects/#{project}/approvalRequests/#{approval_request}"
+                end),
+                "approval_request:folder" => (proc do |folder:, approval_request:|
+                  raise ::ArgumentError, "folder cannot contain /" if folder.to_s.include? "/"
+
+                  "folders/#{folder}/approvalRequests/#{approval_request}"
+                end),
+                "approval_request:organization" => (proc do |organization:, approval_request:|
+                  raise ::ArgumentError, "organization cannot contain /" if organization.to_s.include? "/"
+
+                  "organizations/#{organization}/approvalRequests/#{approval_request}"
+                end)
+              }
+
+              resource = resources[args.keys.sort.join(":")]
+              raise ::ArgumentError, "no resource found for values #{args.keys}" if resource.nil?
+              resource.call(**args)
+            end
+
+            ##
+            # Create a fully-qualified Folder resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `folders/{folder}`
+            #
+            # @param folder [String]
+            #
+            # @return [::String]
+            def folder_path folder:
+              "folders/#{folder}"
+            end
+
+            ##
+            # Create a fully-qualified Organization resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `organizations/{organization}`
+            #
+            # @param organization [String]
+            #
+            # @return [::String]
+            def organization_path organization:
+              "organizations/#{organization}"
+            end
+
+            ##
+            # Create a fully-qualified Project resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}`
+            #
+            # @param project [String]
+            #
+            # @return [::String]
+            def project_path project:
+              "projects/#{project}"
+            end
+
+            extend self
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/access_approval/v1/access_approval.rb

@@ -23,6 +23,7 @@ require "gapic/config/method"
 require "google/cloud/access_approval/v1/version"
 
 require "google/cloud/access_approval/v1/access_approval/credentials"
+require "google/cloud/access_approval/v1/access_approval/paths"
 require "google/cloud/access_approval/v1/access_approval/client"
 
 module Google
@@ -35,17 +36,17 @@ module Google
         #
         # - The API has a collection of
         #   {::Google::Cloud::AccessApproval::V1::ApprovalRequest ApprovalRequest}
-        #   resources, named `approvalRequests/{approval_request_id}`
+        #   resources, named `approvalRequests/{approval_request}`
         # - The API has top-level settings per Project/Folder/Organization, named
         #   `accessApprovalSettings`
         #
         # The service also periodically emails a list of recipients, defined at the
         # Project/Folder/Organization level in the accessApprovalSettings, when there
         # is a pending ApprovalRequest for them to act on. The ApprovalRequests can
-        # also optionally be published to a Cloud Pub/Sub topic owned by the customer
-        # (for Beta, the Pub/Sub setup is managed manually).
+        # also optionally be published to a Pub/Sub topic owned by the customer
+        # (contact support if you would like to enable Pub/Sub notifications).
         #
-        # ApprovalRequests can be approved or dismissed. Google personel can only
+        # ApprovalRequests can be approved or dismissed. Google personnel can only
         # access the indicated resource or resources if the request is approved
         # (subject to some exclusions:
         # https://cloud.google.com/access-approval/docs/overview#exclusions).

data/lib/google/cloud/access_approval/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module AccessApproval
       module V1
-        VERSION = "0.4.4"
+        VERSION = "0.6.0"
       end
     end
   end

data/lib/google/cloud/access_approval/v1.rb

@@ -25,6 +25,8 @@ module Google
       ##
       # To load this package, including all its services, and instantiate a client:
       #
+      # @example
+      #
       #     require "google/cloud/access_approval/v1"
       #     client = ::Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
       #

data/lib/google/cloud/accessapproval/v1/accessapproval_pb.rb

@@ -1,13 +1,15 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/accessapproval/v1/accessapproval.proto
 
+require 'google/protobuf'
+
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
 require 'google/protobuf/empty_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/accessapproval/v1/accessapproval.proto", :syntax => :proto3) do
@@ -24,13 +26,26 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :CUSTOMER_INITIATED_SUPPORT, 1
       value :GOOGLE_INITIATED_SERVICE, 2
       value :GOOGLE_INITIATED_REVIEW, 3
+      value :THIRD_PARTY_DATA_REQUEST, 4
+      value :GOOGLE_RESPONSE_TO_PRODUCTION_ALERT, 5
+    end
+    add_message "google.cloud.accessapproval.v1.SignatureInfo" do
+      optional :signature, :bytes, 1
+      oneof :verification_info do
+        optional :google_public_key_pem, :string, 2
+        optional :customer_kms_key_version, :string, 3
+      end
     end
     add_message "google.cloud.accessapproval.v1.ApproveDecision" do
       optional :approve_time, :message, 1, "google.protobuf.Timestamp"
       optional :expire_time, :message, 2, "google.protobuf.Timestamp"
+      optional :invalidate_time, :message, 3, "google.protobuf.Timestamp"
+      optional :signature_info, :message, 4, "google.cloud.accessapproval.v1.SignatureInfo"
+      optional :auto_approved, :bool, 5
     end
     add_message "google.cloud.accessapproval.v1.DismissDecision" do
       optional :dismiss_time, :message, 1, "google.protobuf.Timestamp"
+      optional :implicit, :bool, 2
     end
     add_message "google.cloud.accessapproval.v1.ResourceProperties" do
       optional :excludes_descendants, :bool, 1
@@ -57,6 +72,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :notification_emails, :string, 2
       repeated :enrolled_services, :message, 3, "google.cloud.accessapproval.v1.EnrolledService"
       optional :enrolled_ancestor, :bool, 4
+      optional :active_key_version, :string, 6
+      optional :ancestor_has_active_key_version, :bool, 7
+      optional :invalid_key_version, :bool, 8
+    end
+    add_message "google.cloud.accessapproval.v1.AccessApprovalServiceAccount" do
+      optional :name, :string, 1
+      optional :account_email, :string, 2
     end
     add_message "google.cloud.accessapproval.v1.ListApprovalRequestsMessage" do
       optional :parent, :string, 1
@@ -78,6 +100,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.accessapproval.v1.DismissApprovalRequestMessage" do
       optional :name, :string, 1
     end
+    add_message "google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage" do
+      optional :name, :string, 1
+    end
     add_message "google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage" do
       optional :name, :string, 1
     end
@@ -88,6 +113,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage" do
       optional :name, :string, 1
     end
+    add_message "google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage" do
+      optional :name, :string, 1
+    end
     add_enum "google.cloud.accessapproval.v1.EnrollmentLevel" do
       value :ENROLLMENT_LEVEL_UNSPECIFIED, 0
       value :BLOCK_ALL, 1
@@ -102,20 +130,24 @@ module Google
         AccessLocations = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessLocations").msgclass
         AccessReason = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason").msgclass
         AccessReason::Type = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason.Type").enummodule
+        SignatureInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.SignatureInfo").msgclass
         ApproveDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveDecision").msgclass
         DismissDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissDecision").msgclass
         ResourceProperties = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ResourceProperties").msgclass
         ApprovalRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApprovalRequest").msgclass
         EnrolledService = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrolledService").msgclass
         AccessApprovalSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalSettings").msgclass
+        AccessApprovalServiceAccount = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalServiceAccount").msgclass
         ListApprovalRequestsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsMessage").msgclass
         ListApprovalRequestsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsResponse").msgclass
         GetApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetApprovalRequestMessage").msgclass
         ApproveApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveApprovalRequestMessage").msgclass
         DismissApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissApprovalRequestMessage").msgclass
+        InvalidateApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage").msgclass
         GetAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage").msgclass
         UpdateAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.UpdateAccessApprovalSettingsMessage").msgclass
         DeleteAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage").msgclass
+        GetAccessApprovalServiceAccountMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage").msgclass
         EnrollmentLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrollmentLevel").enummodule
       end
     end

data/lib/google/cloud/accessapproval/v1/accessapproval_services_pb.rb

@@ -29,17 +29,17 @@ module Google
           #
           # - The API has a collection of
           #   [ApprovalRequest][google.cloud.accessapproval.v1.ApprovalRequest]
-          #   resources, named `approvalRequests/{approval_request_id}`
+          #   resources, named `approvalRequests/{approval_request}`
           # - The API has top-level settings per Project/Folder/Organization, named
           #   `accessApprovalSettings`
           #
           # The service also periodically emails a list of recipients, defined at the
           # Project/Folder/Organization level in the accessApprovalSettings, when there
           # is a pending ApprovalRequest for them to act on. The ApprovalRequests can
-          # also optionally be published to a Cloud Pub/Sub topic owned by the customer
-          # (for Beta, the Pub/Sub setup is managed manually).
+          # also optionally be published to a Pub/Sub topic owned by the customer
+          # (contact support if you would like to enable Pub/Sub notifications).
           #
-          # ApprovalRequests can be approved or dismissed. Google personel can only
+          # ApprovalRequests can be approved or dismissed. Google personnel can only
           # access the indicated resource or resources if the request is approved
           # (subject to some exclusions:
           # https://cloud.google.com/access-approval/docs/overview#exclusions).
@@ -87,6 +87,15 @@ module Google
             # Returns FAILED_PRECONDITION if the request exists but is not in a pending
             # state.
             rpc :DismissApprovalRequest, ::Google::Cloud::AccessApproval::V1::DismissApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
+            # Invalidates an existing ApprovalRequest. Returns the updated
+            # ApprovalRequest.
+            #
+            # NOTE: This does not deny access to the resource if another request has been
+            # made and approved. It only invalidates a single approval.
+            #
+            # Returns FAILED_PRECONDITION if the request exists but is not in an approved
+            # state.
+            rpc :InvalidateApprovalRequest, ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
             # Gets the settings associated with a project, folder, or organization.
             rpc :GetAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalSettingsMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalSettings
             # Updates the settings associated with a project, folder, or organization.
@@ -99,6 +108,9 @@ module Google
             # hierarchy, then Access Approval will still be enabled at this level as
             # the settings are inherited.
             rpc :DeleteAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::DeleteAccessApprovalSettingsMessage, ::Google::Protobuf::Empty
+            # Retrieves the service account that is used by Access Approval to access KMS
+            # keys for signing approved approval requests.
+            rpc :GetAccessApprovalServiceAccount, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount
           end
 
           Stub = Service.rpc_stub_class

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/google/cloud/accessapproval/v1/accessapproval.rb

@@ -30,14 +30,14 @@ module Google
         #     of a country code.
         #     Possible Region Codes:
         #
-        #     - ASI: Asia
-        #     - EUR: Europe
-        #     - OCE: Oceania
-        #     - AFR: Africa
-        #     - NAM: North America
-        #     - SAM: South America
-        #     - ANT: Antarctica
-        #     - ANY: Any location
+        #       * ASI: Asia
+        #       * EUR: Europe
+        #       * OCE: Oceania
+        #       * AFR: Africa
+        #       * NAM: North America
+        #       * SAM: South America
+        #       * ANT: Antarctica
+        #       * ANY: Any location
         # @!attribute [rw] principal_physical_location_country
         #   @return [::String]
         #     Physical location of the principal at the time of the access. A
@@ -46,14 +46,14 @@ module Google
         #     a region code instead of a country code.
         #     Possible Region Codes:
         #
-        #     - ASI: Asia
-        #     - EUR: Europe
-        #     - OCE: Oceania
-        #     - AFR: Africa
-        #     - NAM: North America
-        #     - SAM: South America
-        #     - ANT: Antarctica
-        #     - ANY: Any location
+        #       * ASI: Asia
+        #       * EUR: Europe
+        #       * OCE: Oceania
+        #       * AFR: Africa
+        #       * NAM: North America
+        #       * SAM: South America
+        #       * ANT: Antarctica
+        #       * ANY: Any location
         class AccessLocations
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -77,26 +77,52 @@ module Google
             # Customer made a request or raised an issue that required the principal to
             # access customer data. `detail` is of the form ("#####" is the issue ID):
             #
-            # - "Feedback Report: #####"
-            # - "Case Number: #####"
-            # - "Case ID: #####"
-            # - "E-PIN Reference: #####"
-            # - "Google-#####"
-            # - "T-#####"
+            #   * "Feedback Report: #####"
+            #   * "Case Number: #####"
+            #   * "Case ID: #####"
+            #   * "E-PIN Reference: #####"
+            #   * "Google-#####"
+            #   * "T-#####"
             CUSTOMER_INITIATED_SUPPORT = 1
 
             # The principal accessed customer data in order to diagnose or resolve a
-            # suspected issue in services or a known outage. Often this access is used
-            # to confirm that customers are not affected by a suspected service issue
-            # or to remediate a reversible system issue.
+            # suspected issue in services. Often this access is used to confirm that
+            # customers are not affected by a suspected service issue or to remediate a
+            # reversible system issue.
             GOOGLE_INITIATED_SERVICE = 2
 
             # Google initiated service for security, fraud, abuse, or compliance
             # purposes.
             GOOGLE_INITIATED_REVIEW = 3
+
+            # The principal was compelled to access customer data in order to respond
+            # to a legal third party data request or process, including legal processes
+            # from customers themselves.
+            THIRD_PARTY_DATA_REQUEST = 4
+
+            # The principal accessed customer data in order to diagnose or resolve a
+            # suspected issue in services or a known outage.
+            GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5
           end
         end
 
+        # Information about the digital signature of the resource.
+        # @!attribute [rw] signature
+        #   @return [::String]
+        #     The digital signature.
+        # @!attribute [rw] google_public_key_pem
+        #   @return [::String]
+        #     The public key for the Google default signing, encoded in PEM format. The
+        #     signature was created using a private key which may be verified using
+        #     this public key.
+        # @!attribute [rw] customer_kms_key_version
+        #   @return [::String]
+        #     The resource name of the customer CryptoKeyVersion used for signing.
+        class SignatureInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A decision that has been made to approve access to a resource.
         # @!attribute [rw] approve_time
         #   @return [::Google::Protobuf::Timestamp]
@@ -104,6 +130,15 @@ module Google
         # @!attribute [rw] expire_time
         #   @return [::Google::Protobuf::Timestamp]
         #     The time at which the approval expires.
+        # @!attribute [rw] invalidate_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     If set, denotes the timestamp at which the approval is invalidated.
+        # @!attribute [rw] signature_info
+        #   @return [::Google::Cloud::AccessApproval::V1::SignatureInfo]
+        #     The signature for the ApprovalRequest and details on how it was signed.
+        # @!attribute [rw] auto_approved
+        #   @return [::Boolean]
+        #     True when the request has been auto-approved.
         class ApproveDecision
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -113,6 +148,11 @@ module Google
         # @!attribute [rw] dismiss_time
         #   @return [::Google::Protobuf::Timestamp]
         #     The time at which the approval request was dismissed.
+        # @!attribute [rw] implicit
+        #   @return [::Boolean]
+        #     This field will be true if the ApprovalRequest was implicitly dismissed due
+        #     to inaction by the access approval approvers (the request is not acted
+        #     on by the approvers before the exiration time).
         class DismissDecision
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -132,7 +172,7 @@ module Google
         # @!attribute [rw] name
         #   @return [::String]
         #     The resource name of the request. Format is
-        #     "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request_id}".
+        #     "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request}".
         # @!attribute [rw] requested_resource_name
         #   @return [::String]
         #     The resource for which approval is being requested. The format of the
@@ -175,16 +215,61 @@ module Google
         #     The product for which Access Approval will be enrolled. Allowed values are
         #     listed below (case-sensitive):
         #
-        #     - all
-        #     - appengine.googleapis.com
-        #     - bigquery.googleapis.com
-        #     - bigtable.googleapis.com
-        #     - cloudkms.googleapis.com
-        #     - compute.googleapis.com
-        #     - dataflow.googleapis.com
-        #     - iam.googleapis.com
-        #     - pubsub.googleapis.com
-        #     - storage.googleapis.com
+        #       * all
+        #       * GA
+        #       * App Engine
+        #       * BigQuery
+        #       * Cloud Bigtable
+        #       * Cloud Key Management Service
+        #       * Compute Engine
+        #       * Cloud Dataflow
+        #       * Cloud DLP
+        #       * Cloud EKM
+        #       * Cloud HSM
+        #       * Cloud Identity and Access Management
+        #       * Cloud Logging
+        #       * Cloud Pub/Sub
+        #       * Cloud Spanner
+        #       * Cloud SQL
+        #       * Cloud Storage
+        #       * Google Kubernetes Engine
+        #       * Organization Policy Serivice
+        #       * Persistent Disk
+        #       * Resource Manager
+        #       * Speaker ID
+        #
+        #     Note: These values are supported as input for legacy purposes, but will not
+        #     be returned from the API.
+        #
+        #       * all
+        #       * ga-only
+        #       * appengine.googleapis.com
+        #       * bigquery.googleapis.com
+        #       * bigtable.googleapis.com
+        #       * container.googleapis.com
+        #       * cloudkms.googleapis.com
+        #       * cloudresourcemanager.googleapis.com
+        #       * cloudsql.googleapis.com
+        #       * compute.googleapis.com
+        #       * dataflow.googleapis.com
+        #       * dlp.googleapis.com
+        #       * iam.googleapis.com
+        #       * logging.googleapis.com
+        #       * orgpolicy.googleapis.com
+        #       * pubsub.googleapis.com
+        #       * spanner.googleapis.com
+        #       * speakerid.googleapis.com
+        #       * storage.googleapis.com
+        #
+        #     Calls to UpdateAccessApprovalSettings using 'all' or any of the
+        #     XXX.googleapis.com will be translated to the associated product name
+        #     ('all', 'App Engine', etc.).
+        #
+        #     Note: 'all' will enroll the resource in all products supported at both 'GA'
+        #     and 'Preview' levels.
+        #
+        #     More information about levels of support is available at
+        #     https://cloud.google.com/access-approval/docs/supported-services
         # @!attribute [rw] enrollment_level
         #   @return [::Google::Cloud::AccessApproval::V1::EnrollmentLevel]
         #     The enrollment level of the service.
@@ -198,9 +283,9 @@ module Google
         #   @return [::String]
         #     The resource name of the settings. Format is one of:
         #
-        #     - "projects/\\{project_id}/accessApprovalSettings"
-        #     - "folders/\\{folder_id}/accessApprovalSettings"
-        #     - "organizations/\\{organization_id}/accessApprovalSettings"
+        #       * "projects/\\{project}/accessApprovalSettings"
+        #       * "folders/\\{folder}/accessApprovalSettings"
+        #       * "organizations/\\{organization}/accessApprovalSettings"
         # @!attribute [rw] notification_emails
         #   @return [::Array<::String>]
         #     A list of email addresses to which notifications relating to approval
@@ -223,30 +308,71 @@ module Google
         # @!attribute [r] enrolled_ancestor
         #   @return [::Boolean]
         #     Output only. This field is read only (not settable via
-        #     UpdateAccessAccessApprovalSettings method). If the field is true, that
+        #     UpdateAccessApprovalSettings method). If the field is true, that
         #     indicates that at least one service is enrolled for Access Approval in one
         #     or more ancestors of the Project or Folder (this field will always be
         #     unset for the organization since organizations do not have ancestors).
+        # @!attribute [rw] active_key_version
+        #   @return [::String]
+        #     The asymmetric crypto key version to use for signing approval requests.
+        #     Empty active_key_version indicates that a Google-managed key should be used
+        #     for signing. This property will be ignored if set by an ancestor of this
+        #     resource, and new non-empty values may not be set.
+        # @!attribute [r] ancestor_has_active_key_version
+        #   @return [::Boolean]
+        #     Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+        #     method). If the field is true, that indicates that an ancestor of this
+        #     Project or Folder has set active_key_version (this field will always be
+        #     unset for the organization since organizations do not have ancestors).
+        # @!attribute [r] invalid_key_version
+        #   @return [::Boolean]
+        #     Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+        #     method). If the field is true, that indicates that there is some
+        #     configuration issue with the active_key_version configured at this level in
+        #     the resource hierarchy (e.g. it doesn't exist or the Access Approval
+        #     service account doesn't have the correct permissions on it, etc.) This key
+        #     version is not necessarily the effective key version at this level, as key
+        #     versions are inherited top-down.
         class AccessApprovalSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Access Approval service account related to a project/folder/organization.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the Access Approval service account. Format is one of:
+        #
+        #       * "projects/\\{project}/serviceAccount"
+        #       * "folders/\\{folder}/serviceAccount"
+        #       * "organizations/\\{organization}/serviceAccount"
+        # @!attribute [rw] account_email
+        #   @return [::String]
+        #     Email address of the service account.
+        class AccessApprovalServiceAccount
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Request to list approval requests.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     The parent resource. This may be "projects/\\{project_id}",
-        #     "folders/\\{folder_id}", or "organizations/\\{organization_id}".
+        #     The parent resource. This may be "projects/\\{project}",
+        #     "folders/\\{folder}", or "organizations/\\{organization}".
         # @!attribute [rw] filter
         #   @return [::String]
         #     A filter on the type of approval requests to retrieve. Must be one of the
         #     following values:
         #
-        #     - [not set]: Requests that are pending or have active approvals.
-        #     - ALL: All requests.
-        #     - PENDING: Only pending requests.
-        #     - ACTIVE: Only active (i.e. currently approved) requests.
-        #     - DISMISSED: Only dismissed (including expired) requests.
+        #       * [not set]: Requests that are pending or have active approvals.
+        #       * ALL: All requests.
+        #       * PENDING: Only pending requests.
+        #       * ACTIVE: Only active (i.e. currently approved) requests.
+        #       * DISMISSED: Only requests that have been dismissed, or requests that
+        #         are not approved and past expiration.
+        #       * EXPIRED: Only requests that have been approved, and the approval has
+        #         expired.
+        #       * HISTORY: Active, dismissed and expired requests.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Requested page size.
@@ -273,7 +399,9 @@ module Google
         # Request to get an approval request.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Name of the approval request to retrieve.
+        #     The name of the approval request to retrieve.
+        #     Format:
+        #     "\\{projects|folders|organizations}/\\{id}/approvalRequests/\\{approval_request}"
         class GetApprovalRequestMessage
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -300,10 +428,20 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Request to invalidate an existing approval.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Name of the ApprovalRequest to invalidate.
+        class InvalidateApprovalRequestMessage
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Request to get access approval settings.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Name of the AccessApprovalSettings to retrieve.
+        #     The name of the AccessApprovalSettings to retrieve.
+        #     Format: "\\{projects|folders|organizations}/\\{id}/accessApprovalSettings"
         class GetAccessApprovalSettingsMessage
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -339,6 +477,15 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Request to get an Access Approval service account.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Name of the AccessApprovalServiceAccount to retrieve.
+        class GetAccessApprovalServiceAccountMessage
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Represents the type of enrollment for a given service to Access Approval.
         module EnrollmentLevel
           # Default value for proto, shouldn't be used.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-access_approval-v1
 version: !ruby/object:Gem::Version
-  version: 0.4.4
+  version: 0.6.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-08 00:00:00.000000000 Z
+date: 2022-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -174,6 +174,7 @@ files:
 - lib/google/cloud/access_approval/v1/access_approval.rb
 - lib/google/cloud/access_approval/v1/access_approval/client.rb
 - lib/google/cloud/access_approval/v1/access_approval/credentials.rb
+- lib/google/cloud/access_approval/v1/access_approval/paths.rb
 - lib/google/cloud/access_approval/v1/version.rb
 - lib/google/cloud/accessapproval/v1/accessapproval_pb.rb
 - lib/google/cloud/accessapproval/v1/accessapproval_services_pb.rb
@@ -203,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: API Client library for the Access Approval V1 API