google-cloud-access_approval-v1 0.5.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 37f4b44fbdd48df2ba584f2d5c20c954fa9ac6099885cb43e93bec9492472032
4
- data.tar.gz: e29907811985a29327b0ea4e6ec591cf142d15dc98dd53d26dec29b9e119ba24
3
+ metadata.gz: 39ee179d20badb6b1447d9218c5be243db4f3087881a20a0c8952c765519960f
4
+ data.tar.gz: bd3435892e9afe88ba7cfde44b8625d5c19cc754c46c9c7919636f762c284b68
5
5
  SHA512:
6
- metadata.gz: c22da0fa4848ae4f8316ec62545e351719d6ddcf0897b4263fcb9c872c969ae60bf60d3e9ddbb66dc43fcbefeec5463741682ce8809acb2503502fd92010dc8f
7
- data.tar.gz: 561c6ea7129538c61b6794f645d2e7bcc7f05697612d0955c8b5d2fde91d78e38c07569abc71db3549fe94c5ae84e237e39d5530dba1fd1310962cd26f2d6ea0
6
+ metadata.gz: 6acdc47e360b57314cd84832368471f415c7f5b40888313a96bd048d4a5efcecd2c735df5e0f2a72de53580b3d95d86bb0c9d0d459d0672fea71c666002a1fe0
7
+ data.tar.gz: 5b8900a860c9ddd2d06ac39c66b93e1e71eb40ed57e07c55229cec7b26bdc499d6424fed71ec332ab159282573de49531fb7364c194ea61128db644c5e45c83e
data/README.md CHANGED
@@ -69,6 +69,11 @@ module GRPC
69
69
  end
70
70
  ```
71
71
 
72
+
73
+ ## Google Cloud Samples
74
+
75
+ To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
76
+
72
77
  ## Supported Ruby Versions
73
78
 
74
79
  This library is supported on Ruby 2.5+.
@@ -110,6 +110,8 @@ module Google
110
110
 
111
111
  default_config.rpcs.dismiss_approval_request.timeout = 600.0
112
112
 
113
+ default_config.rpcs.invalidate_approval_request.timeout = 600.0
114
+
113
115
  default_config.rpcs.get_access_approval_settings.timeout = 600.0
114
116
  default_config.rpcs.get_access_approval_settings.retry_policy = {
115
117
  initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14]
@@ -582,6 +584,98 @@ module Google
582
584
  raise ::Google::Cloud::Error.from_error(e)
583
585
  end
584
586
 
587
+ ##
588
+ # Invalidates an existing ApprovalRequest. Returns the updated
589
+ # ApprovalRequest.
590
+ #
591
+ # NOTE: This does not deny access to the resource if another request has been
592
+ # made and approved. It only invalidates a single approval.
593
+ #
594
+ # Returns FAILED_PRECONDITION if the request exists but is not in an approved
595
+ # state.
596
+ #
597
+ # @overload invalidate_approval_request(request, options = nil)
598
+ # Pass arguments to `invalidate_approval_request` via a request object, either of type
599
+ # {::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage} or an equivalent Hash.
600
+ #
601
+ # @param request [::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Hash]
602
+ # A request object representing the call parameters. Required. To specify no
603
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
604
+ # @param options [::Gapic::CallOptions, ::Hash]
605
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
606
+ #
607
+ # @overload invalidate_approval_request(name: nil)
608
+ # Pass arguments to `invalidate_approval_request` via keyword arguments. Note that at
609
+ # least one keyword argument is required. To specify no parameters, or to keep all
610
+ # the default parameter values, pass an empty Hash as a request object (see above).
611
+ #
612
+ # @param name [::String]
613
+ # Name of the ApprovalRequest to invalidate.
614
+ #
615
+ # @yield [response, operation] Access the result along with the RPC operation
616
+ # @yieldparam response [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
617
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
618
+ #
619
+ # @return [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
620
+ #
621
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
622
+ #
623
+ # @example Basic example
624
+ # require "google/cloud/access_approval/v1"
625
+ #
626
+ # # Create a client object. The client can be reused for multiple calls.
627
+ # client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
628
+ #
629
+ # # Create a request. To set request fields, pass in keyword arguments.
630
+ # request = Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage.new
631
+ #
632
+ # # Call the invalidate_approval_request method.
633
+ # result = client.invalidate_approval_request request
634
+ #
635
+ # # The returned object is of type Google::Cloud::AccessApproval::V1::ApprovalRequest.
636
+ # p result
637
+ #
638
+ def invalidate_approval_request request, options = nil
639
+ raise ::ArgumentError, "request must be provided" if request.nil?
640
+
641
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage
642
+
643
+ # Converts hash and nil to an options object
644
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
645
+
646
+ # Customize the options with defaults
647
+ metadata = @config.rpcs.invalidate_approval_request.metadata.to_h
648
+
649
+ # Set x-goog-api-client and x-goog-user-project headers
650
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
651
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
652
+ gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
653
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
654
+
655
+ header_params = {}
656
+ if request.name
657
+ header_params["name"] = request.name
658
+ end
659
+
660
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
661
+ metadata[:"x-goog-request-params"] ||= request_params_header
662
+
663
+ options.apply_defaults timeout: @config.rpcs.invalidate_approval_request.timeout,
664
+ metadata: metadata,
665
+ retry_policy: @config.rpcs.invalidate_approval_request.retry_policy
666
+
667
+ options.apply_defaults timeout: @config.timeout,
668
+ metadata: @config.metadata,
669
+ retry_policy: @config.retry_policy
670
+
671
+ @access_approval_stub.call_rpc :invalidate_approval_request, request, options: options do |response, operation|
672
+ yield response, operation if block_given?
673
+ return response
674
+ end
675
+ rescue ::GRPC::BadStatus => e
676
+ raise ::Google::Cloud::Error.from_error(e)
677
+ end
678
+
585
679
  ##
586
680
  # Gets the settings associated with a project, folder, or organization.
587
681
  #
@@ -855,6 +949,92 @@ module Google
855
949
  raise ::Google::Cloud::Error.from_error(e)
856
950
  end
857
951
 
952
+ ##
953
+ # Retrieves the service account that is used by Access Approval to access KMS
954
+ # keys for signing approved approval requests.
955
+ #
956
+ # @overload get_access_approval_service_account(request, options = nil)
957
+ # Pass arguments to `get_access_approval_service_account` via a request object, either of type
958
+ # {::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage} or an equivalent Hash.
959
+ #
960
+ # @param request [::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Hash]
961
+ # A request object representing the call parameters. Required. To specify no
962
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
963
+ # @param options [::Gapic::CallOptions, ::Hash]
964
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
965
+ #
966
+ # @overload get_access_approval_service_account(name: nil)
967
+ # Pass arguments to `get_access_approval_service_account` via keyword arguments. Note that at
968
+ # least one keyword argument is required. To specify no parameters, or to keep all
969
+ # the default parameter values, pass an empty Hash as a request object (see above).
970
+ #
971
+ # @param name [::String]
972
+ # Name of the AccessApprovalServiceAccount to retrieve.
973
+ #
974
+ # @yield [response, operation] Access the result along with the RPC operation
975
+ # @yieldparam response [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
976
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
977
+ #
978
+ # @return [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
979
+ #
980
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
981
+ #
982
+ # @example Basic example
983
+ # require "google/cloud/access_approval/v1"
984
+ #
985
+ # # Create a client object. The client can be reused for multiple calls.
986
+ # client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
987
+ #
988
+ # # Create a request. To set request fields, pass in keyword arguments.
989
+ # request = Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage.new
990
+ #
991
+ # # Call the get_access_approval_service_account method.
992
+ # result = client.get_access_approval_service_account request
993
+ #
994
+ # # The returned object is of type Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount.
995
+ # p result
996
+ #
997
+ def get_access_approval_service_account request, options = nil
998
+ raise ::ArgumentError, "request must be provided" if request.nil?
999
+
1000
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage
1001
+
1002
+ # Converts hash and nil to an options object
1003
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
1004
+
1005
+ # Customize the options with defaults
1006
+ metadata = @config.rpcs.get_access_approval_service_account.metadata.to_h
1007
+
1008
+ # Set x-goog-api-client and x-goog-user-project headers
1009
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
1010
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
1011
+ gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
1012
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
1013
+
1014
+ header_params = {}
1015
+ if request.name
1016
+ header_params["name"] = request.name
1017
+ end
1018
+
1019
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
1020
+ metadata[:"x-goog-request-params"] ||= request_params_header
1021
+
1022
+ options.apply_defaults timeout: @config.rpcs.get_access_approval_service_account.timeout,
1023
+ metadata: metadata,
1024
+ retry_policy: @config.rpcs.get_access_approval_service_account.retry_policy
1025
+
1026
+ options.apply_defaults timeout: @config.timeout,
1027
+ metadata: @config.metadata,
1028
+ retry_policy: @config.retry_policy
1029
+
1030
+ @access_approval_stub.call_rpc :get_access_approval_service_account, request, options: options do |response, operation|
1031
+ yield response, operation if block_given?
1032
+ return response
1033
+ end
1034
+ rescue ::GRPC::BadStatus => e
1035
+ raise ::Google::Cloud::Error.from_error(e)
1036
+ end
1037
+
858
1038
  ##
859
1039
  # Configuration class for the AccessApproval API.
860
1040
  #
@@ -1011,6 +1191,11 @@ module Google
1011
1191
  #
1012
1192
  attr_reader :dismiss_approval_request
1013
1193
  ##
1194
+ # RPC-specific configuration for `invalidate_approval_request`
1195
+ # @return [::Gapic::Config::Method]
1196
+ #
1197
+ attr_reader :invalidate_approval_request
1198
+ ##
1014
1199
  # RPC-specific configuration for `get_access_approval_settings`
1015
1200
  # @return [::Gapic::Config::Method]
1016
1201
  #
@@ -1025,6 +1210,11 @@ module Google
1025
1210
  # @return [::Gapic::Config::Method]
1026
1211
  #
1027
1212
  attr_reader :delete_access_approval_settings
1213
+ ##
1214
+ # RPC-specific configuration for `get_access_approval_service_account`
1215
+ # @return [::Gapic::Config::Method]
1216
+ #
1217
+ attr_reader :get_access_approval_service_account
1028
1218
 
1029
1219
  # @private
1030
1220
  def initialize parent_rpcs = nil
@@ -1036,12 +1226,16 @@ module Google
1036
1226
  @approve_approval_request = ::Gapic::Config::Method.new approve_approval_request_config
1037
1227
  dismiss_approval_request_config = parent_rpcs.dismiss_approval_request if parent_rpcs.respond_to? :dismiss_approval_request
1038
1228
  @dismiss_approval_request = ::Gapic::Config::Method.new dismiss_approval_request_config
1229
+ invalidate_approval_request_config = parent_rpcs.invalidate_approval_request if parent_rpcs.respond_to? :invalidate_approval_request
1230
+ @invalidate_approval_request = ::Gapic::Config::Method.new invalidate_approval_request_config
1039
1231
  get_access_approval_settings_config = parent_rpcs.get_access_approval_settings if parent_rpcs.respond_to? :get_access_approval_settings
1040
1232
  @get_access_approval_settings = ::Gapic::Config::Method.new get_access_approval_settings_config
1041
1233
  update_access_approval_settings_config = parent_rpcs.update_access_approval_settings if parent_rpcs.respond_to? :update_access_approval_settings
1042
1234
  @update_access_approval_settings = ::Gapic::Config::Method.new update_access_approval_settings_config
1043
1235
  delete_access_approval_settings_config = parent_rpcs.delete_access_approval_settings if parent_rpcs.respond_to? :delete_access_approval_settings
1044
1236
  @delete_access_approval_settings = ::Gapic::Config::Method.new delete_access_approval_settings_config
1237
+ get_access_approval_service_account_config = parent_rpcs.get_access_approval_service_account if parent_rpcs.respond_to? :get_access_approval_service_account
1238
+ @get_access_approval_service_account = ::Gapic::Config::Method.new get_access_approval_service_account_config
1045
1239
 
1046
1240
  yield self if block_given?
1047
1241
  end
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module AccessApproval
23
23
  module V1
24
- VERSION = "0.5.0"
24
+ VERSION = "0.6.0"
25
25
  end
26
26
  end
27
27
  end
@@ -25,6 +25,8 @@ module Google
25
25
  ##
26
26
  # To load this package, including all its services, and instantiate a client:
27
27
  #
28
+ # @example
29
+ #
28
30
  # require "google/cloud/access_approval/v1"
29
31
  # client = ::Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
30
32
  #
@@ -1,6 +1,8 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/accessapproval/v1/accessapproval.proto
3
3
 
4
+ require 'google/protobuf'
5
+
4
6
  require 'google/api/annotations_pb'
5
7
  require 'google/api/client_pb'
6
8
  require 'google/api/field_behavior_pb'
@@ -8,7 +10,6 @@ require 'google/api/resource_pb'
8
10
  require 'google/protobuf/empty_pb'
9
11
  require 'google/protobuf/field_mask_pb'
10
12
  require 'google/protobuf/timestamp_pb'
11
- require 'google/protobuf'
12
13
 
13
14
  Google::Protobuf::DescriptorPool.generated_pool.build do
14
15
  add_file("google/cloud/accessapproval/v1/accessapproval.proto", :syntax => :proto3) do
@@ -25,10 +26,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
25
26
  value :CUSTOMER_INITIATED_SUPPORT, 1
26
27
  value :GOOGLE_INITIATED_SERVICE, 2
27
28
  value :GOOGLE_INITIATED_REVIEW, 3
29
+ value :THIRD_PARTY_DATA_REQUEST, 4
30
+ value :GOOGLE_RESPONSE_TO_PRODUCTION_ALERT, 5
31
+ end
32
+ add_message "google.cloud.accessapproval.v1.SignatureInfo" do
33
+ optional :signature, :bytes, 1
34
+ oneof :verification_info do
35
+ optional :google_public_key_pem, :string, 2
36
+ optional :customer_kms_key_version, :string, 3
37
+ end
28
38
  end
29
39
  add_message "google.cloud.accessapproval.v1.ApproveDecision" do
30
40
  optional :approve_time, :message, 1, "google.protobuf.Timestamp"
31
41
  optional :expire_time, :message, 2, "google.protobuf.Timestamp"
42
+ optional :invalidate_time, :message, 3, "google.protobuf.Timestamp"
43
+ optional :signature_info, :message, 4, "google.cloud.accessapproval.v1.SignatureInfo"
44
+ optional :auto_approved, :bool, 5
32
45
  end
33
46
  add_message "google.cloud.accessapproval.v1.DismissDecision" do
34
47
  optional :dismiss_time, :message, 1, "google.protobuf.Timestamp"
@@ -59,6 +72,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
59
72
  repeated :notification_emails, :string, 2
60
73
  repeated :enrolled_services, :message, 3, "google.cloud.accessapproval.v1.EnrolledService"
61
74
  optional :enrolled_ancestor, :bool, 4
75
+ optional :active_key_version, :string, 6
76
+ optional :ancestor_has_active_key_version, :bool, 7
77
+ optional :invalid_key_version, :bool, 8
78
+ end
79
+ add_message "google.cloud.accessapproval.v1.AccessApprovalServiceAccount" do
80
+ optional :name, :string, 1
81
+ optional :account_email, :string, 2
62
82
  end
63
83
  add_message "google.cloud.accessapproval.v1.ListApprovalRequestsMessage" do
64
84
  optional :parent, :string, 1
@@ -80,6 +100,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
80
100
  add_message "google.cloud.accessapproval.v1.DismissApprovalRequestMessage" do
81
101
  optional :name, :string, 1
82
102
  end
103
+ add_message "google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage" do
104
+ optional :name, :string, 1
105
+ end
83
106
  add_message "google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage" do
84
107
  optional :name, :string, 1
85
108
  end
@@ -90,6 +113,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
90
113
  add_message "google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage" do
91
114
  optional :name, :string, 1
92
115
  end
116
+ add_message "google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage" do
117
+ optional :name, :string, 1
118
+ end
93
119
  add_enum "google.cloud.accessapproval.v1.EnrollmentLevel" do
94
120
  value :ENROLLMENT_LEVEL_UNSPECIFIED, 0
95
121
  value :BLOCK_ALL, 1
@@ -104,20 +130,24 @@ module Google
104
130
  AccessLocations = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessLocations").msgclass
105
131
  AccessReason = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason").msgclass
106
132
  AccessReason::Type = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason.Type").enummodule
133
+ SignatureInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.SignatureInfo").msgclass
107
134
  ApproveDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveDecision").msgclass
108
135
  DismissDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissDecision").msgclass
109
136
  ResourceProperties = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ResourceProperties").msgclass
110
137
  ApprovalRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApprovalRequest").msgclass
111
138
  EnrolledService = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrolledService").msgclass
112
139
  AccessApprovalSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalSettings").msgclass
140
+ AccessApprovalServiceAccount = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalServiceAccount").msgclass
113
141
  ListApprovalRequestsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsMessage").msgclass
114
142
  ListApprovalRequestsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsResponse").msgclass
115
143
  GetApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetApprovalRequestMessage").msgclass
116
144
  ApproveApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveApprovalRequestMessage").msgclass
117
145
  DismissApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissApprovalRequestMessage").msgclass
146
+ InvalidateApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage").msgclass
118
147
  GetAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage").msgclass
119
148
  UpdateAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.UpdateAccessApprovalSettingsMessage").msgclass
120
149
  DeleteAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage").msgclass
150
+ GetAccessApprovalServiceAccountMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage").msgclass
121
151
  EnrollmentLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrollmentLevel").enummodule
122
152
  end
123
153
  end
@@ -87,6 +87,15 @@ module Google
87
87
  # Returns FAILED_PRECONDITION if the request exists but is not in a pending
88
88
  # state.
89
89
  rpc :DismissApprovalRequest, ::Google::Cloud::AccessApproval::V1::DismissApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
90
+ # Invalidates an existing ApprovalRequest. Returns the updated
91
+ # ApprovalRequest.
92
+ #
93
+ # NOTE: This does not deny access to the resource if another request has been
94
+ # made and approved. It only invalidates a single approval.
95
+ #
96
+ # Returns FAILED_PRECONDITION if the request exists but is not in an approved
97
+ # state.
98
+ rpc :InvalidateApprovalRequest, ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
90
99
  # Gets the settings associated with a project, folder, or organization.
91
100
  rpc :GetAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalSettingsMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalSettings
92
101
  # Updates the settings associated with a project, folder, or organization.
@@ -99,6 +108,9 @@ module Google
99
108
  # hierarchy, then Access Approval will still be enabled at this level as
100
109
  # the settings are inherited.
101
110
  rpc :DeleteAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::DeleteAccessApprovalSettingsMessage, ::Google::Protobuf::Empty
111
+ # Retrieves the service account that is used by Access Approval to access KMS
112
+ # keys for signing approved approval requests.
113
+ rpc :GetAccessApprovalServiceAccount, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount
102
114
  end
103
115
 
104
116
  Stub = Service.rpc_stub_class
@@ -86,17 +86,43 @@ module Google
86
86
  CUSTOMER_INITIATED_SUPPORT = 1
87
87
 
88
88
  # The principal accessed customer data in order to diagnose or resolve a
89
- # suspected issue in services or a known outage. Often this access is used
90
- # to confirm that customers are not affected by a suspected service issue
91
- # or to remediate a reversible system issue.
89
+ # suspected issue in services. Often this access is used to confirm that
90
+ # customers are not affected by a suspected service issue or to remediate a
91
+ # reversible system issue.
92
92
  GOOGLE_INITIATED_SERVICE = 2
93
93
 
94
94
  # Google initiated service for security, fraud, abuse, or compliance
95
95
  # purposes.
96
96
  GOOGLE_INITIATED_REVIEW = 3
97
+
98
+ # The principal was compelled to access customer data in order to respond
99
+ # to a legal third party data request or process, including legal processes
100
+ # from customers themselves.
101
+ THIRD_PARTY_DATA_REQUEST = 4
102
+
103
+ # The principal accessed customer data in order to diagnose or resolve a
104
+ # suspected issue in services or a known outage.
105
+ GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5
97
106
  end
98
107
  end
99
108
 
109
+ # Information about the digital signature of the resource.
110
+ # @!attribute [rw] signature
111
+ # @return [::String]
112
+ # The digital signature.
113
+ # @!attribute [rw] google_public_key_pem
114
+ # @return [::String]
115
+ # The public key for the Google default signing, encoded in PEM format. The
116
+ # signature was created using a private key which may be verified using
117
+ # this public key.
118
+ # @!attribute [rw] customer_kms_key_version
119
+ # @return [::String]
120
+ # The resource name of the customer CryptoKeyVersion used for signing.
121
+ class SignatureInfo
122
+ include ::Google::Protobuf::MessageExts
123
+ extend ::Google::Protobuf::MessageExts::ClassMethods
124
+ end
125
+
100
126
  # A decision that has been made to approve access to a resource.
101
127
  # @!attribute [rw] approve_time
102
128
  # @return [::Google::Protobuf::Timestamp]
@@ -104,6 +130,15 @@ module Google
104
130
  # @!attribute [rw] expire_time
105
131
  # @return [::Google::Protobuf::Timestamp]
106
132
  # The time at which the approval expires.
133
+ # @!attribute [rw] invalidate_time
134
+ # @return [::Google::Protobuf::Timestamp]
135
+ # If set, denotes the timestamp at which the approval is invalidated.
136
+ # @!attribute [rw] signature_info
137
+ # @return [::Google::Cloud::AccessApproval::V1::SignatureInfo]
138
+ # The signature for the ApprovalRequest and details on how it was signed.
139
+ # @!attribute [rw] auto_approved
140
+ # @return [::Boolean]
141
+ # True when the request has been auto-approved.
107
142
  class ApproveDecision
108
143
  include ::Google::Protobuf::MessageExts
109
144
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -115,8 +150,8 @@ module Google
115
150
  # The time at which the approval request was dismissed.
116
151
  # @!attribute [rw] implicit
117
152
  # @return [::Boolean]
118
- # This field will be true if the ApprovalRequest was implcitly dismissed
119
- # due to inaction by the access approval approvers (the request is not acted
153
+ # This field will be true if the ApprovalRequest was implicitly dismissed due
154
+ # to inaction by the access approval approvers (the request is not acted
120
155
  # on by the approvers before the exiration time).
121
156
  class DismissDecision
122
157
  include ::Google::Protobuf::MessageExts
@@ -277,11 +312,48 @@ module Google
277
312
  # indicates that at least one service is enrolled for Access Approval in one
278
313
  # or more ancestors of the Project or Folder (this field will always be
279
314
  # unset for the organization since organizations do not have ancestors).
315
+ # @!attribute [rw] active_key_version
316
+ # @return [::String]
317
+ # The asymmetric crypto key version to use for signing approval requests.
318
+ # Empty active_key_version indicates that a Google-managed key should be used
319
+ # for signing. This property will be ignored if set by an ancestor of this
320
+ # resource, and new non-empty values may not be set.
321
+ # @!attribute [r] ancestor_has_active_key_version
322
+ # @return [::Boolean]
323
+ # Output only. This field is read only (not settable via UpdateAccessApprovalSettings
324
+ # method). If the field is true, that indicates that an ancestor of this
325
+ # Project or Folder has set active_key_version (this field will always be
326
+ # unset for the organization since organizations do not have ancestors).
327
+ # @!attribute [r] invalid_key_version
328
+ # @return [::Boolean]
329
+ # Output only. This field is read only (not settable via UpdateAccessApprovalSettings
330
+ # method). If the field is true, that indicates that there is some
331
+ # configuration issue with the active_key_version configured at this level in
332
+ # the resource hierarchy (e.g. it doesn't exist or the Access Approval
333
+ # service account doesn't have the correct permissions on it, etc.) This key
334
+ # version is not necessarily the effective key version at this level, as key
335
+ # versions are inherited top-down.
280
336
  class AccessApprovalSettings
281
337
  include ::Google::Protobuf::MessageExts
282
338
  extend ::Google::Protobuf::MessageExts::ClassMethods
283
339
  end
284
340
 
341
+ # Access Approval service account related to a project/folder/organization.
342
+ # @!attribute [rw] name
343
+ # @return [::String]
344
+ # The resource name of the Access Approval service account. Format is one of:
345
+ #
346
+ # * "projects/\\{project}/serviceAccount"
347
+ # * "folders/\\{folder}/serviceAccount"
348
+ # * "organizations/\\{organization}/serviceAccount"
349
+ # @!attribute [rw] account_email
350
+ # @return [::String]
351
+ # Email address of the service account.
352
+ class AccessApprovalServiceAccount
353
+ include ::Google::Protobuf::MessageExts
354
+ extend ::Google::Protobuf::MessageExts::ClassMethods
355
+ end
356
+
285
357
  # Request to list approval requests.
286
358
  # @!attribute [rw] parent
287
359
  # @return [::String]
@@ -356,6 +428,15 @@ module Google
356
428
  extend ::Google::Protobuf::MessageExts::ClassMethods
357
429
  end
358
430
 
431
+ # Request to invalidate an existing approval.
432
+ # @!attribute [rw] name
433
+ # @return [::String]
434
+ # Name of the ApprovalRequest to invalidate.
435
+ class InvalidateApprovalRequestMessage
436
+ include ::Google::Protobuf::MessageExts
437
+ extend ::Google::Protobuf::MessageExts::ClassMethods
438
+ end
439
+
359
440
  # Request to get access approval settings.
360
441
  # @!attribute [rw] name
361
442
  # @return [::String]
@@ -396,6 +477,15 @@ module Google
396
477
  extend ::Google::Protobuf::MessageExts::ClassMethods
397
478
  end
398
479
 
480
+ # Request to get an Access Approval service account.
481
+ # @!attribute [rw] name
482
+ # @return [::String]
483
+ # Name of the AccessApprovalServiceAccount to retrieve.
484
+ class GetAccessApprovalServiceAccountMessage
485
+ include ::Google::Protobuf::MessageExts
486
+ extend ::Google::Protobuf::MessageExts::ClassMethods
487
+ end
488
+
399
489
  # Represents the type of enrollment for a given service to Access Approval.
400
490
  module EnrollmentLevel
401
491
  # Default value for proto, shouldn't be used.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-access_approval-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-16 00:00:00.000000000 Z
11
+ date: 2022-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common