google-cloud-access_approval-v1 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 37f4b44fbdd48df2ba584f2d5c20c954fa9ac6099885cb43e93bec9492472032
-  data.tar.gz: e29907811985a29327b0ea4e6ec591cf142d15dc98dd53d26dec29b9e119ba24
+  metadata.gz: 39ee179d20badb6b1447d9218c5be243db4f3087881a20a0c8952c765519960f
+  data.tar.gz: bd3435892e9afe88ba7cfde44b8625d5c19cc754c46c9c7919636f762c284b68
 SHA512:
-  metadata.gz: c22da0fa4848ae4f8316ec62545e351719d6ddcf0897b4263fcb9c872c969ae60bf60d3e9ddbb66dc43fcbefeec5463741682ce8809acb2503502fd92010dc8f
-  data.tar.gz: 561c6ea7129538c61b6794f645d2e7bcc7f05697612d0955c8b5d2fde91d78e38c07569abc71db3549fe94c5ae84e237e39d5530dba1fd1310962cd26f2d6ea0
+  metadata.gz: 6acdc47e360b57314cd84832368471f415c7f5b40888313a96bd048d4a5efcecd2c735df5e0f2a72de53580b3d95d86bb0c9d0d459d0672fea71c666002a1fe0
+  data.tar.gz: 5b8900a860c9ddd2d06ac39c66b93e1e71eb40ed57e07c55229cec7b26bdc499d6424fed71ec332ab159282573de49531fb7364c194ea61128db644c5e45c83e

data/README.md

@@ -69,6 +69,11 @@ module GRPC
 end
 ```
 
+
+## Google Cloud Samples
+
+To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
+
 ## Supported Ruby Versions
 
 This library is supported on Ruby 2.5+.

data/lib/google/cloud/access_approval/v1/access_approval/client.rb

@@ -110,6 +110,8 @@ module Google
 
                 default_config.rpcs.dismiss_approval_request.timeout = 600.0
 
+                default_config.rpcs.invalidate_approval_request.timeout = 600.0
+
                 default_config.rpcs.get_access_approval_settings.timeout = 600.0
                 default_config.rpcs.get_access_approval_settings.retry_policy = {
                   initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14]
@@ -582,6 +584,98 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Invalidates an existing ApprovalRequest. Returns the updated
+            # ApprovalRequest.
+            #
+            # NOTE: This does not deny access to the resource if another request has been
+            # made and approved. It only invalidates a single approval.
+            #
+            # Returns FAILED_PRECONDITION if the request exists but is not in an approved
+            # state.
+            #
+            # @overload invalidate_approval_request(request, options = nil)
+            #   Pass arguments to `invalidate_approval_request` via a request object, either of type
+            #   {::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload invalidate_approval_request(name: nil)
+            #   Pass arguments to `invalidate_approval_request` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Name of the ApprovalRequest to invalidate.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::AccessApproval::V1::ApprovalRequest]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/access_approval/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage.new
+            #
+            #   # Call the invalidate_approval_request method.
+            #   result = client.invalidate_approval_request request
+            #
+            #   # The returned object is of type Google::Cloud::AccessApproval::V1::ApprovalRequest.
+            #   p result
+            #
+            def invalidate_approval_request request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.invalidate_approval_request.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.invalidate_approval_request.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.invalidate_approval_request.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @access_approval_stub.call_rpc :invalidate_approval_request, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Gets the settings associated with a project, folder, or organization.
             #
@@ -855,6 +949,92 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Retrieves the service account that is used by Access Approval to access KMS
+            # keys for signing approved approval requests.
+            #
+            # @overload get_access_approval_service_account(request, options = nil)
+            #   Pass arguments to `get_access_approval_service_account` via a request object, either of type
+            #   {::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload get_access_approval_service_account(name: nil)
+            #   Pass arguments to `get_access_approval_service_account` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param name [::String]
+            #     Name of the AccessApprovalServiceAccount to retrieve.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/access_approval/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage.new
+            #
+            #   # Call the get_access_approval_service_account method.
+            #   result = client.get_access_approval_service_account request
+            #
+            #   # The returned object is of type Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount.
+            #   p result
+            #
+            def get_access_approval_service_account request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.get_access_approval_service_account.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::AccessApproval::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {}
+              if request.name
+                header_params["name"] = request.name
+              end
+
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.get_access_approval_service_account.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.get_access_approval_service_account.retry_policy
+
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @access_approval_stub.call_rpc :get_access_approval_service_account, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the AccessApproval API.
             #
@@ -1011,6 +1191,11 @@ module Google
                 #
                 attr_reader :dismiss_approval_request
                 ##
+                # RPC-specific configuration for `invalidate_approval_request`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :invalidate_approval_request
+                ##
                 # RPC-specific configuration for `get_access_approval_settings`
                 # @return [::Gapic::Config::Method]
                 #
@@ -1025,6 +1210,11 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :delete_access_approval_settings
+                ##
+                # RPC-specific configuration for `get_access_approval_service_account`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :get_access_approval_service_account
 
                 # @private
                 def initialize parent_rpcs = nil
@@ -1036,12 +1226,16 @@ module Google
                   @approve_approval_request = ::Gapic::Config::Method.new approve_approval_request_config
                   dismiss_approval_request_config = parent_rpcs.dismiss_approval_request if parent_rpcs.respond_to? :dismiss_approval_request
                   @dismiss_approval_request = ::Gapic::Config::Method.new dismiss_approval_request_config
+                  invalidate_approval_request_config = parent_rpcs.invalidate_approval_request if parent_rpcs.respond_to? :invalidate_approval_request
+                  @invalidate_approval_request = ::Gapic::Config::Method.new invalidate_approval_request_config
                   get_access_approval_settings_config = parent_rpcs.get_access_approval_settings if parent_rpcs.respond_to? :get_access_approval_settings
                   @get_access_approval_settings = ::Gapic::Config::Method.new get_access_approval_settings_config
                   update_access_approval_settings_config = parent_rpcs.update_access_approval_settings if parent_rpcs.respond_to? :update_access_approval_settings
                   @update_access_approval_settings = ::Gapic::Config::Method.new update_access_approval_settings_config
                   delete_access_approval_settings_config = parent_rpcs.delete_access_approval_settings if parent_rpcs.respond_to? :delete_access_approval_settings
                   @delete_access_approval_settings = ::Gapic::Config::Method.new delete_access_approval_settings_config
+                  get_access_approval_service_account_config = parent_rpcs.get_access_approval_service_account if parent_rpcs.respond_to? :get_access_approval_service_account
+                  @get_access_approval_service_account = ::Gapic::Config::Method.new get_access_approval_service_account_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/access_approval/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module AccessApproval
       module V1
-        VERSION = "0.5.0"
+        VERSION = "0.6.0"
       end
     end
   end

data/lib/google/cloud/access_approval/v1.rb

@@ -25,6 +25,8 @@ module Google
       ##
       # To load this package, including all its services, and instantiate a client:
       #
+      # @example
+      #
       #     require "google/cloud/access_approval/v1"
       #     client = ::Google::Cloud::AccessApproval::V1::AccessApproval::Client.new
       #

data/lib/google/cloud/accessapproval/v1/accessapproval_pb.rb

@@ -1,6 +1,8 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/accessapproval/v1/accessapproval.proto
 
+require 'google/protobuf'
+
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
@@ -8,7 +10,6 @@ require 'google/api/resource_pb'
 require 'google/protobuf/empty_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/accessapproval/v1/accessapproval.proto", :syntax => :proto3) do
@@ -25,10 +26,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :CUSTOMER_INITIATED_SUPPORT, 1
       value :GOOGLE_INITIATED_SERVICE, 2
       value :GOOGLE_INITIATED_REVIEW, 3
+      value :THIRD_PARTY_DATA_REQUEST, 4
+      value :GOOGLE_RESPONSE_TO_PRODUCTION_ALERT, 5
+    end
+    add_message "google.cloud.accessapproval.v1.SignatureInfo" do
+      optional :signature, :bytes, 1
+      oneof :verification_info do
+        optional :google_public_key_pem, :string, 2
+        optional :customer_kms_key_version, :string, 3
+      end
     end
     add_message "google.cloud.accessapproval.v1.ApproveDecision" do
       optional :approve_time, :message, 1, "google.protobuf.Timestamp"
       optional :expire_time, :message, 2, "google.protobuf.Timestamp"
+      optional :invalidate_time, :message, 3, "google.protobuf.Timestamp"
+      optional :signature_info, :message, 4, "google.cloud.accessapproval.v1.SignatureInfo"
+      optional :auto_approved, :bool, 5
     end
     add_message "google.cloud.accessapproval.v1.DismissDecision" do
       optional :dismiss_time, :message, 1, "google.protobuf.Timestamp"
@@ -59,6 +72,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       repeated :notification_emails, :string, 2
       repeated :enrolled_services, :message, 3, "google.cloud.accessapproval.v1.EnrolledService"
       optional :enrolled_ancestor, :bool, 4
+      optional :active_key_version, :string, 6
+      optional :ancestor_has_active_key_version, :bool, 7
+      optional :invalid_key_version, :bool, 8
+    end
+    add_message "google.cloud.accessapproval.v1.AccessApprovalServiceAccount" do
+      optional :name, :string, 1
+      optional :account_email, :string, 2
     end
     add_message "google.cloud.accessapproval.v1.ListApprovalRequestsMessage" do
       optional :parent, :string, 1
@@ -80,6 +100,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.accessapproval.v1.DismissApprovalRequestMessage" do
       optional :name, :string, 1
     end
+    add_message "google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage" do
+      optional :name, :string, 1
+    end
     add_message "google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage" do
       optional :name, :string, 1
     end
@@ -90,6 +113,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage" do
       optional :name, :string, 1
     end
+    add_message "google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage" do
+      optional :name, :string, 1
+    end
     add_enum "google.cloud.accessapproval.v1.EnrollmentLevel" do
       value :ENROLLMENT_LEVEL_UNSPECIFIED, 0
       value :BLOCK_ALL, 1
@@ -104,20 +130,24 @@ module Google
         AccessLocations = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessLocations").msgclass
         AccessReason = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason").msgclass
         AccessReason::Type = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessReason.Type").enummodule
+        SignatureInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.SignatureInfo").msgclass
         ApproveDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveDecision").msgclass
         DismissDecision = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissDecision").msgclass
         ResourceProperties = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ResourceProperties").msgclass
         ApprovalRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApprovalRequest").msgclass
         EnrolledService = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrolledService").msgclass
         AccessApprovalSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalSettings").msgclass
+        AccessApprovalServiceAccount = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.AccessApprovalServiceAccount").msgclass
         ListApprovalRequestsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsMessage").msgclass
         ListApprovalRequestsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ListApprovalRequestsResponse").msgclass
         GetApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetApprovalRequestMessage").msgclass
         ApproveApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.ApproveApprovalRequestMessage").msgclass
         DismissApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DismissApprovalRequestMessage").msgclass
+        InvalidateApprovalRequestMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage").msgclass
         GetAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalSettingsMessage").msgclass
         UpdateAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.UpdateAccessApprovalSettingsMessage").msgclass
         DeleteAccessApprovalSettingsMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.DeleteAccessApprovalSettingsMessage").msgclass
+        GetAccessApprovalServiceAccountMessage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage").msgclass
         EnrollmentLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.accessapproval.v1.EnrollmentLevel").enummodule
       end
     end

data/lib/google/cloud/accessapproval/v1/accessapproval_services_pb.rb

@@ -87,6 +87,15 @@ module Google
             # Returns FAILED_PRECONDITION if the request exists but is not in a pending
             # state.
             rpc :DismissApprovalRequest, ::Google::Cloud::AccessApproval::V1::DismissApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
+            # Invalidates an existing ApprovalRequest. Returns the updated
+            # ApprovalRequest.
+            #
+            # NOTE: This does not deny access to the resource if another request has been
+            # made and approved. It only invalidates a single approval.
+            #
+            # Returns FAILED_PRECONDITION if the request exists but is not in an approved
+            # state.
+            rpc :InvalidateApprovalRequest, ::Google::Cloud::AccessApproval::V1::InvalidateApprovalRequestMessage, ::Google::Cloud::AccessApproval::V1::ApprovalRequest
             # Gets the settings associated with a project, folder, or organization.
             rpc :GetAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalSettingsMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalSettings
             # Updates the settings associated with a project, folder, or organization.
@@ -99,6 +108,9 @@ module Google
             # hierarchy, then Access Approval will still be enabled at this level as
             # the settings are inherited.
             rpc :DeleteAccessApprovalSettings, ::Google::Cloud::AccessApproval::V1::DeleteAccessApprovalSettingsMessage, ::Google::Protobuf::Empty
+            # Retrieves the service account that is used by Access Approval to access KMS
+            # keys for signing approved approval requests.
+            rpc :GetAccessApprovalServiceAccount, ::Google::Cloud::AccessApproval::V1::GetAccessApprovalServiceAccountMessage, ::Google::Cloud::AccessApproval::V1::AccessApprovalServiceAccount
           end
 
           Stub = Service.rpc_stub_class

data/proto_docs/google/cloud/accessapproval/v1/accessapproval.rb

@@ -86,17 +86,43 @@ module Google
             CUSTOMER_INITIATED_SUPPORT = 1
 
             # The principal accessed customer data in order to diagnose or resolve a
-            # suspected issue in services or a known outage. Often this access is used
-            # to confirm that customers are not affected by a suspected service issue
-            # or to remediate a reversible system issue.
+            # suspected issue in services. Often this access is used to confirm that
+            # customers are not affected by a suspected service issue or to remediate a
+            # reversible system issue.
             GOOGLE_INITIATED_SERVICE = 2
 
             # Google initiated service for security, fraud, abuse, or compliance
             # purposes.
             GOOGLE_INITIATED_REVIEW = 3
+
+            # The principal was compelled to access customer data in order to respond
+            # to a legal third party data request or process, including legal processes
+            # from customers themselves.
+            THIRD_PARTY_DATA_REQUEST = 4
+
+            # The principal accessed customer data in order to diagnose or resolve a
+            # suspected issue in services or a known outage.
+            GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5
           end
         end
 
+        # Information about the digital signature of the resource.
+        # @!attribute [rw] signature
+        #   @return [::String]
+        #     The digital signature.
+        # @!attribute [rw] google_public_key_pem
+        #   @return [::String]
+        #     The public key for the Google default signing, encoded in PEM format. The
+        #     signature was created using a private key which may be verified using
+        #     this public key.
+        # @!attribute [rw] customer_kms_key_version
+        #   @return [::String]
+        #     The resource name of the customer CryptoKeyVersion used for signing.
+        class SignatureInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A decision that has been made to approve access to a resource.
         # @!attribute [rw] approve_time
         #   @return [::Google::Protobuf::Timestamp]
@@ -104,6 +130,15 @@ module Google
         # @!attribute [rw] expire_time
         #   @return [::Google::Protobuf::Timestamp]
         #     The time at which the approval expires.
+        # @!attribute [rw] invalidate_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     If set, denotes the timestamp at which the approval is invalidated.
+        # @!attribute [rw] signature_info
+        #   @return [::Google::Cloud::AccessApproval::V1::SignatureInfo]
+        #     The signature for the ApprovalRequest and details on how it was signed.
+        # @!attribute [rw] auto_approved
+        #   @return [::Boolean]
+        #     True when the request has been auto-approved.
         class ApproveDecision
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -115,8 +150,8 @@ module Google
         #     The time at which the approval request was dismissed.
         # @!attribute [rw] implicit
         #   @return [::Boolean]
-        #     This field will be true if the ApprovalRequest was implcitly dismissed
-        #     due to inaction by the access approval approvers (the request is not acted
+        #     This field will be true if the ApprovalRequest was implicitly dismissed due
+        #     to inaction by the access approval approvers (the request is not acted
         #     on by the approvers before the exiration time).
         class DismissDecision
           include ::Google::Protobuf::MessageExts
@@ -277,11 +312,48 @@ module Google
         #     indicates that at least one service is enrolled for Access Approval in one
         #     or more ancestors of the Project or Folder (this field will always be
         #     unset for the organization since organizations do not have ancestors).
+        # @!attribute [rw] active_key_version
+        #   @return [::String]
+        #     The asymmetric crypto key version to use for signing approval requests.
+        #     Empty active_key_version indicates that a Google-managed key should be used
+        #     for signing. This property will be ignored if set by an ancestor of this
+        #     resource, and new non-empty values may not be set.
+        # @!attribute [r] ancestor_has_active_key_version
+        #   @return [::Boolean]
+        #     Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+        #     method). If the field is true, that indicates that an ancestor of this
+        #     Project or Folder has set active_key_version (this field will always be
+        #     unset for the organization since organizations do not have ancestors).
+        # @!attribute [r] invalid_key_version
+        #   @return [::Boolean]
+        #     Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+        #     method). If the field is true, that indicates that there is some
+        #     configuration issue with the active_key_version configured at this level in
+        #     the resource hierarchy (e.g. it doesn't exist or the Access Approval
+        #     service account doesn't have the correct permissions on it, etc.) This key
+        #     version is not necessarily the effective key version at this level, as key
+        #     versions are inherited top-down.
         class AccessApprovalSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Access Approval service account related to a project/folder/organization.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the Access Approval service account. Format is one of:
+        #
+        #       * "projects/\\{project}/serviceAccount"
+        #       * "folders/\\{folder}/serviceAccount"
+        #       * "organizations/\\{organization}/serviceAccount"
+        # @!attribute [rw] account_email
+        #   @return [::String]
+        #     Email address of the service account.
+        class AccessApprovalServiceAccount
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Request to list approval requests.
         # @!attribute [rw] parent
         #   @return [::String]
@@ -356,6 +428,15 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Request to invalidate an existing approval.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Name of the ApprovalRequest to invalidate.
+        class InvalidateApprovalRequestMessage
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Request to get access approval settings.
         # @!attribute [rw] name
         #   @return [::String]
@@ -396,6 +477,15 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Request to get an Access Approval service account.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Name of the AccessApprovalServiceAccount to retrieve.
+        class GetAccessApprovalServiceAccountMessage
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Represents the type of enrollment for a given service to Access Approval.
         module EnrollmentLevel
           # Default value for proto, shouldn't be used.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-access_approval-v1
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-16 00:00:00.000000000 Z
+date: 2022-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common