google-cloud-asset 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85bf9fec621a2113b5c5df75d0cce311594a13514ffa358e0ce2b6b8474c1283
-  data.tar.gz: 2b627356f3e36455e3091c91424268467ed2758f10510f67f506eb6e1d10b9c4
+  metadata.gz: 7e59422bf47d4425f73d8d59dd7df5c8bd70a84329d62710630af7504f5c2f6f
+  data.tar.gz: 81799e8c6ee4c14e9fdcafa8551e63bad3f94569d24660edd4e3ac1e7f1f3c1e
 SHA512:
-  metadata.gz: 11ddf21997c0f08ff71e8bf35c4a394d63253606fd750ac375ef610ac4d228ff0881a877280bd07b378ddf5c03f32453a92e1a4545eb84359c6eb1202b608326
-  data.tar.gz: a99b9c9c0373b7834883d9a5290880c2053ba5802942c7dc1883c6b9bf8cb4875a3bc86306b27d8bf4e1669eb2819f761afa0756d0623dfa2326ac78be879901
+  metadata.gz: 77eb3fa5f53d89a90049254f489bb867056495fbf9fa8f2d2d92022bb43348ad4053732e659db9b4e9483b5a7522953d7e9070f173563653913e4240d4cd1cb6
+  data.tar.gz: 4d88e2b2e383ca35f2866588c30aaae9a5e725dee27dc883a8c2108a0295c6717dcb082c6746b532d79273f28d6cb8b8f3ba346b3f42af0ddbc257ae2f242eb5

data/README.md

@@ -1,4 +1,4 @@
-# Ruby Client for Cloud Asset API ([Beta](https://github.com/googleapis/google-cloud-ruby#versioning))
+# Ruby Client for Cloud Asset API
 
 [Cloud Asset API][Product Documentation]:
 The cloud asset API manages the history and inventory of cloud resources.

data/lib/google/cloud/asset.rb

@@ -21,7 +21,7 @@ module Google
     # rubocop:disable LineLength
 
     ##
-    # # Ruby Client for Cloud Asset API ([Alpha](https://github.com/googleapis/google-cloud-ruby#versioning))
+    # # Ruby Client for Cloud Asset API
     #
     # [Cloud Asset API][Product Documentation]:
     # The cloud asset API manages the history and inventory of cloud resources.

data/lib/google/cloud/asset/v1.rb

@@ -22,7 +22,7 @@ module Google
       # rubocop:disable LineLength
 
       ##
-      # # Ruby Client for Cloud Asset API ([Alpha](https://github.com/googleapis/google-cloud-ruby#versioning))
+      # # Ruby Client for Cloud Asset API
       #
       # [Cloud Asset API][Product Documentation]:
       # The cloud asset API manages the history and inventory of cloud resources.

data/lib/google/cloud/asset/v1/asset_service_client.rb

@@ -187,6 +187,9 @@ module Google
             google_api_client.freeze
 
             headers = { :"x-goog-api-client" => google_api_client }
+            if credentials.respond_to?(:quota_project_id) && credentials.quota_project_id
+              headers[:"x-goog-user-project"] = credentials.quota_project_id
+            end
             headers.merge!(metadata) unless metadata.nil?
             client_config_file = Pathname.new(__dir__).join(
               "asset_service_client_config.json"

data/lib/google/cloud/asset/v1beta1.rb

@@ -22,7 +22,7 @@ module Google
       # rubocop:disable LineLength
 
       ##
-      # # Ruby Client for Cloud Asset API ([Alpha](https://github.com/googleapis/google-cloud-ruby#versioning))
+      # # Ruby Client for Cloud Asset API
       #
       # [Cloud Asset API][Product Documentation]:
       # The cloud asset API manages the history and inventory of cloud resources.

data/lib/google/cloud/asset/v1beta1/asset_service_client.rb

@@ -170,6 +170,9 @@ module Google
             google_api_client.freeze
 
             headers = { :"x-goog-api-client" => google_api_client }
+            if credentials.respond_to?(:quota_project_id) && credentials.quota_project_id
+              headers[:"x-goog-user-project"] = credentials.quota_project_id
+            end
             headers.merge!(metadata) unless metadata.nil?
             client_config_file = Pathname.new(__dir__).join(
               "asset_service_client_config.json"

data/lib/google/cloud/asset/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Asset
-      VERSION = "0.7.0".freeze
+      VERSION = "0.8.0".freeze
     end
   end
 end

data/lib/google/cloud/orgpolicy/v1/doc/google/cloud/orgpolicy/v1/orgpolicy.rb

@@ -0,0 +1,308 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OrgPolicy
+      module V1
+        # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
+        # for configurations of Cloud Platform resources.
+        # @!attribute [rw] version
+        #   @return [Integer]
+        #     Version of the `Policy`. Default version is 0;
+        # @!attribute [rw] constraint
+        #   @return [String]
+        #     The name of the `Constraint` the `Policy` is configuring, for example,
+        #     `constraints/serviceuser.services`.
+        #
+        #     Immutable after creation.
+        # @!attribute [rw] etag
+        #   @return [String]
+        #     An opaque tag indicating the current version of the `Policy`, used for
+        #     concurrency control.
+        #
+        #     When the `Policy` is returned from either a `GetPolicy` or a
+        #     `ListOrgPolicy` request, this `etag` indicates the version of the current
+        #     `Policy` to use when executing a read-modify-write loop.
+        #
+        #     When the `Policy` is returned from a `GetEffectivePolicy` request, the
+        #     `etag` will be unset.
+        #
+        #     When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+        #     that was returned from a `GetOrgPolicy` request as part of a
+        #     read-modify-write loop for concurrency control. Not setting the `etag`in a
+        #     `SetOrgPolicy` request will result in an unconditional write of the
+        #     `Policy`.
+        # @!attribute [rw] update_time
+        #   @return [Google::Protobuf::Timestamp]
+        #     The time stamp the `Policy` was previously updated. This is set by the
+        #     server, not specified by the caller, and represents the last time a call to
+        #     `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
+        #     be ignored.
+        # @!attribute [rw] list_policy
+        #   @return [Google::Cloud::OrgPolicy::V1::Policy::ListPolicy]
+        #     List of values either allowed or disallowed.
+        # @!attribute [rw] boolean_policy
+        #   @return [Google::Cloud::OrgPolicy::V1::Policy::BooleanPolicy]
+        #     For boolean `Constraints`, whether to enforce the `Constraint` or not.
+        # @!attribute [rw] restore_default
+        #   @return [Google::Cloud::OrgPolicy::V1::Policy::RestoreDefault]
+        #     Restores the default behavior of the constraint; independent of
+        #     `Constraint` type.
+        class Policy
+          include Google::Protobuf::MessageExts
+          extend Google::Protobuf::MessageExts::ClassMethods
+
+          # Used in `policy_type` to specify how `list_policy` behaves at this
+          # resource.
+          #
+          # `ListPolicy` can define specific values and subtrees of Cloud Resource
+          # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
+          # are allowed or denied by setting the `allowed_values` and `denied_values`
+          # fields. This is achieved by using the `under:` and optional `is:` prefixes.
+          # The `under:` prefix is used to denote resource subtree values.
+          # The `is:` prefix is used to denote specific values, and is required only
+          # if the value contains a ":". Values prefixed with "is:" are treated the
+          # same as values with no prefix.
+          # Ancestry subtrees must be in one of the following formats:
+          #     - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
+          #     - "folders/<folder-id>", e.g. "folders/1234"
+          #     - "organizations/<organization-id>", e.g. "organizations/1234"
+          # The `supports_under` field of the associated `Constraint`  defines whether
+          # ancestry prefixes can be used. You can set `allowed_values` and
+          # `denied_values` in the same `Policy` if `all_values` is
+          # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
+          # values. If `all_values` is set to either `ALLOW` or `DENY`,
+          # `allowed_values` and `denied_values` must be unset.
+          # @!attribute [rw] allowed_values
+          #   @return [Array<String>]
+          #     List of values allowed  at this resource. Can only be set if `all_values`
+          #     is set to `ALL_VALUES_UNSPECIFIED`.
+          # @!attribute [rw] denied_values
+          #   @return [Array<String>]
+          #     List of values denied at this resource. Can only be set if `all_values`
+          #     is set to `ALL_VALUES_UNSPECIFIED`.
+          # @!attribute [rw] all_values
+          #   @return [Google::Cloud::OrgPolicy::V1::Policy::ListPolicy::AllValues]
+          #     The policy all_values state.
+          # @!attribute [rw] suggested_value
+          #   @return [String]
+          #     Optional. The Google Cloud Console will try to default to a configuration
+          #     that matches the value specified in this `Policy`. If `suggested_value`
+          #     is not set, it will inherit the value specified higher in the hierarchy,
+          #     unless `inherit_from_parent` is `false`.
+          # @!attribute [rw] inherit_from_parent
+          #   @return [Boolean]
+          #     Determines the inheritance behavior for this `Policy`.
+          #
+          #     By default, a `ListPolicy` set at a resource supercedes any `Policy` set
+          #     anywhere up the resource hierarchy. However, if `inherit_from_parent` is
+          #     set to `true`, then the values from the effective `Policy` of the parent
+          #     resource are inherited, meaning the values set in this `Policy` are
+          #     added to the values inherited up the hierarchy.
+          #
+          #     Setting `Policy` hierarchies that inherit both allowed values and denied
+          #     values isn't recommended in most circumstances to keep the configuration
+          #     simple and understandable. However, it is possible to set a `Policy` with
+          #     `allowed_values` set that inherits a `Policy` with `denied_values` set.
+          #     In this case, the values that are allowed must be in `allowed_values` and
+          #     not present in `denied_values`.
+          #
+          #     For example, suppose you have a `Constraint`
+          #     `constraints/serviceuser.services`, which has a `constraint_type` of
+          #     `list_constraint`, and with `constraint_default` set to `ALLOW`.
+          #     Suppose that at the Organization level, a `Policy` is applied that
+          #     restricts the allowed API activations to \\\{`E1`, `E2`\}. Then, if a
+          #     `Policy` is applied to a project below the Organization that has
+          #     `inherit_from_parent` set to `false` and field all_values set to DENY,
+          #     then an attempt to activate any API will be denied.
+          #
+          #     The following examples demonstrate different possible layerings for
+          #     `projects/bar` parented by `organizations/foo`:
+          #
+          #     Example 1 (no inherited values):
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "E1" allowed_values:"E2"\}
+          #       `projects/bar` has `inherit_from_parent` `false` and values:
+          #         \\\{allowed_values: "E3" allowed_values: "E4"\}
+          #     The accepted values at `organizations/foo` are `E1`, `E2`.
+          #     The accepted values at `projects/bar` are `E3`, and `E4`.
+          #
+          #     Example 2 (inherited values):
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "E1" allowed_values:"E2"\}
+          #       `projects/bar` has a `Policy` with values:
+          #         \\\{value: "E3" value: "E4" inherit_from_parent: true\}
+          #     The accepted values at `organizations/foo` are `E1`, `E2`.
+          #     The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
+          #
+          #     Example 3 (inheriting both allowed and denied values):
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "E1" allowed_values: "E2"\}
+          #       `projects/bar` has a `Policy` with:
+          #         \\\{denied_values: "E1"\}
+          #     The accepted values at `organizations/foo` are `E1`, `E2`.
+          #     The value accepted at `projects/bar` is `E2`.
+          #
+          #     Example 4 (RestoreDefault):
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "E1" allowed_values:"E2"\}
+          #       `projects/bar` has a `Policy` with values:
+          #         \\\{RestoreDefault: \\\{\}\}
+          #     The accepted values at `organizations/foo` are `E1`, `E2`.
+          #     The accepted values at `projects/bar` are either all or none depending on
+          #     the value of `constraint_default` (if `ALLOW`, all; if
+          #     `DENY`, none).
+          #
+          #     Example 5 (no policy inherits parent policy):
+          #       `organizations/foo` has no `Policy` set.
+          #       `projects/bar` has no `Policy` set.
+          #     The accepted values at both levels are either all or none depending on
+          #     the value of `constraint_default` (if `ALLOW`, all; if
+          #     `DENY`, none).
+          #
+          #     Example 6 (ListConstraint allowing all):
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "E1" allowed_values: "E2"\}
+          #       `projects/bar` has a `Policy` with:
+          #         \\\{all: ALLOW\}
+          #     The accepted values at `organizations/foo` are `E1`, E2`.
+          #     Any value is accepted at `projects/bar`.
+          #
+          #     Example 7 (ListConstraint allowing none):
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "E1" allowed_values: "E2"\}
+          #       `projects/bar` has a `Policy` with:
+          #         \\\{all: DENY\}
+          #     The accepted values at `organizations/foo` are `E1`, E2`.
+          #     No value is accepted at `projects/bar`.
+          #
+          #     Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
+          #     Given the following resource hierarchy
+          #       O1->\\\{F1, F2\}; F1->\\\{P1\}; F2->\\\{P2, P3\},
+          #       `organizations/foo` has a `Policy` with values:
+          #         \\\{allowed_values: "under:organizations/O1"\}
+          #       `projects/bar` has a `Policy` with:
+          #         \\\{allowed_values: "under:projects/P3"\}
+          #         \\\{denied_values: "under:folders/F2"\}
+          #     The accepted values at `organizations/foo` are `organizations/O1`,
+          #       `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
+          #       `projects/P3`.
+          #     The accepted values at `projects/bar` are `organizations/O1`,
+          #       `folders/F1`, `projects/P1`.
+          class ListPolicy
+            include Google::Protobuf::MessageExts
+            extend Google::Protobuf::MessageExts::ClassMethods
+
+            # This enum can be used to set `Policies` that apply to all possible
+            # configuration values rather than specific values in `allowed_values` or
+            # `denied_values`.
+            #
+            # Settting this to `ALLOW` will mean this `Policy` allows all values.
+            # Similarly, setting it to `DENY` will mean no values are allowed. If
+            # set to either `ALLOW` or `DENY,  `allowed_values` and `denied_values`
+            # must be unset. Setting this to `ALL_VALUES_UNSPECIFIED` allows for
+            # setting `allowed_values` and `denied_values`.
+            module AllValues
+              # Indicates that allowed_values or denied_values must be set.
+              ALL_VALUES_UNSPECIFIED = 0
+
+              # A policy with this set allows all values.
+              ALLOW = 1
+
+              # A policy with this set denies all values.
+              DENY = 2
+            end
+          end
+
+          # Used in `policy_type` to specify how `boolean_policy` will behave at this
+          # resource.
+          # @!attribute [rw] enforced
+          #   @return [Boolean]
+          #     If `true`, then the `Policy` is enforced. If `false`, then any
+          #     configuration is acceptable.
+          #
+          #     Suppose you have a `Constraint`
+          #     `constraints/compute.disableSerialPortAccess` with `constraint_default`
+          #     set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
+          #     behavior:
+          #       - If the `Policy` at this resource has enforced set to `false`, serial
+          #         port connection attempts will be allowed.
+          #       - If the `Policy` at this resource has enforced set to `true`, serial
+          #         port connection attempts will be refused.
+          #       - If the `Policy` at this resource is `RestoreDefault`, serial port
+          #         connection attempts will be allowed.
+          #       - If no `Policy` is set at this resource or anywhere higher in the
+          #         resource hierarchy, serial port connection attempts will be allowed.
+          #       - If no `Policy` is set at this resource, but one exists higher in the
+          #         resource hierarchy, the behavior is as if the`Policy` were set at
+          #         this resource.
+          #
+          #     The following examples demonstrate the different possible layerings:
+          #
+          #     Example 1 (nearest `Constraint` wins):
+          #       `organizations/foo` has a `Policy` with:
+          #         \\\{enforced: false\}
+          #       `projects/bar` has no `Policy` set.
+          #     The constraint at `projects/bar` and `organizations/foo` will not be
+          #     enforced.
+          #
+          #     Example 2 (enforcement gets replaced):
+          #       `organizations/foo` has a `Policy` with:
+          #         \\\{enforced: false\}
+          #       `projects/bar` has a `Policy` with:
+          #         \\\{enforced: true\}
+          #     The constraint at `organizations/foo` is not enforced.
+          #     The constraint at `projects/bar` is enforced.
+          #
+          #     Example 3 (RestoreDefault):
+          #       `organizations/foo` has a `Policy` with:
+          #         \\\{enforced: true\}
+          #       `projects/bar` has a `Policy` with:
+          #         \\\{RestoreDefault: \\\{\}\}
+          #     The constraint at `organizations/foo` is enforced.
+          #     The constraint at `projects/bar` is not enforced, because
+          #     `constraint_default` for the `Constraint` is `ALLOW`.
+          class BooleanPolicy
+            include Google::Protobuf::MessageExts
+            extend Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Ignores policies set above this resource and restores the
+          # `constraint_default` enforcement behavior of the specific `Constraint` at
+          # this resource.
+          #
+          # Suppose that `constraint_default` is set to `ALLOW` for the
+          # `Constraint` `constraints/serviceuser.services`. Suppose that organization
+          # foo.com sets a `Policy` at their Organization resource node that restricts
+          # the allowed service activations to deny all service activations. They
+          # could then set a `Policy` with the `policy_type` `restore_default` on
+          # several experimental projects, restoring the `constraint_default`
+          # enforcement of the `Constraint` for only those projects, allowing those
+          # projects to have all services activated.
+          class RestoreDefault
+            include Google::Protobuf::MessageExts
+            extend Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/orgpolicy/v1/orgpolicy_pb.rb

@@ -0,0 +1,55 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/orgpolicy/v1/orgpolicy.proto
+
+
+require 'google/protobuf'
+
+require 'google/protobuf/empty_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/orgpolicy/v1/orgpolicy.proto", :syntax => :proto3) do
+    add_message "google.cloud.orgpolicy.v1.Policy" do
+      optional :version, :int32, 1
+      optional :constraint, :string, 2
+      optional :etag, :bytes, 3
+      optional :update_time, :message, 4, "google.protobuf.Timestamp"
+      oneof :policy_type do
+        optional :list_policy, :message, 5, "google.cloud.orgpolicy.v1.Policy.ListPolicy"
+        optional :boolean_policy, :message, 6, "google.cloud.orgpolicy.v1.Policy.BooleanPolicy"
+        optional :restore_default, :message, 7, "google.cloud.orgpolicy.v1.Policy.RestoreDefault"
+      end
+    end
+    add_message "google.cloud.orgpolicy.v1.Policy.ListPolicy" do
+      repeated :allowed_values, :string, 1
+      repeated :denied_values, :string, 2
+      optional :all_values, :enum, 3, "google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues"
+      optional :suggested_value, :string, 4
+      optional :inherit_from_parent, :bool, 5
+    end
+    add_enum "google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues" do
+      value :ALL_VALUES_UNSPECIFIED, 0
+      value :ALLOW, 1
+      value :DENY, 2
+    end
+    add_message "google.cloud.orgpolicy.v1.Policy.BooleanPolicy" do
+      optional :enforced, :bool, 1
+    end
+    add_message "google.cloud.orgpolicy.v1.Policy.RestoreDefault" do
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module OrgPolicy
+      module V1
+        Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.orgpolicy.v1.Policy").msgclass
+        Policy::ListPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.orgpolicy.v1.Policy.ListPolicy").msgclass
+        Policy::ListPolicy::AllValues = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.orgpolicy.v1.Policy.ListPolicy.AllValues").enummodule
+        Policy::BooleanPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.orgpolicy.v1.Policy.BooleanPolicy").msgclass
+        Policy::RestoreDefault = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.orgpolicy.v1.Policy.RestoreDefault").msgclass
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-asset
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-04 00:00:00.000000000 Z
+date: 2020-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-gax
@@ -196,6 +196,8 @@ files:
 - lib/google/cloud/asset/v1beta1/doc/google/type/expr.rb
 - lib/google/cloud/asset/v1beta1/helpers.rb
 - lib/google/cloud/asset/version.rb
+- lib/google/cloud/orgpolicy/v1/doc/google/cloud/orgpolicy/v1/orgpolicy.rb
+- lib/google/cloud/orgpolicy/v1/orgpolicy_pb.rb
 homepage: https://github.com/googleapis/google-cloud-ruby/tree/master/google-cloud-asset
 licenses:
 - Apache-2.0