google-cloud-bigtable 1.0.0 → 1.2.1

data/lib/google/cloud/bigtable/instance.rb

@@ -854,7 +854,7 @@ module Google
         #   policy.add("roles/owner", "user:owner@example.com")
         #   updated_policy = instance.update_policy(policy)
         #
-        #   puts update_policy.roles
+        #   puts updated_policy.roles
         #
         def update_policy new_policy
           ensure_service!
@@ -884,7 +884,7 @@ module Google
         #   * bigtable.tables.get
         #   * bigtable.tables.list
         #
-        # @return [Array<Strings>] The permissions that have access.
+        # @return [Array<String>] The permissions that are configured for the policy.
         #
         # @example
         #   require "google/cloud/bigtable"
@@ -902,11 +902,8 @@ module Google
         #
         def test_iam_permissions *permissions
           ensure_service!
-          grpc = service.test_instance_permissions(
-            instance_id,
-            Array(permissions).flatten
-          )
-          grpc.permissions
+          grpc = service.test_instance_permissions instance_id, permissions.flatten
+          grpc.permissions.to_a
         end
 
         # @private

data/lib/google/cloud/bigtable/policy.rb

@@ -19,7 +19,7 @@ module Google
       ##
       # # Policy
       #
-      # Represents a Cloud IAM Policy for Bigtable instance resources.
+      # Represents a Cloud IAM Policy for Bigtable resources.
       #
       # A common pattern for updating a resource's metadata, such as its policy,
       # is to read the current data from the service, update the data locally,

data/lib/google/cloud/bigtable/service.rb

@@ -640,6 +640,58 @@ module Google
           end
         end
 
+        ##
+        # Gets the access control policy for an table resource. Returns an empty
+        # policy if an table exists but does not have a policy set.
+        #
+        # @param table_id [String]
+        #   Unique ID of the table for which the policy is being requested.
+        # @return [Google::Iam::V1::Policy]
+        #
+        def get_table_policy instance_id, table_id
+          execute do
+            tables.get_iam_policy table_path(instance_id, table_id)
+          end
+        end
+
+        ##
+        # Sets the access control policy on an table resource. Replaces any
+        # existing policy.
+        #
+        # @param table_id [String]
+        #   Unique ID of the table the policy is for.
+        # @param policy [Google::Iam::V1::Policy | Hash]
+        #   REQUIRED: The complete policy to be applied to the +resource+. The size of
+        #   the policy is limited to a few 10s of KB. An empty policy is valid
+        #   for Cloud Bigtable, but certain Cloud Platform services (such as Projects)
+        #   might reject an empty policy.
+        #   Alternatively, provide a hash similar to `Google::Iam::V1::Policy`.
+        # @return [Google::Iam::V1::Policy]
+        #
+        def set_table_policy instance_id, table_id, policy
+          execute do
+            tables.set_iam_policy table_path(instance_id, table_id), policy
+          end
+        end
+
+        ##
+        # Returns permissions that the caller has for the specified table resource.
+        #
+        # @param table_id [String]
+        #   The table ID that the policy detail is being requested for.
+        # @param permissions [Array<String>]
+        #   The set of permissions to check for the +resource+. Permissions with
+        #   wildcards (such as '*' or 'storage.*') are not allowed. For more
+        #   information see
+        #   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+        # @return [Google::Iam::V1::TestIamPermissionsResponse]
+        #
+        def test_table_permissions instance_id, table_id, permissions
+          execute do
+            tables.test_iam_permissions table_path(instance_id, table_id), permissions
+          end
+        end
+
         def read_rows instance_id, table_id, app_profile_id: nil, rows: nil, filter: nil, rows_limit: nil
           # execute is not used because error handling is in ReadOperations#read_rows
           client.read_rows table_path(instance_id, table_id),

data/lib/google/cloud/bigtable/table.rb

@@ -20,6 +20,7 @@ require "google/cloud/bigtable/table/cluster_state"
 require "google/cloud/bigtable/column_family_map"
 require "google/cloud/bigtable/gc_rule"
 require "google/cloud/bigtable/mutation_operations"
+require "google/cloud/bigtable/policy"
 require "google/cloud/bigtable/read_operations"
 
 module Google
@@ -239,6 +240,117 @@ module Google
           granularity == :MILLIS
         end
 
+        ##
+        # Gets the [Cloud IAM](https://cloud.google.com/iam/) access control
+        # policy for the table.
+        #
+        # @see https://cloud.google.com/bigtable/docs/access-control
+        #
+        # @yield [policy] A block for updating the policy. The latest policy
+        #   will be read from the Bigtable service and passed to the block. After
+        #   the block completes, the modified policy will be written to the
+        #   service.
+        # @yieldparam [Policy] policy the current Cloud IAM Policy for this
+        #   table.
+        #
+        # @return [Policy] The current Cloud IAM Policy for the table.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #   policy = table.policy
+        #
+        # @example Update the policy by passing a block.
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #
+        #   table.policy do |p|
+        #     p.add("roles/owner", "user:owner@example.com")
+        #   end # 2 API calls
+        #
+        def policy
+          ensure_service!
+          grpc = service.get_table_policy instance_id, name
+          policy = Policy.from_grpc grpc
+          return policy unless block_given?
+          yield policy
+          update_policy policy
+        end
+
+        ##
+        # Updates the [Cloud IAM](https://cloud.google.com/iam/) access control
+        # policy for the table. The policy should be read from {#policy}.
+        # See {Google::Cloud::Bigtable::Policy} for an explanation of the policy
+        # `etag` property and how to modify policies.
+        #
+        # You can also update the policy by passing a block to {#policy}, which
+        # will call this method internally after the block completes.
+        #
+        # @param new_policy [Policy] a new or modified Cloud IAM Policy for this
+        #   table
+        #
+        # @return [Policy] The policy returned by the API update operation.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #
+        #   policy = table.policy
+        #   policy.add("roles/owner", "user:owner@example.com")
+        #   updated_policy = table.update_policy(policy)
+        #
+        #   puts updated_policy.roles
+        #
+        def update_policy new_policy
+          ensure_service!
+          grpc = service.set_table_policy instance_id, name, new_policy.to_grpc
+          Policy.from_grpc grpc
+        end
+        alias policy= update_policy
+
+        ##
+        # Tests the specified permissions against the [Cloud
+        # IAM](https://cloud.google.com/iam/) access control policy.
+        #
+        # @see https://cloud.google.com/iam/docs/managing-policies Managing Policies
+        # @see https://cloud.google.com/bigtable/docs/access-control Access Control
+        #
+        # @param permissions [String, Array<String>] permissions The set of permissions to
+        #   check access for. Permissions with wildcards (such as `*` or
+        #   `bigtable.*`) are not allowed.
+        #   See [Access Control](https://cloud.google.com/bigtable/docs/access-control).
+        #
+        # @return [Array<String>] The permissions that are configured for the policy.
+        #
+        # @example
+        #   require "google/cloud/bigtable"
+        #
+        #   bigtable = Google::Cloud::Bigtable.new
+        #
+        #   table = bigtable.table("my-instance", "my-table", perform_lookup: true)
+        #
+        #   permissions = table.test_iam_permissions(
+        #     "bigtable.tables.delete",
+        #     "bigtable.tables.get"
+        #   )
+        #   permissions.include? "bigtable.tables.delete" #=> false
+        #   permissions.include? "bigtable.tables.get" #=> true
+        #
+        def test_iam_permissions *permissions
+          ensure_service!
+          grpc = service.test_table_permissions instance_id, name, permissions.flatten
+          grpc.permissions.to_a
+        end
+
         ##
         # Permanently deletes the table from a instance.
         #

data/lib/google/cloud/bigtable/v2.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ module Google
       # rubocop:disable LineLength
 
       ##
-      # # Ruby Client for Cloud Bigtable API ([GA](https://github.com/googleapis/google-cloud-ruby#versioning))
+      # # Ruby Client for Cloud Bigtable API
       #
       # [Cloud Bigtable API][Product Documentation]:
       # API for reading and writing the contents of Bigtables associated with a

data/lib/google/cloud/bigtable/v2/bigtable_client.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -160,6 +160,9 @@ module Google
             google_api_client.freeze
 
             headers = { :"x-goog-api-client" => google_api_client }
+            if credentials.respond_to?(:quota_project_id) && credentials.quota_project_id
+              headers[:"x-goog-user-project"] = credentials.quota_project_id
+            end
             headers.merge!(metadata) unless metadata.nil?
             client_config_file = Pathname.new(__dir__).join(
               "bigtable_client_config.json"
@@ -351,9 +354,6 @@ module Google
           #   `projects/<project>/instances/<instance>/tables/<table>`.
           # @param row_key [String]
           #   Required. The key of the row to which the mutation should be applied.
-          #
-          #   Classified as IDENTIFYING_ID to provide context around data accesses for
-          #   auditing systems.
           # @param mutations [Array<Google::Bigtable::V2::Mutation | Hash>]
           #   Required. Changes to be atomically applied to the specified row. Entries are applied
           #   in order, meaning that earlier mutations can be masked by later ones.
@@ -460,9 +460,6 @@ module Google
           #   `projects/<project>/instances/<instance>/tables/<table>`.
           # @param row_key [String]
           #   Required. The key of the row to which the conditional mutation should be applied.
-          #
-          #   Classified as IDENTIFYING_ID to provide context around data accesses for
-          #   auditing systems.
           # @param app_profile_id [String]
           #   This value specifies routing for replication. If not specified, the
           #   "default" application profile will be used.
@@ -541,9 +538,6 @@ module Google
           #   `projects/<project>/instances/<instance>/tables/<table>`.
           # @param row_key [String]
           #   Required. The key of the row to which the read/modify/write rules should be applied.
-          #
-          #   Classified as IDENTIFYING_ID to provide context around data accesses for
-          #   auditing systems.
           # @param rules [Array<Google::Bigtable::V2::ReadModifyWriteRule | Hash>]
           #   Required. Rules specifying how the specified row's contents are to be transformed
           #   into writes. Entries are applied in order, meaning that earlier rules will

data/lib/google/cloud/bigtable/v2/bigtable_client_config.json

@@ -49,22 +49,22 @@
       "methods": {
         "ReadRows": {
           "timeout_millis": 43200000,
-          "retry_codes_name": "idempotent",
+          "retry_codes_name": "non_idempotent",
           "retry_params_name": "read_rows_params"
         },
         "SampleRowKeys": {
-          "timeout_millis": 20000,
-          "retry_codes_name": "idempotent",
-          "retry_params_name": "idempotent_params"
+          "timeout_millis": 60000,
+          "retry_codes_name": "non_idempotent",
+          "retry_params_name": "non_idempotent_params"
         },
         "MutateRow": {
-          "timeout_millis": 20000,
+          "timeout_millis": 60000,
           "retry_codes_name": "idempotent",
           "retry_params_name": "idempotent_params"
         },
         "MutateRows": {
-          "timeout_millis": 60000,
-          "retry_codes_name": "idempotent",
+          "timeout_millis": 600000,
+          "retry_codes_name": "non_idempotent",
           "retry_params_name": "mutate_rows_params"
         },
         "CheckAndMutateRow": {

data/lib/google/cloud/bigtable/v2/credentials.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/google/cloud/bigtable/v2/doc/google/bigtable/v2/bigtable.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -61,9 +61,6 @@ module Google
         #     this CellChunk is a continuation of the same row as the previous
         #     CellChunk in the response stream, even if that CellChunk was in a
         #     previous ReadRowsResponse message.
-        #
-        #     Classified as IDENTIFYING_ID to provide context around data accesses for
-        #     auditing systems.
         # @!attribute [rw] family_name
         #   @return [Google::Protobuf::StringValue]
         #     The column family name for this chunk of data.  If this message
@@ -140,9 +137,6 @@ module Google
       #     Note that row keys in this list may not have ever been written to or read
       #     from, and users should therefore not make any assumptions about the row key
       #     structure that are specific to their use case.
-      #
-      #     Classified as IDENTIFYING_ID to provide context around data accesses for
-      #     auditing systems.
       # @!attribute [rw] offset_bytes
       #   @return [Integer]
       #     Approximate total storage space used by all rows in the table which precede
@@ -164,9 +158,6 @@ module Google
       # @!attribute [rw] row_key
       #   @return [String]
       #     Required. The key of the row to which the mutation should be applied.
-      #
-      #     Classified as IDENTIFYING_ID to provide context around data accesses for
-      #     auditing systems.
       # @!attribute [rw] mutations
       #   @return [Array<Google::Bigtable::V2::Mutation>]
       #     Required. Changes to be atomically applied to the specified row. Entries are applied
@@ -197,9 +188,6 @@ module Google
         # @!attribute [rw] row_key
         #   @return [String]
         #     The key of the row to which the `mutations` should be applied.
-        #
-        #     Classified as IDENTIFYING_ID to provide context around data accesses for
-        #     auditing systems.
         # @!attribute [rw] mutations
         #   @return [Array<Google::Bigtable::V2::Mutation>]
         #     Required. Changes to be atomically applied to the specified row. Mutations are
@@ -242,9 +230,6 @@ module Google
       # @!attribute [rw] row_key
       #   @return [String]
       #     Required. The key of the row to which the conditional mutation should be applied.
-      #
-      #     Classified as IDENTIFYING_ID to provide context around data accesses for
-      #     auditing systems.
       # @!attribute [rw] predicate_filter
       #   @return [Google::Bigtable::V2::RowFilter]
       #     The filter to be applied to the contents of the specified row. Depending
@@ -288,9 +273,6 @@ module Google
       # @!attribute [rw] row_key
       #   @return [String]
       #     Required. The key of the row to which the read/modify/write rules should be applied.
-      #
-      #     Classified as IDENTIFYING_ID to provide context around data accesses for
-      #     auditing systems.
       # @!attribute [rw] rules
       #   @return [Array<Google::Bigtable::V2::ReadModifyWriteRule>]
       #     Required. Rules specifying how the specified row's contents are to be transformed

data/lib/google/cloud/bigtable/v2/doc/google/bigtable/v2/data.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/google/cloud/bigtable/v2/doc/google/protobuf/any.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/google/cloud/bigtable/v2/doc/google/protobuf/wrappers.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/google/cloud/bigtable/v2/doc/google/rpc/status.rb

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,67 +17,19 @@ module Google
   module Rpc
     # The `Status` type defines a logical error model that is suitable for
     # different programming environments, including REST APIs and RPC APIs. It is
-    # used by [gRPC](https://github.com/grpc). The error model is designed to be:
+    # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+    # three pieces of data: error code, error message, and error details.
     #
-    # * Simple to use and understand for most users
-    # * Flexible enough to meet unexpected needs
-    #
-    # = Overview
-    #
-    # The `Status` message contains three pieces of data: error code, error
-    # message, and error details. The error code should be an enum value of
-    # {Google::Rpc::Code}, but it may accept additional error codes
-    # if needed.  The error message should be a developer-facing English message
-    # that helps developers *understand* and *resolve* the error. If a localized
-    # user-facing error message is needed, put the localized message in the error
-    # details or localize it in the client. The optional error details may contain
-    # arbitrary information about the error. There is a predefined set of error
-    # detail types in the package `google.rpc` that can be used for common error
-    # conditions.
-    #
-    # = Language mapping
-    #
-    # The `Status` message is the logical representation of the error model, but it
-    # is not necessarily the actual wire format. When the `Status` message is
-    # exposed in different client libraries and different wire protocols, it can be
-    # mapped differently. For example, it will likely be mapped to some exceptions
-    # in Java, but more likely mapped to some error codes in C.
-    #
-    # = Other uses
-    #
-    # The error model and the `Status` message can be used in a variety of
-    # environments, either with or without APIs, to provide a
-    # consistent developer experience across different environments.
-    #
-    # Example uses of this error model include:
-    #
-    # * Partial errors. If a service needs to return partial errors to the client,
-    #   it may embed the `Status` in the normal response to indicate the partial
-    #   errors.
-    #
-    # * Workflow errors. A typical workflow has multiple steps. Each step may
-    #   have a `Status` message for error reporting.
-    #
-    # * Batch operations. If a client uses batch request and batch response, the
-    #   `Status` message should be used directly inside batch response, one for
-    #   each error sub-response.
-    #
-    # * Asynchronous operations. If an API call embeds asynchronous operation
-    #   results in its response, the status of those operations should be
-    #   represented directly using the `Status` message.
-    #
-    # * Logging. If some API errors are stored in logs, the message `Status` could
-    #   be used directly after any stripping needed for security/privacy reasons.
+    # You can find out more about this error model and how to work with it in the
+    # [API Design Guide](https://cloud.google.com/apis/design/errors).
     # @!attribute [rw] code
     #   @return [Integer]
-    #     The status code, which should be an enum value of
-    #     {Google::Rpc::Code}.
+    #     The status code, which should be an enum value of {Google::Rpc::Code}.
     # @!attribute [rw] message
     #   @return [String]
     #     A developer-facing error message, which should be in English. Any
     #     user-facing error message should be localized and sent in the
-    #     {Google::Rpc::Status#details} field, or localized
-    #     by the client.
+    #     {Google::Rpc::Status#details} field, or localized by the client.
     # @!attribute [rw] details
     #   @return [Array<Google::Protobuf::Any>]
     #     A list of messages that carry the error details.  There is a common set of