google-cloud-binary_authorization-v1 0.4.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +72 -101
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb +41 -9
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb +149 -7
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/service_stub.rb +14 -2
- data/lib/google/cloud/binary_authorization/v1/system_policy/client.rb +41 -9
- data/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb +49 -7
- data/lib/google/cloud/binary_authorization/v1/system_policy/rest/service_stub.rb +14 -2
- data/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb +41 -9
- data/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb +49 -7
- data/lib/google/cloud/binary_authorization/v1/validation_helper/rest/service_stub.rb +14 -2
- data/lib/google/cloud/binary_authorization/v1/version.rb +1 -1
- data/proto_docs/google/api/client.rb +14 -0
- data/proto_docs/google/api/field_behavior.rb +14 -0
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f3d309ac7f463c053ef5f1d3073221b1488e0fe103bd4b3ede2e97ddc681d1d
|
4
|
+
data.tar.gz: 625dadb772b3a8828bec00537df441706f5ad0a58a874e8fd42641c4c43f0f79
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e73dbbca49b4647773c035099ef328f09796940811f2cec4651070310593d28040c175a5cdb0fc4512409d09c5007dc54a07de19f9c43cb7e0419e7667571a6f
|
7
|
+
data.tar.gz: 8f5eb0a308cf1c5e16d25c0bdbd79bd82034e8803cce5affa9c24a27c1f2a76a4544a74e931d959719572b319a208b3edda6c534b64db70d733a676412d37eb9
|
data/AUTHENTICATION.md
CHANGED
@@ -1,151 +1,122 @@
|
|
1
1
|
# Authentication
|
2
2
|
|
3
|
-
|
4
|
-
[
|
5
|
-
|
6
|
-
[Google Cloud Platform environments](#google-cloud-platform-environments) the
|
7
|
-
credentials will be discovered automatically. When running on other
|
8
|
-
environments, the Service Account credentials can be specified by providing the
|
9
|
-
path to the
|
10
|
-
[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
|
11
|
-
for the account (or the JSON itself) in
|
12
|
-
[environment variables](#environment-variables). Additionally, Cloud SDK
|
13
|
-
credentials can also be discovered automatically, but this is only recommended
|
14
|
-
during development.
|
3
|
+
The recommended way to authenticate to the google-cloud-binary_authorization-v1 library is to use
|
4
|
+
[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
|
5
|
+
To review all of your authentication options, see [Credentials lookup](#credential-lookup).
|
15
6
|
|
16
7
|
## Quickstart
|
17
8
|
|
18
|
-
|
19
|
-
|
9
|
+
The following example shows how to set up authentication for a local development
|
10
|
+
environment with your user credentials.
|
20
11
|
|
21
|
-
|
22
|
-
|
23
|
-
```
|
24
|
-
|
25
|
-
3. Initialize the client.
|
12
|
+
**NOTE:** This method is _not_ recommended for running in production. User credentials
|
13
|
+
should be used only during development.
|
26
14
|
|
27
|
-
|
28
|
-
|
15
|
+
1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
|
16
|
+
2. Set up a local ADC file with your user credentials:
|
29
17
|
|
30
|
-
|
18
|
+
```sh
|
19
|
+
gcloud auth application-default login
|
31
20
|
```
|
32
21
|
|
33
|
-
|
34
|
-
|
35
|
-
The google-cloud-binary_authorization-v1 library aims to make authentication
|
36
|
-
as simple as possible, and provides several mechanisms to configure your system
|
37
|
-
without requiring **Service Account Credentials** directly in code.
|
38
|
-
|
39
|
-
**Credentials** are discovered in the following order:
|
40
|
-
|
41
|
-
1. Specify credentials in method arguments
|
42
|
-
2. Specify credentials in configuration
|
43
|
-
3. Discover credentials path in environment variables
|
44
|
-
4. Discover credentials JSON in environment variables
|
45
|
-
5. Discover credentials file in the Cloud SDK's path
|
46
|
-
6. Discover GCP credentials
|
47
|
-
|
48
|
-
### Google Cloud Platform environments
|
22
|
+
3. Write code as if already authenticated.
|
49
23
|
|
50
|
-
|
51
|
-
|
52
|
-
Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
|
53
|
-
Code should be written as if already authenticated.
|
24
|
+
For more information about setting up authentication for a local development environment, see
|
25
|
+
[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
|
54
26
|
|
55
|
-
|
27
|
+
## Credential Lookup
|
56
28
|
|
57
|
-
The
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
**Credentials JSON** file can be stored in the environment variable, or the
|
62
|
-
**Credentials JSON** itself can be stored for environments such as Docker
|
63
|
-
containers where writing files is difficult or not encouraged.
|
29
|
+
The google-cloud-binary_authorization-v1 library provides several mechanisms to configure your system.
|
30
|
+
Generally, using Application Default Credentials to facilitate automatic
|
31
|
+
credentials discovery is the easist method. But if you need to explicitly specify
|
32
|
+
credentials, there are several methods available to you.
|
64
33
|
|
65
|
-
|
66
|
-
checks for credentials are configured on the service Credentials class (such as
|
67
|
-
{::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Credentials}):
|
34
|
+
Credentials are accepted in the following ways, in the following order or precedence:
|
68
35
|
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
36
|
+
1. Credentials specified in method arguments
|
37
|
+
2. Credentials specified in configuration
|
38
|
+
3. Credentials pointed to or included in environment variables
|
39
|
+
4. Credentials found in local ADC file
|
40
|
+
5. Credentials returned by the metadata server for the attached service account (GCP)
|
74
41
|
|
75
|
-
|
76
|
-
require "google/cloud/binary_authorization/v1"
|
77
|
-
|
78
|
-
ENV["BINARY_AUTHORIZATION_CREDENTIALS"] = "path/to/keyfile.json"
|
42
|
+
### Configuration
|
79
43
|
|
80
|
-
client
|
81
|
-
|
44
|
+
You can configure a path to a JSON credentials file, either for an individual client object or
|
45
|
+
globally, for all client objects. The JSON file can contain credentials created for
|
46
|
+
[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
|
47
|
+
[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
|
48
|
+
[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
|
82
49
|
|
83
|
-
|
50
|
+
Note: Service account keys are a security risk if not managed correctly. You should
|
51
|
+
[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
|
52
|
+
whenever possible.
|
84
53
|
|
85
|
-
|
86
|
-
it in an environment variable. Either on an individual client initialization:
|
54
|
+
To configure a credentials file for an individual client initialization:
|
87
55
|
|
88
56
|
```ruby
|
89
57
|
require "google/cloud/binary_authorization/v1"
|
90
58
|
|
91
59
|
client = ::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client.new do |config|
|
92
|
-
config.credentials = "path/to/
|
60
|
+
config.credentials = "path/to/credentialfile.json"
|
93
61
|
end
|
94
62
|
```
|
95
63
|
|
96
|
-
|
64
|
+
To configure a credentials file globally for all clients:
|
97
65
|
|
98
66
|
```ruby
|
99
67
|
require "google/cloud/binary_authorization/v1"
|
100
68
|
|
101
69
|
::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client.configure do |config|
|
102
|
-
config.credentials = "path/to/
|
70
|
+
config.credentials = "path/to/credentialfile.json"
|
103
71
|
end
|
104
72
|
|
105
73
|
client = ::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client.new
|
106
74
|
```
|
107
75
|
|
108
|
-
###
|
76
|
+
### Environment Variables
|
109
77
|
|
110
|
-
|
111
|
-
|
112
|
-
|
78
|
+
You can also use an environment variable to provide a JSON credentials file.
|
79
|
+
The environment variable can contain a path to the credentials file or, for
|
80
|
+
environments such as Docker containers where writing files is not encouraged,
|
81
|
+
you can include the credentials file itself.
|
113
82
|
|
114
|
-
|
83
|
+
The JSON file can contain credentials created for
|
84
|
+
[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
|
85
|
+
[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
|
86
|
+
[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
|
115
87
|
|
116
|
-
|
117
|
-
|
118
|
-
|
88
|
+
Note: Service account keys are a security risk if not managed correctly. You should
|
89
|
+
[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
|
90
|
+
whenever possible.
|
91
|
+
|
92
|
+
The environment variables that google-cloud-binary_authorization-v1
|
93
|
+
checks for credentials are:
|
119
94
|
|
120
|
-
|
121
|
-
*
|
95
|
+
* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
|
96
|
+
* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
|
122
97
|
|
123
|
-
|
98
|
+
```ruby
|
99
|
+
require "google/cloud/binary_authorization/v1"
|
124
100
|
|
125
|
-
|
126
|
-
connect to the APIs. You will use the **JSON key file** to
|
127
|
-
connect to most services with google-cloud-binary_authorization-v1.
|
101
|
+
ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
|
128
102
|
|
129
|
-
|
130
|
-
|
131
|
-
need a Google Developers service account.
|
103
|
+
client = ::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client.new
|
104
|
+
```
|
132
105
|
|
133
|
-
|
134
|
-
2. Create a new project or click on an existing project.
|
135
|
-
3. Activate the menu in the upper left and select **APIs & Services**. From
|
136
|
-
here, you will enable the APIs that your application requires.
|
106
|
+
### Local ADC file
|
137
107
|
|
138
|
-
|
108
|
+
You can set up a local ADC file with your user credentials for authentication during
|
109
|
+
development. If credentials are not provided in code or in environment variables,
|
110
|
+
then the local ADC credentials are discovered.
|
139
111
|
|
140
|
-
|
112
|
+
Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
|
141
113
|
|
142
|
-
|
143
|
-
"Service account" to be guided through downloading a new JSON key file.
|
114
|
+
### Google Cloud Platform environments
|
144
115
|
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
116
|
+
When running on Google Cloud Platform (GCP), including Google Compute Engine
|
117
|
+
(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
|
118
|
+
Functions (GCF) and Cloud Run, credentials are retrieved from the attached
|
119
|
+
service account automatically. Code should be written as if already authenticated.
|
149
120
|
|
150
|
-
|
151
|
-
|
121
|
+
For more information, see
|
122
|
+
[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
|
@@ -36,6 +36,9 @@ module Google
|
|
36
36
|
# * {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor}
|
37
37
|
#
|
38
38
|
class Client
|
39
|
+
# @private
|
40
|
+
DEFAULT_ENDPOINT_TEMPLATE = "binaryauthorization.$UNIVERSE_DOMAIN$"
|
41
|
+
|
39
42
|
include Paths
|
40
43
|
|
41
44
|
# @private
|
@@ -128,6 +131,15 @@ module Google
|
|
128
131
|
@config
|
129
132
|
end
|
130
133
|
|
134
|
+
##
|
135
|
+
# The effective universe domain
|
136
|
+
#
|
137
|
+
# @return [String]
|
138
|
+
#
|
139
|
+
def universe_domain
|
140
|
+
@binauthz_management_service_stub.universe_domain
|
141
|
+
end
|
142
|
+
|
131
143
|
##
|
132
144
|
# Create a new BinauthzManagementService client object.
|
133
145
|
#
|
@@ -161,8 +173,9 @@ module Google
|
|
161
173
|
credentials = @config.credentials
|
162
174
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
163
175
|
# but only if the default endpoint does not have a region prefix.
|
164
|
-
enable_self_signed_jwt = @config.endpoint
|
165
|
-
|
176
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
177
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
178
|
+
!@config.endpoint.split(".").first.include?("-"))
|
166
179
|
credentials ||= Credentials.default scope: @config.scope,
|
167
180
|
enable_self_signed_jwt: enable_self_signed_jwt
|
168
181
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
@@ -173,10 +186,13 @@ module Google
|
|
173
186
|
|
174
187
|
@binauthz_management_service_stub = ::Gapic::ServiceStub.new(
|
175
188
|
::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementServiceV1::Stub,
|
176
|
-
credentials:
|
177
|
-
endpoint:
|
189
|
+
credentials: credentials,
|
190
|
+
endpoint: @config.endpoint,
|
191
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
192
|
+
universe_domain: @config.universe_domain,
|
178
193
|
channel_args: @config.channel_args,
|
179
|
-
interceptors: @config.interceptors
|
194
|
+
interceptors: @config.interceptors,
|
195
|
+
channel_pool_config: @config.channel_pool
|
180
196
|
)
|
181
197
|
end
|
182
198
|
|
@@ -850,9 +866,9 @@ module Google
|
|
850
866
|
# end
|
851
867
|
#
|
852
868
|
# @!attribute [rw] endpoint
|
853
|
-
#
|
854
|
-
#
|
855
|
-
# @return [::String]
|
869
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
870
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
871
|
+
# @return [::String,nil]
|
856
872
|
# @!attribute [rw] credentials
|
857
873
|
# Credentials to send with calls. You may provide any of the following types:
|
858
874
|
# * (`String`) The path to a service account key file in JSON format
|
@@ -898,13 +914,20 @@ module Google
|
|
898
914
|
# @!attribute [rw] quota_project
|
899
915
|
# A separate project against which to charge quota.
|
900
916
|
# @return [::String]
|
917
|
+
# @!attribute [rw] universe_domain
|
918
|
+
# The universe domain within which to make requests. This determines the
|
919
|
+
# default endpoint URL. The default value of nil uses the environment
|
920
|
+
# universe (usually the default "googleapis.com" universe).
|
921
|
+
# @return [::String,nil]
|
901
922
|
#
|
902
923
|
class Configuration
|
903
924
|
extend ::Gapic::Config
|
904
925
|
|
926
|
+
# @private
|
927
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
905
928
|
DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
|
906
929
|
|
907
|
-
config_attr :endpoint,
|
930
|
+
config_attr :endpoint, nil, ::String, nil
|
908
931
|
config_attr :credentials, nil do |value|
|
909
932
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
910
933
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
@@ -919,6 +942,7 @@ module Google
|
|
919
942
|
config_attr :metadata, nil, ::Hash, nil
|
920
943
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
921
944
|
config_attr :quota_project, nil, ::String, nil
|
945
|
+
config_attr :universe_domain, nil, ::String, nil
|
922
946
|
|
923
947
|
# @private
|
924
948
|
def initialize parent_config = nil
|
@@ -939,6 +963,14 @@ module Google
|
|
939
963
|
end
|
940
964
|
end
|
941
965
|
|
966
|
+
##
|
967
|
+
# Configuration for the channel pool
|
968
|
+
# @return [::Gapic::ServiceStub::ChannelPool::Configuration]
|
969
|
+
#
|
970
|
+
def channel_pool
|
971
|
+
@channel_pool ||= ::Gapic::ServiceStub::ChannelPool::Configuration.new
|
972
|
+
end
|
973
|
+
|
942
974
|
##
|
943
975
|
# Configuration RPC class for the BinauthzManagementService API.
|
944
976
|
#
|
@@ -38,6 +38,9 @@ module Google
|
|
38
38
|
# * {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor}
|
39
39
|
#
|
40
40
|
class Client
|
41
|
+
# @private
|
42
|
+
DEFAULT_ENDPOINT_TEMPLATE = "binaryauthorization.$UNIVERSE_DOMAIN$"
|
43
|
+
|
41
44
|
include Paths
|
42
45
|
|
43
46
|
# @private
|
@@ -130,6 +133,15 @@ module Google
|
|
130
133
|
@config
|
131
134
|
end
|
132
135
|
|
136
|
+
##
|
137
|
+
# The effective universe domain
|
138
|
+
#
|
139
|
+
# @return [String]
|
140
|
+
#
|
141
|
+
def universe_domain
|
142
|
+
@binauthz_management_service_stub.universe_domain
|
143
|
+
end
|
144
|
+
|
133
145
|
##
|
134
146
|
# Create a new BinauthzManagementService REST client object.
|
135
147
|
#
|
@@ -157,8 +169,9 @@ module Google
|
|
157
169
|
credentials = @config.credentials
|
158
170
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
159
171
|
# but only if the default endpoint does not have a region prefix.
|
160
|
-
enable_self_signed_jwt = @config.endpoint
|
161
|
-
|
172
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
173
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
174
|
+
!@config.endpoint.split(".").first.include?("-"))
|
162
175
|
credentials ||= Credentials.default scope: @config.scope,
|
163
176
|
enable_self_signed_jwt: enable_self_signed_jwt
|
164
177
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
@@ -168,7 +181,12 @@ module Google
|
|
168
181
|
@quota_project_id = @config.quota_project
|
169
182
|
@quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
|
170
183
|
|
171
|
-
@binauthz_management_service_stub = ::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::ServiceStub.new
|
184
|
+
@binauthz_management_service_stub = ::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::ServiceStub.new(
|
185
|
+
endpoint: @config.endpoint,
|
186
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
187
|
+
universe_domain: @config.universe_domain,
|
188
|
+
credentials: credentials
|
189
|
+
)
|
172
190
|
end
|
173
191
|
|
174
192
|
# Service calls
|
@@ -207,6 +225,22 @@ module Google
|
|
207
225
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Policy]
|
208
226
|
#
|
209
227
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
228
|
+
#
|
229
|
+
# @example Basic example
|
230
|
+
# require "google/cloud/binary_authorization/v1"
|
231
|
+
#
|
232
|
+
# # Create a client object. The client can be reused for multiple calls.
|
233
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
234
|
+
#
|
235
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
236
|
+
# request = Google::Cloud::BinaryAuthorization::V1::GetPolicyRequest.new
|
237
|
+
#
|
238
|
+
# # Call the get_policy method.
|
239
|
+
# result = client.get_policy request
|
240
|
+
#
|
241
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::Policy.
|
242
|
+
# p result
|
243
|
+
#
|
210
244
|
def get_policy request, options = nil
|
211
245
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
212
246
|
|
@@ -275,6 +309,22 @@ module Google
|
|
275
309
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Policy]
|
276
310
|
#
|
277
311
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
312
|
+
#
|
313
|
+
# @example Basic example
|
314
|
+
# require "google/cloud/binary_authorization/v1"
|
315
|
+
#
|
316
|
+
# # Create a client object. The client can be reused for multiple calls.
|
317
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
318
|
+
#
|
319
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
320
|
+
# request = Google::Cloud::BinaryAuthorization::V1::UpdatePolicyRequest.new
|
321
|
+
#
|
322
|
+
# # Call the update_policy method.
|
323
|
+
# result = client.update_policy request
|
324
|
+
#
|
325
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::Policy.
|
326
|
+
# p result
|
327
|
+
#
|
278
328
|
def update_policy request, options = nil
|
279
329
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
280
330
|
|
@@ -346,6 +396,22 @@ module Google
|
|
346
396
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
347
397
|
#
|
348
398
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
399
|
+
#
|
400
|
+
# @example Basic example
|
401
|
+
# require "google/cloud/binary_authorization/v1"
|
402
|
+
#
|
403
|
+
# # Create a client object. The client can be reused for multiple calls.
|
404
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
405
|
+
#
|
406
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
407
|
+
# request = Google::Cloud::BinaryAuthorization::V1::CreateAttestorRequest.new
|
408
|
+
#
|
409
|
+
# # Call the create_attestor method.
|
410
|
+
# result = client.create_attestor request
|
411
|
+
#
|
412
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::Attestor.
|
413
|
+
# p result
|
414
|
+
#
|
349
415
|
def create_attestor request, options = nil
|
350
416
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
351
417
|
|
@@ -410,6 +476,22 @@ module Google
|
|
410
476
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
411
477
|
#
|
412
478
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
479
|
+
#
|
480
|
+
# @example Basic example
|
481
|
+
# require "google/cloud/binary_authorization/v1"
|
482
|
+
#
|
483
|
+
# # Create a client object. The client can be reused for multiple calls.
|
484
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
485
|
+
#
|
486
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
487
|
+
# request = Google::Cloud::BinaryAuthorization::V1::GetAttestorRequest.new
|
488
|
+
#
|
489
|
+
# # Call the get_attestor method.
|
490
|
+
# result = client.get_attestor request
|
491
|
+
#
|
492
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::Attestor.
|
493
|
+
# p result
|
494
|
+
#
|
413
495
|
def get_attestor request, options = nil
|
414
496
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
415
497
|
|
@@ -475,6 +557,22 @@ module Google
|
|
475
557
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
476
558
|
#
|
477
559
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
560
|
+
#
|
561
|
+
# @example Basic example
|
562
|
+
# require "google/cloud/binary_authorization/v1"
|
563
|
+
#
|
564
|
+
# # Create a client object. The client can be reused for multiple calls.
|
565
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
566
|
+
#
|
567
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
568
|
+
# request = Google::Cloud::BinaryAuthorization::V1::UpdateAttestorRequest.new
|
569
|
+
#
|
570
|
+
# # Call the update_attestor method.
|
571
|
+
# result = client.update_attestor request
|
572
|
+
#
|
573
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::Attestor.
|
574
|
+
# p result
|
575
|
+
#
|
478
576
|
def update_attestor request, options = nil
|
479
577
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
480
578
|
|
@@ -546,6 +644,26 @@ module Google
|
|
546
644
|
# @return [::Gapic::Rest::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1::Attestor>]
|
547
645
|
#
|
548
646
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
647
|
+
#
|
648
|
+
# @example Basic example
|
649
|
+
# require "google/cloud/binary_authorization/v1"
|
650
|
+
#
|
651
|
+
# # Create a client object. The client can be reused for multiple calls.
|
652
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
653
|
+
#
|
654
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
655
|
+
# request = Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest.new
|
656
|
+
#
|
657
|
+
# # Call the list_attestors method.
|
658
|
+
# result = client.list_attestors request
|
659
|
+
#
|
660
|
+
# # The returned object is of type Gapic::PagedEnumerable. You can iterate
|
661
|
+
# # over elements, and API calls will be issued to fetch pages as needed.
|
662
|
+
# result.each do |item|
|
663
|
+
# # Each element is of type ::Google::Cloud::BinaryAuthorization::V1::Attestor.
|
664
|
+
# p item
|
665
|
+
# end
|
666
|
+
#
|
549
667
|
def list_attestors request, options = nil
|
550
668
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
551
669
|
|
@@ -611,6 +729,22 @@ module Google
|
|
611
729
|
# @return [::Google::Protobuf::Empty]
|
612
730
|
#
|
613
731
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
732
|
+
#
|
733
|
+
# @example Basic example
|
734
|
+
# require "google/cloud/binary_authorization/v1"
|
735
|
+
#
|
736
|
+
# # Create a client object. The client can be reused for multiple calls.
|
737
|
+
# client = Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new
|
738
|
+
#
|
739
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
740
|
+
# request = Google::Cloud::BinaryAuthorization::V1::DeleteAttestorRequest.new
|
741
|
+
#
|
742
|
+
# # Call the delete_attestor method.
|
743
|
+
# result = client.delete_attestor request
|
744
|
+
#
|
745
|
+
# # The returned object is of type Google::Protobuf::Empty.
|
746
|
+
# p result
|
747
|
+
#
|
614
748
|
def delete_attestor request, options = nil
|
615
749
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
616
750
|
|
@@ -676,9 +810,9 @@ module Google
|
|
676
810
|
# end
|
677
811
|
#
|
678
812
|
# @!attribute [rw] endpoint
|
679
|
-
#
|
680
|
-
#
|
681
|
-
# @return [::String]
|
813
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
814
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
815
|
+
# @return [::String,nil]
|
682
816
|
# @!attribute [rw] credentials
|
683
817
|
# Credentials to send with calls. You may provide any of the following types:
|
684
818
|
# * (`String`) The path to a service account key file in JSON format
|
@@ -715,13 +849,20 @@ module Google
|
|
715
849
|
# @!attribute [rw] quota_project
|
716
850
|
# A separate project against which to charge quota.
|
717
851
|
# @return [::String]
|
852
|
+
# @!attribute [rw] universe_domain
|
853
|
+
# The universe domain within which to make requests. This determines the
|
854
|
+
# default endpoint URL. The default value of nil uses the environment
|
855
|
+
# universe (usually the default "googleapis.com" universe).
|
856
|
+
# @return [::String,nil]
|
718
857
|
#
|
719
858
|
class Configuration
|
720
859
|
extend ::Gapic::Config
|
721
860
|
|
861
|
+
# @private
|
862
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
722
863
|
DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
|
723
864
|
|
724
|
-
config_attr :endpoint,
|
865
|
+
config_attr :endpoint, nil, ::String, nil
|
725
866
|
config_attr :credentials, nil do |value|
|
726
867
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
727
868
|
allowed.any? { |klass| klass === value }
|
@@ -733,6 +874,7 @@ module Google
|
|
733
874
|
config_attr :metadata, nil, ::Hash, nil
|
734
875
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
735
876
|
config_attr :quota_project, nil, ::String, nil
|
877
|
+
config_attr :universe_domain, nil, ::String, nil
|
736
878
|
|
737
879
|
# @private
|
738
880
|
def initialize parent_config = nil
|
data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/service_stub.rb
CHANGED
@@ -30,16 +30,28 @@ module Google
|
|
30
30
|
# including transcoding, making the REST call, and deserialing the response.
|
31
31
|
#
|
32
32
|
class ServiceStub
|
33
|
-
def initialize endpoint:, credentials:
|
33
|
+
def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
|
34
34
|
# These require statements are intentionally placed here to initialize
|
35
35
|
# the REST modules only when it's required.
|
36
36
|
require "gapic/rest"
|
37
37
|
|
38
|
-
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
38
|
+
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
39
|
+
endpoint_template: endpoint_template,
|
40
|
+
universe_domain: universe_domain,
|
41
|
+
credentials: credentials,
|
39
42
|
numeric_enums: true,
|
40
43
|
raise_faraday_errors: false
|
41
44
|
end
|
42
45
|
|
46
|
+
##
|
47
|
+
# The effective universe domain
|
48
|
+
#
|
49
|
+
# @return [String]
|
50
|
+
#
|
51
|
+
def universe_domain
|
52
|
+
@client_stub.universe_domain
|
53
|
+
end
|
54
|
+
|
43
55
|
##
|
44
56
|
# Baseline implementation for the get_policy REST call
|
45
57
|
#
|
@@ -30,6 +30,9 @@ module Google
|
|
30
30
|
# API for working with the system policy.
|
31
31
|
#
|
32
32
|
class Client
|
33
|
+
# @private
|
34
|
+
DEFAULT_ENDPOINT_TEMPLATE = "binaryauthorization.$UNIVERSE_DOMAIN$"
|
35
|
+
|
33
36
|
include Paths
|
34
37
|
|
35
38
|
# @private
|
@@ -90,6 +93,15 @@ module Google
|
|
90
93
|
@config
|
91
94
|
end
|
92
95
|
|
96
|
+
##
|
97
|
+
# The effective universe domain
|
98
|
+
#
|
99
|
+
# @return [String]
|
100
|
+
#
|
101
|
+
def universe_domain
|
102
|
+
@system_policy_stub.universe_domain
|
103
|
+
end
|
104
|
+
|
93
105
|
##
|
94
106
|
# Create a new SystemPolicy client object.
|
95
107
|
#
|
@@ -123,8 +135,9 @@ module Google
|
|
123
135
|
credentials = @config.credentials
|
124
136
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
125
137
|
# but only if the default endpoint does not have a region prefix.
|
126
|
-
enable_self_signed_jwt = @config.endpoint
|
127
|
-
|
138
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
139
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
140
|
+
!@config.endpoint.split(".").first.include?("-"))
|
128
141
|
credentials ||= Credentials.default scope: @config.scope,
|
129
142
|
enable_self_signed_jwt: enable_self_signed_jwt
|
130
143
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
@@ -135,10 +148,13 @@ module Google
|
|
135
148
|
|
136
149
|
@system_policy_stub = ::Gapic::ServiceStub.new(
|
137
150
|
::Google::Cloud::BinaryAuthorization::V1::SystemPolicyV1::Stub,
|
138
|
-
credentials:
|
139
|
-
endpoint:
|
151
|
+
credentials: credentials,
|
152
|
+
endpoint: @config.endpoint,
|
153
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
154
|
+
universe_domain: @config.universe_domain,
|
140
155
|
channel_args: @config.channel_args,
|
141
|
-
interceptors: @config.interceptors
|
156
|
+
interceptors: @config.interceptors,
|
157
|
+
channel_pool_config: @config.channel_pool
|
142
158
|
)
|
143
159
|
end
|
144
160
|
|
@@ -260,9 +276,9 @@ module Google
|
|
260
276
|
# end
|
261
277
|
#
|
262
278
|
# @!attribute [rw] endpoint
|
263
|
-
#
|
264
|
-
#
|
265
|
-
# @return [::String]
|
279
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
280
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
281
|
+
# @return [::String,nil]
|
266
282
|
# @!attribute [rw] credentials
|
267
283
|
# Credentials to send with calls. You may provide any of the following types:
|
268
284
|
# * (`String`) The path to a service account key file in JSON format
|
@@ -308,13 +324,20 @@ module Google
|
|
308
324
|
# @!attribute [rw] quota_project
|
309
325
|
# A separate project against which to charge quota.
|
310
326
|
# @return [::String]
|
327
|
+
# @!attribute [rw] universe_domain
|
328
|
+
# The universe domain within which to make requests. This determines the
|
329
|
+
# default endpoint URL. The default value of nil uses the environment
|
330
|
+
# universe (usually the default "googleapis.com" universe).
|
331
|
+
# @return [::String,nil]
|
311
332
|
#
|
312
333
|
class Configuration
|
313
334
|
extend ::Gapic::Config
|
314
335
|
|
336
|
+
# @private
|
337
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
315
338
|
DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
|
316
339
|
|
317
|
-
config_attr :endpoint,
|
340
|
+
config_attr :endpoint, nil, ::String, nil
|
318
341
|
config_attr :credentials, nil do |value|
|
319
342
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
320
343
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
@@ -329,6 +352,7 @@ module Google
|
|
329
352
|
config_attr :metadata, nil, ::Hash, nil
|
330
353
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
331
354
|
config_attr :quota_project, nil, ::String, nil
|
355
|
+
config_attr :universe_domain, nil, ::String, nil
|
332
356
|
|
333
357
|
# @private
|
334
358
|
def initialize parent_config = nil
|
@@ -349,6 +373,14 @@ module Google
|
|
349
373
|
end
|
350
374
|
end
|
351
375
|
|
376
|
+
##
|
377
|
+
# Configuration for the channel pool
|
378
|
+
# @return [::Gapic::ServiceStub::ChannelPool::Configuration]
|
379
|
+
#
|
380
|
+
def channel_pool
|
381
|
+
@channel_pool ||= ::Gapic::ServiceStub::ChannelPool::Configuration.new
|
382
|
+
end
|
383
|
+
|
352
384
|
##
|
353
385
|
# Configuration RPC class for the SystemPolicy API.
|
354
386
|
#
|
@@ -32,6 +32,9 @@ module Google
|
|
32
32
|
# API for working with the system policy.
|
33
33
|
#
|
34
34
|
class Client
|
35
|
+
# @private
|
36
|
+
DEFAULT_ENDPOINT_TEMPLATE = "binaryauthorization.$UNIVERSE_DOMAIN$"
|
37
|
+
|
35
38
|
include Paths
|
36
39
|
|
37
40
|
# @private
|
@@ -92,6 +95,15 @@ module Google
|
|
92
95
|
@config
|
93
96
|
end
|
94
97
|
|
98
|
+
##
|
99
|
+
# The effective universe domain
|
100
|
+
#
|
101
|
+
# @return [String]
|
102
|
+
#
|
103
|
+
def universe_domain
|
104
|
+
@system_policy_stub.universe_domain
|
105
|
+
end
|
106
|
+
|
95
107
|
##
|
96
108
|
# Create a new SystemPolicy REST client object.
|
97
109
|
#
|
@@ -119,8 +131,9 @@ module Google
|
|
119
131
|
credentials = @config.credentials
|
120
132
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
121
133
|
# but only if the default endpoint does not have a region prefix.
|
122
|
-
enable_self_signed_jwt = @config.endpoint
|
123
|
-
|
134
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
135
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
136
|
+
!@config.endpoint.split(".").first.include?("-"))
|
124
137
|
credentials ||= Credentials.default scope: @config.scope,
|
125
138
|
enable_self_signed_jwt: enable_self_signed_jwt
|
126
139
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
@@ -130,7 +143,12 @@ module Google
|
|
130
143
|
@quota_project_id = @config.quota_project
|
131
144
|
@quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
|
132
145
|
|
133
|
-
@system_policy_stub = ::Google::Cloud::BinaryAuthorization::V1::SystemPolicy::Rest::ServiceStub.new
|
146
|
+
@system_policy_stub = ::Google::Cloud::BinaryAuthorization::V1::SystemPolicy::Rest::ServiceStub.new(
|
147
|
+
endpoint: @config.endpoint,
|
148
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
149
|
+
universe_domain: @config.universe_domain,
|
150
|
+
credentials: credentials
|
151
|
+
)
|
134
152
|
end
|
135
153
|
|
136
154
|
# Service calls
|
@@ -163,6 +181,22 @@ module Google
|
|
163
181
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Policy]
|
164
182
|
#
|
165
183
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
184
|
+
#
|
185
|
+
# @example Basic example
|
186
|
+
# require "google/cloud/binary_authorization/v1"
|
187
|
+
#
|
188
|
+
# # Create a client object. The client can be reused for multiple calls.
|
189
|
+
# client = Google::Cloud::BinaryAuthorization::V1::SystemPolicy::Rest::Client.new
|
190
|
+
#
|
191
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
192
|
+
# request = Google::Cloud::BinaryAuthorization::V1::GetSystemPolicyRequest.new
|
193
|
+
#
|
194
|
+
# # Call the get_system_policy method.
|
195
|
+
# result = client.get_system_policy request
|
196
|
+
#
|
197
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::Policy.
|
198
|
+
# p result
|
199
|
+
#
|
166
200
|
def get_system_policy request, options = nil
|
167
201
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
168
202
|
|
@@ -228,9 +262,9 @@ module Google
|
|
228
262
|
# end
|
229
263
|
#
|
230
264
|
# @!attribute [rw] endpoint
|
231
|
-
#
|
232
|
-
#
|
233
|
-
# @return [::String]
|
265
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
266
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
267
|
+
# @return [::String,nil]
|
234
268
|
# @!attribute [rw] credentials
|
235
269
|
# Credentials to send with calls. You may provide any of the following types:
|
236
270
|
# * (`String`) The path to a service account key file in JSON format
|
@@ -267,13 +301,20 @@ module Google
|
|
267
301
|
# @!attribute [rw] quota_project
|
268
302
|
# A separate project against which to charge quota.
|
269
303
|
# @return [::String]
|
304
|
+
# @!attribute [rw] universe_domain
|
305
|
+
# The universe domain within which to make requests. This determines the
|
306
|
+
# default endpoint URL. The default value of nil uses the environment
|
307
|
+
# universe (usually the default "googleapis.com" universe).
|
308
|
+
# @return [::String,nil]
|
270
309
|
#
|
271
310
|
class Configuration
|
272
311
|
extend ::Gapic::Config
|
273
312
|
|
313
|
+
# @private
|
314
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
274
315
|
DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
|
275
316
|
|
276
|
-
config_attr :endpoint,
|
317
|
+
config_attr :endpoint, nil, ::String, nil
|
277
318
|
config_attr :credentials, nil do |value|
|
278
319
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
279
320
|
allowed.any? { |klass| klass === value }
|
@@ -285,6 +326,7 @@ module Google
|
|
285
326
|
config_attr :metadata, nil, ::Hash, nil
|
286
327
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
287
328
|
config_attr :quota_project, nil, ::String, nil
|
329
|
+
config_attr :universe_domain, nil, ::String, nil
|
288
330
|
|
289
331
|
# @private
|
290
332
|
def initialize parent_config = nil
|
@@ -30,16 +30,28 @@ module Google
|
|
30
30
|
# including transcoding, making the REST call, and deserialing the response.
|
31
31
|
#
|
32
32
|
class ServiceStub
|
33
|
-
def initialize endpoint:, credentials:
|
33
|
+
def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
|
34
34
|
# These require statements are intentionally placed here to initialize
|
35
35
|
# the REST modules only when it's required.
|
36
36
|
require "gapic/rest"
|
37
37
|
|
38
|
-
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
38
|
+
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
39
|
+
endpoint_template: endpoint_template,
|
40
|
+
universe_domain: universe_domain,
|
41
|
+
credentials: credentials,
|
39
42
|
numeric_enums: true,
|
40
43
|
raise_faraday_errors: false
|
41
44
|
end
|
42
45
|
|
46
|
+
##
|
47
|
+
# The effective universe domain
|
48
|
+
#
|
49
|
+
# @return [String]
|
50
|
+
#
|
51
|
+
def universe_domain
|
52
|
+
@client_stub.universe_domain
|
53
|
+
end
|
54
|
+
|
43
55
|
##
|
44
56
|
# Baseline implementation for the get_system_policy REST call
|
45
57
|
#
|
@@ -30,6 +30,9 @@ module Google
|
|
30
30
|
# BinAuthz Attestor verification
|
31
31
|
#
|
32
32
|
class Client
|
33
|
+
# @private
|
34
|
+
DEFAULT_ENDPOINT_TEMPLATE = "binaryauthorization.$UNIVERSE_DOMAIN$"
|
35
|
+
|
33
36
|
# @private
|
34
37
|
attr_reader :validation_helper_stub
|
35
38
|
|
@@ -88,6 +91,15 @@ module Google
|
|
88
91
|
@config
|
89
92
|
end
|
90
93
|
|
94
|
+
##
|
95
|
+
# The effective universe domain
|
96
|
+
#
|
97
|
+
# @return [String]
|
98
|
+
#
|
99
|
+
def universe_domain
|
100
|
+
@validation_helper_stub.universe_domain
|
101
|
+
end
|
102
|
+
|
91
103
|
##
|
92
104
|
# Create a new ValidationHelper client object.
|
93
105
|
#
|
@@ -121,8 +133,9 @@ module Google
|
|
121
133
|
credentials = @config.credentials
|
122
134
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
123
135
|
# but only if the default endpoint does not have a region prefix.
|
124
|
-
enable_self_signed_jwt = @config.endpoint
|
125
|
-
|
136
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
137
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
138
|
+
!@config.endpoint.split(".").first.include?("-"))
|
126
139
|
credentials ||= Credentials.default scope: @config.scope,
|
127
140
|
enable_self_signed_jwt: enable_self_signed_jwt
|
128
141
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
@@ -133,10 +146,13 @@ module Google
|
|
133
146
|
|
134
147
|
@validation_helper_stub = ::Gapic::ServiceStub.new(
|
135
148
|
::Google::Cloud::BinaryAuthorization::V1::ValidationHelperV1::Stub,
|
136
|
-
credentials:
|
137
|
-
endpoint:
|
149
|
+
credentials: credentials,
|
150
|
+
endpoint: @config.endpoint,
|
151
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
152
|
+
universe_domain: @config.universe_domain,
|
138
153
|
channel_args: @config.channel_args,
|
139
|
-
interceptors: @config.interceptors
|
154
|
+
interceptors: @config.interceptors,
|
155
|
+
channel_pool_config: @config.channel_pool
|
140
156
|
)
|
141
157
|
end
|
142
158
|
|
@@ -271,9 +287,9 @@ module Google
|
|
271
287
|
# end
|
272
288
|
#
|
273
289
|
# @!attribute [rw] endpoint
|
274
|
-
#
|
275
|
-
#
|
276
|
-
# @return [::String]
|
290
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
291
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
292
|
+
# @return [::String,nil]
|
277
293
|
# @!attribute [rw] credentials
|
278
294
|
# Credentials to send with calls. You may provide any of the following types:
|
279
295
|
# * (`String`) The path to a service account key file in JSON format
|
@@ -319,13 +335,20 @@ module Google
|
|
319
335
|
# @!attribute [rw] quota_project
|
320
336
|
# A separate project against which to charge quota.
|
321
337
|
# @return [::String]
|
338
|
+
# @!attribute [rw] universe_domain
|
339
|
+
# The universe domain within which to make requests. This determines the
|
340
|
+
# default endpoint URL. The default value of nil uses the environment
|
341
|
+
# universe (usually the default "googleapis.com" universe).
|
342
|
+
# @return [::String,nil]
|
322
343
|
#
|
323
344
|
class Configuration
|
324
345
|
extend ::Gapic::Config
|
325
346
|
|
347
|
+
# @private
|
348
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
326
349
|
DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
|
327
350
|
|
328
|
-
config_attr :endpoint,
|
351
|
+
config_attr :endpoint, nil, ::String, nil
|
329
352
|
config_attr :credentials, nil do |value|
|
330
353
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
331
354
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
@@ -340,6 +363,7 @@ module Google
|
|
340
363
|
config_attr :metadata, nil, ::Hash, nil
|
341
364
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
342
365
|
config_attr :quota_project, nil, ::String, nil
|
366
|
+
config_attr :universe_domain, nil, ::String, nil
|
343
367
|
|
344
368
|
# @private
|
345
369
|
def initialize parent_config = nil
|
@@ -360,6 +384,14 @@ module Google
|
|
360
384
|
end
|
361
385
|
end
|
362
386
|
|
387
|
+
##
|
388
|
+
# Configuration for the channel pool
|
389
|
+
# @return [::Gapic::ServiceStub::ChannelPool::Configuration]
|
390
|
+
#
|
391
|
+
def channel_pool
|
392
|
+
@channel_pool ||= ::Gapic::ServiceStub::ChannelPool::Configuration.new
|
393
|
+
end
|
394
|
+
|
363
395
|
##
|
364
396
|
# Configuration RPC class for the ValidationHelper API.
|
365
397
|
#
|
@@ -32,6 +32,9 @@ module Google
|
|
32
32
|
# BinAuthz Attestor verification
|
33
33
|
#
|
34
34
|
class Client
|
35
|
+
# @private
|
36
|
+
DEFAULT_ENDPOINT_TEMPLATE = "binaryauthorization.$UNIVERSE_DOMAIN$"
|
37
|
+
|
35
38
|
# @private
|
36
39
|
attr_reader :validation_helper_stub
|
37
40
|
|
@@ -90,6 +93,15 @@ module Google
|
|
90
93
|
@config
|
91
94
|
end
|
92
95
|
|
96
|
+
##
|
97
|
+
# The effective universe domain
|
98
|
+
#
|
99
|
+
# @return [String]
|
100
|
+
#
|
101
|
+
def universe_domain
|
102
|
+
@validation_helper_stub.universe_domain
|
103
|
+
end
|
104
|
+
|
93
105
|
##
|
94
106
|
# Create a new ValidationHelper REST client object.
|
95
107
|
#
|
@@ -117,8 +129,9 @@ module Google
|
|
117
129
|
credentials = @config.credentials
|
118
130
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
119
131
|
# but only if the default endpoint does not have a region prefix.
|
120
|
-
enable_self_signed_jwt = @config.endpoint
|
121
|
-
|
132
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
133
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
134
|
+
!@config.endpoint.split(".").first.include?("-"))
|
122
135
|
credentials ||= Credentials.default scope: @config.scope,
|
123
136
|
enable_self_signed_jwt: enable_self_signed_jwt
|
124
137
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
@@ -128,7 +141,12 @@ module Google
|
|
128
141
|
@quota_project_id = @config.quota_project
|
129
142
|
@quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
|
130
143
|
|
131
|
-
@validation_helper_stub = ::Google::Cloud::BinaryAuthorization::V1::ValidationHelper::Rest::ServiceStub.new
|
144
|
+
@validation_helper_stub = ::Google::Cloud::BinaryAuthorization::V1::ValidationHelper::Rest::ServiceStub.new(
|
145
|
+
endpoint: @config.endpoint,
|
146
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
147
|
+
universe_domain: @config.universe_domain,
|
148
|
+
credentials: credentials
|
149
|
+
)
|
132
150
|
end
|
133
151
|
|
134
152
|
# Service calls
|
@@ -174,6 +192,22 @@ module Google
|
|
174
192
|
# @return [::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceResponse]
|
175
193
|
#
|
176
194
|
# @raise [::Google::Cloud::Error] if the REST call is aborted.
|
195
|
+
#
|
196
|
+
# @example Basic example
|
197
|
+
# require "google/cloud/binary_authorization/v1"
|
198
|
+
#
|
199
|
+
# # Create a client object. The client can be reused for multiple calls.
|
200
|
+
# client = Google::Cloud::BinaryAuthorization::V1::ValidationHelper::Rest::Client.new
|
201
|
+
#
|
202
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
203
|
+
# request = Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceRequest.new
|
204
|
+
#
|
205
|
+
# # Call the validate_attestation_occurrence method.
|
206
|
+
# result = client.validate_attestation_occurrence request
|
207
|
+
#
|
208
|
+
# # The returned object is of type Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceResponse.
|
209
|
+
# p result
|
210
|
+
#
|
177
211
|
def validate_attestation_occurrence request, options = nil
|
178
212
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
179
213
|
|
@@ -239,9 +273,9 @@ module Google
|
|
239
273
|
# end
|
240
274
|
#
|
241
275
|
# @!attribute [rw] endpoint
|
242
|
-
#
|
243
|
-
#
|
244
|
-
# @return [::String]
|
276
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
277
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
278
|
+
# @return [::String,nil]
|
245
279
|
# @!attribute [rw] credentials
|
246
280
|
# Credentials to send with calls. You may provide any of the following types:
|
247
281
|
# * (`String`) The path to a service account key file in JSON format
|
@@ -278,13 +312,20 @@ module Google
|
|
278
312
|
# @!attribute [rw] quota_project
|
279
313
|
# A separate project against which to charge quota.
|
280
314
|
# @return [::String]
|
315
|
+
# @!attribute [rw] universe_domain
|
316
|
+
# The universe domain within which to make requests. This determines the
|
317
|
+
# default endpoint URL. The default value of nil uses the environment
|
318
|
+
# universe (usually the default "googleapis.com" universe).
|
319
|
+
# @return [::String,nil]
|
281
320
|
#
|
282
321
|
class Configuration
|
283
322
|
extend ::Gapic::Config
|
284
323
|
|
324
|
+
# @private
|
325
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
285
326
|
DEFAULT_ENDPOINT = "binaryauthorization.googleapis.com"
|
286
327
|
|
287
|
-
config_attr :endpoint,
|
328
|
+
config_attr :endpoint, nil, ::String, nil
|
288
329
|
config_attr :credentials, nil do |value|
|
289
330
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
290
331
|
allowed.any? { |klass| klass === value }
|
@@ -296,6 +337,7 @@ module Google
|
|
296
337
|
config_attr :metadata, nil, ::Hash, nil
|
297
338
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
298
339
|
config_attr :quota_project, nil, ::String, nil
|
340
|
+
config_attr :universe_domain, nil, ::String, nil
|
299
341
|
|
300
342
|
# @private
|
301
343
|
def initialize parent_config = nil
|
@@ -30,16 +30,28 @@ module Google
|
|
30
30
|
# including transcoding, making the REST call, and deserialing the response.
|
31
31
|
#
|
32
32
|
class ServiceStub
|
33
|
-
def initialize endpoint:, credentials:
|
33
|
+
def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
|
34
34
|
# These require statements are intentionally placed here to initialize
|
35
35
|
# the REST modules only when it's required.
|
36
36
|
require "gapic/rest"
|
37
37
|
|
38
|
-
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
38
|
+
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
39
|
+
endpoint_template: endpoint_template,
|
40
|
+
universe_domain: universe_domain,
|
41
|
+
credentials: credentials,
|
39
42
|
numeric_enums: true,
|
40
43
|
raise_faraday_errors: false
|
41
44
|
end
|
42
45
|
|
46
|
+
##
|
47
|
+
# The effective universe domain
|
48
|
+
#
|
49
|
+
# @return [String]
|
50
|
+
#
|
51
|
+
def universe_domain
|
52
|
+
@client_stub.universe_domain
|
53
|
+
end
|
54
|
+
|
43
55
|
##
|
44
56
|
# Baseline implementation for the validate_attestation_occurrence REST call
|
45
57
|
#
|
@@ -21,6 +21,7 @@ module Google
|
|
21
21
|
module Api
|
22
22
|
# Required information for every language.
|
23
23
|
# @!attribute [rw] reference_docs_uri
|
24
|
+
# @deprecated This field is deprecated and may be removed in the next major version update.
|
24
25
|
# @return [::String]
|
25
26
|
# Link to automatically generated reference documentation. Example:
|
26
27
|
# https://cloud.google.com/nodejs/docs/reference/asset/latest
|
@@ -304,6 +305,19 @@ module Google
|
|
304
305
|
# seconds: 360 # 6 minutes
|
305
306
|
# total_poll_timeout:
|
306
307
|
# seconds: 54000 # 90 minutes
|
308
|
+
# @!attribute [rw] auto_populated_fields
|
309
|
+
# @return [::Array<::String>]
|
310
|
+
# List of top-level fields of the request message, that should be
|
311
|
+
# automatically populated by the client libraries based on their
|
312
|
+
# (google.api.field_info).format. Currently supported format: UUID4.
|
313
|
+
#
|
314
|
+
# Example of a YAML configuration:
|
315
|
+
#
|
316
|
+
# publishing:
|
317
|
+
# method_settings:
|
318
|
+
# - selector: google.example.v1.ExampleService.CreateExample
|
319
|
+
# auto_populated_fields:
|
320
|
+
# - request_id
|
307
321
|
class MethodSettings
|
308
322
|
include ::Google::Protobuf::MessageExts
|
309
323
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -66,6 +66,20 @@ module Google
|
|
66
66
|
# a non-empty value will be returned. The user will not be aware of what
|
67
67
|
# non-empty value to expect.
|
68
68
|
NON_EMPTY_DEFAULT = 7
|
69
|
+
|
70
|
+
# Denotes that the field in a resource (a message annotated with
|
71
|
+
# google.api.resource) is used in the resource name to uniquely identify the
|
72
|
+
# resource. For AIP-compliant APIs, this should only be applied to the
|
73
|
+
# `name` field on the resource.
|
74
|
+
#
|
75
|
+
# This behavior should not be applied to references to other resources within
|
76
|
+
# the message.
|
77
|
+
#
|
78
|
+
# The identifier field of resources often have different field behavior
|
79
|
+
# depending on the request it is embedded in (e.g. for Create methods name
|
80
|
+
# is optional and unused, while for Update methods it is required). Instead
|
81
|
+
# of method-specific annotations, only `IDENTIFIER` is required.
|
82
|
+
IDENTIFIER = 8
|
69
83
|
end
|
70
84
|
end
|
71
85
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-binary_authorization-v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: gapic-common
|
@@ -16,7 +16,7 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.21.1
|
20
20
|
- - "<"
|
21
21
|
- !ruby/object:Gem::Version
|
22
22
|
version: 2.a
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version: 0.
|
29
|
+
version: 0.21.1
|
30
30
|
- - "<"
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: 2.a
|
@@ -248,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
248
248
|
- !ruby/object:Gem::Version
|
249
249
|
version: '0'
|
250
250
|
requirements: []
|
251
|
-
rubygems_version: 3.
|
251
|
+
rubygems_version: 3.5.3
|
252
252
|
signing_key:
|
253
253
|
specification_version: 4
|
254
254
|
summary: The management interface for Binary Authorization, a system providing policy
|