google-cloud-datastore-admin 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff72861861ec7c2be413d952c6c4e14538e21c0e6f8ba1d1a345f824fe31f041
-  data.tar.gz: 6db28b0140e44c5a4ea7a88e186173a12673f9e77417e1c7dd43c19b3cf34b56
+  metadata.gz: 6c19a2cf4f7253430bdfd4236b5d3e0670a46fcbe4671105b29f14be9c1fc250
+  data.tar.gz: 830b95856913d7d6b7064a19225b97aa3e9ead823246d36784f6e4fe9593599e
 SHA512:
-  metadata.gz: f4bc865b3a776a6211243bfe1522c60ed8aae91c00bee1132d1b4c282b9e8519c11fbcd303aed49cb92a96ed4455da2bb8a5b8a96600a6686e6dbdbd60744c80
-  data.tar.gz: 585b2e1578d58811085e72bd4569144df80dd3797d56b7c6b6bd12ad6fd54c78b0aaf30f28eed21bebdbecb5710dcfd1c18cd739539d3d2ace815469084b11bc
+  metadata.gz: a48e89424f6c6fa10d0072427414bd1dda30a2d019e8a59fddaf1ccb823b9abcc3d93db7c3e87ac25c6aaeb7d4bbbf3e21b8100e59ccc47045bfab54866de11f
+  data.tar.gz: d746db2ebbbdbcc94db57f6e85b92e663d17b3a1c842b587b01f4985ff80f374288090039c475437b2cb7f45515d0d6f0f2141f399035db14663b386a368b5ec

data/AUTHENTICATION.md

@@ -1,151 +1,122 @@
 # Authentication
 
-In general, the google-cloud-datastore-admin library uses
-[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
-credentials to connect to Google Cloud services. When running within
-[Google Cloud Platform environments](#google-cloud-platform-environments) the
-credentials will be discovered automatically. When running on other
-environments, the Service Account credentials can be specified by providing the
-path to the
-[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
-for the account (or the JSON itself) in
-[environment variables](#environment-variables). Additionally, Cloud SDK
-credentials can also be discovered automatically, but this is only recommended
-during development.
+The recommended way to authenticate to the google-cloud-datastore-admin library is to use
+[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
+To review all of your authentication options, see [Credentials lookup](#credential-lookup).
 
 ## Quickstart
 
-1. [Create a service account and credentials](#creating-a-service-account).
-2. Set the [environment variable](#environment-variables).
+The following example shows how to set up authentication for a local development
+environment with your user credentials. 
 
-```sh
-export DATASTORE_CREDENTIALS=path/to/keyfile.json
-```
-
-3. Initialize the client.
+**NOTE:** This method is _not_ recommended for running in production. User credentials
+should be used only during development.
 
-```ruby
-require "google/cloud/datastore/admin"
+1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
+2. Set up a local ADC file with your user credentials:
 
-client = Google::Cloud::Datastore::Admin.datastore_admin
+```sh
+gcloud auth application-default login
 ```
 
-## Credential Lookup
-
-The google-cloud-datastore-admin library aims to make authentication
-as simple as possible, and provides several mechanisms to configure your system
-without requiring **Service Account Credentials** directly in code.
-
-**Credentials** are discovered in the following order:
-
-1. Specify credentials in method arguments
-2. Specify credentials in configuration
-3. Discover credentials path in environment variables
-4. Discover credentials JSON in environment variables
-5. Discover credentials file in the Cloud SDK's path
-6. Discover GCP credentials
-
-### Google Cloud Platform environments
+3. Write code as if already authenticated.
 
-When running on Google Cloud Platform (GCP), including Google Compute Engine
-(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
-Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
-Code should be written as if already authenticated.
+For more information about setting up authentication for a local development environment, see
+[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
 
-### Environment Variables
+## Credential Lookup
 
-The **Credentials JSON** can be placed in environment variables instead of
-declaring them directly in code. Each service has its own environment variable,
-allowing for different service accounts to be used for different services. (See
-the READMEs for the individual service gems for details.) The path to the
-**Credentials JSON** file can be stored in the environment variable, or the
-**Credentials JSON** itself can be stored for environments such as Docker
-containers where writing files is difficult or not encouraged.
+The google-cloud-datastore-admin library provides several mechanisms to configure your system.
+Generally, using Application Default Credentials to facilitate automatic 
+credentials discovery is the easist method. But if you need to explicitly specify
+credentials, there are several methods available to you.
 
-The environment variables that google-cloud-datastore-admin
-checks for credentials are configured on the service Credentials class (such as
-`::Google::Cloud::Datastore::Admin::V1::DatastoreAdmin::Credentials`):
+Credentials are accepted in the following ways, in the following order or precedence:
 
-* `DATASTORE_CREDENTIALS` - Path to JSON file, or JSON contents
-* `DATASTORE_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
+1. Credentials specified in method arguments
+2. Credentials specified in configuration
+3. Credentials pointed to or included in environment variables
+4. Credentials found in local ADC file
+5. Credentials returned by the metadata server for the attached service account (GCP)
 
-```ruby
-require "google/cloud/datastore/admin"
-
-ENV["DATASTORE_CREDENTIALS"] = "path/to/keyfile.json"
+### Configuration
 
-client = Google::Cloud::Datastore::Admin.datastore_admin
-```
+You can configure a path to a JSON credentials file, either for an individual client object or
+globally, for all client objects. The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
 
-### Configuration
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
 
-The path to the **Credentials JSON** file can be configured instead of storing
-it in an environment variable. Either on an individual client initialization:
+To configure a credentials file for an individual client initialization:
 
 ```ruby
 require "google/cloud/datastore/admin"
 
 client = Google::Cloud::Datastore::Admin.datastore_admin do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 ```
 
-Or globally for all clients:
+To configure a credentials file globally for all clients:
 
 ```ruby
 require "google/cloud/datastore/admin"
 
 Google::Cloud::Datastore::Admin.configure do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 
 client = Google::Cloud::Datastore::Admin.datastore_admin
 ```
 
-### Cloud SDK
+### Environment Variables
 
-This option allows for an easy way to authenticate during development. If
-credentials are not provided in code or in environment variables, then Cloud SDK
-credentials are discovered.
+You can also use an environment variable to provide a JSON credentials file.
+The environment variable can contain a path to the credentials file or, for
+environments such as Docker containers where writing files is not encouraged,
+you can include the credentials file itself.
 
-To configure your system for this, simply:
+The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
 
-1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
-3. Write code as if already authenticated.
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
+
+The environment variables that google-cloud-datastore-admin
+checks for credentials are:
 
-**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
-*should* only be used during development.
+* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
+* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
 
-## Creating a Service Account
+```ruby
+require "google/cloud/datastore/admin"
 
-Google Cloud requires **Service Account Credentials** to
-connect to the APIs. You will use the **JSON key file** to
-connect to most services with google-cloud-datastore-admin.
+ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
 
-If you are not running this client within
-[Google Cloud Platform environments](#google-cloud-platform-environments), you
-need a Google Developers service account.
+client = Google::Cloud::Datastore::Admin.datastore_admin
+```
 
-1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
-2. Create a new project or click on an existing project.
-3. Activate the menu in the upper left and select **APIs & Services**. From
-   here, you will enable the APIs that your application requires.
+### Local ADC file
 
-   *Note: You may need to enable billing in order to use these services.*
+You can set up a local ADC file with your user credentials for authentication during
+development. If credentials are not provided in code or in environment variables,
+then the local ADC credentials are discovered.
 
-4. Select **Credentials** from the side navigation.
+Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
 
-   Find the "Create credentials" drop down near the top of the page, and select
-   "Service account" to be guided through downloading a new JSON key file.
+### Google Cloud Platform environments
 
-   If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, click the pencil
-   tool on the right side to edit the service account, select the **Keys** tab,
-   and then select **Add Key**.
+When running on Google Cloud Platform (GCP), including Google Compute Engine
+(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
+Functions (GCF) and Cloud Run, credentials are retrieved from the attached
+service account automatically. Code should be written as if already authenticated.
 
-   The key file you download will be used by this library to authenticate API
-   requests and should be stored in a secure location.
+For more information, see
+[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).

data/README.md

@@ -16,7 +16,7 @@ for this library, google-cloud-datastore-admin, to see the convenience methods f
 constructing client objects. Reference documentation for the client objects
 themselves can be found in the client library documentation for the versioned
 client gems:
-[google-cloud-datastore-admin-v1](https://googleapis.dev/ruby/google-cloud-datastore-admin-v1/latest).
+[google-cloud-datastore-admin-v1](https://cloud.google.com/ruby/docs/reference/google-cloud-datastore-admin-v1/latest).
 
 See also the [Product Documentation](https://cloud.google.com/datastore)
 for more usage information.

data/lib/google/cloud/datastore/admin/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Datastore
       module Admin
-        VERSION = "0.2.0"
+        VERSION = "0.3.0"
       end
     end
   end

data/lib/google/cloud/datastore/admin.rb

@@ -29,7 +29,7 @@ require "google/cloud/config"
 
 # Set the default configuration
 ::Google::Cloud.configure.add_config! :datastore_admin do |config|
-  config.add_field! :endpoint,      "datastore.googleapis.com", match: ::String
+  config.add_field! :endpoint,      nil, match: ::String
   config.add_field! :credentials,   nil, match: [::String, ::Hash, ::Google::Auth::Credentials]
   config.add_field! :scope,         nil, match: [::Array, ::String]
   config.add_field! :lib_name,      nil, match: ::String
@@ -39,6 +39,7 @@ require "google/cloud/config"
   config.add_field! :metadata,      nil, match: ::Hash
   config.add_field! :retry_policy,  nil, match: [::Hash, ::Proc]
   config.add_field! :quota_project, nil, match: ::String
+  config.add_field! :universe_domain, nil, match: ::String
 end
 
 module Google
@@ -49,7 +50,7 @@ module Google
         # Create a new client object for DatastoreAdmin.
         #
         # By default, this returns an instance of
-        # [Google::Cloud::Datastore::Admin::V1::DatastoreAdmin::Client](https://googleapis.dev/ruby/google-cloud-datastore-admin-v1/latest/Google/Cloud/Datastore/Admin/V1/DatastoreAdmin/Client.html)
+        # [Google::Cloud::Datastore::Admin::V1::DatastoreAdmin::Client](https://cloud.google.com/ruby/docs/reference/google-cloud-datastore-admin-v1/latest/Google-Cloud-Datastore-Admin-V1-DatastoreAdmin-Client)
         # for a gRPC client for version V1 of the API.
         # However, you can specify a different API version by passing it in the
         # `version` parameter. If the DatastoreAdmin service is
@@ -62,14 +63,10 @@ module Google
         #
         # Google Cloud Datastore Admin API
         #
-        #
         # The Datastore Admin API provides several admin services for Cloud Datastore.
         #
-        # -----------------------------------------------------------------------------
-        # ## Concepts
-        #
-        # Project, namespace, kind, and entity as defined in the Google Cloud Datastore
-        # API.
+        # Concepts: Project, namespace, kind, and entity as defined in the Google Cloud
+        # Datastore API.
         #
         # Operation: An Operation represents work being performed in the background.
         #
@@ -77,50 +74,40 @@ module Google
         # specified as a combination of kinds and namespaces (either or both of which
         # may be all).
         #
-        # -----------------------------------------------------------------------------
-        # ## Services
-        #
-        # # Export/Import
+        # Export/Import Service:
         #
-        # The Export/Import service provides the ability to copy all or a subset of
+        # - The Export/Import service provides the ability to copy all or a subset of
         # entities to/from Google Cloud Storage.
-        #
-        # Exported data may be imported into Cloud Datastore for any Google Cloud
+        # - Exported data may be imported into Cloud Datastore for any Google Cloud
         # Platform project. It is not restricted to the export source project. It is
         # possible to export from one project and then import into another.
-        #
-        # Exported data can also be loaded into Google BigQuery for analysis.
-        #
-        # Exports and imports are performed asynchronously. An Operation resource is
+        # - Exported data can also be loaded into Google BigQuery for analysis.
+        # - Exports and imports are performed asynchronously. An Operation resource is
         # created for each export/import. The state (including any errors encountered)
         # of the export/import may be queried via the Operation resource.
         #
-        # # Index
+        # Index Service:
         #
-        # The index service manages Cloud Datastore composite indexes.
-        #
-        # Index creation and deletion are performed asynchronously.
+        # - The index service manages Cloud Datastore composite indexes.
+        # - Index creation and deletion are performed asynchronously.
         # An Operation resource is created for each such asynchronous operation.
         # The state of the operation (including any errors encountered)
         # may be queried via the Operation resource.
         #
-        # # Operation
+        # Operation Service:
         #
-        # The Operations collection provides a record of actions performed for the
+        # - The Operations collection provides a record of actions performed for the
         # specified project (including any operations in progress). Operations are not
         # created directly but through calls on other collections or resources.
-        #
-        # An operation that is not yet done may be cancelled. The request to cancel is
-        # asynchronous and the operation may continue to run for some time after the
+        # - An operation that is not yet done may be cancelled. The request to cancel
+        # is asynchronous and the operation may continue to run for some time after the
         # request to cancel is made.
-        #
-        # An operation that is done may be deleted so that it is no longer listed as
+        # - An operation that is done may be deleted so that it is no longer listed as
         # part of the Operation collection.
-        #
-        # ListOperations returns all pending operations, but not completed operations.
-        #
-        # Operations are created by service DatastoreAdmin,
-        # but are accessed via service google.longrunning.Operations.
+        # - ListOperations returns all pending operations, but not completed
+        # operations.
+        # - Operations are created by service DatastoreAdmin, but are accessed via
+        # service google.longrunning.Operations.
         #
         # @param version [::String, ::Symbol] The API version to connect to. Optional.
         #   Defaults to `:v1`.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-datastore-admin
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-09 00:00:00.000000000 Z
+date: 2024-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-core
@@ -30,7 +30,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.11'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -40,7 +40,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.11'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.2
+rubygems_version: 3.5.3
 signing_key: 
 specification_version: 4
 summary: API Client library for the Firestore in Datastore mode Admin API