google-cloud-kms-inventory-v1 0.6.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2c624f960e301e99eb6ddb91cba6c9913b09d9dbcebb43db4fdf2bf3a0b3ca1
-  data.tar.gz: 44a947d8129ce7955eac2bf2faea47bcb0daa5a8ac9b7d36bd0d56b747942f3c
+  metadata.gz: 67d45287f38ea46c6ed4989e0e6c65a7241e073cbcf0527243f4dc1bd4d24ec7
+  data.tar.gz: 8b97e49e63f9bedd2a0bca43463b6142588159af08a9ff37417e152954828045
 SHA512:
-  metadata.gz: 59e3aa3d3b92520db0479e6483a406befbc5cca49036d958456f64fe98280b46aca41a25519fc23038e94ae5034c3effc4095c6c0cfc98f5bb6617cea88203a2
-  data.tar.gz: 751b6b76935b9ea94e5e1613ceb36003902b2f98a83127a6a7c4aaefcdc816bc244565dc7e41d2c8d0a7f31d95f85e3ce5afe359fbb92f4c528a30b2ade82b2a
+  metadata.gz: c4beccf52c903c93c7130008da3802266e09e450a9498bc908357c055ff2907d4ad16d8603d71e56db3ed3eca32afae67090f4b93058fe321533491a38e7d983
+  data.tar.gz: 6901ce27821196e81225b2c0bd170255307eba5cd65391338738815fd55a2070d82c317e2d9b08f41765fb76e1a465ac40a8919988abe6c1897d46ad0b8e9145

data/AUTHENTICATION.md

@@ -1,149 +1,122 @@
 # Authentication
 
-In general, the google-cloud-kms-inventory-v1 library uses
-[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
-credentials to connect to Google Cloud services. When running within
-[Google Cloud Platform environments](#google-cloud-platform-environments) the
-credentials will be discovered automatically. When running on other
-environments, the Service Account credentials can be specified by providing the
-path to the
-[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
-for the account (or the JSON itself) in
-[environment variables](#environment-variables). Additionally, Cloud SDK
-credentials can also be discovered automatically, but this is only recommended
-during development.
+The recommended way to authenticate to the google-cloud-kms-inventory-v1 library is to use
+[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
+To review all of your authentication options, see [Credentials lookup](#credential-lookup).
 
 ## Quickstart
 
-1. [Create a service account and credentials](#creating-a-service-account).
-2. Set the [environment variable](#environment-variables).
+The following example shows how to set up authentication for a local development
+environment with your user credentials. 
 
-```sh
-export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json
-```
-
-3. Initialize the client.
+**NOTE:** This method is _not_ recommended for running in production. User credentials
+should be used only during development.
 
-```ruby
-require "google/cloud/kms/inventory/v1"
+1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
+2. Set up a local ADC file with your user credentials:
 
-client = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Client.new
+```sh
+gcloud auth application-default login
 ```
 
-## Credential Lookup
-
-The google-cloud-kms-inventory-v1 library aims to make authentication
-as simple as possible, and provides several mechanisms to configure your system
-without requiring **Service Account Credentials** directly in code.
-
-**Credentials** are discovered in the following order:
-
-1. Specify credentials in method arguments
-2. Specify credentials in configuration
-3. Discover credentials path in environment variables
-4. Discover credentials JSON in environment variables
-5. Discover credentials file in the Cloud SDK's path
-6. Discover GCP credentials
-
-### Google Cloud Platform environments
+3. Write code as if already authenticated.
 
-When running on Google Cloud Platform (GCP), including Google Compute Engine
-(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
-Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
-Code should be written as if already authenticated.
+For more information about setting up authentication for a local development environment, see
+[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
 
-### Environment Variables
+## Credential Lookup
 
-The **Credentials JSON** can be placed in environment variables instead of
-declaring them directly in code. Each service has its own environment variable,
-allowing for different service accounts to be used for different services. (See
-the READMEs for the individual service gems for details.) The path to the
-**Credentials JSON** file can be stored in the environment variable, or the
-**Credentials JSON** itself can be stored for environments such as Docker
-containers where writing files is difficult or not encouraged.
+The google-cloud-kms-inventory-v1 library provides several mechanisms to configure your system.
+Generally, using Application Default Credentials to facilitate automatic 
+credentials discovery is the easist method. But if you need to explicitly specify
+credentials, there are several methods available to you.
 
-The environment variables that google-cloud-kms-inventory-v1
-checks for credentials are configured on the service Credentials class (such as
-{::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Credentials}):
+Credentials are accepted in the following ways, in the following order or precedence:
 
-* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
+1. Credentials specified in method arguments
+2. Credentials specified in configuration
+3. Credentials pointed to or included in environment variables
+4. Credentials found in local ADC file
+5. Credentials returned by the metadata server for the attached service account (GCP)
 
-```ruby
-require "google/cloud/kms/inventory/v1"
-
-ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json"
+### Configuration
 
-client = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Client.new
-```
+You can configure a path to a JSON credentials file, either for an individual client object or
+globally, for all client objects. The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
 
-### Configuration
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
 
-The path to the **Credentials JSON** file can be configured instead of storing
-it in an environment variable. Either on an individual client initialization:
+To configure a credentials file for an individual client initialization:
 
 ```ruby
 require "google/cloud/kms/inventory/v1"
 
 client = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Client.new do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 ```
 
-Or globally for all clients:
+To configure a credentials file globally for all clients:
 
 ```ruby
 require "google/cloud/kms/inventory/v1"
 
 ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Client.configure do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 
 client = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Client.new
 ```
 
-### Cloud SDK
+### Environment Variables
 
-This option allows for an easy way to authenticate during development. If
-credentials are not provided in code or in environment variables, then Cloud SDK
-credentials are discovered.
+You can also use an environment variable to provide a JSON credentials file.
+The environment variable can contain a path to the credentials file or, for
+environments such as Docker containers where writing files is not encouraged,
+you can include the credentials file itself.
 
-To configure your system for this, simply:
+The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
 
-1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
-3. Write code as if already authenticated.
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
+
+The environment variables that google-cloud-kms-inventory-v1
+checks for credentials are:
 
-**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
-*should* only be used during development.
+* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
+* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
 
-## Creating a Service Account
+```ruby
+require "google/cloud/kms/inventory/v1"
 
-Google Cloud requires **Service Account Credentials** to
-connect to the APIs. You will use the **JSON key file** to
-connect to most services with google-cloud-kms-inventory-v1.
+ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
 
-If you are not running this client within
-[Google Cloud Platform environments](#google-cloud-platform-environments), you
-need a Google Developers service account.
+client = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Client.new
+```
 
-1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
-2. Create a new project or click on an existing project.
-3. Activate the menu in the upper left and select **APIs & Services**. From
-   here, you will enable the APIs that your application requires.
+### Local ADC file
 
-   *Note: You may need to enable billing in order to use these services.*
+You can set up a local ADC file with your user credentials for authentication during
+development. If credentials are not provided in code or in environment variables,
+then the local ADC credentials are discovered.
 
-4. Select **Credentials** from the side navigation.
+Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
 
-   Find the "Create credentials" drop down near the top of the page, and select
-   "Service account" to be guided through downloading a new JSON key file.
+### Google Cloud Platform environments
 
-   If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, click the pencil
-   tool on the right side to edit the service account, select the **Keys** tab,
-   and then select **Add Key**.
+When running on Google Cloud Platform (GCP), including Google Compute Engine
+(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
+Functions (GCF) and Cloud Run, credentials are retrieved from the attached
+service account automatically. Code should be written as if already authenticated.
 
-   The key file you download will be used by this library to authenticate API
-   requests and should be stored in a secure location.
+For more information, see
+[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).

data/lib/google/cloud/kms/inventory/v1/key_dashboard_service/client.rb

@@ -31,6 +31,9 @@ module Google
             # Provides a cross-region view of all Cloud KMS keys in a given Cloud project.
             #
             class Client
+              # @private
+              DEFAULT_ENDPOINT_TEMPLATE = "kmsinventory.$UNIVERSE_DOMAIN$"
+
               include Paths
 
               # @private
@@ -93,6 +96,15 @@ module Google
                 @config
               end
 
+              ##
+              # The effective universe domain
+              #
+              # @return [String]
+              #
+              def universe_domain
+                @key_dashboard_service_stub.universe_domain
+              end
+
               ##
               # Create a new KeyDashboardService client object.
               #
@@ -126,8 +138,9 @@ module Google
                 credentials = @config.credentials
                 # Use self-signed JWT if the endpoint is unchanged from default,
                 # but only if the default endpoint does not have a region prefix.
-                enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                         !@config.endpoint.split(".").first.include?("-")
+                enable_self_signed_jwt = @config.endpoint.nil? ||
+                                         (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                         !@config.endpoint.split(".").first.include?("-"))
                 credentials ||= Credentials.default scope: @config.scope,
                                                     enable_self_signed_jwt: enable_self_signed_jwt
                 if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -138,10 +151,13 @@ module Google
 
                 @key_dashboard_service_stub = ::Gapic::ServiceStub.new(
                   ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Stub,
-                  credentials:  credentials,
-                  endpoint:     @config.endpoint,
+                  credentials: credentials,
+                  endpoint: @config.endpoint,
+                  endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                  universe_domain: @config.universe_domain,
                   channel_args: @config.channel_args,
-                  interceptors: @config.interceptors
+                  interceptors: @config.interceptors,
+                  channel_pool_config: @config.channel_pool
                 )
               end
 
@@ -277,9 +293,9 @@ module Google
               #   end
               #
               # @!attribute [rw] endpoint
-              #   The hostname or hostname:port of the service endpoint.
-              #   Defaults to `"kmsinventory.googleapis.com"`.
-              #   @return [::String]
+              #   A custom service endpoint, as a hostname or hostname:port. The default is
+              #   nil, indicating to use the default endpoint in the current universe domain.
+              #   @return [::String,nil]
               # @!attribute [rw] credentials
               #   Credentials to send with calls. You may provide any of the following types:
               #    *  (`String`) The path to a service account key file in JSON format
@@ -325,13 +341,20 @@ module Google
               # @!attribute [rw] quota_project
               #   A separate project against which to charge quota.
               #   @return [::String]
+              # @!attribute [rw] universe_domain
+              #   The universe domain within which to make requests. This determines the
+              #   default endpoint URL. The default value of nil uses the environment
+              #   universe (usually the default "googleapis.com" universe).
+              #   @return [::String,nil]
               #
               class Configuration
                 extend ::Gapic::Config
 
+                # @private
+                # The endpoint specific to the default "googleapis.com" universe. Deprecated.
                 DEFAULT_ENDPOINT = "kmsinventory.googleapis.com"
 
-                config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+                config_attr :endpoint,      nil, ::String, nil
                 config_attr :credentials,   nil do |value|
                   allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                   allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -346,6 +369,7 @@ module Google
                 config_attr :metadata,      nil, ::Hash, nil
                 config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
                 config_attr :quota_project, nil, ::String, nil
+                config_attr :universe_domain, nil, ::String, nil
 
                 # @private
                 def initialize parent_config = nil
@@ -366,6 +390,14 @@ module Google
                   end
                 end
 
+                ##
+                # Configuration for the channel pool
+                # @return [::Gapic::ServiceStub::ChannelPool::Configuration]
+                #
+                def channel_pool
+                  @channel_pool ||= ::Gapic::ServiceStub::ChannelPool::Configuration.new
+                end
+
                 ##
                 # Configuration RPC class for the KeyDashboardService API.
                 #

data/lib/google/cloud/kms/inventory/v1/key_dashboard_service/rest/client.rb

@@ -33,6 +33,9 @@ module Google
               # Provides a cross-region view of all Cloud KMS keys in a given Cloud project.
               #
               class Client
+                # @private
+                DEFAULT_ENDPOINT_TEMPLATE = "kmsinventory.$UNIVERSE_DOMAIN$"
+
                 include Paths
 
                 # @private
@@ -95,6 +98,15 @@ module Google
                   @config
                 end
 
+                ##
+                # The effective universe domain
+                #
+                # @return [String]
+                #
+                def universe_domain
+                  @key_dashboard_service_stub.universe_domain
+                end
+
                 ##
                 # Create a new KeyDashboardService REST client object.
                 #
@@ -122,8 +134,9 @@ module Google
                   credentials = @config.credentials
                   # Use self-signed JWT if the endpoint is unchanged from default,
                   # but only if the default endpoint does not have a region prefix.
-                  enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                           !@config.endpoint.split(".").first.include?("-")
+                  enable_self_signed_jwt = @config.endpoint.nil? ||
+                                           (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                           !@config.endpoint.split(".").first.include?("-"))
                   credentials ||= Credentials.default scope: @config.scope,
                                                       enable_self_signed_jwt: enable_self_signed_jwt
                   if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -133,7 +146,12 @@ module Google
                   @quota_project_id = @config.quota_project
                   @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
-                  @key_dashboard_service_stub = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
+                  @key_dashboard_service_stub = ::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Rest::ServiceStub.new(
+                    endpoint: @config.endpoint,
+                    endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                    universe_domain: @config.universe_domain,
+                    credentials: credentials
+                  )
                 end
 
                 # Service calls
@@ -175,6 +193,26 @@ module Google
                 # @return [::Gapic::Rest::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>]
                 #
                 # @raise [::Google::Cloud::Error] if the REST call is aborted.
+                #
+                # @example Basic example
+                #   require "google/cloud/kms/inventory/v1"
+                #
+                #   # Create a client object. The client can be reused for multiple calls.
+                #   client = Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Rest::Client.new
+                #
+                #   # Create a request. To set request fields, pass in keyword arguments.
+                #   request = Google::Cloud::Kms::Inventory::V1::ListCryptoKeysRequest.new
+                #
+                #   # Call the list_crypto_keys method.
+                #   result = client.list_crypto_keys request
+                #
+                #   # The returned object is of type Gapic::PagedEnumerable. You can iterate
+                #   # over elements, and API calls will be issued to fetch pages as needed.
+                #   result.each do |item|
+                #     # Each element is of type ::Google::Cloud::Kms::V1::CryptoKey.
+                #     p item
+                #   end
+                #
                 def list_crypto_keys request, options = nil
                   raise ::ArgumentError, "request must be provided" if request.nil?
 
@@ -241,9 +279,9 @@ module Google
                 #   end
                 #
                 # @!attribute [rw] endpoint
-                #   The hostname or hostname:port of the service endpoint.
-                #   Defaults to `"kmsinventory.googleapis.com"`.
-                #   @return [::String]
+                #   A custom service endpoint, as a hostname or hostname:port. The default is
+                #   nil, indicating to use the default endpoint in the current universe domain.
+                #   @return [::String,nil]
                 # @!attribute [rw] credentials
                 #   Credentials to send with calls. You may provide any of the following types:
                 #    *  (`String`) The path to a service account key file in JSON format
@@ -280,13 +318,20 @@ module Google
                 # @!attribute [rw] quota_project
                 #   A separate project against which to charge quota.
                 #   @return [::String]
+                # @!attribute [rw] universe_domain
+                #   The universe domain within which to make requests. This determines the
+                #   default endpoint URL. The default value of nil uses the environment
+                #   universe (usually the default "googleapis.com" universe).
+                #   @return [::String,nil]
                 #
                 class Configuration
                   extend ::Gapic::Config
 
+                  # @private
+                  # The endpoint specific to the default "googleapis.com" universe. Deprecated.
                   DEFAULT_ENDPOINT = "kmsinventory.googleapis.com"
 
-                  config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+                  config_attr :endpoint,      nil, ::String, nil
                   config_attr :credentials,   nil do |value|
                     allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                     allowed.any? { |klass| klass === value }
@@ -298,6 +343,7 @@ module Google
                   config_attr :metadata,      nil, ::Hash, nil
                   config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
                   config_attr :quota_project, nil, ::String, nil
+                  config_attr :universe_domain, nil, ::String, nil
 
                   # @private
                   def initialize parent_config = nil

data/lib/google/cloud/kms/inventory/v1/key_dashboard_service/rest/service_stub.rb

@@ -31,16 +31,28 @@ module Google
               # including transcoding, making the REST call, and deserialing the response.
               #
               class ServiceStub
-                def initialize endpoint:, credentials:
+                def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
                   # These require statements are intentionally placed here to initialize
                   # the REST modules only when it's required.
                   require "gapic/rest"
 
-                  @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint, credentials: credentials,
+                  @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
+                                                               endpoint_template: endpoint_template,
+                                                               universe_domain: universe_domain,
+                                                               credentials: credentials,
                                                                numeric_enums: true,
                                                                raise_faraday_errors: false
                 end
 
+                ##
+                # The effective universe domain
+                #
+                # @return [String]
+                #
+                def universe_domain
+                  @client_stub.universe_domain
+                end
+
                 ##
                 # Baseline implementation for the list_crypto_keys REST call
                 #

data/lib/google/cloud/kms/inventory/v1/key_tracking_service/client.rb

@@ -32,6 +32,9 @@ module Google
             # given Cloud KMS key via CMEK.
             #
             class Client
+              # @private
+              DEFAULT_ENDPOINT_TEMPLATE = "kmsinventory.$UNIVERSE_DOMAIN$"
+
               include Paths
 
               # @private
@@ -96,6 +99,15 @@ module Google
                 @config
               end
 
+              ##
+              # The effective universe domain
+              #
+              # @return [String]
+              #
+              def universe_domain
+                @key_tracking_service_stub.universe_domain
+              end
+
               ##
               # Create a new KeyTrackingService client object.
               #
@@ -129,8 +141,9 @@ module Google
                 credentials = @config.credentials
                 # Use self-signed JWT if the endpoint is unchanged from default,
                 # but only if the default endpoint does not have a region prefix.
-                enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                         !@config.endpoint.split(".").first.include?("-")
+                enable_self_signed_jwt = @config.endpoint.nil? ||
+                                         (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                         !@config.endpoint.split(".").first.include?("-"))
                 credentials ||= Credentials.default scope: @config.scope,
                                                     enable_self_signed_jwt: enable_self_signed_jwt
                 if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -141,10 +154,13 @@ module Google
 
                 @key_tracking_service_stub = ::Gapic::ServiceStub.new(
                   ::Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Stub,
-                  credentials:  credentials,
-                  endpoint:     @config.endpoint,
+                  credentials: credentials,
+                  endpoint: @config.endpoint,
+                  endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                  universe_domain: @config.universe_domain,
                   channel_args: @config.channel_args,
-                  interceptors: @config.interceptors
+                  interceptors: @config.interceptors,
+                  channel_pool_config: @config.channel_pool
                 )
               end
 
@@ -393,9 +409,9 @@ module Google
               #   end
               #
               # @!attribute [rw] endpoint
-              #   The hostname or hostname:port of the service endpoint.
-              #   Defaults to `"kmsinventory.googleapis.com"`.
-              #   @return [::String]
+              #   A custom service endpoint, as a hostname or hostname:port. The default is
+              #   nil, indicating to use the default endpoint in the current universe domain.
+              #   @return [::String,nil]
               # @!attribute [rw] credentials
               #   Credentials to send with calls. You may provide any of the following types:
               #    *  (`String`) The path to a service account key file in JSON format
@@ -441,13 +457,20 @@ module Google
               # @!attribute [rw] quota_project
               #   A separate project against which to charge quota.
               #   @return [::String]
+              # @!attribute [rw] universe_domain
+              #   The universe domain within which to make requests. This determines the
+              #   default endpoint URL. The default value of nil uses the environment
+              #   universe (usually the default "googleapis.com" universe).
+              #   @return [::String,nil]
               #
               class Configuration
                 extend ::Gapic::Config
 
+                # @private
+                # The endpoint specific to the default "googleapis.com" universe. Deprecated.
                 DEFAULT_ENDPOINT = "kmsinventory.googleapis.com"
 
-                config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+                config_attr :endpoint,      nil, ::String, nil
                 config_attr :credentials,   nil do |value|
                   allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                   allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -462,6 +485,7 @@ module Google
                 config_attr :metadata,      nil, ::Hash, nil
                 config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
                 config_attr :quota_project, nil, ::String, nil
+                config_attr :universe_domain, nil, ::String, nil
 
                 # @private
                 def initialize parent_config = nil
@@ -482,6 +506,14 @@ module Google
                   end
                 end
 
+                ##
+                # Configuration for the channel pool
+                # @return [::Gapic::ServiceStub::ChannelPool::Configuration]
+                #
+                def channel_pool
+                  @channel_pool ||= ::Gapic::ServiceStub::ChannelPool::Configuration.new
+                end
+
                 ##
                 # Configuration RPC class for the KeyTrackingService API.
                 #

data/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/client.rb

@@ -34,6 +34,9 @@ module Google
               # given Cloud KMS key via CMEK.
               #
               class Client
+                # @private
+                DEFAULT_ENDPOINT_TEMPLATE = "kmsinventory.$UNIVERSE_DOMAIN$"
+
                 include Paths
 
                 # @private
@@ -98,6 +101,15 @@ module Google
                   @config
                 end
 
+                ##
+                # The effective universe domain
+                #
+                # @return [String]
+                #
+                def universe_domain
+                  @key_tracking_service_stub.universe_domain
+                end
+
                 ##
                 # Create a new KeyTrackingService REST client object.
                 #
@@ -125,8 +137,9 @@ module Google
                   credentials = @config.credentials
                   # Use self-signed JWT if the endpoint is unchanged from default,
                   # but only if the default endpoint does not have a region prefix.
-                  enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                           !@config.endpoint.split(".").first.include?("-")
+                  enable_self_signed_jwt = @config.endpoint.nil? ||
+                                           (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                           !@config.endpoint.split(".").first.include?("-"))
                   credentials ||= Credentials.default scope: @config.scope,
                                                       enable_self_signed_jwt: enable_self_signed_jwt
                   if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -136,7 +149,12 @@ module Google
                   @quota_project_id = @config.quota_project
                   @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
-                  @key_tracking_service_stub = ::Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
+                  @key_tracking_service_stub = ::Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Rest::ServiceStub.new(
+                    endpoint: @config.endpoint,
+                    endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                    universe_domain: @config.universe_domain,
+                    credentials: credentials
+                  )
                 end
 
                 # Service calls
@@ -173,6 +191,22 @@ module Google
                 # @return [::Google::Cloud::Kms::Inventory::V1::ProtectedResourcesSummary]
                 #
                 # @raise [::Google::Cloud::Error] if the REST call is aborted.
+                #
+                # @example Basic example
+                #   require "google/cloud/kms/inventory/v1"
+                #
+                #   # Create a client object. The client can be reused for multiple calls.
+                #   client = Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Rest::Client.new
+                #
+                #   # Create a request. To set request fields, pass in keyword arguments.
+                #   request = Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new
+                #
+                #   # Call the get_protected_resources_summary method.
+                #   result = client.get_protected_resources_summary request
+                #
+                #   # The returned object is of type Google::Cloud::Kms::Inventory::V1::ProtectedResourcesSummary.
+                #   p result
+                #
                 def get_protected_resources_summary request, options = nil
                   raise ::ArgumentError, "request must be provided" if request.nil?
 
@@ -268,6 +302,26 @@ module Google
                 # @return [::Gapic::Rest::PagedEnumerable<::Google::Cloud::Kms::Inventory::V1::ProtectedResource>]
                 #
                 # @raise [::Google::Cloud::Error] if the REST call is aborted.
+                #
+                # @example Basic example
+                #   require "google/cloud/kms/inventory/v1"
+                #
+                #   # Create a client object. The client can be reused for multiple calls.
+                #   client = Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Rest::Client.new
+                #
+                #   # Create a request. To set request fields, pass in keyword arguments.
+                #   request = Google::Cloud::Kms::Inventory::V1::SearchProtectedResourcesRequest.new
+                #
+                #   # Call the search_protected_resources method.
+                #   result = client.search_protected_resources request
+                #
+                #   # The returned object is of type Gapic::PagedEnumerable. You can iterate
+                #   # over elements, and API calls will be issued to fetch pages as needed.
+                #   result.each do |item|
+                #     # Each element is of type ::Google::Cloud::Kms::Inventory::V1::ProtectedResource.
+                #     p item
+                #   end
+                #
                 def search_protected_resources request, options = nil
                   raise ::ArgumentError, "request must be provided" if request.nil?
 
@@ -334,9 +388,9 @@ module Google
                 #   end
                 #
                 # @!attribute [rw] endpoint
-                #   The hostname or hostname:port of the service endpoint.
-                #   Defaults to `"kmsinventory.googleapis.com"`.
-                #   @return [::String]
+                #   A custom service endpoint, as a hostname or hostname:port. The default is
+                #   nil, indicating to use the default endpoint in the current universe domain.
+                #   @return [::String,nil]
                 # @!attribute [rw] credentials
                 #   Credentials to send with calls. You may provide any of the following types:
                 #    *  (`String`) The path to a service account key file in JSON format
@@ -373,13 +427,20 @@ module Google
                 # @!attribute [rw] quota_project
                 #   A separate project against which to charge quota.
                 #   @return [::String]
+                # @!attribute [rw] universe_domain
+                #   The universe domain within which to make requests. This determines the
+                #   default endpoint URL. The default value of nil uses the environment
+                #   universe (usually the default "googleapis.com" universe).
+                #   @return [::String,nil]
                 #
                 class Configuration
                   extend ::Gapic::Config
 
+                  # @private
+                  # The endpoint specific to the default "googleapis.com" universe. Deprecated.
                   DEFAULT_ENDPOINT = "kmsinventory.googleapis.com"
 
-                  config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+                  config_attr :endpoint,      nil, ::String, nil
                   config_attr :credentials,   nil do |value|
                     allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                     allowed.any? { |klass| klass === value }
@@ -391,6 +452,7 @@ module Google
                   config_attr :metadata,      nil, ::Hash, nil
                   config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
                   config_attr :quota_project, nil, ::String, nil
+                  config_attr :universe_domain, nil, ::String, nil
 
                   # @private
                   def initialize parent_config = nil

data/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/service_stub.rb

@@ -31,16 +31,28 @@ module Google
               # including transcoding, making the REST call, and deserialing the response.
               #
               class ServiceStub
-                def initialize endpoint:, credentials:
+                def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
                   # These require statements are intentionally placed here to initialize
                   # the REST modules only when it's required.
                   require "gapic/rest"
 
-                  @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint, credentials: credentials,
+                  @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
+                                                               endpoint_template: endpoint_template,
+                                                               universe_domain: universe_domain,
+                                                               credentials: credentials,
                                                                numeric_enums: true,
                                                                raise_faraday_errors: false
                 end
 
+                ##
+                # The effective universe domain
+                #
+                # @return [String]
+                #
+                def universe_domain
+                  @client_stub.universe_domain
+                end
+
                 ##
                 # Baseline implementation for the get_protected_resources_summary REST call
                 #

data/lib/google/cloud/kms/inventory/v1/version.rb

@@ -22,7 +22,7 @@ module Google
     module Kms
       module Inventory
         module V1
-          VERSION = "0.6.1"
+          VERSION = "0.8.0"
         end
       end
     end

data/proto_docs/google/api/client.rb

@@ -21,6 +21,7 @@ module Google
   module Api
     # Required information for every language.
     # @!attribute [rw] reference_docs_uri
+    #   @deprecated This field is deprecated and may be removed in the next major version update.
     #   @return [::String]
     #     Link to automatically generated reference documentation.  Example:
     #     https://cloud.google.com/nodejs/docs/reference/asset/latest
@@ -304,6 +305,19 @@ module Google
     #                seconds: 360 # 6 minutes
     #              total_poll_timeout:
     #                 seconds: 54000 # 90 minutes
+    # @!attribute [rw] auto_populated_fields
+    #   @return [::Array<::String>]
+    #     List of top-level fields of the request message, that should be
+    #     automatically populated by the client libraries based on their
+    #     (google.api.field_info).format. Currently supported format: UUID4.
+    #
+    #     Example of a YAML configuration:
+    #
+    #      publishing:
+    #        method_settings:
+    #          - selector: google.example.v1.ExampleService.CreateExample
+    #            auto_populated_fields:
+    #            - request_id
     class MethodSettings
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/api/field_behavior.rb

@@ -66,6 +66,20 @@ module Google
       # a non-empty value will be returned. The user will not be aware of what
       # non-empty value to expect.
       NON_EMPTY_DEFAULT = 7
+
+      # Denotes that the field in a resource (a message annotated with
+      # google.api.resource) is used in the resource name to uniquely identify the
+      # resource. For AIP-compliant APIs, this should only be applied to the
+      # `name` field on the resource.
+      #
+      # This behavior should not be applied to references to other resources within
+      # the message.
+      #
+      # The identifier field of resources often have different field behavior
+      # depending on the request it is embedded in (e.g. for Create methods name
+      # is optional and unused, while for Update methods it is required). Instead
+      # of method-specific annotations, only `IDENTIFIER` is required.
+      IDENTIFIER = 8
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-kms-inventory-v1
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-04 00:00:00.000000000 Z
+date: 2024-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.19.1
+        version: 0.21.1
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.19.1
+        version: 0.21.1
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -241,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.2
+rubygems_version: 3.5.3
 signing_key: 
 specification_version: 4
 summary: API Client library for the KMS Inventory V1 API