google-cloud-kms-v1 0.13.0 → 0.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f10686db80a964240043f203dded6a9074650cf7f3653cb737c3d3b89f5009b
-  data.tar.gz: 9475c9e13b2d034a930443788b4b21cb5219912ec3df417b173dbc2b0fc40a77
+  metadata.gz: b97af8383dd8f5fe6af2b2c709d433be4f6fc494f3af192186ab3f175ef0dc01
+  data.tar.gz: 82b337641b4c0f579971797f901b82db52ad268ca6f8429b3a66cf0aa3b92332
 SHA512:
-  metadata.gz: 036c2b4564f29cc9f45b284811a19bf320d97d16749869f37fb4f773b412b7d1f9cd8d8f20d725de658b0bac229e76106d14a77d4a35056c06fdf603cf5b6342
-  data.tar.gz: ed3f825d6e63158921be8774fffdd52180758a6b725a28ea98bcd4909c001ec9f57d64f7803985e99216cfb25d1ad48c1d8fe21ef3c75dc81c001e601e38a2c2
+  metadata.gz: 54f4de5518f911b9c5b076c96297b5d1f9ca5884019d5209afabcaa6d40d5add4c5492b0a50578186514fe1b6e7b60521c2145bb9302339bc8ea379bc877a7cc
+  data.tar.gz: a3ec3fdf9aadd418993c548d30527c7716b5e1e9e4adc9eff0e344448d93eeb4288c770bc7c1d73117e551cdba4dfae82d926a4c453c82b7c67b7e9082ef3a10

data/AUTHENTICATION.md

@@ -114,7 +114,7 @@ credentials are discovered.
 To configure your system for this, simply:
 
 1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth login`
+2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
 3. Write code as if already authenticated.
 
 **NOTE:** This is _not_ recommended for running in production. The Cloud SDK

data/lib/google/cloud/kms/v1/_helpers.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Legacy IAM Policy client
+# No longer generated, but kept around for backward compatibility.
+require "google/cloud/kms/v1/iam_policy"

data/lib/google/cloud/kms/v1/ekm_service/client.rb

@@ -18,6 +18,8 @@
 
 require "google/cloud/errors"
 require "google/cloud/kms/v1/ekm_service_pb"
+require "google/cloud/location"
+require "google/iam/v1"
 
 module Google
   module Cloud
@@ -157,6 +159,18 @@ module Google
               @quota_project_id = @config.quota_project
               @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
+              @location_client = Google::Cloud::Location::Locations::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
+              @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
               @ekm_service_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::Kms::V1::EkmService::Stub,
                 credentials:  credentials,
@@ -166,6 +180,20 @@ module Google
               )
             end
 
+            ##
+            # Get the associated client for mix-in of the Locations.
+            #
+            # @return [Google::Cloud::Location::Locations::Client]
+            #
+            attr_reader :location_client
+
+            ##
+            # Get the associated client for mix-in of the IAMPolicy.
+            #
+            # @return [Google::Iam::V1::IAMPolicy::Client]
+            #
+            attr_reader :iam_policy_client
+
             # Service calls
 
             ##

data/lib/google/cloud/kms/v1/iam_policy/client.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+# Originally auto-generated by gapic-generator-ruby.
 
 require "google/cloud/errors"
 require "google/iam/v1/iam_policy_pb"
@@ -25,56 +25,18 @@ module Google
       module V1
         module IAMPolicy
           ##
-          # Client for the IAMPolicy service.
+          # Legacy IAM Policy client class.
           #
-          # API Overview
-          #
-          #
-          # Manages Identity and Access Management (IAM) policies.
-          #
-          # Any implementation of an API that offers access control features
-          # implements the google.iam.v1.IAMPolicy interface.
-          #
-          # ## Data model
-          #
-          # Access control is applied when a principal (user or service account), takes
-          # some action on a resource exposed by a service. Resources, identified by
-          # URI-like names, are the unit of access control specification. Service
-          # implementations can choose the granularity of access control and the
-          # supported permissions for their resources.
-          # For example one database service may allow access control to be
-          # specified only at the Table level, whereas another might allow access control
-          # to also be specified at the Column level.
-          #
-          # ## Policy Structure
-          #
-          # See google.iam.v1.Policy
-          #
-          # This is intentionally not a CRUD style API because access control policies
-          # are created and deleted implicitly with the resources to which they are
-          # attached.
+          # @deprecated Call `iam_policy_client` on any of the other client
+          #     objects to get a client for IAM policies instead of using this
+          #     legacy class.
           #
           class Client
             # @private
             attr_reader :iam_policy_stub
 
             ##
-            # Configure the IAMPolicy Client class.
-            #
-            # See {::Google::Cloud::Kms::V1::IAMPolicy::Client::Configuration}
-            # for a description of the configuration fields.
-            #
-            # @example
-            #
-            #   # Modify the configuration for all IAMPolicy clients
-            #   ::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
-            #     config.timeout = 10.0
-            #   end
-            #
-            # @yield [config] Configure the Client client.
-            # @yieldparam config [Client::Configuration]
-            #
-            # @return [Client::Configuration]
+            # @deprecated
             #
             def self.configure
               @configure ||= begin
@@ -94,19 +56,7 @@ module Google
             end
 
             ##
-            # Configure the IAMPolicy Client instance.
-            #
-            # The configuration is set to the derived mode, meaning that values can be changed,
-            # but structural changes (adding new fields, etc.) are not allowed. Structural changes
-            # should be made on {Client.configure}.
-            #
-            # See {::Google::Cloud::Kms::V1::IAMPolicy::Client::Configuration}
-            # for a description of the configuration fields.
-            #
-            # @yield [config] Configure the Client client.
-            # @yieldparam config [Client::Configuration]
-            #
-            # @return [Client::Configuration]
+            # @deprecated
             #
             def configure
               yield @config if block_given?
@@ -114,20 +64,7 @@ module Google
             end
 
             ##
-            # Create a new IAMPolicy client object.
-            #
-            # @example
-            #
-            #   # Create a client using the default configuration
-            #   client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new
-            #
-            #   # Create a client using a custom configuration
-            #   client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
-            #     config.timeout = 10.0
-            #   end
-            #
-            # @yield [config] Configure the IAMPolicy client.
-            # @yieldparam config [Client::Configuration]
+            # @deprecated
             #
             def initialize
               # These require statements are intentionally placed here to initialize
@@ -165,66 +102,8 @@ module Google
               )
             end
 
-            # Service calls
-
             ##
-            # Sets the access control policy on the specified resource. Replaces any
-            # existing policy.
-            #
-            # Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
-            #
-            # @overload set_iam_policy(request, options = nil)
-            #   Pass arguments to `set_iam_policy` via a request object, either of type
-            #   {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
-            #     A request object representing the call parameters. Required. To specify no
-            #     parameters, or to keep all the default parameter values, pass an empty Hash.
-            #   @param options [::Gapic::CallOptions, ::Hash]
-            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
-            #
-            # @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
-            #   Pass arguments to `set_iam_policy` via keyword arguments. Note that at
-            #   least one keyword argument is required. To specify no parameters, or to keep all
-            #   the default parameter values, pass an empty Hash as a request object (see above).
-            #
-            #   @param resource [::String]
-            #     REQUIRED: The resource for which the policy is being specified.
-            #     See the operation documentation for the appropriate value for this field.
-            #   @param policy [::Google::Iam::V1::Policy, ::Hash]
-            #     REQUIRED: The complete policy to be applied to the `resource`. The size of
-            #     the policy is limited to a few 10s of KB. An empty policy is a
-            #     valid policy but certain Cloud Platform services (such as Projects)
-            #     might reject them.
-            #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
-            #     OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
-            #     the fields in the mask will be modified. If no mask is provided, the
-            #     following default mask is used:
-            #
-            #     `paths: "bindings, etag"`
-            #
-            # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Iam::V1::Policy]
-            # @yieldparam operation [::GRPC::ActiveCall::Operation]
-            #
-            # @return [::Google::Iam::V1::Policy]
-            #
-            # @raise [::Google::Cloud::Error] if the RPC is aborted.
-            #
-            # @example Basic example
-            #   require "google/iam/v1"
-            #
-            #   # Create a client object. The client can be reused for multiple calls.
-            #   client = Google::Cloud::Kms::V1::IAMPolicy::Client.new
-            #
-            #   # Create a request. To set request fields, pass in keyword arguments.
-            #   request = Google::Iam::V1::SetIamPolicyRequest.new
-            #
-            #   # Call the set_iam_policy method.
-            #   result = client.set_iam_policy request
-            #
-            #   # The returned object is of type Google::Iam::V1::Policy.
-            #   p result
+            # @deprecated
             #
             def set_iam_policy request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
@@ -268,54 +147,7 @@ module Google
             end
 
             ##
-            # Gets the access control policy for a resource.
-            # Returns an empty policy if the resource exists and does not have a policy
-            # set.
-            #
-            # @overload get_iam_policy(request, options = nil)
-            #   Pass arguments to `get_iam_policy` via a request object, either of type
-            #   {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
-            #     A request object representing the call parameters. Required. To specify no
-            #     parameters, or to keep all the default parameter values, pass an empty Hash.
-            #   @param options [::Gapic::CallOptions, ::Hash]
-            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
-            #
-            # @overload get_iam_policy(resource: nil, options: nil)
-            #   Pass arguments to `get_iam_policy` via keyword arguments. Note that at
-            #   least one keyword argument is required. To specify no parameters, or to keep all
-            #   the default parameter values, pass an empty Hash as a request object (see above).
-            #
-            #   @param resource [::String]
-            #     REQUIRED: The resource for which the policy is being requested.
-            #     See the operation documentation for the appropriate value for this field.
-            #   @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
-            #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
-            #     `GetIamPolicy`.
-            #
-            # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Iam::V1::Policy]
-            # @yieldparam operation [::GRPC::ActiveCall::Operation]
-            #
-            # @return [::Google::Iam::V1::Policy]
-            #
-            # @raise [::Google::Cloud::Error] if the RPC is aborted.
-            #
-            # @example Basic example
-            #   require "google/iam/v1"
-            #
-            #   # Create a client object. The client can be reused for multiple calls.
-            #   client = Google::Cloud::Kms::V1::IAMPolicy::Client.new
-            #
-            #   # Create a request. To set request fields, pass in keyword arguments.
-            #   request = Google::Iam::V1::GetIamPolicyRequest.new
-            #
-            #   # Call the get_iam_policy method.
-            #   result = client.get_iam_policy request
-            #
-            #   # The returned object is of type Google::Iam::V1::Policy.
-            #   p result
+            # @deprecated
             #
             def get_iam_policy request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
@@ -359,60 +191,7 @@ module Google
             end
 
             ##
-            # Returns permissions that a caller has on the specified resource.
-            # If the resource does not exist, this will return an empty set of
-            # permissions, not a `NOT_FOUND` error.
-            #
-            # Note: This operation is designed to be used for building permission-aware
-            # UIs and command-line tools, not for authorization checking. This operation
-            # may "fail open" without warning.
-            #
-            # @overload test_iam_permissions(request, options = nil)
-            #   Pass arguments to `test_iam_permissions` via a request object, either of type
-            #   {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
-            #     A request object representing the call parameters. Required. To specify no
-            #     parameters, or to keep all the default parameter values, pass an empty Hash.
-            #   @param options [::Gapic::CallOptions, ::Hash]
-            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
-            #
-            # @overload test_iam_permissions(resource: nil, permissions: nil)
-            #   Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
-            #   least one keyword argument is required. To specify no parameters, or to keep all
-            #   the default parameter values, pass an empty Hash as a request object (see above).
-            #
-            #   @param resource [::String]
-            #     REQUIRED: The resource for which the policy detail is being requested.
-            #     See the operation documentation for the appropriate value for this field.
-            #   @param permissions [::Array<::String>]
-            #     The set of permissions to check for the `resource`. Permissions with
-            #     wildcards (such as '*' or 'storage.*') are not allowed. For more
-            #     information see
-            #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
-            #
-            # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
-            # @yieldparam operation [::GRPC::ActiveCall::Operation]
-            #
-            # @return [::Google::Iam::V1::TestIamPermissionsResponse]
-            #
-            # @raise [::Google::Cloud::Error] if the RPC is aborted.
-            #
-            # @example Basic example
-            #   require "google/iam/v1"
-            #
-            #   # Create a client object. The client can be reused for multiple calls.
-            #   client = Google::Cloud::Kms::V1::IAMPolicy::Client.new
-            #
-            #   # Create a request. To set request fields, pass in keyword arguments.
-            #   request = Google::Iam::V1::TestIamPermissionsRequest.new
-            #
-            #   # Call the test_iam_permissions method.
-            #   result = client.test_iam_permissions request
-            #
-            #   # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
-            #   p result
+            # @deprecated
             #
             def test_iam_permissions request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
@@ -456,83 +235,9 @@ module Google
             end
 
             ##
-            # Configuration class for the IAMPolicy API.
-            #
-            # This class represents the configuration for IAMPolicy,
-            # providing control over timeouts, retry behavior, logging, transport
-            # parameters, and other low-level controls. Certain parameters can also be
-            # applied individually to specific RPCs. See
-            # {::Google::Cloud::Kms::V1::IAMPolicy::Client::Configuration::Rpcs}
-            # for a list of RPCs that can be configured independently.
-            #
-            # Configuration can be applied globally to all clients, or to a single client
-            # on construction.
-            #
-            # @example
-            #
-            #   # Modify the global config, setting the timeout for
-            #   # set_iam_policy to 20 seconds,
-            #   # and all remaining timeouts to 10 seconds.
-            #   ::Google::Cloud::Kms::V1::IAMPolicy::Client.configure do |config|
-            #     config.timeout = 10.0
-            #     config.rpcs.set_iam_policy.timeout = 20.0
-            #   end
-            #
-            #   # Apply the above configuration only to a new client.
-            #   client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new do |config|
-            #     config.timeout = 10.0
-            #     config.rpcs.set_iam_policy.timeout = 20.0
-            #   end
-            #
-            # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"cloudkms.googleapis.com"`.
-            #   @return [::String]
-            # @!attribute [rw] credentials
-            #   Credentials to send with calls. You may provide any of the following types:
-            #    *  (`String`) The path to a service account key file in JSON format
-            #    *  (`Hash`) A service account key as a Hash
-            #    *  (`Google::Auth::Credentials`) A googleauth credentials object
-            #       (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
-            #    *  (`Signet::OAuth2::Client`) A signet oauth2 client object
-            #       (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
-            #    *  (`GRPC::Core::Channel`) a gRPC channel with included credentials
-            #    *  (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
-            #    *  (`nil`) indicating no credentials
-            #   @return [::Object]
-            # @!attribute [rw] scope
-            #   The OAuth scopes
-            #   @return [::Array<::String>]
-            # @!attribute [rw] lib_name
-            #   The library name as recorded in instrumentation and logging
-            #   @return [::String]
-            # @!attribute [rw] lib_version
-            #   The library version as recorded in instrumentation and logging
-            #   @return [::String]
-            # @!attribute [rw] channel_args
-            #   Extra parameters passed to the gRPC channel. Note: this is ignored if a
-            #   `GRPC::Core::Channel` object is provided as the credential.
-            #   @return [::Hash]
-            # @!attribute [rw] interceptors
-            #   An array of interceptors that are run before calls are executed.
-            #   @return [::Array<::GRPC::ClientInterceptor>]
-            # @!attribute [rw] timeout
-            #   The call timeout in seconds.
-            #   @return [::Numeric]
-            # @!attribute [rw] metadata
-            #   Additional gRPC headers to be sent with the call.
-            #   @return [::Hash{::Symbol=>::String}]
-            # @!attribute [rw] retry_policy
-            #   The retry policy. The value is a hash with the following keys:
-            #    *  `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
-            #    *  `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
-            #    *  `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
-            #    *  `:retry_codes` (*type:* `Array<String>`) - The error codes that should
-            #       trigger a retry.
-            #   @return [::Hash]
-            # @!attribute [rw] quota_project
-            #   A separate project against which to charge quota.
-            #   @return [::String]
+            # @deprecated Call `iam_policy_client` on any of the other client
+            #     objects to get a client for IAM policies instead of using this
+            #     legacy class.
             #
             class Configuration
               extend ::Gapic::Config
@@ -561,8 +266,7 @@ module Google
               end
 
               ##
-              # Configurations for individual RPCs
-              # @return [Rpcs]
+              # @deprecated
               #
               def rpcs
                 @rpcs ||= begin
@@ -573,36 +277,21 @@ module Google
               end
 
               ##
-              # Configuration RPC class for the IAMPolicy API.
-              #
-              # Includes fields providing the configuration for each RPC in this service.
-              # Each configuration object is of type `Gapic::Config::Method` and includes
-              # the following configuration fields:
-              #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
-              #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
-              #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
-              #     include the following keys:
-              #      *  `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
-              #      *  `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
-              #      *  `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
-              #      *  `:retry_codes` (*type:* `Array<String>`) - The error codes that should
-              #         trigger a retry.
+              # @deprecated Call `iam_policy_client` on any of the other client
+              #     objects to get a client for IAM policies instead of using this
+              #     legacy class.
               #
               class Rpcs
                 ##
-                # RPC-specific configuration for `set_iam_policy`
-                # @return [::Gapic::Config::Method]
+                # @deprecated
                 #
                 attr_reader :set_iam_policy
                 ##
-                # RPC-specific configuration for `get_iam_policy`
-                # @return [::Gapic::Config::Method]
+                # @deprecated
                 #
                 attr_reader :get_iam_policy
                 ##
-                # RPC-specific configuration for `test_iam_permissions`
-                # @return [::Gapic::Config::Method]
+                # @deprecated
                 #
                 attr_reader :test_iam_permissions
 

data/lib/google/cloud/kms/v1/iam_policy/credentials.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+# Originally auto-generated by gapic-generator-ruby.
 
 require "googleauth"
 
@@ -23,7 +23,11 @@ module Google
     module Kms
       module V1
         module IAMPolicy
-          # Credentials for the IAMPolicy API.
+          ##
+          # @deprecated Call `iam_policy_client` on any of the other client
+          #     objects to get a client for IAM policies instead of using this
+          #     legacy class.
+          #
           class Credentials < ::Google::Auth::Credentials
             self.scope = [
               "https://www.googleapis.com/auth/cloud-platform",

data/lib/google/cloud/kms/v1/iam_policy.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+# Originally auto-generated by gapic-generator-ruby.
 
 require "gapic/common"
 require "gapic/config"
@@ -30,37 +30,11 @@ module Google
     module Kms
       module V1
         ##
-        # API Overview
+        # This module contains the legacy IAM Policy client.
         #
-        #
-        # Manages Identity and Access Management (IAM) policies.
-        #
-        # Any implementation of an API that offers access control features
-        # implements the google.iam.v1.IAMPolicy interface.
-        #
-        # ## Data model
-        #
-        # Access control is applied when a principal (user or service account), takes
-        # some action on a resource exposed by a service. Resources, identified by
-        # URI-like names, are the unit of access control specification. Service
-        # implementations can choose the granularity of access control and the
-        # supported permissions for their resources.
-        # For example one database service may allow access control to be
-        # specified only at the Table level, whereas another might allow access control
-        # to also be specified at the Column level.
-        #
-        # ## Policy Structure
-        #
-        # See google.iam.v1.Policy
-        #
-        # This is intentionally not a CRUD style API because access control policies
-        # are created and deleted implicitly with the resources to which they are
-        # attached.
-        #
-        # To load this service and instantiate a client:
-        #
-        #     require "google/cloud/kms/v1/iam_policy"
-        #     client = ::Google::Cloud::Kms::V1::IAMPolicy::Client.new
+        # @deprecated Call `iam_policy_client` on any of the other client
+        #     objects to get a client for IAM policies instead of using this
+        #     legacy class.
         #
         module IAMPolicy
         end

data/lib/google/cloud/kms/v1/key_management_service/client.rb

@@ -18,6 +18,8 @@
 
 require "google/cloud/errors"
 require "google/cloud/kms/v1/service_pb"
+require "google/cloud/location"
+require "google/iam/v1"
 
 module Google
   module Cloud
@@ -268,6 +270,18 @@ module Google
               @quota_project_id = @config.quota_project
               @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
+              @location_client = Google::Cloud::Location::Locations::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
+              @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
               @key_management_service_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::Kms::V1::KeyManagementService::Stub,
                 credentials:  credentials,
@@ -277,6 +291,20 @@ module Google
               )
             end
 
+            ##
+            # Get the associated client for mix-in of the Locations.
+            #
+            # @return [Google::Cloud::Location::Locations::Client]
+            #
+            attr_reader :location_client
+
+            ##
+            # Get the associated client for mix-in of the IAMPolicy.
+            #
+            # @return [Google::Iam::V1::IAMPolicy::Client]
+            #
+            attr_reader :iam_policy_client
+
             # Service calls
 
             ##

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.13.0"
+        VERSION = "0.14.0"
       end
     end
   end

data/lib/google/cloud/kms/v1.rb

@@ -18,7 +18,6 @@
 
 require "google/cloud/kms/v1/ekm_service"
 require "google/cloud/kms/v1/key_management_service"
-require "google/cloud/kms/v1/iam_policy"
 require "google/cloud/kms/v1/version"
 
 module Google