google-cloud-kms-v1 0.23.0 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +72 -101
- data/lib/google/cloud/kms/v1/ekm_service/client.rb +33 -8
- data/lib/google/cloud/kms/v1/ekm_service/rest/client.rb +35 -7
- data/lib/google/cloud/kms/v1/ekm_service/rest/service_stub.rb +14 -2
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +33 -8
- data/lib/google/cloud/kms/v1/key_management_service/rest/client.rb +35 -7
- data/lib/google/cloud/kms/v1/key_management_service/rest/service_stub.rb +14 -2
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/api/client.rb +14 -0
- metadata +9 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 46458a370e0175da33a29482148e636d1ad205de51d1471a9fa834edc85cbfe2
|
|
4
|
+
data.tar.gz: 907a5b9a017e847947414d7055494a8f3ddbe22f2bda1aa642ed3e901a6d63b7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5b311bb7ab84b06fac52573a5ac063d7e2bf670e275cf184874946100b8b35cf8566952323121d391f7f8d69962400346456d3c8b42285ef42f2428ca9b68af
|
|
7
|
+
data.tar.gz: 173544f00c0073d38d484faf14563629bd926623f8cd9353ae7ba624b2cc91cdf377641820ae45a98a3c76e880592b0120bed7161872d17e2f0259b511439c82
|
data/AUTHENTICATION.md
CHANGED
|
@@ -1,151 +1,122 @@
|
|
|
1
1
|
# Authentication
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
[
|
|
5
|
-
|
|
6
|
-
[Google Cloud Platform environments](#google-cloud-platform-environments) the
|
|
7
|
-
credentials will be discovered automatically. When running on other
|
|
8
|
-
environments, the Service Account credentials can be specified by providing the
|
|
9
|
-
path to the
|
|
10
|
-
[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
|
|
11
|
-
for the account (or the JSON itself) in
|
|
12
|
-
[environment variables](#environment-variables). Additionally, Cloud SDK
|
|
13
|
-
credentials can also be discovered automatically, but this is only recommended
|
|
14
|
-
during development.
|
|
3
|
+
The recommended way to authenticate to the google-cloud-kms-v1 library is to use
|
|
4
|
+
[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
|
|
5
|
+
To review all of your authentication options, see [Credentials lookup](#credential-lookup).
|
|
15
6
|
|
|
16
7
|
## Quickstart
|
|
17
8
|
|
|
18
|
-
|
|
19
|
-
|
|
9
|
+
The following example shows how to set up authentication for a local development
|
|
10
|
+
environment with your user credentials.
|
|
20
11
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
```
|
|
24
|
-
|
|
25
|
-
3. Initialize the client.
|
|
12
|
+
**NOTE:** This method is _not_ recommended for running in production. User credentials
|
|
13
|
+
should be used only during development.
|
|
26
14
|
|
|
27
|
-
|
|
28
|
-
|
|
15
|
+
1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
|
|
16
|
+
2. Set up a local ADC file with your user credentials:
|
|
29
17
|
|
|
30
|
-
|
|
18
|
+
```sh
|
|
19
|
+
gcloud auth application-default login
|
|
31
20
|
```
|
|
32
21
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
The google-cloud-kms-v1 library aims to make authentication
|
|
36
|
-
as simple as possible, and provides several mechanisms to configure your system
|
|
37
|
-
without requiring **Service Account Credentials** directly in code.
|
|
38
|
-
|
|
39
|
-
**Credentials** are discovered in the following order:
|
|
40
|
-
|
|
41
|
-
1. Specify credentials in method arguments
|
|
42
|
-
2. Specify credentials in configuration
|
|
43
|
-
3. Discover credentials path in environment variables
|
|
44
|
-
4. Discover credentials JSON in environment variables
|
|
45
|
-
5. Discover credentials file in the Cloud SDK's path
|
|
46
|
-
6. Discover GCP credentials
|
|
47
|
-
|
|
48
|
-
### Google Cloud Platform environments
|
|
22
|
+
3. Write code as if already authenticated.
|
|
49
23
|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
|
|
53
|
-
Code should be written as if already authenticated.
|
|
24
|
+
For more information about setting up authentication for a local development environment, see
|
|
25
|
+
[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
|
|
54
26
|
|
|
55
|
-
|
|
27
|
+
## Credential Lookup
|
|
56
28
|
|
|
57
|
-
The
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
**Credentials JSON** file can be stored in the environment variable, or the
|
|
62
|
-
**Credentials JSON** itself can be stored for environments such as Docker
|
|
63
|
-
containers where writing files is difficult or not encouraged.
|
|
29
|
+
The google-cloud-kms-v1 library provides several mechanisms to configure your system.
|
|
30
|
+
Generally, using Application Default Credentials to facilitate automatic
|
|
31
|
+
credentials discovery is the easist method. But if you need to explicitly specify
|
|
32
|
+
credentials, there are several methods available to you.
|
|
64
33
|
|
|
65
|
-
|
|
66
|
-
checks for credentials are configured on the service Credentials class (such as
|
|
67
|
-
{::Google::Cloud::Kms::V1::EkmService::Credentials}):
|
|
34
|
+
Credentials are accepted in the following ways, in the following order or precedence:
|
|
68
35
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
36
|
+
1. Credentials specified in method arguments
|
|
37
|
+
2. Credentials specified in configuration
|
|
38
|
+
3. Credentials pointed to or included in environment variables
|
|
39
|
+
4. Credentials found in local ADC file
|
|
40
|
+
5. Credentials returned by the metadata server for the attached service account (GCP)
|
|
74
41
|
|
|
75
|
-
|
|
76
|
-
require "google/cloud/kms/v1"
|
|
77
|
-
|
|
78
|
-
ENV["KMS_CREDENTIALS"] = "path/to/keyfile.json"
|
|
42
|
+
### Configuration
|
|
79
43
|
|
|
80
|
-
client
|
|
81
|
-
|
|
44
|
+
You can configure a path to a JSON credentials file, either for an individual client object or
|
|
45
|
+
globally, for all client objects. The JSON file can contain credentials created for
|
|
46
|
+
[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
|
|
47
|
+
[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
|
|
48
|
+
[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
|
|
82
49
|
|
|
83
|
-
|
|
50
|
+
Note: Service account keys are a security risk if not managed correctly. You should
|
|
51
|
+
[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
|
|
52
|
+
whenever possible.
|
|
84
53
|
|
|
85
|
-
|
|
86
|
-
it in an environment variable. Either on an individual client initialization:
|
|
54
|
+
To configure a credentials file for an individual client initialization:
|
|
87
55
|
|
|
88
56
|
```ruby
|
|
89
57
|
require "google/cloud/kms/v1"
|
|
90
58
|
|
|
91
59
|
client = ::Google::Cloud::Kms::V1::EkmService::Client.new do |config|
|
|
92
|
-
config.credentials = "path/to/
|
|
60
|
+
config.credentials = "path/to/credentialfile.json"
|
|
93
61
|
end
|
|
94
62
|
```
|
|
95
63
|
|
|
96
|
-
|
|
64
|
+
To configure a credentials file globally for all clients:
|
|
97
65
|
|
|
98
66
|
```ruby
|
|
99
67
|
require "google/cloud/kms/v1"
|
|
100
68
|
|
|
101
69
|
::Google::Cloud::Kms::V1::EkmService::Client.configure do |config|
|
|
102
|
-
config.credentials = "path/to/
|
|
70
|
+
config.credentials = "path/to/credentialfile.json"
|
|
103
71
|
end
|
|
104
72
|
|
|
105
73
|
client = ::Google::Cloud::Kms::V1::EkmService::Client.new
|
|
106
74
|
```
|
|
107
75
|
|
|
108
|
-
###
|
|
76
|
+
### Environment Variables
|
|
109
77
|
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
78
|
+
You can also use an environment variable to provide a JSON credentials file.
|
|
79
|
+
The environment variable can contain a path to the credentials file or, for
|
|
80
|
+
environments such as Docker containers where writing files is not encouraged,
|
|
81
|
+
you can include the credentials file itself.
|
|
113
82
|
|
|
114
|
-
|
|
83
|
+
The JSON file can contain credentials created for
|
|
84
|
+
[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
|
|
85
|
+
[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
|
|
86
|
+
[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
|
|
115
87
|
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
88
|
+
Note: Service account keys are a security risk if not managed correctly. You should
|
|
89
|
+
[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
|
|
90
|
+
whenever possible.
|
|
91
|
+
|
|
92
|
+
The environment variables that google-cloud-kms-v1
|
|
93
|
+
checks for credentials are:
|
|
119
94
|
|
|
120
|
-
|
|
121
|
-
*
|
|
95
|
+
* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
96
|
+
* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
|
|
122
97
|
|
|
123
|
-
|
|
98
|
+
```ruby
|
|
99
|
+
require "google/cloud/kms/v1"
|
|
124
100
|
|
|
125
|
-
|
|
126
|
-
connect to the APIs. You will use the **JSON key file** to
|
|
127
|
-
connect to most services with google-cloud-kms-v1.
|
|
101
|
+
ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
|
|
128
102
|
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
need a Google Developers service account.
|
|
103
|
+
client = ::Google::Cloud::Kms::V1::EkmService::Client.new
|
|
104
|
+
```
|
|
132
105
|
|
|
133
|
-
|
|
134
|
-
2. Create a new project or click on an existing project.
|
|
135
|
-
3. Activate the menu in the upper left and select **APIs & Services**. From
|
|
136
|
-
here, you will enable the APIs that your application requires.
|
|
106
|
+
### Local ADC file
|
|
137
107
|
|
|
138
|
-
|
|
108
|
+
You can set up a local ADC file with your user credentials for authentication during
|
|
109
|
+
development. If credentials are not provided in code or in environment variables,
|
|
110
|
+
then the local ADC credentials are discovered.
|
|
139
111
|
|
|
140
|
-
|
|
112
|
+
Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
|
|
141
113
|
|
|
142
|
-
|
|
143
|
-
"Service account" to be guided through downloading a new JSON key file.
|
|
114
|
+
### Google Cloud Platform environments
|
|
144
115
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
116
|
+
When running on Google Cloud Platform (GCP), including Google Compute Engine
|
|
117
|
+
(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
|
|
118
|
+
Functions (GCF) and Cloud Run, credentials are retrieved from the attached
|
|
119
|
+
service account automatically. Code should be written as if already authenticated.
|
|
149
120
|
|
|
150
|
-
|
|
151
|
-
|
|
121
|
+
For more information, see
|
|
122
|
+
[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
|
|
@@ -36,6 +36,9 @@ module Google
|
|
|
36
36
|
# * {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}
|
|
37
37
|
#
|
|
38
38
|
class Client
|
|
39
|
+
# @private
|
|
40
|
+
DEFAULT_ENDPOINT_TEMPLATE = "cloudkms.$UNIVERSE_DOMAIN$"
|
|
41
|
+
|
|
39
42
|
include Paths
|
|
40
43
|
|
|
41
44
|
# @private
|
|
@@ -116,6 +119,15 @@ module Google
|
|
|
116
119
|
@config
|
|
117
120
|
end
|
|
118
121
|
|
|
122
|
+
##
|
|
123
|
+
# The effective universe domain
|
|
124
|
+
#
|
|
125
|
+
# @return [String]
|
|
126
|
+
#
|
|
127
|
+
def universe_domain
|
|
128
|
+
@ekm_service_stub.universe_domain
|
|
129
|
+
end
|
|
130
|
+
|
|
119
131
|
##
|
|
120
132
|
# Create a new EkmService client object.
|
|
121
133
|
#
|
|
@@ -149,8 +161,9 @@ module Google
|
|
|
149
161
|
credentials = @config.credentials
|
|
150
162
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
151
163
|
# but only if the default endpoint does not have a region prefix.
|
|
152
|
-
enable_self_signed_jwt = @config.endpoint
|
|
153
|
-
|
|
164
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
|
165
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
|
166
|
+
!@config.endpoint.split(".").first.include?("-"))
|
|
154
167
|
credentials ||= Credentials.default scope: @config.scope,
|
|
155
168
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
156
169
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
@@ -163,18 +176,22 @@ module Google
|
|
|
163
176
|
config.credentials = credentials
|
|
164
177
|
config.quota_project = @quota_project_id
|
|
165
178
|
config.endpoint = @config.endpoint
|
|
179
|
+
config.universe_domain = @config.universe_domain
|
|
166
180
|
end
|
|
167
181
|
|
|
168
182
|
@iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
|
|
169
183
|
config.credentials = credentials
|
|
170
184
|
config.quota_project = @quota_project_id
|
|
171
185
|
config.endpoint = @config.endpoint
|
|
186
|
+
config.universe_domain = @config.universe_domain
|
|
172
187
|
end
|
|
173
188
|
|
|
174
189
|
@ekm_service_stub = ::Gapic::ServiceStub.new(
|
|
175
190
|
::Google::Cloud::Kms::V1::EkmService::Stub,
|
|
176
|
-
credentials:
|
|
177
|
-
endpoint:
|
|
191
|
+
credentials: credentials,
|
|
192
|
+
endpoint: @config.endpoint,
|
|
193
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
|
194
|
+
universe_domain: @config.universe_domain,
|
|
178
195
|
channel_args: @config.channel_args,
|
|
179
196
|
interceptors: @config.interceptors,
|
|
180
197
|
channel_pool_config: @config.channel_pool
|
|
@@ -874,9 +891,9 @@ module Google
|
|
|
874
891
|
# end
|
|
875
892
|
#
|
|
876
893
|
# @!attribute [rw] endpoint
|
|
877
|
-
#
|
|
878
|
-
#
|
|
879
|
-
# @return [::String]
|
|
894
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
|
895
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
|
896
|
+
# @return [::String,nil]
|
|
880
897
|
# @!attribute [rw] credentials
|
|
881
898
|
# Credentials to send with calls. You may provide any of the following types:
|
|
882
899
|
# * (`String`) The path to a service account key file in JSON format
|
|
@@ -922,13 +939,20 @@ module Google
|
|
|
922
939
|
# @!attribute [rw] quota_project
|
|
923
940
|
# A separate project against which to charge quota.
|
|
924
941
|
# @return [::String]
|
|
942
|
+
# @!attribute [rw] universe_domain
|
|
943
|
+
# The universe domain within which to make requests. This determines the
|
|
944
|
+
# default endpoint URL. The default value of nil uses the environment
|
|
945
|
+
# universe (usually the default "googleapis.com" universe).
|
|
946
|
+
# @return [::String,nil]
|
|
925
947
|
#
|
|
926
948
|
class Configuration
|
|
927
949
|
extend ::Gapic::Config
|
|
928
950
|
|
|
951
|
+
# @private
|
|
952
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
|
929
953
|
DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
|
|
930
954
|
|
|
931
|
-
config_attr :endpoint,
|
|
955
|
+
config_attr :endpoint, nil, ::String, nil
|
|
932
956
|
config_attr :credentials, nil do |value|
|
|
933
957
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
|
934
958
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
|
@@ -943,6 +967,7 @@ module Google
|
|
|
943
967
|
config_attr :metadata, nil, ::Hash, nil
|
|
944
968
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
945
969
|
config_attr :quota_project, nil, ::String, nil
|
|
970
|
+
config_attr :universe_domain, nil, ::String, nil
|
|
946
971
|
|
|
947
972
|
# @private
|
|
948
973
|
def initialize parent_config = nil
|
|
@@ -38,6 +38,9 @@ module Google
|
|
|
38
38
|
# * {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}
|
|
39
39
|
#
|
|
40
40
|
class Client
|
|
41
|
+
# @private
|
|
42
|
+
DEFAULT_ENDPOINT_TEMPLATE = "cloudkms.$UNIVERSE_DOMAIN$"
|
|
43
|
+
|
|
41
44
|
include Paths
|
|
42
45
|
|
|
43
46
|
# @private
|
|
@@ -118,6 +121,15 @@ module Google
|
|
|
118
121
|
@config
|
|
119
122
|
end
|
|
120
123
|
|
|
124
|
+
##
|
|
125
|
+
# The effective universe domain
|
|
126
|
+
#
|
|
127
|
+
# @return [String]
|
|
128
|
+
#
|
|
129
|
+
def universe_domain
|
|
130
|
+
@ekm_service_stub.universe_domain
|
|
131
|
+
end
|
|
132
|
+
|
|
121
133
|
##
|
|
122
134
|
# Create a new EkmService REST client object.
|
|
123
135
|
#
|
|
@@ -145,8 +157,9 @@ module Google
|
|
|
145
157
|
credentials = @config.credentials
|
|
146
158
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
147
159
|
# but only if the default endpoint does not have a region prefix.
|
|
148
|
-
enable_self_signed_jwt = @config.endpoint
|
|
149
|
-
|
|
160
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
|
161
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
|
162
|
+
!@config.endpoint.split(".").first.include?("-"))
|
|
150
163
|
credentials ||= Credentials.default scope: @config.scope,
|
|
151
164
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
152
165
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
@@ -160,6 +173,7 @@ module Google
|
|
|
160
173
|
config.credentials = credentials
|
|
161
174
|
config.quota_project = @quota_project_id
|
|
162
175
|
config.endpoint = @config.endpoint
|
|
176
|
+
config.universe_domain = @config.universe_domain
|
|
163
177
|
config.bindings_override = @config.bindings_override
|
|
164
178
|
end
|
|
165
179
|
|
|
@@ -167,10 +181,16 @@ module Google
|
|
|
167
181
|
config.credentials = credentials
|
|
168
182
|
config.quota_project = @quota_project_id
|
|
169
183
|
config.endpoint = @config.endpoint
|
|
184
|
+
config.universe_domain = @config.universe_domain
|
|
170
185
|
config.bindings_override = @config.bindings_override
|
|
171
186
|
end
|
|
172
187
|
|
|
173
|
-
@ekm_service_stub = ::Google::Cloud::Kms::V1::EkmService::Rest::ServiceStub.new
|
|
188
|
+
@ekm_service_stub = ::Google::Cloud::Kms::V1::EkmService::Rest::ServiceStub.new(
|
|
189
|
+
endpoint: @config.endpoint,
|
|
190
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
|
191
|
+
universe_domain: @config.universe_domain,
|
|
192
|
+
credentials: credentials
|
|
193
|
+
)
|
|
174
194
|
end
|
|
175
195
|
|
|
176
196
|
##
|
|
@@ -817,9 +837,9 @@ module Google
|
|
|
817
837
|
# end
|
|
818
838
|
#
|
|
819
839
|
# @!attribute [rw] endpoint
|
|
820
|
-
#
|
|
821
|
-
#
|
|
822
|
-
# @return [::String]
|
|
840
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
|
841
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
|
842
|
+
# @return [::String,nil]
|
|
823
843
|
# @!attribute [rw] credentials
|
|
824
844
|
# Credentials to send with calls. You may provide any of the following types:
|
|
825
845
|
# * (`String`) The path to a service account key file in JSON format
|
|
@@ -856,13 +876,20 @@ module Google
|
|
|
856
876
|
# @!attribute [rw] quota_project
|
|
857
877
|
# A separate project against which to charge quota.
|
|
858
878
|
# @return [::String]
|
|
879
|
+
# @!attribute [rw] universe_domain
|
|
880
|
+
# The universe domain within which to make requests. This determines the
|
|
881
|
+
# default endpoint URL. The default value of nil uses the environment
|
|
882
|
+
# universe (usually the default "googleapis.com" universe).
|
|
883
|
+
# @return [::String,nil]
|
|
859
884
|
#
|
|
860
885
|
class Configuration
|
|
861
886
|
extend ::Gapic::Config
|
|
862
887
|
|
|
888
|
+
# @private
|
|
889
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
|
863
890
|
DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
|
|
864
891
|
|
|
865
|
-
config_attr :endpoint,
|
|
892
|
+
config_attr :endpoint, nil, ::String, nil
|
|
866
893
|
config_attr :credentials, nil do |value|
|
|
867
894
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
|
868
895
|
allowed.any? { |klass| klass === value }
|
|
@@ -874,6 +901,7 @@ module Google
|
|
|
874
901
|
config_attr :metadata, nil, ::Hash, nil
|
|
875
902
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
876
903
|
config_attr :quota_project, nil, ::String, nil
|
|
904
|
+
config_attr :universe_domain, nil, ::String, nil
|
|
877
905
|
|
|
878
906
|
# @private
|
|
879
907
|
# Overrides for http bindings for the RPCs of this service
|
|
@@ -30,16 +30,28 @@ module Google
|
|
|
30
30
|
# including transcoding, making the REST call, and deserialing the response.
|
|
31
31
|
#
|
|
32
32
|
class ServiceStub
|
|
33
|
-
def initialize endpoint:, credentials:
|
|
33
|
+
def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
|
|
34
34
|
# These require statements are intentionally placed here to initialize
|
|
35
35
|
# the REST modules only when it's required.
|
|
36
36
|
require "gapic/rest"
|
|
37
37
|
|
|
38
|
-
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
|
38
|
+
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
|
39
|
+
endpoint_template: endpoint_template,
|
|
40
|
+
universe_domain: universe_domain,
|
|
41
|
+
credentials: credentials,
|
|
39
42
|
numeric_enums: true,
|
|
40
43
|
raise_faraday_errors: false
|
|
41
44
|
end
|
|
42
45
|
|
|
46
|
+
##
|
|
47
|
+
# The effective universe domain
|
|
48
|
+
#
|
|
49
|
+
# @return [String]
|
|
50
|
+
#
|
|
51
|
+
def universe_domain
|
|
52
|
+
@client_stub.universe_domain
|
|
53
|
+
end
|
|
54
|
+
|
|
43
55
|
##
|
|
44
56
|
# Baseline implementation for the list_ekm_connections REST call
|
|
45
57
|
#
|
|
@@ -43,6 +43,9 @@ module Google
|
|
|
43
43
|
# [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
|
|
44
44
|
#
|
|
45
45
|
class Client
|
|
46
|
+
# @private
|
|
47
|
+
DEFAULT_ENDPOINT_TEMPLATE = "cloudkms.$UNIVERSE_DOMAIN$"
|
|
48
|
+
|
|
46
49
|
include Paths
|
|
47
50
|
|
|
48
51
|
# @private
|
|
@@ -227,6 +230,15 @@ module Google
|
|
|
227
230
|
@config
|
|
228
231
|
end
|
|
229
232
|
|
|
233
|
+
##
|
|
234
|
+
# The effective universe domain
|
|
235
|
+
#
|
|
236
|
+
# @return [String]
|
|
237
|
+
#
|
|
238
|
+
def universe_domain
|
|
239
|
+
@key_management_service_stub.universe_domain
|
|
240
|
+
end
|
|
241
|
+
|
|
230
242
|
##
|
|
231
243
|
# Create a new KeyManagementService client object.
|
|
232
244
|
#
|
|
@@ -260,8 +272,9 @@ module Google
|
|
|
260
272
|
credentials = @config.credentials
|
|
261
273
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
262
274
|
# but only if the default endpoint does not have a region prefix.
|
|
263
|
-
enable_self_signed_jwt = @config.endpoint
|
|
264
|
-
|
|
275
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
|
276
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
|
277
|
+
!@config.endpoint.split(".").first.include?("-"))
|
|
265
278
|
credentials ||= Credentials.default scope: @config.scope,
|
|
266
279
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
267
280
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
@@ -274,18 +287,22 @@ module Google
|
|
|
274
287
|
config.credentials = credentials
|
|
275
288
|
config.quota_project = @quota_project_id
|
|
276
289
|
config.endpoint = @config.endpoint
|
|
290
|
+
config.universe_domain = @config.universe_domain
|
|
277
291
|
end
|
|
278
292
|
|
|
279
293
|
@iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
|
|
280
294
|
config.credentials = credentials
|
|
281
295
|
config.quota_project = @quota_project_id
|
|
282
296
|
config.endpoint = @config.endpoint
|
|
297
|
+
config.universe_domain = @config.universe_domain
|
|
283
298
|
end
|
|
284
299
|
|
|
285
300
|
@key_management_service_stub = ::Gapic::ServiceStub.new(
|
|
286
301
|
::Google::Cloud::Kms::V1::KeyManagementService::Stub,
|
|
287
|
-
credentials:
|
|
288
|
-
endpoint:
|
|
302
|
+
credentials: credentials,
|
|
303
|
+
endpoint: @config.endpoint,
|
|
304
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
|
305
|
+
universe_domain: @config.universe_domain,
|
|
289
306
|
channel_args: @config.channel_args,
|
|
290
307
|
interceptors: @config.interceptors,
|
|
291
308
|
channel_pool_config: @config.channel_pool
|
|
@@ -3492,9 +3509,9 @@ module Google
|
|
|
3492
3509
|
# end
|
|
3493
3510
|
#
|
|
3494
3511
|
# @!attribute [rw] endpoint
|
|
3495
|
-
#
|
|
3496
|
-
#
|
|
3497
|
-
# @return [::String]
|
|
3512
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
|
3513
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
|
3514
|
+
# @return [::String,nil]
|
|
3498
3515
|
# @!attribute [rw] credentials
|
|
3499
3516
|
# Credentials to send with calls. You may provide any of the following types:
|
|
3500
3517
|
# * (`String`) The path to a service account key file in JSON format
|
|
@@ -3540,13 +3557,20 @@ module Google
|
|
|
3540
3557
|
# @!attribute [rw] quota_project
|
|
3541
3558
|
# A separate project against which to charge quota.
|
|
3542
3559
|
# @return [::String]
|
|
3560
|
+
# @!attribute [rw] universe_domain
|
|
3561
|
+
# The universe domain within which to make requests. This determines the
|
|
3562
|
+
# default endpoint URL. The default value of nil uses the environment
|
|
3563
|
+
# universe (usually the default "googleapis.com" universe).
|
|
3564
|
+
# @return [::String,nil]
|
|
3543
3565
|
#
|
|
3544
3566
|
class Configuration
|
|
3545
3567
|
extend ::Gapic::Config
|
|
3546
3568
|
|
|
3569
|
+
# @private
|
|
3570
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
|
3547
3571
|
DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
|
|
3548
3572
|
|
|
3549
|
-
config_attr :endpoint,
|
|
3573
|
+
config_attr :endpoint, nil, ::String, nil
|
|
3550
3574
|
config_attr :credentials, nil do |value|
|
|
3551
3575
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
|
3552
3576
|
allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
|
|
@@ -3561,6 +3585,7 @@ module Google
|
|
|
3561
3585
|
config_attr :metadata, nil, ::Hash, nil
|
|
3562
3586
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
3563
3587
|
config_attr :quota_project, nil, ::String, nil
|
|
3588
|
+
config_attr :universe_domain, nil, ::String, nil
|
|
3564
3589
|
|
|
3565
3590
|
# @private
|
|
3566
3591
|
def initialize parent_config = nil
|
|
@@ -45,6 +45,9 @@ module Google
|
|
|
45
45
|
# [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
|
|
46
46
|
#
|
|
47
47
|
class Client
|
|
48
|
+
# @private
|
|
49
|
+
DEFAULT_ENDPOINT_TEMPLATE = "cloudkms.$UNIVERSE_DOMAIN$"
|
|
50
|
+
|
|
48
51
|
include Paths
|
|
49
52
|
|
|
50
53
|
# @private
|
|
@@ -229,6 +232,15 @@ module Google
|
|
|
229
232
|
@config
|
|
230
233
|
end
|
|
231
234
|
|
|
235
|
+
##
|
|
236
|
+
# The effective universe domain
|
|
237
|
+
#
|
|
238
|
+
# @return [String]
|
|
239
|
+
#
|
|
240
|
+
def universe_domain
|
|
241
|
+
@key_management_service_stub.universe_domain
|
|
242
|
+
end
|
|
243
|
+
|
|
232
244
|
##
|
|
233
245
|
# Create a new KeyManagementService REST client object.
|
|
234
246
|
#
|
|
@@ -256,8 +268,9 @@ module Google
|
|
|
256
268
|
credentials = @config.credentials
|
|
257
269
|
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
258
270
|
# but only if the default endpoint does not have a region prefix.
|
|
259
|
-
enable_self_signed_jwt = @config.endpoint
|
|
260
|
-
|
|
271
|
+
enable_self_signed_jwt = @config.endpoint.nil? ||
|
|
272
|
+
(@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
|
|
273
|
+
!@config.endpoint.split(".").first.include?("-"))
|
|
261
274
|
credentials ||= Credentials.default scope: @config.scope,
|
|
262
275
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
263
276
|
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
@@ -271,6 +284,7 @@ module Google
|
|
|
271
284
|
config.credentials = credentials
|
|
272
285
|
config.quota_project = @quota_project_id
|
|
273
286
|
config.endpoint = @config.endpoint
|
|
287
|
+
config.universe_domain = @config.universe_domain
|
|
274
288
|
config.bindings_override = @config.bindings_override
|
|
275
289
|
end
|
|
276
290
|
|
|
@@ -278,10 +292,16 @@ module Google
|
|
|
278
292
|
config.credentials = credentials
|
|
279
293
|
config.quota_project = @quota_project_id
|
|
280
294
|
config.endpoint = @config.endpoint
|
|
295
|
+
config.universe_domain = @config.universe_domain
|
|
281
296
|
config.bindings_override = @config.bindings_override
|
|
282
297
|
end
|
|
283
298
|
|
|
284
|
-
@key_management_service_stub = ::Google::Cloud::Kms::V1::KeyManagementService::Rest::ServiceStub.new
|
|
299
|
+
@key_management_service_stub = ::Google::Cloud::Kms::V1::KeyManagementService::Rest::ServiceStub.new(
|
|
300
|
+
endpoint: @config.endpoint,
|
|
301
|
+
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
|
302
|
+
universe_domain: @config.universe_domain,
|
|
303
|
+
credentials: credentials
|
|
304
|
+
)
|
|
285
305
|
end
|
|
286
306
|
|
|
287
307
|
##
|
|
@@ -3288,9 +3308,9 @@ module Google
|
|
|
3288
3308
|
# end
|
|
3289
3309
|
#
|
|
3290
3310
|
# @!attribute [rw] endpoint
|
|
3291
|
-
#
|
|
3292
|
-
#
|
|
3293
|
-
# @return [::String]
|
|
3311
|
+
# A custom service endpoint, as a hostname or hostname:port. The default is
|
|
3312
|
+
# nil, indicating to use the default endpoint in the current universe domain.
|
|
3313
|
+
# @return [::String,nil]
|
|
3294
3314
|
# @!attribute [rw] credentials
|
|
3295
3315
|
# Credentials to send with calls. You may provide any of the following types:
|
|
3296
3316
|
# * (`String`) The path to a service account key file in JSON format
|
|
@@ -3327,13 +3347,20 @@ module Google
|
|
|
3327
3347
|
# @!attribute [rw] quota_project
|
|
3328
3348
|
# A separate project against which to charge quota.
|
|
3329
3349
|
# @return [::String]
|
|
3350
|
+
# @!attribute [rw] universe_domain
|
|
3351
|
+
# The universe domain within which to make requests. This determines the
|
|
3352
|
+
# default endpoint URL. The default value of nil uses the environment
|
|
3353
|
+
# universe (usually the default "googleapis.com" universe).
|
|
3354
|
+
# @return [::String,nil]
|
|
3330
3355
|
#
|
|
3331
3356
|
class Configuration
|
|
3332
3357
|
extend ::Gapic::Config
|
|
3333
3358
|
|
|
3359
|
+
# @private
|
|
3360
|
+
# The endpoint specific to the default "googleapis.com" universe. Deprecated.
|
|
3334
3361
|
DEFAULT_ENDPOINT = "cloudkms.googleapis.com"
|
|
3335
3362
|
|
|
3336
|
-
config_attr :endpoint,
|
|
3363
|
+
config_attr :endpoint, nil, ::String, nil
|
|
3337
3364
|
config_attr :credentials, nil do |value|
|
|
3338
3365
|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
|
|
3339
3366
|
allowed.any? { |klass| klass === value }
|
|
@@ -3345,6 +3372,7 @@ module Google
|
|
|
3345
3372
|
config_attr :metadata, nil, ::Hash, nil
|
|
3346
3373
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
3347
3374
|
config_attr :quota_project, nil, ::String, nil
|
|
3375
|
+
config_attr :universe_domain, nil, ::String, nil
|
|
3348
3376
|
|
|
3349
3377
|
# @private
|
|
3350
3378
|
# Overrides for http bindings for the RPCs of this service
|
|
@@ -30,16 +30,28 @@ module Google
|
|
|
30
30
|
# including transcoding, making the REST call, and deserialing the response.
|
|
31
31
|
#
|
|
32
32
|
class ServiceStub
|
|
33
|
-
def initialize endpoint:, credentials:
|
|
33
|
+
def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
|
|
34
34
|
# These require statements are intentionally placed here to initialize
|
|
35
35
|
# the REST modules only when it's required.
|
|
36
36
|
require "gapic/rest"
|
|
37
37
|
|
|
38
|
-
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
|
38
|
+
@client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
|
|
39
|
+
endpoint_template: endpoint_template,
|
|
40
|
+
universe_domain: universe_domain,
|
|
41
|
+
credentials: credentials,
|
|
39
42
|
numeric_enums: true,
|
|
40
43
|
raise_faraday_errors: false
|
|
41
44
|
end
|
|
42
45
|
|
|
46
|
+
##
|
|
47
|
+
# The effective universe domain
|
|
48
|
+
#
|
|
49
|
+
# @return [String]
|
|
50
|
+
#
|
|
51
|
+
def universe_domain
|
|
52
|
+
@client_stub.universe_domain
|
|
53
|
+
end
|
|
54
|
+
|
|
43
55
|
##
|
|
44
56
|
# Baseline implementation for the list_key_rings REST call
|
|
45
57
|
#
|
|
@@ -21,6 +21,7 @@ module Google
|
|
|
21
21
|
module Api
|
|
22
22
|
# Required information for every language.
|
|
23
23
|
# @!attribute [rw] reference_docs_uri
|
|
24
|
+
# @deprecated This field is deprecated and may be removed in the next major version update.
|
|
24
25
|
# @return [::String]
|
|
25
26
|
# Link to automatically generated reference documentation. Example:
|
|
26
27
|
# https://cloud.google.com/nodejs/docs/reference/asset/latest
|
|
@@ -304,6 +305,19 @@ module Google
|
|
|
304
305
|
# seconds: 360 # 6 minutes
|
|
305
306
|
# total_poll_timeout:
|
|
306
307
|
# seconds: 54000 # 90 minutes
|
|
308
|
+
# @!attribute [rw] auto_populated_fields
|
|
309
|
+
# @return [::Array<::String>]
|
|
310
|
+
# List of top-level fields of the request message, that should be
|
|
311
|
+
# automatically populated by the client libraries based on their
|
|
312
|
+
# (google.api.field_info).format. Currently supported format: UUID4.
|
|
313
|
+
#
|
|
314
|
+
# Example of a YAML configuration:
|
|
315
|
+
#
|
|
316
|
+
# publishing:
|
|
317
|
+
# method_settings:
|
|
318
|
+
# - selector: google.example.v1.ExampleService.CreateExample
|
|
319
|
+
# auto_populated_fields:
|
|
320
|
+
# - request_id
|
|
307
321
|
class MethodSettings
|
|
308
322
|
include ::Google::Protobuf::MessageExts
|
|
309
323
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-kms-v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.21.1
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 2.a
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 0.
|
|
29
|
+
version: 0.21.1
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 2.a
|
|
@@ -50,7 +50,7 @@ dependencies:
|
|
|
50
50
|
requirements:
|
|
51
51
|
- - ">="
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: '0.
|
|
53
|
+
version: '0.7'
|
|
54
54
|
- - "<"
|
|
55
55
|
- !ruby/object:Gem::Version
|
|
56
56
|
version: 2.a
|
|
@@ -60,7 +60,7 @@ dependencies:
|
|
|
60
60
|
requirements:
|
|
61
61
|
- - ">="
|
|
62
62
|
- !ruby/object:Gem::Version
|
|
63
|
-
version: '0.
|
|
63
|
+
version: '0.7'
|
|
64
64
|
- - "<"
|
|
65
65
|
- !ruby/object:Gem::Version
|
|
66
66
|
version: 2.a
|
|
@@ -70,7 +70,7 @@ dependencies:
|
|
|
70
70
|
requirements:
|
|
71
71
|
- - ">="
|
|
72
72
|
- !ruby/object:Gem::Version
|
|
73
|
-
version: '0.
|
|
73
|
+
version: '0.7'
|
|
74
74
|
- - "<"
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
76
|
version: 2.a
|
|
@@ -80,7 +80,7 @@ dependencies:
|
|
|
80
80
|
requirements:
|
|
81
81
|
- - ">="
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
|
-
version: '0.
|
|
83
|
+
version: '0.7'
|
|
84
84
|
- - "<"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
86
|
version: 2.a
|
|
@@ -270,7 +270,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
270
270
|
- !ruby/object:Gem::Version
|
|
271
271
|
version: '0'
|
|
272
272
|
requirements: []
|
|
273
|
-
rubygems_version: 3.
|
|
273
|
+
rubygems_version: 3.5.3
|
|
274
274
|
signing_key:
|
|
275
275
|
specification_version: 4
|
|
276
276
|
summary: Manages keys and performs cryptographic operations in a central cloud service,
|