google-cloud-network_security-v1beta1 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +1 -1
  3. data/AUTHENTICATION.md +7 -25
  4. data/lib/google/cloud/network_security/v1beta1/network_security/client.rb +5 -0
  5. data/lib/google/cloud/network_security/v1beta1/network_security.rb +4 -0
  6. data/lib/google/cloud/network_security/v1beta1/version.rb +1 -1
  7. data/lib/google/cloud/networksecurity/v1beta1/network_security_services_pb.rb +3 -0
  8. data/proto_docs/google/api/resource.rb +10 -71
  9. data/proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb +14 -6
  10. data/proto_docs/google/cloud/networksecurity/v1beta1/server_tls_policy.rb +13 -12
  11. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29ae47026f50f0224991c1f763d86741401c10a19293f80deb2263896894ebbc
4
- data.tar.gz: 6a082bd76d68a235340335f0aaab4eb6fb158a1e062d474915a75ef738d72d4e
3
+ metadata.gz: 80a5adaa84e4827f759bc1dcd268a6f3fad4282c167bc6a026f882448dd5663c
4
+ data.tar.gz: 5c07eb5c7d58a1544c745a4c59408638338b20da4dadfb16e05e7dd57df5cb80
5
5
  SHA512:
6
- metadata.gz: 639fa61cda74280a676f0b501adecf3281547c163e584b6ba9e7901aa8eb4e5983f4b14a5e1b93181a5eea5005e857f47289759fe1af6e9aede746086080d3b3
7
- data.tar.gz: 6a8b63159a06c99a7e958edd405517f4cc1a9e8c00baee37cd4c535794fa9a0c5cfb8e39c853ba6387543ebf468c4fea5d64b2c66706effe6f004b8a03a4fd34
6
+ metadata.gz: bd999ba19a209fd716a40b46c246c706a9b321b006f49395144c3a59434a3a7bd15a14f6360f8d4f002d41ccd1d3394c2e74fa14736d915d65eddcbce2785cb4
7
+ data.tar.gz: 1ceeda49856f9a6d75cc67cf871e63a4d22266b629f2ce889ed833ef6967a0169167b622f21817eb87a8a9aa546d908bd31d74313ac8db2b63ef91f279b57742
data/.yardopts CHANGED
@@ -1,5 +1,5 @@
1
1
  --no-private
2
- --title=Network Security V1beta1 API
2
+ --title="Network Security V1beta1 API"
3
3
  --exclude _pb\.rb$
4
4
  --markup markdown
5
5
  --markup-provider redcarpet
data/AUTHENTICATION.md CHANGED
@@ -118,15 +118,6 @@ To configure your system for this, simply:
118
118
  **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
119
119
  *should* only be used during development.
120
120
 
121
- [gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
122
- [dev-console]: https://console.cloud.google.com/project
123
-
124
- [enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
125
-
126
- [create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
127
- [create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
128
- [reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
129
-
130
121
  ## Creating a Service Account
131
122
 
132
123
  Google Cloud requires **Service Account Credentials** to
@@ -137,31 +128,22 @@ If you are not running this client within
137
128
  [Google Cloud Platform environments](#google-cloud-platform-environments), you
138
129
  need a Google Developers service account.
139
130
 
140
- 1. Visit the [Google Developers Console][dev-console].
131
+ 1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
141
132
  2. Create a new project or click on an existing project.
142
- 3. Activate the slide-out navigation tray and select **API Manager**. From
133
+ 3. Activate the menu in the upper left and select **APIs & Services**. From
143
134
  here, you will enable the APIs that your application requires.
144
135
 
145
- ![Enable the APIs that your application requires][enable-apis]
146
-
147
136
  *Note: You may need to enable billing in order to use these services.*
148
137
 
149
138
  4. Select **Credentials** from the side navigation.
150
139
 
151
- You should see a screen like one of the following.
152
-
153
- ![Create a new service account][create-new-service-account]
154
-
155
- ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
156
-
157
- Find the "Add credentials" drop down and select "Service account" to be
158
- guided through downloading a new JSON key file.
140
+ Find the "Create credentials" drop down near the top of the page, and select
141
+ "Service account" to be guided through downloading a new JSON key file.
159
142
 
160
143
  If you want to re-use an existing service account, you can easily generate a
161
- new key file. Just select the account you wish to re-use, and click "Generate
162
- new JSON key":
163
-
164
- ![Re-use an existing service account][reuse-service-account]
144
+ new key file. Just select the account you wish to re-use, click the pencil
145
+ tool on the right side to edit the service account, select the **Keys** tab,
146
+ and then select **Add Key**.
165
147
 
166
148
  The key file you download will be used by this library to authenticate API
167
149
  requests and should be stored in a secure location.
data/lib/google/cloud/network_security/v1beta1/network_security/client.rb CHANGED
@@ -27,6 +27,10 @@ module Google
27
27
  ##
28
28
  # Client for the NetworkSecurity service.
29
29
  #
30
+ # Network Security API provides resources to configure authentication and
31
+ # authorization policies. Refer to per API resource documentation for more
32
+ # information.
33
+ #
30
34
  class Client
31
35
  include Paths
32
36
 
@@ -135,6 +139,7 @@ module Google
135
139
 
136
140
  @operations_client = Operations.new do |config|
137
141
  config.credentials = credentials
142
+ config.quota_project = @quota_project_id
138
143
  config.endpoint = @config.endpoint
139
144
  end
140
145
 
data/lib/google/cloud/network_security/v1beta1/network_security.rb CHANGED
@@ -32,6 +32,10 @@ module Google
32
32
  module NetworkSecurity
33
33
  module V1beta1
34
34
  ##
35
+ # Network Security API provides resources to configure authentication and
36
+ # authorization policies. Refer to per API resource documentation for more
37
+ # information.
38
+ #
35
39
  # To load this service and instantiate a client:
36
40
  #
37
41
  # require "google/cloud/network_security/v1beta1/network_security"
data/lib/google/cloud/network_security/v1beta1/version.rb CHANGED
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module NetworkSecurity
23
23
  module V1beta1
24
- VERSION = "0.1.1"
24
+ VERSION = "0.1.2"
25
25
  end
26
26
  end
27
27
  end
data/lib/google/cloud/networksecurity/v1beta1/network_security_services_pb.rb CHANGED
@@ -24,6 +24,9 @@ module Google
24
24
  module NetworkSecurity
25
25
  module V1beta1
26
26
  module NetworkSecurity
27
+ # Network Security API provides resources to configure authentication and
28
+ # authorization policies. Refer to per API resource documentation for more
29
+ # information.
27
30
  class Service
28
31
 
29
32
  include ::GRPC::GenericService
data/proto_docs/google/api/resource.rb CHANGED
@@ -33,11 +33,7 @@ module Google
33
33
  # // For Kubernetes resources, the format is {api group}/{kind}.
34
34
  # option (google.api.resource) = {
35
35
  # type: "pubsub.googleapis.com/Topic"
36
- # name_descriptor: {
37
- # pattern: "projects/{project}/topics/{topic}"
38
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
39
- # parent_name_extractor: "projects/{project}"
40
- # }
36
+ # pattern: "projects/{project}/topics/{topic}"
41
37
  # };
42
38
  # }
43
39
  #
@@ -45,10 +41,7 @@ module Google
45
41
  #
46
42
  # resources:
47
43
  # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/{project}/topics/{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/{project}"
44
+ # pattern: "projects/{project}/topics/{topic}"
52
45
  #
53
46
  # Sometimes, resources have multiple patterns, typically because they can
54
47
  # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
58
51
  # message LogEntry {
59
52
  # option (google.api.resource) = {
60
53
  # type: "logging.googleapis.com/LogEntry"
61
- # name_descriptor: {
62
- # pattern: "projects/{project}/logs/{log}"
63
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
64
- # parent_name_extractor: "projects/{project}"
65
- # }
66
- # name_descriptor: {
67
- # pattern: "folders/{folder}/logs/{log}"
68
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
69
- # parent_name_extractor: "folders/{folder}"
70
- # }
71
- # name_descriptor: {
72
- # pattern: "organizations/{organization}/logs/{log}"
73
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
74
- # parent_name_extractor: "organizations/{organization}"
75
- # }
76
- # name_descriptor: {
77
- # pattern: "billingAccounts/{billing_account}/logs/{log}"
78
- # parent_type: "billing.googleapis.com/BillingAccount"
79
- # parent_name_extractor: "billingAccounts/{billing_account}"
80
- # }
54
+ # pattern: "projects/{project}/logs/{log}"
55
+ # pattern: "folders/{folder}/logs/{log}"
56
+ # pattern: "organizations/{organization}/logs/{log}"
57
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
81
58
  # };
82
59
  # }
83
60
  #
@@ -85,48 +62,10 @@ module Google
85
62
  #
86
63
  # resources:
87
64
  # - type: 'logging.googleapis.com/LogEntry'
88
- # name_descriptor:
89
- # - pattern: "projects/{project}/logs/{log}"
90
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
91
- # parent_name_extractor: "projects/{project}"
92
- # - pattern: "folders/{folder}/logs/{log}"
93
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
94
- # parent_name_extractor: "folders/{folder}"
95
- # - pattern: "organizations/{organization}/logs/{log}"
96
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
97
- # parent_name_extractor: "organizations/{organization}"
98
- # - pattern: "billingAccounts/{billing_account}/logs/{log}"
99
- # parent_type: "billing.googleapis.com/BillingAccount"
100
- # parent_name_extractor: "billingAccounts/{billing_account}"
101
- #
102
- # For flexible resources, the resource name doesn't contain parent names, but
103
- # the resource itself has parents for policy evaluation.
104
- #
105
- # Example:
106
- #
107
- # message Shelf {
108
- # option (google.api.resource) = {
109
- # type: "library.googleapis.com/Shelf"
110
- # name_descriptor: {
111
- # pattern: "shelves/{shelf}"
112
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
113
- # }
114
- # name_descriptor: {
115
- # pattern: "shelves/{shelf}"
116
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
117
- # }
118
- # };
119
- # }
120
- #
121
- # The ResourceDescriptor Yaml config will look like:
122
- #
123
- # resources:
124
- # - type: 'library.googleapis.com/Shelf'
125
- # name_descriptor:
126
- # - pattern: "shelves/{shelf}"
127
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
128
- # - pattern: "shelves/{shelf}"
129
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
65
+ # pattern: "projects/{project}/logs/{log}"
66
+ # pattern: "folders/{folder}/logs/{log}"
67
+ # pattern: "organizations/{organization}/logs/{log}"
68
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
130
69
  # @!attribute [rw] type
131
70
  # @return [::String]
132
71
  # The resource type. It must be in the format of
data/proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb CHANGED
@@ -79,12 +79,16 @@ module Google
79
79
  # Optional. List of peer identities to match for authorization. At least one
80
80
  # principal should match. Each peer can be an exact match, or a prefix
81
81
  # match (example, "namespace/*") or a suffix match (example, //
82
- # */service-account") or a presence match "*".
82
+ # */service-account") or a presence match "*". Authorization based on the
83
+ # principal name without certificate validation (configured by
84
+ # ServerTlsPolicy resource) is considered insecure.
83
85
  # @!attribute [rw] ip_blocks
84
86
  # @return [::Array<::String>]
85
87
  # Optional. List of CIDR ranges to match based on source IP address. At least one
86
88
  # IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
87
- # "1.2.3.0/24") are supported.
89
+ # "1.2.3.0/24") are supported. Authorization based on source IP alone
90
+ # should be avoided. The IP addresses of any load balancers or proxies
91
+ # should be considered untrusted.
88
92
  class Source
89
93
  include ::Google::Protobuf::MessageExts
90
94
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -93,7 +97,7 @@ module Google
93
97
  # Specification of traffic destination attributes.
94
98
  # @!attribute [rw] hosts
95
99
  # @return [::Array<::String>]
96
- # Required. List of host names to match. Matched against HOST header in
100
+ # Required. List of host names to match. Matched against the ":authority" header in
97
101
  # http requests. At least one host should match. Each host can be an
98
102
  # exact match, or a prefix match (example "mydomain.*") or a suffix
99
103
  # match (example // *.myorg.com") or a presence(any) match "*".
@@ -106,9 +110,11 @@ module Google
106
110
  # match. Should not be set for gRPC services.
107
111
  # @!attribute [rw] http_header_match
108
112
  # @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination::HttpHeaderMatch]
109
- # Optional. Match against key:value pair in http header. Provides a
110
- # flexible match based on HTTP headers, for potentially
111
- # advanced use cases. At least one header should match.
113
+ # Optional. Match against key:value pair in http header. Provides a flexible match
114
+ # based on HTTP headers, for potentially advanced use cases. At least one
115
+ # header should match. Avoid using header matches to make authorization
116
+ # decisions unless there is a strong guarantee that requests arrive
117
+ # through a trusted client or proxy.
112
118
  class Destination
113
119
  include ::Google::Protobuf::MessageExts
114
120
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -154,6 +160,8 @@ module Google
154
160
  ALLOW = 1
155
161
 
156
162
  # Deny access.
163
+ # Deny rules should be avoided unless they are used to provide a default
164
+ # "deny all" fallback.
157
165
  DENY = 2
158
166
  end
159
167
  end
data/proto_docs/google/cloud/networksecurity/v1beta1/server_tls_policy.rb CHANGED
@@ -30,7 +30,7 @@ module Google
30
30
  # `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
31
31
  # @!attribute [rw] description
32
32
  # @return [::String]
33
- # Optional. Free-text description of the resource.
33
+ # Free-text description of the resource.
34
34
  # @!attribute [r] create_time
35
35
  # @return [::Google::Protobuf::Timestamp]
36
36
  # Output only. The timestamp when the resource was created.
@@ -39,26 +39,27 @@ module Google
39
39
  # Output only. The timestamp when the resource was updated.
40
40
  # @!attribute [rw] labels
41
41
  # @return [::Google::Protobuf::Map{::String => ::String}]
42
- # Optional. Set of label tags associated with the resource.
42
+ # Set of label tags associated with the resource.
43
43
  # @!attribute [rw] allow_open
44
44
  # @return [::Boolean]
45
- # Optional. Determines if server allows plaintext connections. If set to true, server
45
+ # Determines if server allows plaintext connections. If set to true, server
46
46
  # allows plain text connections. By default, it is set to false. This setting
47
- # is not exclusive of other encryption modes. For example, if allow_open and
48
- # mtls_policy are set, server allows both plain text and mTLS connections.
49
- # See documentation of other encryption modes to confirm compatibility.
47
+ # is not exclusive of other encryption modes. For example, if `allow_open`
48
+ # and `mtls_policy` are set, server allows both plain text and mTLS
49
+ # connections. See documentation of other encryption modes to confirm
50
+ # compatibility.
50
51
  # @!attribute [rw] server_certificate
51
52
  # @return [::Google::Cloud::NetworkSecurity::V1beta1::CertificateProvider]
52
- # Optional. Defines a mechanism to provision server identity (public and private keys).
53
- # Cannot be combined with allow_open as a permissive mode that allows both
53
+ # Defines a mechanism to provision server identity (public and private keys).
54
+ # Cannot be combined with `allow_open` as a permissive mode that allows both
54
55
  # plain text and TLS is not supported.
55
56
  # @!attribute [rw] mtls_policy
56
57
  # @return [::Google::Cloud::NetworkSecurity::V1beta1::ServerTlsPolicy::MTLSPolicy]
57
- # Optional. Defines a mechanism to provision peer validation certificates for peer to
58
+ # Defines a mechanism to provision peer validation certificates for peer to
58
59
  # peer authentication (Mutual TLS - mTLS). If not specified, client
59
60
  # certificate will not be requested. The connection is treated as TLS and not
60
- # mTLS. If allow_open and mtls_policy are set, server allows both plain text
61
- # and mTLS connections.
61
+ # mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain
62
+ # text and mTLS connections.
62
63
  class ServerTlsPolicy
63
64
  include ::Google::Protobuf::MessageExts
64
65
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -66,7 +67,7 @@ module Google
66
67
  # Specification of the MTLSPolicy.
67
68
  # @!attribute [rw] client_validation_ca
68
69
  # @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::ValidationCA>]
69
- # Required. Defines the mechanism to obtain the Certificate Authority certificate to
70
+ # Defines the mechanism to obtain the Certificate Authority certificate to
70
71
  # validate the client certificate.
71
72
  class MTLSPolicy
72
73
  include ::Google::Protobuf::MessageExts
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-network_security-v1beta1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-08 00:00:00.000000000 Z
11
+ date: 2022-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -218,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
218
218
  - !ruby/object:Gem::Version
219
219
  version: '0'
220
220
  requirements: []
221
- rubygems_version: 3.2.17
221
+ rubygems_version: 3.3.4
222
222
  signing_key:
223
223
  specification_version: 4
224
224
  summary: API Client library for the Network Security V1beta1 API