google-cloud-network_security-v1beta1 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29ae47026f50f0224991c1f763d86741401c10a19293f80deb2263896894ebbc
-  data.tar.gz: 6a082bd76d68a235340335f0aaab4eb6fb158a1e062d474915a75ef738d72d4e
+  metadata.gz: 80a5adaa84e4827f759bc1dcd268a6f3fad4282c167bc6a026f882448dd5663c
+  data.tar.gz: 5c07eb5c7d58a1544c745a4c59408638338b20da4dadfb16e05e7dd57df5cb80
 SHA512:
-  metadata.gz: 639fa61cda74280a676f0b501adecf3281547c163e584b6ba9e7901aa8eb4e5983f4b14a5e1b93181a5eea5005e857f47289759fe1af6e9aede746086080d3b3
-  data.tar.gz: 6a8b63159a06c99a7e958edd405517f4cc1a9e8c00baee37cd4c535794fa9a0c5cfb8e39c853ba6387543ebf468c4fea5d64b2c66706effe6f004b8a03a4fd34
+  metadata.gz: bd999ba19a209fd716a40b46c246c706a9b321b006f49395144c3a59434a3a7bd15a14f6360f8d4f002d41ccd1d3394c2e74fa14736d915d65eddcbce2785cb4
+  data.tar.gz: 1ceeda49856f9a6d75cc67cf871e63a4d22266b629f2ce889ed833ef6967a0169167b622f21817eb87a8a9aa546d908bd31d74313ac8db2b63ef91f279b57742

data/.yardopts

@@ -1,5 +1,5 @@
 --no-private
---title=Network Security V1beta1 API
+--title="Network Security V1beta1 API"
 --exclude _pb\.rb$
 --markup markdown
 --markup-provider redcarpet

data/AUTHENTICATION.md

@@ -118,15 +118,6 @@ To configure your system for this, simply:
 **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
 *should* only be used during development.
 
-[gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
-[dev-console]: https://console.cloud.google.com/project
-
-[enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
-
-[create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
-[create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
-[reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
-
 ## Creating a Service Account
 
 Google Cloud requires **Service Account Credentials** to
@@ -137,31 +128,22 @@ If you are not running this client within
 [Google Cloud Platform environments](#google-cloud-platform-environments), you
 need a Google Developers service account.
 
-1. Visit the [Google Developers Console][dev-console].
+1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
 2. Create a new project or click on an existing project.
-3. Activate the slide-out navigation tray and select **API Manager**. From
+3. Activate the menu in the upper left and select **APIs & Services**. From
    here, you will enable the APIs that your application requires.
 
-   ![Enable the APIs that your application requires][enable-apis]
-
    *Note: You may need to enable billing in order to use these services.*
 
 4. Select **Credentials** from the side navigation.
 
-   You should see a screen like one of the following.
-
-   ![Create a new service account][create-new-service-account]
-
-   ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
-
-   Find the "Add credentials" drop down and select "Service account" to be
-   guided through downloading a new JSON key file.
+   Find the "Create credentials" drop down near the top of the page, and select
+   "Service account" to be guided through downloading a new JSON key file.
 
    If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, and click "Generate
-   new JSON key":
-
-   ![Re-use an existing service account][reuse-service-account]
+   new key file. Just select the account you wish to re-use, click the pencil
+   tool on the right side to edit the service account, select the **Keys** tab,
+   and then select **Add Key**.
 
    The key file you download will be used by this library to authenticate API
    requests and should be stored in a secure location.

data/lib/google/cloud/network_security/v1beta1/network_security/client.rb

@@ -27,6 +27,10 @@ module Google
           ##
           # Client for the NetworkSecurity service.
           #
+          # Network Security API provides resources to configure authentication and
+          # authorization policies. Refer to per API resource documentation for more
+          # information.
+          #
           class Client
             include Paths
 
@@ -135,6 +139,7 @@ module Google
 
               @operations_client = Operations.new do |config|
                 config.credentials = credentials
+                config.quota_project = @quota_project_id
                 config.endpoint = @config.endpoint
               end
 

data/lib/google/cloud/network_security/v1beta1/network_security.rb

@@ -32,6 +32,10 @@ module Google
     module NetworkSecurity
       module V1beta1
         ##
+        # Network Security API provides resources to configure authentication and
+        # authorization policies. Refer to per API resource documentation for more
+        # information.
+        #
         # To load this service and instantiate a client:
         #
         #     require "google/cloud/network_security/v1beta1/network_security"

data/lib/google/cloud/network_security/v1beta1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module NetworkSecurity
       module V1beta1
-        VERSION = "0.1.1"
+        VERSION = "0.1.2"
       end
     end
   end

data/lib/google/cloud/networksecurity/v1beta1/network_security_services_pb.rb

@@ -24,6 +24,9 @@ module Google
     module NetworkSecurity
       module V1beta1
         module NetworkSecurity
+          # Network Security API provides resources to configure authentication and
+          # authorization policies. Refer to per API resource documentation for more
+          # information.
           class Service
 
             include ::GRPC::GenericService

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb

@@ -79,12 +79,16 @@ module Google
             #     Optional. List of peer identities to match for authorization. At least one
             #     principal should match. Each peer can be an exact match, or a prefix
             #     match (example, "namespace/*") or a suffix match (example, //
-            #     */service-account") or a presence match "*".
+            #     */service-account") or a presence match "*". Authorization based on the
+            #     principal name without certificate validation (configured by
+            #     ServerTlsPolicy resource) is considered insecure.
             # @!attribute [rw] ip_blocks
             #   @return [::Array<::String>]
             #     Optional. List of CIDR ranges to match based on source IP address. At least one
             #     IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
-            #     "1.2.3.0/24") are supported.
+            #     "1.2.3.0/24") are supported. Authorization based on source IP alone
+            #     should be avoided. The IP addresses of any load balancers or proxies
+            #     should be considered untrusted.
             class Source
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -93,7 +97,7 @@ module Google
             # Specification of traffic destination attributes.
             # @!attribute [rw] hosts
             #   @return [::Array<::String>]
-            #     Required. List of host names to match. Matched against HOST header in
+            #     Required. List of host names to match. Matched against the ":authority" header in
             #     http requests. At least one host should match. Each host can be an
             #     exact match, or a prefix match (example "mydomain.*") or a suffix
             #     match (example // *.myorg.com") or a presence(any) match "*".
@@ -106,9 +110,11 @@ module Google
             #     match. Should not be set for gRPC services.
             # @!attribute [rw] http_header_match
             #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination::HttpHeaderMatch]
-            #     Optional. Match against key:value pair in http header. Provides a
-            #     flexible match based on HTTP headers, for potentially
-            #     advanced use cases. At least one header should match.
+            #     Optional. Match against key:value pair in http header. Provides a flexible match
+            #     based on HTTP headers, for potentially advanced use cases. At least one
+            #     header should match. Avoid using header matches to make authorization
+            #     decisions unless there is a strong guarantee that requests arrive
+            #     through a trusted client or proxy.
             class Destination
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -154,6 +160,8 @@ module Google
             ALLOW = 1
 
             # Deny access.
+            # Deny rules should be avoided unless they are used to provide a default
+            # "deny all" fallback.
             DENY = 2
           end
         end

data/proto_docs/google/cloud/networksecurity/v1beta1/server_tls_policy.rb

@@ -30,7 +30,7 @@ module Google
         #     `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
         # @!attribute [rw] description
         #   @return [::String]
-        #     Optional. Free-text description of the resource.
+        #     Free-text description of the resource.
         # @!attribute [r] create_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Output only. The timestamp when the resource was created.
@@ -39,26 +39,27 @@ module Google
         #     Output only. The timestamp when the resource was updated.
         # @!attribute [rw] labels
         #   @return [::Google::Protobuf::Map{::String => ::String}]
-        #     Optional. Set of label tags associated with the resource.
+        #     Set of label tags associated with the resource.
         # @!attribute [rw] allow_open
         #   @return [::Boolean]
-        #     Optional. Determines if server allows plaintext connections. If set to true, server
+        #     Determines if server allows plaintext connections. If set to true, server
         #     allows plain text connections. By default, it is set to false. This setting
-        #     is not exclusive of other encryption modes. For example, if allow_open and
-        #     mtls_policy are set, server allows both plain text and mTLS connections.
-        #     See documentation of other encryption modes to confirm compatibility.
+        #     is not exclusive of other encryption modes. For example, if `allow_open`
+        #     and `mtls_policy` are set, server allows both plain text and mTLS
+        #     connections. See documentation of other encryption modes to confirm
+        #     compatibility.
         # @!attribute [rw] server_certificate
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::CertificateProvider]
-        #     Optional. Defines a mechanism to provision server identity (public and private keys).
-        #     Cannot be combined with allow_open as a permissive mode that allows both
+        #     Defines a mechanism to provision server identity (public and private keys).
+        #     Cannot be combined with `allow_open` as a permissive mode that allows both
         #     plain text and TLS is not supported.
         # @!attribute [rw] mtls_policy
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::ServerTlsPolicy::MTLSPolicy]
-        #     Optional. Defines a mechanism to provision peer validation certificates for peer to
+        #     Defines a mechanism to provision peer validation certificates for peer to
         #     peer authentication (Mutual TLS - mTLS). If not specified, client
         #     certificate will not be requested. The connection is treated as TLS and not
-        #     mTLS. If allow_open and mtls_policy are set, server allows both plain text
-        #     and mTLS connections.
+        #     mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain
+        #     text and mTLS connections.
         class ServerTlsPolicy
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -66,7 +67,7 @@ module Google
           # Specification of the MTLSPolicy.
           # @!attribute [rw] client_validation_ca
           #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::ValidationCA>]
-          #     Required. Defines the mechanism to obtain the Certificate Authority certificate to
+          #     Defines the mechanism to obtain the Certificate Authority certificate to
           #     validate the client certificate.
           class MTLSPolicy
             include ::Google::Protobuf::MessageExts

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-network_security-v1beta1
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-08 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -218,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.4
 signing_key: 
 specification_version: 4
 summary: API Client library for the Network Security V1beta1 API