google-cloud-network_security-v1beta1 0.1.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29ae47026f50f0224991c1f763d86741401c10a19293f80deb2263896894ebbc
-  data.tar.gz: 6a082bd76d68a235340335f0aaab4eb6fb158a1e062d474915a75ef738d72d4e
+  metadata.gz: cfa3eac5e9f90efe418e181b35a16ca8a7b70cfe14d56d57386bd4f65219707c
+  data.tar.gz: 4f3e6f9bab137a10135df5ec1eff7f8c2d7e332af73967f1c1f8fa9ded2d3e17
 SHA512:
-  metadata.gz: 639fa61cda74280a676f0b501adecf3281547c163e584b6ba9e7901aa8eb4e5983f4b14a5e1b93181a5eea5005e857f47289759fe1af6e9aede746086080d3b3
-  data.tar.gz: 6a8b63159a06c99a7e958edd405517f4cc1a9e8c00baee37cd4c535794fa9a0c5cfb8e39c853ba6387543ebf468c4fea5d64b2c66706effe6f004b8a03a4fd34
+  metadata.gz: 557895ed41b9149bf3b86b963d6dbddac44349a5837d74cb87982198fb50a1d93ce43e384c209675e43ac8030c33c3a04d2d0c987080914038e633d51797d3ce
+  data.tar.gz: ad40882e4497f9a735a1352850c015f22f639d46c00a95283cfc156a1566a8e43bf953b211d5a083c6c2392e30c27acec6771e7bfc36c2cb26a0465b4d3b3420

data/.yardopts

@@ -1,5 +1,5 @@
 --no-private
---title=Network Security V1beta1 API
+--title="Network Security V1beta1 API"
 --exclude _pb\.rb$
 --markup markdown
 --markup-provider redcarpet

data/AUTHENTICATION.md

@@ -118,15 +118,6 @@ To configure your system for this, simply:
 **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
 *should* only be used during development.
 
-[gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
-[dev-console]: https://console.cloud.google.com/project
-
-[enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
-
-[create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
-[create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
-[reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
-
 ## Creating a Service Account
 
 Google Cloud requires **Service Account Credentials** to
@@ -137,31 +128,22 @@ If you are not running this client within
 [Google Cloud Platform environments](#google-cloud-platform-environments), you
 need a Google Developers service account.
 
-1. Visit the [Google Developers Console][dev-console].
+1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
 2. Create a new project or click on an existing project.
-3. Activate the slide-out navigation tray and select **API Manager**. From
+3. Activate the menu in the upper left and select **APIs & Services**. From
    here, you will enable the APIs that your application requires.
 
-   ![Enable the APIs that your application requires][enable-apis]
-
    *Note: You may need to enable billing in order to use these services.*
 
 4. Select **Credentials** from the side navigation.
 
-   You should see a screen like one of the following.
-
-   ![Create a new service account][create-new-service-account]
-
-   ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
-
-   Find the "Add credentials" drop down and select "Service account" to be
-   guided through downloading a new JSON key file.
+   Find the "Create credentials" drop down near the top of the page, and select
+   "Service account" to be guided through downloading a new JSON key file.
 
    If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, and click "Generate
-   new JSON key":
-
-   ![Re-use an existing service account][reuse-service-account]
+   new key file. Just select the account you wish to re-use, click the pencil
+   tool on the right side to edit the service account, select the **Keys** tab,
+   and then select **Add Key**.
 
    The key file you download will be used by this library to authenticate API
    requests and should be stored in a secure location.

data/README.md

@@ -37,7 +37,7 @@ request = ::Google::Cloud::NetworkSecurity::V1beta1::ListAuthorizationPoliciesRe
 response = client.list_authorization_policies request
 ```
 
-View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-network_security-v1beta1/latest)
+View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/google-cloud-network_security-v1beta1/latest)
 for class and method documentation.
 
 See also the [Product Documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/)
@@ -69,16 +69,21 @@ module GRPC
 end
 ```
 
+
+## Google Cloud Samples
+
+To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
+
 ## Supported Ruby Versions
 
-This library is supported on Ruby 2.5+.
+This library is supported on Ruby 2.6+.
 
 Google provides official support for Ruby versions that are actively supported
 by Ruby Core—that is, Ruby versions that are either in normal maintenance or
-in security maintenance, and not end of life. Currently, this means Ruby 2.5
-and later. Older versions of Ruby _may_ still work, but are unsupported and not
-recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
-about the Ruby support schedule.
+in security maintenance, and not end of life. Older versions of Ruby _may_
+still work, but are unsupported and not recommended. See
+https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
+support schedule.
 
 ## Which client should I use?
 

data/lib/google/cloud/network_security/v1beta1/network_security/client.rb

@@ -18,6 +18,8 @@
 
 require "google/cloud/errors"
 require "google/cloud/networksecurity/v1beta1/network_security_pb"
+require "google/cloud/location"
+require "google/iam/v1"
 
 module Google
   module Cloud
@@ -27,6 +29,10 @@ module Google
           ##
           # Client for the NetworkSecurity service.
           #
+          # Network Security API provides resources to configure authentication and
+          # authorization policies. Refer to per API resource documentation for more
+          # information.
+          #
           class Client
             include Paths
 
@@ -135,6 +141,19 @@ module Google
 
               @operations_client = Operations.new do |config|
                 config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
+              @location_client = Google::Cloud::Location::Locations::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
+              @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
                 config.endpoint = @config.endpoint
               end
 
@@ -154,6 +173,20 @@ module Google
             #
             attr_reader :operations_client
 
+            ##
+            # Get the associated client for mix-in of the Locations.
+            #
+            # @return [Google::Cloud::Location::Locations::Client]
+            #
+            attr_reader :location_client
+
+            ##
+            # Get the associated client for mix-in of the IAMPolicy.
+            #
+            # @return [Google::Iam::V1::IAMPolicy::Client]
+            #
+            attr_reader :iam_policy_client
+
             # Service calls
 
             ##
@@ -562,8 +595,8 @@ module Google
             #   the default parameter values, pass an empty Hash as a request object (see above).
             #
             #   @param name [::String]
-            #     Required. A name of the AuthorizationPolicy to delete. Must be in the format
-            #     `projects/{project}/locations/{location}/authorizationPolicies/*`.
+            #     Required. A name of the AuthorizationPolicy to delete. Must be in the
+            #     format `projects/{project}/locations/{location}/authorizationPolicies/*`.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Gapic::Operation]
@@ -845,9 +878,10 @@ module Google
             #     Required. The parent resource of the ServerTlsPolicy. Must be in
             #     the format `projects/*/locations/{location}`.
             #   @param server_tls_policy_id [::String]
-            #     Required. Short name of the ServerTlsPolicy resource to be created. This value should
-            #     be 1-63 characters long, containing only letters, numbers, hyphens, and
-            #     underscores, and should not start with a number. E.g. "server_mtls_policy".
+            #     Required. Short name of the ServerTlsPolicy resource to be created. This
+            #     value should be 1-63 characters long, containing only letters, numbers,
+            #     hyphens, and underscores, and should not start with a number. E.g.
+            #     "server_mtls_policy".
             #   @param server_tls_policy [::Google::Cloud::NetworkSecurity::V1beta1::ServerTlsPolicy, ::Hash]
             #     Required. ServerTlsPolicy resource to be created.
             #
@@ -1325,9 +1359,10 @@ module Google
             #     Required. The parent resource of the ClientTlsPolicy. Must be in
             #     the format `projects/*/locations/{location}`.
             #   @param client_tls_policy_id [::String]
-            #     Required. Short name of the ClientTlsPolicy resource to be created. This value should
-            #     be 1-63 characters long, containing only letters, numbers, hyphens, and
-            #     underscores, and should not start with a number. E.g. "client_mtls_policy".
+            #     Required. Short name of the ClientTlsPolicy resource to be created. This
+            #     value should be 1-63 characters long, containing only letters, numbers,
+            #     hyphens, and underscores, and should not start with a number. E.g.
+            #     "client_mtls_policy".
             #   @param client_tls_policy [::Google::Cloud::NetworkSecurity::V1beta1::ClientTlsPolicy, ::Hash]
             #     Required. ClientTlsPolicy resource to be created.
             #

data/lib/google/cloud/network_security/v1beta1/network_security/operations.rb

@@ -95,6 +95,9 @@ module Google
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors
               )
+
+              # Used by an LRO wrapper for some methods of this service
+              @operations_client = self
             end
 
             # Service calls

data/lib/google/cloud/network_security/v1beta1/network_security.rb

@@ -32,6 +32,10 @@ module Google
     module NetworkSecurity
       module V1beta1
         ##
+        # Network Security API provides resources to configure authentication and
+        # authorization policies. Refer to per API resource documentation for more
+        # information.
+        #
         # To load this service and instantiate a client:
         #
         #     require "google/cloud/network_security/v1beta1/network_security"

data/lib/google/cloud/network_security/v1beta1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module NetworkSecurity
       module V1beta1
-        VERSION = "0.1.1"
+        VERSION = "0.3.0"
       end
     end
   end

data/lib/google/cloud/network_security/v1beta1.rb

@@ -25,6 +25,8 @@ module Google
       ##
       # To load this package, including all its services, and instantiate a client:
       #
+      # @example
+      #
       #     require "google/cloud/network_security/v1beta1"
       #     client = ::Google::Cloud::NetworkSecurity::V1beta1::NetworkSecurity::Client.new
       #

data/lib/google/cloud/networksecurity/v1beta1/authorization_policy_pb.rb

@@ -1,12 +1,12 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/networksecurity/v1beta1/authorization_policy.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/networksecurity/v1beta1/authorization_policy.proto", :syntax => :proto3) do

data/lib/google/cloud/networksecurity/v1beta1/client_tls_policy_pb.rb

@@ -1,13 +1,13 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/networksecurity/v1beta1/client_tls_policy.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/networksecurity/v1beta1/tls_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/networksecurity/v1beta1/client_tls_policy.proto", :syntax => :proto3) do

data/lib/google/cloud/networksecurity/v1beta1/common_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/networksecurity/v1beta1/common.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/networksecurity/v1beta1/common.proto", :syntax => :proto3) do

data/lib/google/cloud/networksecurity/v1beta1/network_security_pb.rb

@@ -1,13 +1,14 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/networksecurity/v1beta1/network_security.proto
 
+require 'google/protobuf'
+
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/cloud/networksecurity/v1beta1/authorization_policy_pb'
 require 'google/cloud/networksecurity/v1beta1/client_tls_policy_pb'
 require 'google/cloud/networksecurity/v1beta1/server_tls_policy_pb'
 require 'google/longrunning/operations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/networksecurity/v1beta1/network_security.proto", :syntax => :proto3) do

data/lib/google/cloud/networksecurity/v1beta1/network_security_services_pb.rb

@@ -24,6 +24,9 @@ module Google
     module NetworkSecurity
       module V1beta1
         module NetworkSecurity
+          # Network Security API provides resources to configure authentication and
+          # authorization policies. Refer to per API resource documentation for more
+          # information.
           class Service
 
             include ::GRPC::GenericService

data/lib/google/cloud/networksecurity/v1beta1/server_tls_policy_pb.rb

@@ -1,13 +1,13 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/networksecurity/v1beta1/server_tls_policy.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/networksecurity/v1beta1/tls_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/networksecurity/v1beta1/server_tls_policy.proto", :syntax => :proto3) do

data/lib/google/cloud/networksecurity/v1beta1/tls_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/networksecurity/v1beta1/tls.proto
 
-require 'google/api/field_behavior_pb'
-require 'google/api/annotations_pb'
 require 'google/protobuf'
 
+require 'google/api/field_behavior_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/cloud/networksecurity/v1beta1/tls.proto", :syntax => :proto3) do
     add_message "google.cloud.networksecurity.v1beta1.GrpcEndpoint" do

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/google/cloud/networksecurity/v1beta1/authorization_policy.rb

@@ -40,17 +40,19 @@ module Google
         #     Output only. The timestamp when the resource was updated.
         # @!attribute [rw] labels
         #   @return [::Google::Protobuf::Map{::String => ::String}]
-        #     Optional. Set of label tags associated with the AuthorizationPolicy resource.
+        #     Optional. Set of label tags associated with the AuthorizationPolicy
+        #     resource.
         # @!attribute [rw] action
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Action]
         #     Required. The action to take when a rule match is found. Possible values
         #     are "ALLOW" or "DENY".
         # @!attribute [rw] rules
         #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule>]
-        #     Optional. List of rules to match. Note that at least one of the rules must match in
-        #     order for the action specified in the 'action' field to be taken. A rule is
-        #     a match if there is a matching source and destination. If left blank, the
-        #     action specified in the `action` field will be applied on every request.
+        #     Optional. List of rules to match. Note that at least one of the rules must
+        #     match in order for the action specified in the 'action' field to be taken.
+        #     A rule is a match if there is a matching source and destination. If left
+        #     blank, the action specified in the `action` field will be applied on every
+        #     request.
         class AuthorizationPolicy
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -58,15 +60,15 @@ module Google
           # Specification of rules.
           # @!attribute [rw] sources
           #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Source>]
-          #     Optional. List of attributes for the traffic source. All of the sources must match.
-          #     A source is a match if both principals and ip_blocks match. If not set,
-          #     the action specified in the 'action' field will be applied without any
-          #     rule checks for the source.
+          #     Optional. List of attributes for the traffic source. All of the sources
+          #     must match. A source is a match if both principals and ip_blocks match.
+          #     If not set, the action specified in the 'action' field will be applied
+          #     without any rule checks for the source.
           # @!attribute [rw] destinations
           #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination>]
-          #     Optional. List of attributes for the traffic destination. All of the destinations
-          #     must match. A destination is a match if a request matches all the
-          #     specified hosts, ports, methods and headers. If not set, the
+          #     Optional. List of attributes for the traffic destination. All of the
+          #     destinations must match. A destination is a match if a request matches
+          #     all the specified hosts, ports, methods and headers. If not set, the
           #     action specified in the 'action' field will be applied without any rule
           #     checks for the destination.
           class Rule
@@ -76,15 +78,19 @@ module Google
             # Specification of traffic source attributes.
             # @!attribute [rw] principals
             #   @return [::Array<::String>]
-            #     Optional. List of peer identities to match for authorization. At least one
-            #     principal should match. Each peer can be an exact match, or a prefix
-            #     match (example, "namespace/*") or a suffix match (example, //
-            #     */service-account") or a presence match "*".
+            #     Optional. List of peer identities to match for authorization. At least
+            #     one principal should match. Each peer can be an exact match, or a
+            #     prefix match (example, "namespace/*") or a suffix match (example,
+            #     "*/service-account") or a presence match "*". Authorization based on
+            #     the principal name without certificate validation (configured by
+            #     ServerTlsPolicy resource) is considered insecure.
             # @!attribute [rw] ip_blocks
             #   @return [::Array<::String>]
-            #     Optional. List of CIDR ranges to match based on source IP address. At least one
-            #     IP block should match. Single IP (e.g., "1.2.3.4") and CIDR (e.g.,
-            #     "1.2.3.0/24") are supported.
+            #     Optional. List of CIDR ranges to match based on source IP address. At
+            #     least one IP block should match. Single IP (e.g., "1.2.3.4") and CIDR
+            #     (e.g., "1.2.3.0/24") are supported. Authorization based on source IP
+            #     alone should be avoided. The IP addresses of any load balancers or
+            #     proxies should be considered untrusted.
             class Source
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -93,13 +99,14 @@ module Google
             # Specification of traffic destination attributes.
             # @!attribute [rw] hosts
             #   @return [::Array<::String>]
-            #     Required. List of host names to match. Matched against HOST header in
-            #     http requests. At least one host should match. Each host can be an
-            #     exact match, or a prefix match (example "mydomain.*") or a suffix
-            #     match (example // *.myorg.com") or a presence(any) match "*".
+            #     Required. List of host names to match. Matched against the ":authority"
+            #     header in http requests. At least one host should match. Each host can
+            #     be an exact match, or a prefix match (example "mydomain.*") or a suffix
+            #     match (example "*.myorg.com") or a presence (any) match "*".
             # @!attribute [rw] ports
             #   @return [::Array<::Integer>]
-            #     Required. List of destination ports to match. At least one port should match.
+            #     Required. List of destination ports to match. At least one port should
+            #     match.
             # @!attribute [rw] methods
             #   @return [::Array<::String>]
             #     Optional. A list of HTTP methods to match. At least one method should
@@ -107,13 +114,15 @@ module Google
             # @!attribute [rw] http_header_match
             #   @return [::Google::Cloud::NetworkSecurity::V1beta1::AuthorizationPolicy::Rule::Destination::HttpHeaderMatch]
             #     Optional. Match against key:value pair in http header. Provides a
-            #     flexible match based on HTTP headers, for potentially
-            #     advanced use cases. At least one header should match.
+            #     flexible match based on HTTP headers, for potentially advanced use
+            #     cases. At least one header should match. Avoid using header matches to
+            #     make authorization decisions unless there is a strong guarantee that
+            #     requests arrive through a trusted client or proxy.
             class Destination
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
 
-              # Specification of HTTP header match atrributes.
+              # Specification of HTTP header match attributes.
               # @!attribute [rw] regex_match
               #   @return [::String]
               #     Required. The value of the header must match the regular expression
@@ -154,6 +163,8 @@ module Google
             ALLOW = 1
 
             # Deny access.
+            # Deny rules should be avoided unless they are used to provide a default
+            # "deny all" fallback.
             DENY = 2
           end
         end
@@ -240,8 +251,8 @@ module Google
         # Request used by the DeleteAuthorizationPolicy method.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. A name of the AuthorizationPolicy to delete. Must be in the format
-        #     `projects/{project}/locations/{location}/authorizationPolicies/*`.
+        #     Required. A name of the AuthorizationPolicy to delete. Must be in the
+        #     format `projects/{project}/locations/{location}/authorizationPolicies/*`.
         class DeleteAuthorizationPolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/networksecurity/v1beta1/client_tls_policy.rb

@@ -46,13 +46,14 @@ module Google
         #     handshake. E.g: "secure.example.com".
         # @!attribute [rw] client_certificate
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::CertificateProvider]
-        #     Optional. Defines a mechanism to provision client identity (public and private keys)
-        #     for peer to peer authentication. The presence of this dictates mTLS.
+        #     Optional. Defines a mechanism to provision client identity (public and
+        #     private keys) for peer to peer authentication. The presence of this
+        #     dictates mTLS.
         # @!attribute [rw] server_validation_ca
         #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::ValidationCA>]
-        #     Optional. Defines the mechanism to obtain the Certificate Authority certificate to
-        #     validate the server certificate. If empty, client does not validate the
-        #     server certificate.
+        #     Optional. Defines the mechanism to obtain the Certificate Authority
+        #     certificate to validate the server certificate. If empty, client does not
+        #     validate the server certificate.
         class ClientTlsPolicy
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -117,9 +118,10 @@ module Google
         #     the format `projects/*/locations/{location}`.
         # @!attribute [rw] client_tls_policy_id
         #   @return [::String]
-        #     Required. Short name of the ClientTlsPolicy resource to be created. This value should
-        #     be 1-63 characters long, containing only letters, numbers, hyphens, and
-        #     underscores, and should not start with a number. E.g. "client_mtls_policy".
+        #     Required. Short name of the ClientTlsPolicy resource to be created. This
+        #     value should be 1-63 characters long, containing only letters, numbers,
+        #     hyphens, and underscores, and should not start with a number. E.g.
+        #     "client_mtls_policy".
         # @!attribute [rw] client_tls_policy
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::ClientTlsPolicy]
         #     Required. ClientTlsPolicy resource to be created.

data/proto_docs/google/cloud/networksecurity/v1beta1/common.rb

@@ -41,8 +41,9 @@ module Google
         #   @return [::Boolean]
         #     Output only. Identifies whether the user has requested cancellation
         #     of the operation. Operations that have successfully been cancelled
-        #     have [Operation.error][] value with a {::Google::Rpc::Status#code google.rpc.Status.code} of 1,
-        #     corresponding to `Code.CANCELLED`.
+        #     have [Operation.error][] value with a
+        #     {::Google::Rpc::Status#code google.rpc.Status.code} of 1, corresponding to
+        #     `Code.CANCELLED`.
         # @!attribute [r] api_version
         #   @return [::String]
         #     Output only. API version used to start the operation.

data/proto_docs/google/cloud/networksecurity/v1beta1/server_tls_policy.rb

@@ -30,7 +30,7 @@ module Google
         #     `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`
         # @!attribute [rw] description
         #   @return [::String]
-        #     Optional. Free-text description of the resource.
+        #     Free-text description of the resource.
         # @!attribute [r] create_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Output only. The timestamp when the resource was created.
@@ -39,26 +39,30 @@ module Google
         #     Output only. The timestamp when the resource was updated.
         # @!attribute [rw] labels
         #   @return [::Google::Protobuf::Map{::String => ::String}]
-        #     Optional. Set of label tags associated with the resource.
+        #     Set of label tags associated with the resource.
         # @!attribute [rw] allow_open
         #   @return [::Boolean]
-        #     Optional. Determines if server allows plaintext connections. If set to true, server
+        #     Determines if server allows plaintext connections. If set to true, server
         #     allows plain text connections. By default, it is set to false. This setting
-        #     is not exclusive of other encryption modes. For example, if allow_open and
-        #     mtls_policy are set, server allows both plain text and mTLS connections.
-        #     See documentation of other encryption modes to confirm compatibility.
+        #     is not exclusive of other encryption modes. For example, if `allow_open`
+        #     and `mtls_policy` are set, server allows both plain text and mTLS
+        #     connections. See documentation of other encryption modes to confirm
+        #     compatibility.
+        #
+        #     Consider using it if you wish to upgrade in place your deployment to TLS
+        #     while having mixed TLS and non-TLS traffic reaching port :80.
         # @!attribute [rw] server_certificate
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::CertificateProvider]
-        #     Optional. Defines a mechanism to provision server identity (public and private keys).
-        #     Cannot be combined with allow_open as a permissive mode that allows both
+        #     Defines a mechanism to provision server identity (public and private keys).
+        #     Cannot be combined with `allow_open` as a permissive mode that allows both
         #     plain text and TLS is not supported.
         # @!attribute [rw] mtls_policy
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::ServerTlsPolicy::MTLSPolicy]
-        #     Optional. Defines a mechanism to provision peer validation certificates for peer to
+        #     Defines a mechanism to provision peer validation certificates for peer to
         #     peer authentication (Mutual TLS - mTLS). If not specified, client
         #     certificate will not be requested. The connection is treated as TLS and not
-        #     mTLS. If allow_open and mtls_policy are set, server allows both plain text
-        #     and mTLS connections.
+        #     mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain
+        #     text and mTLS connections.
         class ServerTlsPolicy
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -66,7 +70,7 @@ module Google
           # Specification of the MTLSPolicy.
           # @!attribute [rw] client_validation_ca
           #   @return [::Array<::Google::Cloud::NetworkSecurity::V1beta1::ValidationCA>]
-          #     Required. Defines the mechanism to obtain the Certificate Authority certificate to
+          #     Defines the mechanism to obtain the Certificate Authority certificate to
           #     validate the client certificate.
           class MTLSPolicy
             include ::Google::Protobuf::MessageExts
@@ -133,9 +137,10 @@ module Google
         #     the format `projects/*/locations/{location}`.
         # @!attribute [rw] server_tls_policy_id
         #   @return [::String]
-        #     Required. Short name of the ServerTlsPolicy resource to be created. This value should
-        #     be 1-63 characters long, containing only letters, numbers, hyphens, and
-        #     underscores, and should not start with a number. E.g. "server_mtls_policy".
+        #     Required. Short name of the ServerTlsPolicy resource to be created. This
+        #     value should be 1-63 characters long, containing only letters, numbers,
+        #     hyphens, and underscores, and should not start with a number. E.g.
+        #     "server_mtls_policy".
         # @!attribute [rw] server_tls_policy
         #   @return [::Google::Cloud::NetworkSecurity::V1beta1::ServerTlsPolicy]
         #     Required. ServerTlsPolicy resource to be created.

data/proto_docs/google/cloud/networksecurity/v1beta1/tls.rb

@@ -24,8 +24,8 @@ module Google
         # Specification of the GRPC Endpoint.
         # @!attribute [rw] target_uri
         #   @return [::String]
-        #     Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
-        #     should start with “unix:”.
+        #     Required. The target URI of the gRPC endpoint. Only UDS path is supported,
+        #     and should start with "unix:".
         class GrpcEndpoint
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -53,9 +53,9 @@ module Google
         # message to locate and load the CertificateProvider instance configuration.
         # @!attribute [rw] plugin_instance
         #   @return [::String]
-        #     Required. Plugin instance name, used to locate and load CertificateProvider instance
-        #     configuration. Set to "google_cloud_private_spiffe" to use Certificate
-        #     Authority Service certificate provider instance.
+        #     Required. Plugin instance name, used to locate and load CertificateProvider
+        #     instance configuration. Set to "google_cloud_private_spiffe" to use
+        #     Certificate Authority Service certificate provider instance.
         class CertificateProviderInstance
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/protobuf/any.rb

@@ -44,7 +44,7 @@ module Google
     #       foo = any.unpack(Foo.class);
     #     }
     #
-    #  Example 3: Pack and unpack a message in Python.
+    # Example 3: Pack and unpack a message in Python.
     #
     #     foo = Foo(...)
     #     any = Any()
@@ -54,7 +54,7 @@ module Google
     #       any.Unpack(foo)
     #       ...
     #
-    #  Example 4: Pack and unpack a message in Go
+    # Example 4: Pack and unpack a message in Go
     #
     #      foo := &pb.Foo{...}
     #      any, err := anypb.New(foo)
@@ -75,7 +75,7 @@ module Google
     #
     #
     # JSON
-    # ====
+    #
     # The JSON representation of an `Any` value uses the regular
     # representation of the deserialized, embedded message, with an
     # additional field `@type` which contains the type URL. Example:

data/proto_docs/google/protobuf/empty.rb

@@ -26,8 +26,6 @@ module Google
     #     service Foo {
     #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
     #     }
-    #
-    # The JSON representation for `Empty` is empty JSON object `{}`.
     class Empty
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/type/expr.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Type
+    # Represents a textual expression in the Common Expression Language (CEL)
+    # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+    # are documented at https://github.com/google/cel-spec.
+    #
+    # Example (Comparison):
+    #
+    #     title: "Summary size limit"
+    #     description: "Determines if a summary is less than 100 chars"
+    #     expression: "document.summary.size() < 100"
+    #
+    # Example (Equality):
+    #
+    #     title: "Requestor is owner"
+    #     description: "Determines if requestor is the document owner"
+    #     expression: "document.owner == request.auth.claims.email"
+    #
+    # Example (Logic):
+    #
+    #     title: "Public documents"
+    #     description: "Determine whether the document should be publicly visible"
+    #     expression: "document.type != 'private' && document.type != 'internal'"
+    #
+    # Example (Data Manipulation):
+    #
+    #     title: "Notification string"
+    #     description: "Create a notification string with a timestamp."
+    #     expression: "'New message received at ' + string(document.create_time)"
+    #
+    # The exact variables and functions that may be referenced within an expression
+    # are determined by the service that evaluates it. See the service
+    # documentation for additional information.
+    # @!attribute [rw] expression
+    #   @return [::String]
+    #     Textual representation of an expression in Common Expression Language
+    #     syntax.
+    # @!attribute [rw] title
+    #   @return [::String]
+    #     Optional. Title for the expression, i.e. a short string describing
+    #     its purpose. This can be used e.g. in UIs which allow to enter the
+    #     expression.
+    # @!attribute [rw] description
+    #   @return [::String]
+    #     Optional. Description of the expression. This is a longer text which
+    #     describes the expression, e.g. when hovered over it in a UI.
+    # @!attribute [rw] location
+    #   @return [::String]
+    #     Optional. String indicating the location of the expression for error
+    #     reporting, e.g. a file name and a position in the file.
+    class Expr
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-network_security-v1beta1
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-08 00:00:00.000000000 Z
+date: 2022-07-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.10'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.10'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -44,34 +44,74 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: google-cloud-location
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
+- !ruby/object:Gem::Dependency
+  name: google-iam-v1
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
 - !ruby/object:Gem::Dependency
   name: google-style
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.25.1
+        version: 1.26.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.25.1
+        version: 1.26.1
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.14'
+        version: '5.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.14'
+        version: '5.16'
 - !ruby/object:Gem::Dependency
   name: minitest-focus
   requirement: !ruby/object:Gem::Requirement
@@ -106,14 +146,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
@@ -199,6 +239,7 @@ files:
 - proto_docs/google/protobuf/field_mask.rb
 - proto_docs/google/protobuf/timestamp.rb
 - proto_docs/google/rpc/status.rb
+- proto_docs/google/type/expr.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
 licenses:
 - Apache-2.0
@@ -211,14 +252,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.14
 signing_key: 
 specification_version: 4
 summary: API Client library for the Network Security V1beta1 API