google-cloud-privileged_access_manager-v1 0.1.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5af72b67ce278f858409b499027af9be8eeee753196db1cdc218acfdf4aa5a6f
-  data.tar.gz: d6f449b023b816f464687d9b03d26b9e7ce5cb0de7ac8830af7d8bfdd8bb91e2
+  metadata.gz: b6b4a7c9721c4ec29adc3d13b03ee1d6f74fca63a325ce7878b22ef952be72e3
+  data.tar.gz: f84277d39f036ab8b2dd3d21b03c507383f8ee4910c312e66591b892734d9f58
 SHA512:
-  metadata.gz: 7e8c911e5f22d342557815414f878295bd4b65ba7e4e662063531bdc2052a5a63b5cb4a6bddff6907f0ede96e05cee79a597fffd09231a96a559060d3e1e40f5
-  data.tar.gz: 24eef800756105ae0c93d91a5154650824ae7501b9d986adcd87ce16c0a1fe7791bf3d0eea71330bdf8b11d3cf29ac6718d8314e8ce986c4aabff276733d3888
+  metadata.gz: de9bdf2d05a956bb2d0950f497c5d08fe20425c9b3053c2088a7ba92e4854b8f50b69b7852b4707338749fa65f47e168e380f602c6ac5fc0f6dcce08b771ca65
+  data.tar.gz: 06ddd6e3c5585cb3867b818e66b003fde8a033c9b1bd3cf87d30290bb142d30791562228bd4a6174e1954c8d8b7ec6ca39dbfe19336be24fe41d9b4343decf99

data/README.md

@@ -90,40 +90,50 @@ for class and method documentation.
 See also the [Product Documentation](https://cloud.google.com/iam/docs/pam-overview)
 for general usage information.
 
-## Enabling Logging
-
-To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
-The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
-or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
-that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
-and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
-
-Configuring a Ruby stdlib logger:
+## Debug Logging
+
+This library comes with opt-in Debug Logging that can help you troubleshoot
+your application's integration with the API. When logging is activated, key
+events such as requests and responses, along with data payloads and metadata
+such as headers and client configuration, are logged to the standard error
+stream.
+
+**WARNING:** Client Library Debug Logging includes your data payloads in
+plaintext, which could include sensitive data such as PII for yourself or your
+customers, private keys, or other security data that could be compromising if
+leaked. Always practice good data hygiene with your application logs, and follow
+the principle of least access. Google also recommends that Client Library Debug
+Logging be enabled only temporarily during active debugging, and not used
+permanently in production.
+
+To enable logging, set the environment variable `GOOGLE_SDK_RUBY_LOGGING_GEMS`
+to the value `all`. Alternatively, you can set the value to a comma-delimited
+list of client library gem names. This will select the default logging behavior,
+which writes logs to the standard error stream. On a local workstation, this may
+result in logs appearing on the console. When running on a Google Cloud hosting
+service such as [Google Cloud Run](https://cloud.google.com/run), this generally
+results in logs appearing alongside your application logs in the
+[Google Cloud Logging](https://cloud.google.com/logging/) service.
+
+You can customize logging by modifying the `logger` configuration when
+constructing a client object. For example:
 
 ```ruby
+require "google/cloud/privileged_access_manager/v1"
 require "logger"
 
-module MyLogger
-  LOGGER = Logger.new $stderr, level: Logger::WARN
-  def logger
-    LOGGER
-  end
-end
-
-# Define a gRPC module-level logger method before grpc/logconfig.rb loads.
-module GRPC
-  extend MyLogger
+client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new do |config|
+  config.logger = Logger.new "my-app.log"
 end
 ```
 
-
 ## Google Cloud Samples
 
 To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
 
 ## Supported Ruby Versions
 
-This library is supported on Ruby 2.7+.
+This library is supported on Ruby 3.0+.
 
 Google provides official support for Ruby versions that are actively supported
 by Ruby Core—that is, Ruby versions that are either in normal maintenance or

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/client.rb

@@ -184,14 +184,26 @@ module Google
                 universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
-                channel_pool_config: @config.channel_pool
+                channel_pool_config: @config.channel_pool,
+                logger: @config.logger
               )
 
+              @privileged_access_manager_stub.stub_logger&.info do |entry|
+                entry.set_system_name
+                entry.set_service
+                entry.message = "Created client for #{entry.service}"
+                entry.set_credentials_fields credentials
+                entry.set "customEndpoint", @config.endpoint if @config.endpoint
+                entry.set "defaultTimeout", @config.timeout if @config.timeout
+                entry.set "quotaProject", @quota_project_id if @quota_project_id
+              end
+
               @location_client = Google::Cloud::Location::Locations::Client.new do |config|
                 config.credentials = credentials
                 config.quota_project = @quota_project_id
                 config.endpoint = @privileged_access_manager_stub.endpoint
                 config.universe_domain = @privileged_access_manager_stub.universe_domain
+                config.logger = @privileged_access_manager_stub.logger if config.respond_to? :logger=
               end
             end
 
@@ -209,10 +221,19 @@ module Google
             #
             attr_reader :location_client
 
+            ##
+            # The logger used for request/response debug logging.
+            #
+            # @return [Logger]
+            #
+            def logger
+              @privileged_access_manager_stub.logger
+            end
+
             # Service calls
 
             ##
-            # CheckOnboardingStatus reports the onboarding status for a
+            # `CheckOnboardingStatus` reports the onboarding status for a
             # project/folder/organization. Any findings reported by this API need to be
             # fixed before PAM can be used on the resource.
             #
@@ -298,7 +319,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :check_onboarding_status, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -398,7 +418,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :list_entitlements, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :list_entitlements, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -501,7 +521,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :search_entitlements, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :search_entitlements, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -587,7 +607,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :get_entitlement, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -641,7 +660,7 @@ module Google
             #     ID, the server can check if original operation with the same request ID
             #     was received, and if so, ignores the second request and returns the
             #     previous operation's response. This prevents clients from accidentally
-            #     creating duplicate commitments.
+            #     creating duplicate entitlements.
             #
             #     The request ID must be a valid UUID with the exception that zero UUID is
             #     not supported (00000000-0000-0000-0000-000000000000).
@@ -713,7 +732,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :create_entitlement, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -721,7 +740,7 @@ module Google
 
             ##
             # Deletes a single entitlement. This method can only be called when there
-            # are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the
+            # are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
             # entitlement.
             #
             # @overload delete_entitlement(request, options = nil)
@@ -750,8 +769,7 @@ module Google
             #     For example, consider a situation where you make an initial request and the
             #     request times out. If you make the request again with the same request
             #     ID, the server can check if original operation with the same request ID
-            #     was received, and if so, ignores the second request. This prevents
-            #     clients from accidentally creating duplicate commitments.
+            #     was received, and if so, ignores the second request.
             #
             #     The request ID must be a valid UUID with the exception that zero UUID is
             #     not supported (00000000-0000-0000-0000-000000000000).
@@ -827,7 +845,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :delete_entitlement, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -950,7 +968,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :update_entitlement, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1050,7 +1068,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :list_grants, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :list_grants, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1152,7 +1170,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :search_grants, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :search_grants, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1238,14 +1256,14 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :get_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
             end
 
             ##
-            # Creates a new grant in a given project and location.
+            # Creates a new grant in a given project/folder/organization and
+            # location.
             #
             # @overload create_grant(request, options = nil)
             #   Pass arguments to `create_grant` via a request object, either of type
@@ -1277,7 +1295,7 @@ module Google
             #     request times out. If you make the request again with the same request
             #     ID, the server can check if original operation with the same request ID
             #     was received, and if so, ignores the second request. This prevents
-            #     clients from accidentally creating duplicate commitments.
+            #     clients from accidentally creating duplicate grants.
             #
             #     The request ID must be a valid UUID with the exception that zero UUID is
             #     not supported (00000000-0000-0000-0000-000000000000).
@@ -1341,7 +1359,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :create_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1433,7 +1450,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :approve_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1525,7 +1541,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :deny_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1622,7 +1637,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :revoke_grant, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1672,6 +1687,13 @@ module Google
             #    *  (`GRPC::Core::Channel`) a gRPC channel with included credentials
             #    *  (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
             #    *  (`nil`) indicating no credentials
+            #
+            #   Warning: If you accept a credential configuration (JSON file or Hash) from an
+            #   external source for authentication to Google Cloud, you must validate it before
+            #   providing it to a Google API client library. Providing an unvalidated credential
+            #   configuration to Google APIs can compromise the security of your systems and data.
+            #   For more information, refer to [Validate credential configurations from external
+            #   sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
             #   @return [::Object]
             # @!attribute [rw] scope
             #   The OAuth scopes
@@ -1711,6 +1733,11 @@ module Google
             #   default endpoint URL. The default value of nil uses the environment
             #   universe (usually the default "googleapis.com" universe).
             #   @return [::String,nil]
+            # @!attribute [rw] logger
+            #   A custom logger to use for request/response debug logging, or the value
+            #   `:default` (the default) to construct a default logger, or `nil` to
+            #   explicitly disable logging.
+            #   @return [::Logger,:default,nil]
             #
             class Configuration
               extend ::Gapic::Config
@@ -1735,6 +1762,7 @@ module Google
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
               config_attr :universe_domain, nil, ::String, nil
+              config_attr :logger, :default, ::Logger, nil, :default
 
               # @private
               def initialize parent_config = nil

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/operations.rb

@@ -124,14 +124,6 @@ module Google
             # Lists operations that match the specified filter in the request. If the
             # server doesn't support this method, it returns `UNIMPLEMENTED`.
             #
-            # NOTE: the `name` binding allows API services to override the binding
-            # to use different resource name schemes, such as `users/*/operations`. To
-            # override the binding, API services can add a binding such as
-            # `"/v1/{name=users/*}/operations"` to their service configuration.
-            # For backwards compatibility, the default name includes the operations
-            # collection id, however overriding users must ensure the name binding
-            # is the parent resource, without the operations collection id.
-            #
             # @overload list_operations(request, options = nil)
             #   Pass arguments to `list_operations` via a request object, either of type
             #   {::Google::Longrunning::ListOperationsRequest} or an equivalent Hash.
@@ -221,7 +213,7 @@ module Google
                 wrap_lro_operation = ->(op_response) { ::Gapic::Operation.new op_response, @operations_client }
                 response = ::Gapic::PagedEnumerable.new @operations_stub, :list_operations, request, response, operation, options, format_resource: wrap_lro_operation
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -317,7 +309,7 @@ module Google
               @operations_stub.call_rpc :get_operation, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -406,7 +398,6 @@ module Google
 
               @operations_stub.call_rpc :delete_operation, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -421,8 +412,9 @@ module Google
             # other methods to check whether the cancellation succeeded or whether the
             # operation completed despite cancellation. On successful cancellation,
             # the operation is not deleted; instead, it becomes an operation with
-            # an {::Google::Longrunning::Operation#error Operation.error} value with a {::Google::Rpc::Status#code google.rpc.Status.code} of 1,
-            # corresponding to `Code.CANCELLED`.
+            # an {::Google::Longrunning::Operation#error Operation.error} value with a
+            # {::Google::Rpc::Status#code google.rpc.Status.code} of `1`, corresponding to
+            # `Code.CANCELLED`.
             #
             # @overload cancel_operation(request, options = nil)
             #   Pass arguments to `cancel_operation` via a request object, either of type
@@ -501,7 +493,6 @@ module Google
 
               @operations_stub.call_rpc :cancel_operation, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -599,7 +590,7 @@ module Google
               @operations_stub.call_rpc :wait_operation, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -649,6 +640,13 @@ module Google
             #    *  (`GRPC::Core::Channel`) a gRPC channel with included credentials
             #    *  (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
             #    *  (`nil`) indicating no credentials
+            #
+            #   Warning: If you accept a credential configuration (JSON file or Hash) from an
+            #   external source for authentication to Google Cloud, you must validate it before
+            #   providing it to a Google API client library. Providing an unvalidated credential
+            #   configuration to Google APIs can compromise the security of your systems and data.
+            #   For more information, refer to [Validate credential configurations from external
+            #   sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
             #   @return [::Object]
             # @!attribute [rw] scope
             #   The OAuth scopes
@@ -688,6 +686,11 @@ module Google
             #   default endpoint URL. The default value of nil uses the environment
             #   universe (usually the default "googleapis.com" universe).
             #   @return [::String,nil]
+            # @!attribute [rw] logger
+            #   A custom logger to use for request/response debug logging, or the value
+            #   `:default` (the default) to construct a default logger, or `nil` to
+            #   explicitly disable logging.
+            #   @return [::Logger,:default,nil]
             #
             class Configuration
               extend ::Gapic::Config
@@ -712,6 +715,7 @@ module Google
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
               config_attr :universe_domain, nil, ::String, nil
+              config_attr :logger, :default, ::Logger, nil, :default
 
               # @private
               def initialize parent_config = nil