google-cloud-privileged_access_manager-v1 0.1.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5af72b67ce278f858409b499027af9be8eeee753196db1cdc218acfdf4aa5a6f
-  data.tar.gz: d6f449b023b816f464687d9b03d26b9e7ce5cb0de7ac8830af7d8bfdd8bb91e2
+  metadata.gz: a645feb4920bf9eb871e9d200984f10d028e828654422f2f04b99bb153b7e315
+  data.tar.gz: 5e4754af883ccd9586d32c1be8184e7997602a0cf5eaf31904c1e5534c74bafa
 SHA512:
-  metadata.gz: 7e8c911e5f22d342557815414f878295bd4b65ba7e4e662063531bdc2052a5a63b5cb4a6bddff6907f0ede96e05cee79a597fffd09231a96a559060d3e1e40f5
-  data.tar.gz: 24eef800756105ae0c93d91a5154650824ae7501b9d986adcd87ce16c0a1fe7791bf3d0eea71330bdf8b11d3cf29ac6718d8314e8ce986c4aabff276733d3888
+  metadata.gz: d3d892c1f067230d407bf231b78733cc84adc4e0a7fbddea7454a3a2718f22764e81098858edf04090e752ccf6a976075470c391baaa43d1f6b9509fe357800f
+  data.tar.gz: e9237958ededadee73311c30f4ba37aac4208ec66fdc7e8bb3f7b839e93e3f81acc5fa221589ceacbb674ec52083d71a9978f0636b6bfddf909329633ecaf40b

data/README.md

@@ -90,33 +90,43 @@ for class and method documentation.
 See also the [Product Documentation](https://cloud.google.com/iam/docs/pam-overview)
 for general usage information.
 
-## Enabling Logging
-
-To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
-The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
-or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
-that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
-and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
-
-Configuring a Ruby stdlib logger:
+## Debug Logging
+
+This library comes with opt-in Debug Logging that can help you troubleshoot
+your application's integration with the API. When logging is activated, key
+events such as requests and responses, along with data payloads and metadata
+such as headers and client configuration, are logged to the standard error
+stream.
+
+**WARNING:** Client Library Debug Logging includes your data payloads in
+plaintext, which could include sensitive data such as PII for yourself or your
+customers, private keys, or other security data that could be compromising if
+leaked. Always practice good data hygiene with your application logs, and follow
+the principle of least access. Google also recommends that Client Library Debug
+Logging be enabled only temporarily during active debugging, and not used
+permanently in production.
+
+To enable logging, set the environment variable `GOOGLE_SDK_RUBY_LOGGING_GEMS`
+to the value `all`. Alternatively, you can set the value to a comma-delimited
+list of client library gem names. This will select the default logging behavior,
+which writes logs to the standard error stream. On a local workstation, this may
+result in logs appearing on the console. When running on a Google Cloud hosting
+service such as [Google Cloud Run](https://cloud.google.com/run), this generally
+results in logs appearing alongside your application logs in the
+[Google Cloud Logging](https://cloud.google.com/logging/) service.
+
+You can customize logging by modifying the `logger` configuration when
+constructing a client object. For example:
 
 ```ruby
+require "google/cloud/privileged_access_manager/v1"
 require "logger"
 
-module MyLogger
-  LOGGER = Logger.new $stderr, level: Logger::WARN
-  def logger
-    LOGGER
-  end
-end
-
-# Define a gRPC module-level logger method before grpc/logconfig.rb loads.
-module GRPC
-  extend MyLogger
+client = ::Google::Cloud::PrivilegedAccessManager::V1::PrivilegedAccessManager::Client.new do |config|
+  config.logger = Logger.new "my-app.log"
 end
 ```
 
-
 ## Google Cloud Samples
 
 To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/client.rb

@@ -184,14 +184,26 @@ module Google
                 universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
-                channel_pool_config: @config.channel_pool
+                channel_pool_config: @config.channel_pool,
+                logger: @config.logger
               )
 
+              @privileged_access_manager_stub.stub_logger&.info do |entry|
+                entry.set_system_name
+                entry.set_service
+                entry.message = "Created client for #{entry.service}"
+                entry.set_credentials_fields credentials
+                entry.set "customEndpoint", @config.endpoint if @config.endpoint
+                entry.set "defaultTimeout", @config.timeout if @config.timeout
+                entry.set "quotaProject", @quota_project_id if @quota_project_id
+              end
+
               @location_client = Google::Cloud::Location::Locations::Client.new do |config|
                 config.credentials = credentials
                 config.quota_project = @quota_project_id
                 config.endpoint = @privileged_access_manager_stub.endpoint
                 config.universe_domain = @privileged_access_manager_stub.universe_domain
+                config.logger = @privileged_access_manager_stub.logger if config.respond_to? :logger=
               end
             end
 
@@ -209,10 +221,19 @@ module Google
             #
             attr_reader :location_client
 
+            ##
+            # The logger used for request/response debug logging.
+            #
+            # @return [Logger]
+            #
+            def logger
+              @privileged_access_manager_stub.logger
+            end
+
             # Service calls
 
             ##
-            # CheckOnboardingStatus reports the onboarding status for a
+            # `CheckOnboardingStatus` reports the onboarding status for a
             # project/folder/organization. Any findings reported by this API need to be
             # fixed before PAM can be used on the resource.
             #
@@ -298,7 +319,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :check_onboarding_status, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -398,7 +418,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :list_entitlements, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :list_entitlements, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -501,7 +521,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :search_entitlements, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :search_entitlements, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -587,7 +607,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :get_entitlement, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -641,7 +660,7 @@ module Google
             #     ID, the server can check if original operation with the same request ID
             #     was received, and if so, ignores the second request and returns the
             #     previous operation's response. This prevents clients from accidentally
-            #     creating duplicate commitments.
+            #     creating duplicate entitlements.
             #
             #     The request ID must be a valid UUID with the exception that zero UUID is
             #     not supported (00000000-0000-0000-0000-000000000000).
@@ -713,7 +732,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :create_entitlement, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -721,7 +740,7 @@ module Google
 
             ##
             # Deletes a single entitlement. This method can only be called when there
-            # are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the
+            # are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
             # entitlement.
             #
             # @overload delete_entitlement(request, options = nil)
@@ -750,8 +769,7 @@ module Google
             #     For example, consider a situation where you make an initial request and the
             #     request times out. If you make the request again with the same request
             #     ID, the server can check if original operation with the same request ID
-            #     was received, and if so, ignores the second request. This prevents
-            #     clients from accidentally creating duplicate commitments.
+            #     was received, and if so, ignores the second request.
             #
             #     The request ID must be a valid UUID with the exception that zero UUID is
             #     not supported (00000000-0000-0000-0000-000000000000).
@@ -827,7 +845,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :delete_entitlement, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -950,7 +968,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :update_entitlement, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1050,7 +1068,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :list_grants, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :list_grants, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1152,7 +1170,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :search_grants, request, options: options do |response, operation|
                 response = ::Gapic::PagedEnumerable.new @privileged_access_manager_stub, :search_grants, request, response, operation, options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1238,14 +1256,14 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :get_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
             end
 
             ##
-            # Creates a new grant in a given project and location.
+            # Creates a new grant in a given project/folder/organization and
+            # location.
             #
             # @overload create_grant(request, options = nil)
             #   Pass arguments to `create_grant` via a request object, either of type
@@ -1277,7 +1295,7 @@ module Google
             #     request times out. If you make the request again with the same request
             #     ID, the server can check if original operation with the same request ID
             #     was received, and if so, ignores the second request. This prevents
-            #     clients from accidentally creating duplicate commitments.
+            #     clients from accidentally creating duplicate grants.
             #
             #     The request ID must be a valid UUID with the exception that zero UUID is
             #     not supported (00000000-0000-0000-0000-000000000000).
@@ -1341,7 +1359,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :create_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1433,7 +1450,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :approve_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1525,7 +1541,6 @@ module Google
 
               @privileged_access_manager_stub.call_rpc :deny_grant, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1622,7 +1637,7 @@ module Google
               @privileged_access_manager_stub.call_rpc :revoke_grant, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -1711,6 +1726,11 @@ module Google
             #   default endpoint URL. The default value of nil uses the environment
             #   universe (usually the default "googleapis.com" universe).
             #   @return [::String,nil]
+            # @!attribute [rw] logger
+            #   A custom logger to use for request/response debug logging, or the value
+            #   `:default` (the default) to construct a default logger, or `nil` to
+            #   explicitly disable logging.
+            #   @return [::Logger,:default,nil]
             #
             class Configuration
               extend ::Gapic::Config
@@ -1735,6 +1755,7 @@ module Google
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
               config_attr :universe_domain, nil, ::String, nil
+              config_attr :logger, :default, ::Logger, nil, :default
 
               # @private
               def initialize parent_config = nil

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/operations.rb

@@ -124,14 +124,6 @@ module Google
             # Lists operations that match the specified filter in the request. If the
             # server doesn't support this method, it returns `UNIMPLEMENTED`.
             #
-            # NOTE: the `name` binding allows API services to override the binding
-            # to use different resource name schemes, such as `users/*/operations`. To
-            # override the binding, API services can add a binding such as
-            # `"/v1/{name=users/*}/operations"` to their service configuration.
-            # For backwards compatibility, the default name includes the operations
-            # collection id, however overriding users must ensure the name binding
-            # is the parent resource, without the operations collection id.
-            #
             # @overload list_operations(request, options = nil)
             #   Pass arguments to `list_operations` via a request object, either of type
             #   {::Google::Longrunning::ListOperationsRequest} or an equivalent Hash.
@@ -221,7 +213,7 @@ module Google
                 wrap_lro_operation = ->(op_response) { ::Gapic::Operation.new op_response, @operations_client }
                 response = ::Gapic::PagedEnumerable.new @operations_stub, :list_operations, request, response, operation, options, format_resource: wrap_lro_operation
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -317,7 +309,7 @@ module Google
               @operations_stub.call_rpc :get_operation, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -406,7 +398,6 @@ module Google
 
               @operations_stub.call_rpc :delete_operation, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -421,8 +412,9 @@ module Google
             # other methods to check whether the cancellation succeeded or whether the
             # operation completed despite cancellation. On successful cancellation,
             # the operation is not deleted; instead, it becomes an operation with
-            # an {::Google::Longrunning::Operation#error Operation.error} value with a {::Google::Rpc::Status#code google.rpc.Status.code} of 1,
-            # corresponding to `Code.CANCELLED`.
+            # an {::Google::Longrunning::Operation#error Operation.error} value with a
+            # {::Google::Rpc::Status#code google.rpc.Status.code} of `1`, corresponding to
+            # `Code.CANCELLED`.
             #
             # @overload cancel_operation(request, options = nil)
             #   Pass arguments to `cancel_operation` via a request object, either of type
@@ -501,7 +493,6 @@ module Google
 
               @operations_stub.call_rpc :cancel_operation, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -599,7 +590,7 @@ module Google
               @operations_stub.call_rpc :wait_operation, request, options: options do |response, operation|
                 response = ::Gapic::Operation.new response, @operations_client, options: options
                 yield response, operation if block_given?
-                return response
+                throw :response, response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -688,6 +679,11 @@ module Google
             #   default endpoint URL. The default value of nil uses the environment
             #   universe (usually the default "googleapis.com" universe).
             #   @return [::String,nil]
+            # @!attribute [rw] logger
+            #   A custom logger to use for request/response debug logging, or the value
+            #   `:default` (the default) to construct a default logger, or `nil` to
+            #   explicitly disable logging.
+            #   @return [::Logger,:default,nil]
             #
             class Configuration
               extend ::Gapic::Config
@@ -712,6 +708,7 @@ module Google
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
               config_attr :universe_domain, nil, ::String, nil
+              config_attr :logger, :default, ::Logger, nil, :default
 
               # @private
               def initialize parent_config = nil

data/lib/google/cloud/privileged_access_manager/v1/privileged_access_manager/rest/client.rb

@@ -177,15 +177,27 @@ module Google
                   endpoint: @config.endpoint,
                   endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
                   universe_domain: @config.universe_domain,
-                  credentials: credentials
+                  credentials: credentials,
+                  logger: @config.logger
                 )
 
+                @privileged_access_manager_stub.logger(stub: true)&.info do |entry|
+                  entry.set_system_name
+                  entry.set_service
+                  entry.message = "Created client for #{entry.service}"
+                  entry.set_credentials_fields credentials
+                  entry.set "customEndpoint", @config.endpoint if @config.endpoint
+                  entry.set "defaultTimeout", @config.timeout if @config.timeout
+                  entry.set "quotaProject", @quota_project_id if @quota_project_id
+                end
+
                 @location_client = Google::Cloud::Location::Locations::Rest::Client.new do |config|
                   config.credentials = credentials
                   config.quota_project = @quota_project_id
                   config.endpoint = @privileged_access_manager_stub.endpoint
                   config.universe_domain = @privileged_access_manager_stub.universe_domain
                   config.bindings_override = @config.bindings_override
+                  config.logger = @privileged_access_manager_stub.logger if config.respond_to? :logger=
                 end
               end
 
@@ -203,10 +215,19 @@ module Google
               #
               attr_reader :location_client
 
+              ##
+              # The logger used for request/response debug logging.
+              #
+              # @return [Logger]
+              #
+              def logger
+                @privileged_access_manager_stub.logger
+              end
+
               # Service calls
 
               ##
-              # CheckOnboardingStatus reports the onboarding status for a
+              # `CheckOnboardingStatus` reports the onboarding status for a
               # project/folder/organization. Any findings reported by this API need to be
               # fixed before PAM can be used on the resource.
               #
@@ -285,7 +306,6 @@ module Google
 
                 @privileged_access_manager_stub.check_onboarding_status request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -377,7 +397,6 @@ module Google
 
                 @privileged_access_manager_stub.list_entitlements request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -473,7 +492,7 @@ module Google
                 @privileged_access_manager_stub.search_entitlements request, options do |result, operation|
                   result = ::Gapic::Rest::PagedEnumerable.new @privileged_access_manager_stub, :search_entitlements, "entitlements", request, result, options
                   yield result, operation if block_given?
-                  return result
+                  throw :response, result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -552,7 +571,6 @@ module Google
 
                 @privileged_access_manager_stub.get_entitlement request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -606,7 +624,7 @@ module Google
               #     ID, the server can check if original operation with the same request ID
               #     was received, and if so, ignores the second request and returns the
               #     previous operation's response. This prevents clients from accidentally
-              #     creating duplicate commitments.
+              #     creating duplicate entitlements.
               #
               #     The request ID must be a valid UUID with the exception that zero UUID is
               #     not supported (00000000-0000-0000-0000-000000000000).
@@ -671,7 +689,7 @@ module Google
                 @privileged_access_manager_stub.create_entitlement request, options do |result, operation|
                   result = ::Gapic::Operation.new result, @operations_client, options: options
                   yield result, operation if block_given?
-                  return result
+                  throw :response, result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -679,7 +697,7 @@ module Google
 
               ##
               # Deletes a single entitlement. This method can only be called when there
-              # are no in-progress (ACTIVE/ACTIVATING/REVOKING) grants under the
+              # are no in-progress (`ACTIVE`/`ACTIVATING`/`REVOKING`) grants under the
               # entitlement.
               #
               # @overload delete_entitlement(request, options = nil)
@@ -708,8 +726,7 @@ module Google
               #     For example, consider a situation where you make an initial request and the
               #     request times out. If you make the request again with the same request
               #     ID, the server can check if original operation with the same request ID
-              #     was received, and if so, ignores the second request. This prevents
-              #     clients from accidentally creating duplicate commitments.
+              #     was received, and if so, ignores the second request.
               #
               #     The request ID must be a valid UUID with the exception that zero UUID is
               #     not supported (00000000-0000-0000-0000-000000000000).
@@ -778,7 +795,7 @@ module Google
                 @privileged_access_manager_stub.delete_entitlement request, options do |result, operation|
                   result = ::Gapic::Operation.new result, @operations_client, options: options
                   yield result, operation if block_given?
-                  return result
+                  throw :response, result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -894,7 +911,7 @@ module Google
                 @privileged_access_manager_stub.update_entitlement request, options do |result, operation|
                   result = ::Gapic::Operation.new result, @operations_client, options: options
                   yield result, operation if block_given?
-                  return result
+                  throw :response, result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -986,7 +1003,6 @@ module Google
 
                 @privileged_access_manager_stub.list_grants request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -1081,7 +1097,7 @@ module Google
                 @privileged_access_manager_stub.search_grants request, options do |result, operation|
                   result = ::Gapic::Rest::PagedEnumerable.new @privileged_access_manager_stub, :search_grants, "grants", request, result, options
                   yield result, operation if block_given?
-                  return result
+                  throw :response, result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -1160,14 +1176,14 @@ module Google
 
                 @privileged_access_manager_stub.get_grant request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
               end
 
               ##
-              # Creates a new grant in a given project and location.
+              # Creates a new grant in a given project/folder/organization and
+              # location.
               #
               # @overload create_grant(request, options = nil)
               #   Pass arguments to `create_grant` via a request object, either of type
@@ -1199,7 +1215,7 @@ module Google
               #     request times out. If you make the request again with the same request
               #     ID, the server can check if original operation with the same request ID
               #     was received, and if so, ignores the second request. This prevents
-              #     clients from accidentally creating duplicate commitments.
+              #     clients from accidentally creating duplicate grants.
               #
               #     The request ID must be a valid UUID with the exception that zero UUID is
               #     not supported (00000000-0000-0000-0000-000000000000).
@@ -1256,7 +1272,6 @@ module Google
 
                 @privileged_access_manager_stub.create_grant request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -1341,7 +1356,6 @@ module Google
 
                 @privileged_access_manager_stub.approve_grant request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -1426,7 +1440,6 @@ module Google
 
                 @privileged_access_manager_stub.deny_grant request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -1516,7 +1529,7 @@ module Google
                 @privileged_access_manager_stub.revoke_grant request, options do |result, operation|
                   result = ::Gapic::Operation.new result, @operations_client, options: options
                   yield result, operation if block_given?
-                  return result
+                  throw :response, result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -1596,6 +1609,11 @@ module Google
               #   default endpoint URL. The default value of nil uses the environment
               #   universe (usually the default "googleapis.com" universe).
               #   @return [::String,nil]
+              # @!attribute [rw] logger
+              #   A custom logger to use for request/response debug logging, or the value
+              #   `:default` (the default) to construct a default logger, or `nil` to
+              #   explicitly disable logging.
+              #   @return [::Logger,:default,nil]
               #
               class Configuration
                 extend ::Gapic::Config
@@ -1624,6 +1642,7 @@ module Google
                 # by the host service.
                 # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
                 config_attr :bindings_override, {}, ::Hash, nil
+                config_attr :logger, :default, ::Logger, nil, :default
 
                 # @private
                 def initialize parent_config = nil