google-cloud-pubsub-v1 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 443cecafdba18bff1520ec3c62b4348814d02de4b999da3aa68a55b9a08ef44a
-  data.tar.gz: d553ef3a8145fd6e15e091f6c6cf400de82f759561db6a7d5ab34f7da62a5ae6
+  metadata.gz: d98ae127654ffa655c567eadff7dfc28cc131e68ac7716d40f68704d8f061118
+  data.tar.gz: d8da26f605fb01815b937f5fdc56634492c51157db87670e41b50f281e8c0eb6
 SHA512:
-  metadata.gz: b5773a6ae2213a2bcafe136fc61a8f20cf7ec89a6bbfa3603e78d3b8031f3a0d938beff1aee7f821b28cff6dd23295125efd0c70663b96dbf56e5602fa369cd9
-  data.tar.gz: b91938f324c8dfd1b475446edc69d7281d51a867c135c75884229dc9f138f5783f6aaee5f2b2eeaeba0c927c9273d46c37b695b283c5a2a859ba9e22c9a3f31a
+  metadata.gz: f04d0ec694b3cebd2daaa541a0295aa212b8eaad7d939d7222219358e3acc69e44d6f5f2f11e1a717c45cce3d34fad165a11c86341ff8d46bdcaaef1a50194e5
+  data.tar.gz: 95d5cb21ecc54d183846406d5546508c6f496a65390c3461420cbf9b477c22a34c1f18bcd0134c6377e1feb9189d99c9ea756a6ba65f6571b7918faaeb298843

data/AUTHENTICATION.md

@@ -114,7 +114,7 @@ credentials are discovered.
 To configure your system for this, simply:
 
 1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth login`
+2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
 3. Write code as if already authenticated.
 
 **NOTE:** This is _not_ recommended for running in production. The Cloud SDK

data/lib/google/cloud/pubsub/v1/_helpers.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Legacy IAM Policy client.
+# No longer generated, but kept around for backward compatibility.
+require "google/cloud/pubsub/v1/iam_policy"

data/lib/google/cloud/pubsub/v1/iam_policy/client.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+# Originally auto-generated by gapic-generator-ruby.
 
 require "google/cloud/errors"
 require "google/iam/v1/iam_policy_pb"
@@ -25,56 +25,18 @@ module Google
       module V1
         module IAMPolicy
           ##
-          # Client for the IAMPolicy service.
+          # This module contains the legacy IAM Policy client.
           #
-          # API Overview
-          #
-          #
-          # Manages Identity and Access Management (IAM) policies.
-          #
-          # Any implementation of an API that offers access control features
-          # implements the google.iam.v1.IAMPolicy interface.
-          #
-          # ## Data model
-          #
-          # Access control is applied when a principal (user or service account), takes
-          # some action on a resource exposed by a service. Resources, identified by
-          # URI-like names, are the unit of access control specification. Service
-          # implementations can choose the granularity of access control and the
-          # supported permissions for their resources.
-          # For example one database service may allow access control to be
-          # specified only at the Table level, whereas another might allow access control
-          # to also be specified at the Column level.
-          #
-          # ## Policy Structure
-          #
-          # See google.iam.v1.Policy
-          #
-          # This is intentionally not a CRUD style API because access control policies
-          # are created and deleted implicitly with the resources to which they are
-          # attached.
+          # @deprecated Call `iam_policy_client` on any of the other client
+          #     objects to get a client for IAM policies instead of using this
+          #     legacy class.
           #
           class Client
             # @private
             attr_reader :iam_policy_stub
 
             ##
-            # Configure the IAMPolicy Client class.
-            #
-            # See {::Google::Cloud::PubSub::V1::IAMPolicy::Client::Configuration}
-            # for a description of the configuration fields.
-            #
-            # @example
-            #
-            #   # Modify the configuration for all IAMPolicy clients
-            #   ::Google::Cloud::PubSub::V1::IAMPolicy::Client.configure do |config|
-            #     config.timeout = 10.0
-            #   end
-            #
-            # @yield [config] Configure the Client client.
-            # @yieldparam config [Client::Configuration]
-            #
-            # @return [Client::Configuration]
+            # @deprecated
             #
             def self.configure
               @configure ||= begin
@@ -94,19 +56,7 @@ module Google
             end
 
             ##
-            # Configure the IAMPolicy Client instance.
-            #
-            # The configuration is set to the derived mode, meaning that values can be changed,
-            # but structural changes (adding new fields, etc.) are not allowed. Structural changes
-            # should be made on {Client.configure}.
-            #
-            # See {::Google::Cloud::PubSub::V1::IAMPolicy::Client::Configuration}
-            # for a description of the configuration fields.
-            #
-            # @yield [config] Configure the Client client.
-            # @yieldparam config [Client::Configuration]
-            #
-            # @return [Client::Configuration]
+            # @deprecated
             #
             def configure
               yield @config if block_given?
@@ -114,20 +64,7 @@ module Google
             end
 
             ##
-            # Create a new IAMPolicy client object.
-            #
-            # @example
-            #
-            #   # Create a client using the default configuration
-            #   client = ::Google::Cloud::PubSub::V1::IAMPolicy::Client.new
-            #
-            #   # Create a client using a custom configuration
-            #   client = ::Google::Cloud::PubSub::V1::IAMPolicy::Client.new do |config|
-            #     config.timeout = 10.0
-            #   end
-            #
-            # @yield [config] Configure the IAMPolicy client.
-            # @yieldparam config [Client::Configuration]
+            # @deprecated
             #
             def initialize
               # These require statements are intentionally placed here to initialize
@@ -165,66 +102,8 @@ module Google
               )
             end
 
-            # Service calls
-
             ##
-            # Sets the access control policy on the specified resource. Replaces any
-            # existing policy.
-            #
-            # Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
-            #
-            # @overload set_iam_policy(request, options = nil)
-            #   Pass arguments to `set_iam_policy` via a request object, either of type
-            #   {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
-            #     A request object representing the call parameters. Required. To specify no
-            #     parameters, or to keep all the default parameter values, pass an empty Hash.
-            #   @param options [::Gapic::CallOptions, ::Hash]
-            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
-            #
-            # @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
-            #   Pass arguments to `set_iam_policy` via keyword arguments. Note that at
-            #   least one keyword argument is required. To specify no parameters, or to keep all
-            #   the default parameter values, pass an empty Hash as a request object (see above).
-            #
-            #   @param resource [::String]
-            #     REQUIRED: The resource for which the policy is being specified.
-            #     See the operation documentation for the appropriate value for this field.
-            #   @param policy [::Google::Iam::V1::Policy, ::Hash]
-            #     REQUIRED: The complete policy to be applied to the `resource`. The size of
-            #     the policy is limited to a few 10s of KB. An empty policy is a
-            #     valid policy but certain Cloud Platform services (such as Projects)
-            #     might reject them.
-            #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
-            #     OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
-            #     the fields in the mask will be modified. If no mask is provided, the
-            #     following default mask is used:
-            #
-            #     `paths: "bindings, etag"`
-            #
-            # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Iam::V1::Policy]
-            # @yieldparam operation [::GRPC::ActiveCall::Operation]
-            #
-            # @return [::Google::Iam::V1::Policy]
-            #
-            # @raise [::Google::Cloud::Error] if the RPC is aborted.
-            #
-            # @example Basic example
-            #   require "google/iam/v1"
-            #
-            #   # Create a client object. The client can be reused for multiple calls.
-            #   client = Google::Cloud::PubSub::V1::IAMPolicy::Client.new
-            #
-            #   # Create a request. To set request fields, pass in keyword arguments.
-            #   request = Google::Iam::V1::SetIamPolicyRequest.new
-            #
-            #   # Call the set_iam_policy method.
-            #   result = client.set_iam_policy request
-            #
-            #   # The returned object is of type Google::Iam::V1::Policy.
-            #   p result
+            # @deprecated
             #
             def set_iam_policy request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
@@ -268,54 +147,7 @@ module Google
             end
 
             ##
-            # Gets the access control policy for a resource.
-            # Returns an empty policy if the resource exists and does not have a policy
-            # set.
-            #
-            # @overload get_iam_policy(request, options = nil)
-            #   Pass arguments to `get_iam_policy` via a request object, either of type
-            #   {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
-            #     A request object representing the call parameters. Required. To specify no
-            #     parameters, or to keep all the default parameter values, pass an empty Hash.
-            #   @param options [::Gapic::CallOptions, ::Hash]
-            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
-            #
-            # @overload get_iam_policy(resource: nil, options: nil)
-            #   Pass arguments to `get_iam_policy` via keyword arguments. Note that at
-            #   least one keyword argument is required. To specify no parameters, or to keep all
-            #   the default parameter values, pass an empty Hash as a request object (see above).
-            #
-            #   @param resource [::String]
-            #     REQUIRED: The resource for which the policy is being requested.
-            #     See the operation documentation for the appropriate value for this field.
-            #   @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
-            #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
-            #     `GetIamPolicy`.
-            #
-            # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Iam::V1::Policy]
-            # @yieldparam operation [::GRPC::ActiveCall::Operation]
-            #
-            # @return [::Google::Iam::V1::Policy]
-            #
-            # @raise [::Google::Cloud::Error] if the RPC is aborted.
-            #
-            # @example Basic example
-            #   require "google/iam/v1"
-            #
-            #   # Create a client object. The client can be reused for multiple calls.
-            #   client = Google::Cloud::PubSub::V1::IAMPolicy::Client.new
-            #
-            #   # Create a request. To set request fields, pass in keyword arguments.
-            #   request = Google::Iam::V1::GetIamPolicyRequest.new
-            #
-            #   # Call the get_iam_policy method.
-            #   result = client.get_iam_policy request
-            #
-            #   # The returned object is of type Google::Iam::V1::Policy.
-            #   p result
+            # @deprecated
             #
             def get_iam_policy request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
@@ -359,60 +191,7 @@ module Google
             end
 
             ##
-            # Returns permissions that a caller has on the specified resource.
-            # If the resource does not exist, this will return an empty set of
-            # permissions, not a `NOT_FOUND` error.
-            #
-            # Note: This operation is designed to be used for building permission-aware
-            # UIs and command-line tools, not for authorization checking. This operation
-            # may "fail open" without warning.
-            #
-            # @overload test_iam_permissions(request, options = nil)
-            #   Pass arguments to `test_iam_permissions` via a request object, either of type
-            #   {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
-            #
-            #   @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
-            #     A request object representing the call parameters. Required. To specify no
-            #     parameters, or to keep all the default parameter values, pass an empty Hash.
-            #   @param options [::Gapic::CallOptions, ::Hash]
-            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
-            #
-            # @overload test_iam_permissions(resource: nil, permissions: nil)
-            #   Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
-            #   least one keyword argument is required. To specify no parameters, or to keep all
-            #   the default parameter values, pass an empty Hash as a request object (see above).
-            #
-            #   @param resource [::String]
-            #     REQUIRED: The resource for which the policy detail is being requested.
-            #     See the operation documentation for the appropriate value for this field.
-            #   @param permissions [::Array<::String>]
-            #     The set of permissions to check for the `resource`. Permissions with
-            #     wildcards (such as '*' or 'storage.*') are not allowed. For more
-            #     information see
-            #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
-            #
-            # @yield [response, operation] Access the result along with the RPC operation
-            # @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
-            # @yieldparam operation [::GRPC::ActiveCall::Operation]
-            #
-            # @return [::Google::Iam::V1::TestIamPermissionsResponse]
-            #
-            # @raise [::Google::Cloud::Error] if the RPC is aborted.
-            #
-            # @example Basic example
-            #   require "google/iam/v1"
-            #
-            #   # Create a client object. The client can be reused for multiple calls.
-            #   client = Google::Cloud::PubSub::V1::IAMPolicy::Client.new
-            #
-            #   # Create a request. To set request fields, pass in keyword arguments.
-            #   request = Google::Iam::V1::TestIamPermissionsRequest.new
-            #
-            #   # Call the test_iam_permissions method.
-            #   result = client.test_iam_permissions request
-            #
-            #   # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
-            #   p result
+            # @deprecated
             #
             def test_iam_permissions request, options = nil
               raise ::ArgumentError, "request must be provided" if request.nil?
@@ -456,83 +235,9 @@ module Google
             end
 
             ##
-            # Configuration class for the IAMPolicy API.
-            #
-            # This class represents the configuration for IAMPolicy,
-            # providing control over timeouts, retry behavior, logging, transport
-            # parameters, and other low-level controls. Certain parameters can also be
-            # applied individually to specific RPCs. See
-            # {::Google::Cloud::PubSub::V1::IAMPolicy::Client::Configuration::Rpcs}
-            # for a list of RPCs that can be configured independently.
-            #
-            # Configuration can be applied globally to all clients, or to a single client
-            # on construction.
-            #
-            # @example
-            #
-            #   # Modify the global config, setting the timeout for
-            #   # set_iam_policy to 20 seconds,
-            #   # and all remaining timeouts to 10 seconds.
-            #   ::Google::Cloud::PubSub::V1::IAMPolicy::Client.configure do |config|
-            #     config.timeout = 10.0
-            #     config.rpcs.set_iam_policy.timeout = 20.0
-            #   end
-            #
-            #   # Apply the above configuration only to a new client.
-            #   client = ::Google::Cloud::PubSub::V1::IAMPolicy::Client.new do |config|
-            #     config.timeout = 10.0
-            #     config.rpcs.set_iam_policy.timeout = 20.0
-            #   end
-            #
-            # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"pubsub.googleapis.com"`.
-            #   @return [::String]
-            # @!attribute [rw] credentials
-            #   Credentials to send with calls. You may provide any of the following types:
-            #    *  (`String`) The path to a service account key file in JSON format
-            #    *  (`Hash`) A service account key as a Hash
-            #    *  (`Google::Auth::Credentials`) A googleauth credentials object
-            #       (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
-            #    *  (`Signet::OAuth2::Client`) A signet oauth2 client object
-            #       (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
-            #    *  (`GRPC::Core::Channel`) a gRPC channel with included credentials
-            #    *  (`GRPC::Core::ChannelCredentials`) a gRPC credentails object
-            #    *  (`nil`) indicating no credentials
-            #   @return [::Object]
-            # @!attribute [rw] scope
-            #   The OAuth scopes
-            #   @return [::Array<::String>]
-            # @!attribute [rw] lib_name
-            #   The library name as recorded in instrumentation and logging
-            #   @return [::String]
-            # @!attribute [rw] lib_version
-            #   The library version as recorded in instrumentation and logging
-            #   @return [::String]
-            # @!attribute [rw] channel_args
-            #   Extra parameters passed to the gRPC channel. Note: this is ignored if a
-            #   `GRPC::Core::Channel` object is provided as the credential.
-            #   @return [::Hash]
-            # @!attribute [rw] interceptors
-            #   An array of interceptors that are run before calls are executed.
-            #   @return [::Array<::GRPC::ClientInterceptor>]
-            # @!attribute [rw] timeout
-            #   The call timeout in seconds.
-            #   @return [::Numeric]
-            # @!attribute [rw] metadata
-            #   Additional gRPC headers to be sent with the call.
-            #   @return [::Hash{::Symbol=>::String}]
-            # @!attribute [rw] retry_policy
-            #   The retry policy. The value is a hash with the following keys:
-            #    *  `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
-            #    *  `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
-            #    *  `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
-            #    *  `:retry_codes` (*type:* `Array<String>`) - The error codes that should
-            #       trigger a retry.
-            #   @return [::Hash]
-            # @!attribute [rw] quota_project
-            #   A separate project against which to charge quota.
-            #   @return [::String]
+            # @deprecated Call `iam_policy_client` on any of the other client
+            #     objects to get a client for IAM policies instead of using this
+            #     legacy class.
             #
             class Configuration
               extend ::Gapic::Config
@@ -561,8 +266,7 @@ module Google
               end
 
               ##
-              # Configurations for individual RPCs
-              # @return [Rpcs]
+              # @deprecated
               #
               def rpcs
                 @rpcs ||= begin
@@ -573,36 +277,21 @@ module Google
               end
 
               ##
-              # Configuration RPC class for the IAMPolicy API.
-              #
-              # Includes fields providing the configuration for each RPC in this service.
-              # Each configuration object is of type `Gapic::Config::Method` and includes
-              # the following configuration fields:
-              #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
-              #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
-              #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
-              #     include the following keys:
-              #      *  `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
-              #      *  `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
-              #      *  `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
-              #      *  `:retry_codes` (*type:* `Array<String>`) - The error codes that should
-              #         trigger a retry.
+              # @deprecated Call `iam_policy_client` on any of the other client
+              #     objects to get a client for IAM policies instead of using this
+              #     legacy class.
               #
               class Rpcs
                 ##
-                # RPC-specific configuration for `set_iam_policy`
-                # @return [::Gapic::Config::Method]
+                # @deprecated
                 #
                 attr_reader :set_iam_policy
                 ##
-                # RPC-specific configuration for `get_iam_policy`
-                # @return [::Gapic::Config::Method]
+                # @deprecated
                 #
                 attr_reader :get_iam_policy
                 ##
-                # RPC-specific configuration for `test_iam_permissions`
-                # @return [::Gapic::Config::Method]
+                # @deprecated
                 #
                 attr_reader :test_iam_permissions
 

data/lib/google/cloud/pubsub/v1/iam_policy/credentials.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+# Originally auto-generated by gapic-generator-ruby.
 
 require "googleauth"
 
@@ -23,7 +23,11 @@ module Google
     module PubSub
       module V1
         module IAMPolicy
-          # Credentials for the IAMPolicy API.
+          ##
+          # @deprecated Call `iam_policy_client` on any of the other client
+          #     objects to get a client for IAM policies instead of using this
+          #     legacy class.
+          #
           class Credentials < ::Google::Auth::Credentials
             self.scope = [
               "https://www.googleapis.com/auth/cloud-platform",

data/lib/google/cloud/pubsub/v1/iam_policy.rb

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+# Originally auto-generated by gapic-generator-ruby.
 
 require "gapic/common"
 require "gapic/config"
@@ -30,37 +30,11 @@ module Google
     module PubSub
       module V1
         ##
-        # API Overview
+        # This module contains the legacy IAM Policy client.
         #
-        #
-        # Manages Identity and Access Management (IAM) policies.
-        #
-        # Any implementation of an API that offers access control features
-        # implements the google.iam.v1.IAMPolicy interface.
-        #
-        # ## Data model
-        #
-        # Access control is applied when a principal (user or service account), takes
-        # some action on a resource exposed by a service. Resources, identified by
-        # URI-like names, are the unit of access control specification. Service
-        # implementations can choose the granularity of access control and the
-        # supported permissions for their resources.
-        # For example one database service may allow access control to be
-        # specified only at the Table level, whereas another might allow access control
-        # to also be specified at the Column level.
-        #
-        # ## Policy Structure
-        #
-        # See google.iam.v1.Policy
-        #
-        # This is intentionally not a CRUD style API because access control policies
-        # are created and deleted implicitly with the resources to which they are
-        # attached.
-        #
-        # To load this service and instantiate a client:
-        #
-        #     require "google/cloud/pubsub/v1/iam_policy"
-        #     client = ::Google::Cloud::PubSub::V1::IAMPolicy::Client.new
+        # @deprecated Call `iam_policy_client` on any of the other client
+        #     objects to get a client for IAM policies instead of using this
+        #     legacy class.
         #
         module IAMPolicy
         end

data/lib/google/cloud/pubsub/v1/publisher/client.rb

@@ -18,6 +18,7 @@
 
 require "google/cloud/errors"
 require "google/pubsub/v1/pubsub_pb"
+require "google/iam/v1"
 
 module Google
   module Cloud
@@ -179,6 +180,12 @@ module Google
               @quota_project_id = @config.quota_project
               @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
+              @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
               @publisher_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::PubSub::V1::Publisher::Stub,
                 credentials:  credentials,
@@ -188,6 +195,13 @@ module Google
               )
             end
 
+            ##
+            # Get the associated client for mix-in of the IAMPolicy.
+            #
+            # @return [Google::Iam::V1::IAMPolicy::Client]
+            #
+            attr_reader :iam_policy_client
+
             # Service calls
 
             ##

data/lib/google/cloud/pubsub/v1/schema_service/client.rb

@@ -18,6 +18,7 @@
 
 require "google/cloud/errors"
 require "google/pubsub/v1/schema_pb"
+require "google/iam/v1"
 
 module Google
   module Cloud
@@ -133,6 +134,12 @@ module Google
               @quota_project_id = @config.quota_project
               @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
+              @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
               @schema_service_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::PubSub::V1::SchemaService::Stub,
                 credentials:  credentials,
@@ -142,6 +149,13 @@ module Google
               )
             end
 
+            ##
+            # Get the associated client for mix-in of the IAMPolicy.
+            #
+            # @return [Google::Iam::V1::IAMPolicy::Client]
+            #
+            attr_reader :iam_policy_client
+
             # Service calls
 
             ##

data/lib/google/cloud/pubsub/v1/subscriber/client.rb

@@ -18,6 +18,7 @@
 
 require "google/cloud/errors"
 require "google/pubsub/v1/pubsub_pb"
+require "google/iam/v1"
 
 module Google
   module Cloud
@@ -215,6 +216,12 @@ module Google
               @quota_project_id = @config.quota_project
               @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
 
+              @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
+                config.credentials = credentials
+                config.quota_project = @quota_project_id
+                config.endpoint = @config.endpoint
+              end
+
               @subscriber_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::PubSub::V1::Subscriber::Stub,
                 credentials:  credentials,
@@ -224,6 +231,13 @@ module Google
               )
             end
 
+            ##
+            # Get the associated client for mix-in of the IAMPolicy.
+            #
+            # @return [Google::Iam::V1::IAMPolicy::Client]
+            #
+            attr_reader :iam_policy_client
+
             # Service calls
 
             ##

data/lib/google/cloud/pubsub/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module PubSub
       module V1
-        VERSION = "0.11.0"
+        VERSION = "0.12.0"
       end
     end
   end

data/lib/google/cloud/pubsub/v1.rb

@@ -19,7 +19,6 @@
 require "google/cloud/pubsub/v1/schema_service"
 require "google/cloud/pubsub/v1/publisher"
 require "google/cloud/pubsub/v1/subscriber"
-require "google/cloud/pubsub/v1/iam_policy"
 require "google/cloud/pubsub/v1/version"
 
 module Google

data/proto_docs/google/protobuf/empty.rb

@@ -26,8 +26,6 @@ module Google
     #     service Foo {
     #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
     #     }
-    #
-    # The JSON representation for `Empty` is empty JSON object `{}`.
     class Empty
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-pubsub-v1
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-07 00:00:00.000000000 Z
+date: 2022-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.12'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.12'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -45,19 +45,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: grpc-google-iam-v1
+  name: google-iam-v1
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
 - !ruby/object:Gem::Dependency
   name: google-style
   requirement: !ruby/object:Gem::Requirement
@@ -185,6 +191,7 @@ files:
 - README.md
 - lib/google-cloud-pubsub-v1.rb
 - lib/google/cloud/pubsub/v1.rb
+- lib/google/cloud/pubsub/v1/_helpers.rb
 - lib/google/cloud/pubsub/v1/iam_policy.rb
 - lib/google/cloud/pubsub/v1/iam_policy/client.rb
 - lib/google/cloud/pubsub/v1/iam_policy/credentials.rb
@@ -210,9 +217,6 @@ files:
 - proto_docs/README.md
 - proto_docs/google/api/field_behavior.rb
 - proto_docs/google/api/resource.rb
-- proto_docs/google/iam/v1/iam_policy.rb
-- proto_docs/google/iam/v1/options.rb
-- proto_docs/google/iam/v1/policy.rb
 - proto_docs/google/protobuf/duration.rb
 - proto_docs/google/protobuf/empty.rb
 - proto_docs/google/protobuf/field_mask.rb

data/proto_docs/google/iam/v1/iam_policy.rb

@@ -1,87 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-
-
-module Google
-  module Iam
-    module V1
-      # Request message for `SetIamPolicy` method.
-      # @!attribute [rw] resource
-      #   @return [::String]
-      #     REQUIRED: The resource for which the policy is being specified.
-      #     See the operation documentation for the appropriate value for this field.
-      # @!attribute [rw] policy
-      #   @return [::Google::Iam::V1::Policy]
-      #     REQUIRED: The complete policy to be applied to the `resource`. The size of
-      #     the policy is limited to a few 10s of KB. An empty policy is a
-      #     valid policy but certain Cloud Platform services (such as Projects)
-      #     might reject them.
-      # @!attribute [rw] update_mask
-      #   @return [::Google::Protobuf::FieldMask]
-      #     OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
-      #     the fields in the mask will be modified. If no mask is provided, the
-      #     following default mask is used:
-      #
-      #     `paths: "bindings, etag"`
-      class SetIamPolicyRequest
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # Request message for `GetIamPolicy` method.
-      # @!attribute [rw] resource
-      #   @return [::String]
-      #     REQUIRED: The resource for which the policy is being requested.
-      #     See the operation documentation for the appropriate value for this field.
-      # @!attribute [rw] options
-      #   @return [::Google::Iam::V1::GetPolicyOptions]
-      #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
-      #     `GetIamPolicy`.
-      class GetIamPolicyRequest
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # Request message for `TestIamPermissions` method.
-      # @!attribute [rw] resource
-      #   @return [::String]
-      #     REQUIRED: The resource for which the policy detail is being requested.
-      #     See the operation documentation for the appropriate value for this field.
-      # @!attribute [rw] permissions
-      #   @return [::Array<::String>]
-      #     The set of permissions to check for the `resource`. Permissions with
-      #     wildcards (such as '*' or 'storage.*') are not allowed. For more
-      #     information see
-      #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
-      class TestIamPermissionsRequest
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # Response message for `TestIamPermissions` method.
-      # @!attribute [rw] permissions
-      #   @return [::Array<::String>]
-      #     A subset of `TestPermissionsRequest.permissions` that the caller is
-      #     allowed.
-      class TestIamPermissionsResponse
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-    end
-  end
-end

data/proto_docs/google/iam/v1/options.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-
-
-module Google
-  module Iam
-    module V1
-      # Encapsulates settings provided to GetIamPolicy.
-      # @!attribute [rw] requested_policy_version
-      #   @return [::Integer]
-      #     Optional. The maximum policy version that will be used to format the
-      #     policy.
-      #
-      #     Valid values are 0, 1, and 3. Requests specifying an invalid value will be
-      #     rejected.
-      #
-      #     Requests for policies with any conditional role bindings must specify
-      #     version 3. Policies with no conditional role bindings may specify any valid
-      #     value or leave the field unset.
-      #
-      #     The policy in the response might use the policy version that you specified,
-      #     or it might use a lower policy version. For example, if you specify version
-      #     3, but the policy has no conditional role bindings, the response uses
-      #     version 1.
-      #
-      #     To learn which resources support conditions in their IAM policies, see the
-      #     [IAM
-      #     documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-      class GetPolicyOptions
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-    end
-  end
-end

data/proto_docs/google/iam/v1/policy.rb

@@ -1,418 +0,0 @@
-# frozen_string_literal: true
-
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
-
-
-module Google
-  module Iam
-    module V1
-      # An Identity and Access Management (IAM) policy, which specifies access
-      # controls for Google Cloud resources.
-      #
-      #
-      # A `Policy` is a collection of `bindings`. A `binding` binds one or more
-      # `members`, or principals, to a single `role`. Principals can be user
-      # accounts, service accounts, Google groups, and domains (such as G Suite). A
-      # `role` is a named list of permissions; each `role` can be an IAM predefined
-      # role or a user-created custom role.
-      #
-      # For some types of Google Cloud resources, a `binding` can also specify a
-      # `condition`, which is a logical expression that allows access to a resource
-      # only if the expression evaluates to `true`. A condition can add constraints
-      # based on attributes of the request, the resource, or both. To learn which
-      # resources support conditions in their IAM policies, see the
-      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-      #
-      # **JSON example:**
-      #
-      #     {
-      #       "bindings": [
-      #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
-      #           ]
-      #         },
-      #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": [
-      #             "user:eve@example.com"
-      #           ],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
-      #           }
-      #         }
-      #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
-      #     }
-      #
-      # **YAML example:**
-      #
-      #     bindings:
-      #     - members:
-      #       - user:mike@example.com
-      #       - group:admins@example.com
-      #       - domain:google.com
-      #       - serviceAccount:my-project-id@appspot.gserviceaccount.com
-      #       role: roles/resourcemanager.organizationAdmin
-      #     - members:
-      #       - user:eve@example.com
-      #       role: roles/resourcemanager.organizationViewer
-      #       condition:
-      #         title: expirable access
-      #         description: Does not grant access after Sep 2020
-      #         expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
-      #     etag: BwWWja0YfJA=
-      #     version: 3
-      #
-      # For a description of IAM and its features, see the
-      # [IAM documentation](https://cloud.google.com/iam/docs/).
-      # @!attribute [rw] version
-      #   @return [::Integer]
-      #     Specifies the format of the policy.
-      #
-      #     Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-      #     are rejected.
-      #
-      #     Any operation that affects conditional role bindings must specify version
-      #     `3`. This requirement applies to the following operations:
-      #
-      #     * Getting a policy that includes a conditional role binding
-      #     * Adding a conditional role binding to a policy
-      #     * Changing a conditional role binding in a policy
-      #     * Removing any role binding, with or without a condition, from a policy
-      #       that includes conditions
-      #
-      #     **Important:** If you use IAM Conditions, you must include the `etag` field
-      #     whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-      #     you to overwrite a version `3` policy with a version `1` policy, and all of
-      #     the conditions in the version `3` policy are lost.
-      #
-      #     If a policy does not include any conditions, operations on that policy may
-      #     specify any valid version or leave the field unset.
-      #
-      #     To learn which resources support conditions in their IAM policies, see the
-      #     [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-      # @!attribute [rw] bindings
-      #   @return [::Array<::Google::Iam::V1::Binding>]
-      #     Associates a list of `members`, or principals, with a `role`. Optionally,
-      #     may specify a `condition` that determines how and when the `bindings` are
-      #     applied. Each of the `bindings` must contain at least one principal.
-      #
-      #     The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
-      #     of these principals can be Google groups. Each occurrence of a principal
-      #     counts towards these limits. For example, if the `bindings` grant 50
-      #     different roles to `user:alice@example.com`, and not to any other
-      #     principal, then you can add another 1,450 principals to the `bindings` in
-      #     the `Policy`.
-      # @!attribute [rw] audit_configs
-      #   @return [::Array<::Google::Iam::V1::AuditConfig>]
-      #     Specifies cloud audit logging configuration for this policy.
-      # @!attribute [rw] etag
-      #   @return [::String]
-      #     `etag` is used for optimistic concurrency control as a way to help
-      #     prevent simultaneous updates of a policy from overwriting each other.
-      #     It is strongly suggested that systems make use of the `etag` in the
-      #     read-modify-write cycle to perform policy updates in order to avoid race
-      #     conditions: An `etag` is returned in the response to `getIamPolicy`, and
-      #     systems are expected to put that etag in the request to `setIamPolicy` to
-      #     ensure that their change will be applied to the same version of the policy.
-      #
-      #     **Important:** If you use IAM Conditions, you must include the `etag` field
-      #     whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-      #     you to overwrite a version `3` policy with a version `1` policy, and all of
-      #     the conditions in the version `3` policy are lost.
-      class Policy
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # Associates `members`, or principals, with a `role`.
-      # @!attribute [rw] role
-      #   @return [::String]
-      #     Role that is assigned to the list of `members`, or principals.
-      #     For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-      # @!attribute [rw] members
-      #   @return [::Array<::String>]
-      #     Specifies the principals requesting access for a Cloud Platform resource.
-      #     `members` can have the following values:
-      #
-      #     * `allUsers`: A special identifier that represents anyone who is
-      #        on the internet; with or without a Google account.
-      #
-      #     * `allAuthenticatedUsers`: A special identifier that represents anyone
-      #        who is authenticated with a Google account or a service account.
-      #
-      #     * `user:{emailid}`: An email address that represents a specific Google
-      #        account. For example, `alice@example.com` .
-      #
-      #
-      #     * `serviceAccount:{emailid}`: An email address that represents a service
-      #        account. For example, `my-other-app@appspot.gserviceaccount.com`.
-      #
-      #     * `group:{emailid}`: An email address that represents a Google group.
-      #        For example, `admins@example.com`.
-      #
-      #     * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
-      #        identifier) representing a user that has been recently deleted. For
-      #        example, `alice@example.com?uid=123456789012345678901`. If the user is
-      #        recovered, this value reverts to `user:{emailid}` and the recovered user
-      #        retains the role in the binding.
-      #
-      #     * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
-      #        unique identifier) representing a service account that has been recently
-      #        deleted. For example,
-      #        `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
-      #        If the service account is undeleted, this value reverts to
-      #        `serviceAccount:{emailid}` and the undeleted service account retains the
-      #        role in the binding.
-      #
-      #     * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
-      #        identifier) representing a Google group that has been recently
-      #        deleted. For example, `admins@example.com?uid=123456789012345678901`. If
-      #        the group is recovered, this value reverts to `group:{emailid}` and the
-      #        recovered group retains the role in the binding.
-      #
-      #
-      #     * `domain:{domain}`: The G Suite domain (primary) that represents all the
-      #        users of that domain. For example, `google.com` or `example.com`.
-      # @!attribute [rw] condition
-      #   @return [::Google::Type::Expr]
-      #     The condition that is associated with this binding.
-      #
-      #     If the condition evaluates to `true`, then this binding applies to the
-      #     current request.
-      #
-      #     If the condition evaluates to `false`, then this binding does not apply to
-      #     the current request. However, a different role binding might grant the same
-      #     role to one or more of the principals in this binding.
-      #
-      #     To learn which resources support conditions in their IAM policies, see the
-      #     [IAM
-      #     documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-      class Binding
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # Specifies the audit configuration for a service.
-      # The configuration determines which permission types are logged, and what
-      # identities, if any, are exempted from logging.
-      # An AuditConfig must have one or more AuditLogConfigs.
-      #
-      # If there are AuditConfigs for both `allServices` and a specific service,
-      # the union of the two AuditConfigs is used for that service: the log_types
-      # specified in each AuditConfig are enabled, and the exempted_members in each
-      # AuditLogConfig are exempted.
-      #
-      # Example Policy with multiple AuditConfigs:
-      #
-      #     {
-      #       "audit_configs": [
-      #         {
-      #           "service": "allServices",
-      #           "audit_log_configs": [
-      #             {
-      #               "log_type": "DATA_READ",
-      #               "exempted_members": [
-      #                 "user:jose@example.com"
-      #               ]
-      #             },
-      #             {
-      #               "log_type": "DATA_WRITE"
-      #             },
-      #             {
-      #               "log_type": "ADMIN_READ"
-      #             }
-      #           ]
-      #         },
-      #         {
-      #           "service": "sampleservice.googleapis.com",
-      #           "audit_log_configs": [
-      #             {
-      #               "log_type": "DATA_READ"
-      #             },
-      #             {
-      #               "log_type": "DATA_WRITE",
-      #               "exempted_members": [
-      #                 "user:aliya@example.com"
-      #               ]
-      #             }
-      #           ]
-      #         }
-      #       ]
-      #     }
-      #
-      # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-      # logging. It also exempts jose@example.com from DATA_READ logging, and
-      # aliya@example.com from DATA_WRITE logging.
-      # @!attribute [rw] service
-      #   @return [::String]
-      #     Specifies a service that will be enabled for audit logging.
-      #     For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-      #     `allServices` is a special value that covers all services.
-      # @!attribute [rw] audit_log_configs
-      #   @return [::Array<::Google::Iam::V1::AuditLogConfig>]
-      #     The configuration for logging of each type of permission.
-      class AuditConfig
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # Provides the configuration for logging a type of permissions.
-      # Example:
-      #
-      #     {
-      #       "audit_log_configs": [
-      #         {
-      #           "log_type": "DATA_READ",
-      #           "exempted_members": [
-      #             "user:jose@example.com"
-      #           ]
-      #         },
-      #         {
-      #           "log_type": "DATA_WRITE"
-      #         }
-      #       ]
-      #     }
-      #
-      # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-      # jose@example.com from DATA_READ logging.
-      # @!attribute [rw] log_type
-      #   @return [::Google::Iam::V1::AuditLogConfig::LogType]
-      #     The log type that this config enables.
-      # @!attribute [rw] exempted_members
-      #   @return [::Array<::String>]
-      #     Specifies the identities that do not cause logging for this type of
-      #     permission.
-      #     Follows the same format of {::Google::Iam::V1::Binding#members Binding.members}.
-      class AuditLogConfig
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-
-        # The list of valid permission types for which logging can be configured.
-        # Admin writes are always logged, and are not configurable.
-        module LogType
-          # Default case. Should never be this.
-          LOG_TYPE_UNSPECIFIED = 0
-
-          # Admin reads. Example: CloudIAM getIamPolicy
-          ADMIN_READ = 1
-
-          # Data writes. Example: CloudSQL Users create
-          DATA_WRITE = 2
-
-          # Data reads. Example: CloudSQL Users list
-          DATA_READ = 3
-        end
-      end
-
-      # The difference delta between two policies.
-      # @!attribute [rw] binding_deltas
-      #   @return [::Array<::Google::Iam::V1::BindingDelta>]
-      #     The delta for Bindings between two policies.
-      # @!attribute [rw] audit_config_deltas
-      #   @return [::Array<::Google::Iam::V1::AuditConfigDelta>]
-      #     The delta for AuditConfigs between two policies.
-      class PolicyDelta
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-      end
-
-      # One delta entry for Binding. Each individual change (only one member in each
-      # entry) to a binding will be a separate entry.
-      # @!attribute [rw] action
-      #   @return [::Google::Iam::V1::BindingDelta::Action]
-      #     The action that was performed on a Binding.
-      #     Required
-      # @!attribute [rw] role
-      #   @return [::String]
-      #     Role that is assigned to `members`.
-      #     For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-      #     Required
-      # @!attribute [rw] member
-      #   @return [::String]
-      #     A single identity requesting access for a Cloud Platform resource.
-      #     Follows the same format of Binding.members.
-      #     Required
-      # @!attribute [rw] condition
-      #   @return [::Google::Type::Expr]
-      #     The condition that is associated with this binding.
-      class BindingDelta
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-
-        # The type of action performed on a Binding in a policy.
-        module Action
-          # Unspecified.
-          ACTION_UNSPECIFIED = 0
-
-          # Addition of a Binding.
-          ADD = 1
-
-          # Removal of a Binding.
-          REMOVE = 2
-        end
-      end
-
-      # One delta entry for AuditConfig. Each individual change (only one
-      # exempted_member in each entry) to a AuditConfig will be a separate entry.
-      # @!attribute [rw] action
-      #   @return [::Google::Iam::V1::AuditConfigDelta::Action]
-      #     The action that was performed on an audit configuration in a policy.
-      #     Required
-      # @!attribute [rw] service
-      #   @return [::String]
-      #     Specifies a service that was configured for Cloud Audit Logging.
-      #     For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-      #     `allServices` is a special value that covers all services.
-      #     Required
-      # @!attribute [rw] exempted_member
-      #   @return [::String]
-      #     A single identity that is exempted from "data access" audit
-      #     logging for the `service` specified above.
-      #     Follows the same format of Binding.members.
-      # @!attribute [rw] log_type
-      #   @return [::String]
-      #     Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
-      #     enabled, and cannot be configured.
-      #     Required
-      class AuditConfigDelta
-        include ::Google::Protobuf::MessageExts
-        extend ::Google::Protobuf::MessageExts::ClassMethods
-
-        # The type of action performed on an audit configuration in a policy.
-        module Action
-          # Unspecified.
-          ACTION_UNSPECIFIED = 0
-
-          # Addition of an audit configuration.
-          ADD = 1
-
-          # Removal of an audit configuration.
-          REMOVE = 2
-        end
-      end
-    end
-  end
-end