google-cloud-security-private_ca-v1 0.1.4 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ca8a75b33a81964bad5ae40a8ef19e2c690234c525b8de74c9f68c4bfa94c33
-  data.tar.gz: 60d2e0ae53ebc5809df57631f48febc1b643ede110bf464a54d0c882eced4e7f
+  metadata.gz: '079527efb4bd5885f1764120a2b9c20b3384124dbf10aedc79d20c0a0871c1f4'
+  data.tar.gz: 8e4bf7638333d6a21555bc2eef3818600ee1b7a734da348a9fa8315b033077fa
 SHA512:
-  metadata.gz: 985680a515c1cd8fb9c198f53ca2ad0b4edf6d0f216a0b641bcb4f24a074e27e3d1ff4b69c950ade5c9bf0bd4b4fec63234a25bd5d97ecea94ccb4ac5e98f70e
-  data.tar.gz: 0a996bac0bc46fc6e6beb1765f3922e639afc7630cef94792c230815c0f8d32b76c5feae677961bf45567e1ef10428b88b425514e67e0bdc088a465e558f7168
+  metadata.gz: 2d0117863395ae453d19fbc9989c6c331fa3d84402af2326c795bc5c3127036ddbff612f0148faedc9c73c570d1ad149b6d0bf8ac043c7602e9bd3de1ce839cb
+  data.tar.gz: 0c4f63275f6f62840f915d8f24f3db440de9021bfda7a78fedd5c90a627239cd4da877759c7abbbcfc32b08e80c9948699b43ba0236df88f08c56d2a2835a359

data/.yardopts

@@ -1,5 +1,5 @@
 --no-private
---title=Ceritificate Authority Service V1 API
+--title="Ceritificate Authority Service V1 API"
 --exclude _pb\.rb$
 --markup markdown
 --markup-provider redcarpet

data/AUTHENTICATION.md

@@ -25,7 +25,7 @@ export PRIVATE_CA_CREDENTIALS=path/to/keyfile.json
 3. Initialize the client.
 
 ```ruby
-require "google/cloud/security/private_ca/v1"
+require "google/cloud/location"
 
 client = ::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client.new
 ```
@@ -73,7 +73,7 @@ checks for credentials are configured on the service Credentials class (such as
 * `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
 
 ```ruby
-require "google/cloud/security/private_ca/v1"
+require "google/cloud/location"
 
 ENV["PRIVATE_CA_CREDENTIALS"] = "path/to/keyfile.json"
 
@@ -86,7 +86,7 @@ The path to the **Credentials JSON** file can be configured instead of storing
 it in an environment variable. Either on an individual client initialization:
 
 ```ruby
-require "google/cloud/security/private_ca/v1"
+require "google/cloud/location"
 
 client = ::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client.new do |config|
   config.credentials = "path/to/keyfile.json"
@@ -96,7 +96,7 @@ end
 Or globally for all clients:
 
 ```ruby
-require "google/cloud/security/private_ca/v1"
+require "google/cloud/location"
 
 ::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client.configure do |config|
   config.credentials = "path/to/keyfile.json"
@@ -120,15 +120,6 @@ To configure your system for this, simply:
 **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
 *should* only be used during development.
 
-[gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
-[dev-console]: https://console.cloud.google.com/project
-
-[enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
-
-[create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
-[create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
-[reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
-
 ## Creating a Service Account
 
 Google Cloud requires **Service Account Credentials** to
@@ -139,31 +130,22 @@ If you are not running this client within
 [Google Cloud Platform environments](#google-cloud-platform-environments), you
 need a Google Developers service account.
 
-1. Visit the [Google Developers Console][dev-console].
+1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
 2. Create a new project or click on an existing project.
-3. Activate the slide-out navigation tray and select **API Manager**. From
+3. Activate the menu in the upper left and select **APIs & Services**. From
    here, you will enable the APIs that your application requires.
 
-   ![Enable the APIs that your application requires][enable-apis]
-
    *Note: You may need to enable billing in order to use these services.*
 
 4. Select **Credentials** from the side navigation.
 
-   You should see a screen like one of the following.
-
-   ![Create a new service account][create-new-service-account]
-
-   ![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
-
-   Find the "Add credentials" drop down and select "Service account" to be
-   guided through downloading a new JSON key file.
+   Find the "Create credentials" drop down near the top of the page, and select
+   "Service account" to be guided through downloading a new JSON key file.
 
    If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, and click "Generate
-   new JSON key":
-
-   ![Re-use an existing service account][reuse-service-account]
+   new key file. Just select the account you wish to re-use, click the pencil
+   tool on the right side to edit the service account, select the **Keys** tab,
+   and then select **Add Key**.
 
    The key file you download will be used by this library to authenticate API
    requests and should be stored in a secure location.

data/README.md

@@ -30,14 +30,14 @@ In order to use this library, you first need to go through the following steps:
 ## Quick Start
 
 ```ruby
-require "google/cloud/security/private_ca/v1"
+require "google/cloud/location"
 
 client = ::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client.new
 request = ::Google::Cloud::Security::PrivateCA::V1::CreateCertificateRequest.new # (request fields as keyword arguments...)
 response = client.create_certificate request
 ```
 
-View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-security-private_ca-v1/latest)
+View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/google-cloud-security-private_ca-v1/latest)
 for class and method documentation.
 
 See also the [Product Documentation](https://cloud.google.com/certificate-authority-service/)

data/lib/google/cloud/security/private_ca/v1/certificate_authority_service/client.rb

@@ -142,6 +142,7 @@ module Google
 
                 @operations_client = Operations.new do |config|
                   config.credentials = credentials
+                  config.quota_project = @quota_project_id
                   config.endpoint = @config.endpoint
                 end
 
@@ -198,11 +199,11 @@ module Google
               #     already been completed. The server will guarantee that for at least 60
               #     minutes since the first request.
               #
-              #     For example, consider a situation where you make an initial request and t
-              #     he request times out. If you make the request again with the same request
-              #     ID, the server can check if original operation with the same request ID
-              #     was received, and if so, will ignore the second request. This prevents
-              #     clients from accidentally creating duplicate commitments.
+              #     For example, consider a situation where you make an initial request and the
+              #     request times out. If you make the request again with the same request ID,
+              #     the server can check if original operation with the same request ID was
+              #     received, and if so, will ignore the second request. This prevents clients
+              #     from accidentally creating duplicate commitments.
               #
               #     The request ID must be a valid UUID with the exception that zero UUID is
               #     not supported (00000000-0000-0000-0000-000000000000).
@@ -1545,7 +1546,7 @@ module Google
               #   @param options [::Gapic::CallOptions, ::Hash]
               #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
               #
-              # @overload delete_certificate_authority(name: nil, request_id: nil, ignore_active_certificates: nil)
+              # @overload delete_certificate_authority(name: nil, request_id: nil, ignore_active_certificates: nil, skip_grace_period: nil)
               #   Pass arguments to `delete_certificate_authority` via keyword arguments. Note that at
               #   least one keyword argument is required. To specify no parameters, or to keep all
               #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -1570,6 +1571,10 @@ module Google
               #   @param ignore_active_certificates [::Boolean]
               #     Optional. This field allows the CA to be deleted even if the CA has
               #     active certs. Active certs include both unrevoked and unexpired certs.
+              #   @param skip_grace_period [::Boolean]
+              #     Optional. If this flag is set, the Certificate Authority will be deleted as soon as
+              #     possible without a 30-day grace period where undeletion would have been
+              #     allowed. If you proceed, there will be no way to recover this CA.
               #
               # @yield [response, operation] Access the result along with the RPC operation
               # @yieldparam response [::Gapic::Operation]

data/lib/google/cloud/security/private_ca/v1/version.rb

@@ -22,7 +22,7 @@ module Google
     module Security
       module PrivateCA
         module V1
-          VERSION = "0.1.4"
+          VERSION = "0.2.0"
         end
       end
     end

data/lib/google/cloud/security/private_ca/v1.rb

@@ -26,6 +26,8 @@ module Google
         ##
         # To load this package, including all its services, and instantiate a client:
         #
+        # @example
+        #
         #     require "google/cloud/security/private_ca/v1"
         #     client = ::Google::Cloud::Security::PrivateCA::V1::CertificateAuthorityService::Client.new
         #

data/lib/google/cloud/security/privateca/v1/resources_pb.rb

@@ -6,7 +6,6 @@ require 'google/api/resource_pb'
 require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/type/expr_pb'
-require 'google/api/annotations_pb'
 require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do

data/lib/google/cloud/security/privateca/v1/service_pb.rb

@@ -7,7 +7,6 @@ require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/cloud/security/privateca/v1/resources_pb'
 require 'google/longrunning/operations_pb'
-require 'google/protobuf/duration_pb'
 require 'google/protobuf/field_mask_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/protobuf'
@@ -96,6 +95,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :request_id, :string, 2
       optional :ignore_active_certificates, :bool, 4
+      optional :skip_grace_period, :bool, 5
     end
     add_message "google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest" do
       optional :certificate_authority, :message, 1, "google.cloud.security.privateca.v1.CertificateAuthority"

data/lib/google-cloud-security-private_ca-v1.rb

@@ -18,4 +18,6 @@
 
 # This gem does not autoload during Bundler.require. To load this gem,
 # issue explicit require statements for the packages desired, e.g.:
+# require "google/cloud/location"
 # require "google/cloud/security/private_ca/v1"
+# require "google/iam/v1"

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/google/cloud/security/privateca/v1/resources.rb

@@ -36,7 +36,7 @@ module Google
           #     Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
           # @!attribute [rw] lifetime
           #   @return [::Google::Protobuf::Duration]
-          #     Required. The desired lifetime of the CA certificate. Used to create the
+          #     Required. Immutable. The desired lifetime of the CA certificate. Used to create the
           #     "not_before_time" and "not_after_time" fields inside an X.509
           #     certificate.
           # @!attribute [rw] key_spec
@@ -195,7 +195,7 @@ module Google
             # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
             # values. For RSA signing algorithms, the PSS algorithms should be preferred,
             # use PKCS1 algorithms if required for compatibility. For further
-            # recommandations, see
+            # recommendations, see
             # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
             module SignHashAlgorithm
               # Not specified.
@@ -346,14 +346,14 @@ module Google
                 # a {::Google::Cloud::Security::PrivateCA::V1::CaPool CaPool}.
                 # @!attribute [rw] min_modulus_size
                 #   @return [::Integer]
-                #     Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-                #     or if set to zero, the service-level min RSA modulus size will
-                #     continue to apply.
+                #     Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
+                #     not set, or if set to zero, the service-level min RSA modulus size
+                #     will continue to apply.
                 # @!attribute [rw] max_modulus_size
                 #   @return [::Integer]
-                #     Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-                #     or if set to zero, the service will not enforce an explicit upper
-                #     bound on RSA modulus sizes.
+                #     Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
+                #     not set, or if set to zero, the service will not enforce an explicit
+                #     upper bound on RSA modulus sizes.
                 class RsaKeyType
                   include ::Google::Protobuf::MessageExts
                   extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -701,10 +701,9 @@ module Google
           # known issuing {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}, or a PEM issuer certificate chain.
           # @!attribute [rw] certificate_authority
           #   @return [::String]
-          #     Required. This can refer to a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} in the same project that
-          #     was used to create a subordinate {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}. This field
-          #     is used for information and usability purposes only. The resource name
-          #     is in the format
+          #     Required. This can refer to a {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority} that was used to create a
+          #     subordinate {::Google::Cloud::Security::PrivateCA::V1::CertificateAuthority CertificateAuthority}. This field is used for information
+          #     and usability purposes only. The resource name is in the format
           #     `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
           # @!attribute [rw] pem_issuer_chain
           #   @return [::Google::Cloud::Security::PrivateCA::V1::SubordinateConfig::SubordinateConfigChain]
@@ -1041,6 +1040,8 @@ module Google
           # @!attribute [rw] custom_sans
           #   @return [::Array<::Google::Cloud::Security::PrivateCA::V1::X509Extension>]
           #     Contains additional subject alternative name values.
+          #     For each custom_san, the `value` field must contain an ASN.1 encoded
+          #     UTF8String.
           class SubjectAltNames
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/security/privateca/v1/service.rb

@@ -43,11 +43,11 @@ module Google
           #     already been completed. The server will guarantee that for at least 60
           #     minutes since the first request.
           #
-          #     For example, consider a situation where you make an initial request and t
-          #     he request times out. If you make the request again with the same request
-          #     ID, the server can check if original operation with the same request ID
-          #     was received, and if so, will ignore the second request. This prevents
-          #     clients from accidentally creating duplicate commitments.
+          #     For example, consider a situation where you make an initial request and the
+          #     request times out. If you make the request again with the same request ID,
+          #     the server can check if original operation with the same request ID was
+          #     received, and if so, will ignore the second request. This prevents clients
+          #     from accidentally creating duplicate commitments.
           #
           #     The request ID must be a valid UUID with the exception that zero UUID is
           #     not supported (00000000-0000-0000-0000-000000000000).
@@ -441,6 +441,11 @@ module Google
           #   @return [::Boolean]
           #     Optional. This field allows the CA to be deleted even if the CA has
           #     active certs. Active certs include both unrevoked and unexpired certs.
+          # @!attribute [rw] skip_grace_period
+          #   @return [::Boolean]
+          #     Optional. If this flag is set, the Certificate Authority will be deleted as soon as
+          #     possible without a 30-day grace period where undeletion would have been
+          #     allowed. If you proceed, there will be no way to recover this CA.
           class DeleteCertificateAuthorityRequest
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-security-private_ca-v1
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.2.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-08 00:00:00.000000000 Z
+date: 2022-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -44,6 +44,46 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: google-cloud-location
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
+- !ruby/object:Gem::Dependency
+  name: grpc-google-iam-v1
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.6.10
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.6.10
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
 - !ruby/object:Gem::Dependency
   name: google-style
   requirement: !ruby/object:Gem::Requirement
@@ -214,7 +254,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: API Client library for the Ceritificate Authority Service V1 API