google-cloud-security-private_ca-v1beta1 0.7.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5cc2d5e8b2c85618d7c2209b6cad9ae220e74f674ce87ed72c47430ff3201204
4
- data.tar.gz: d0b880d71af52d928eed58ad4afb361aa0930a35ba3f1e4126cea55e7cf644ec
3
+ metadata.gz: a183d2e20b76f16ce662a88aace34af3b7c6419d988c2b62ab1bfd23c182e576
4
+ data.tar.gz: 400a672ee1b4fcfbffc9eeea164264ab2c3778a6dd22598c3893e9d0556c3a86
5
5
  SHA512:
6
- metadata.gz: 071c5a03244bdb1f499bc5ac89d410cb80b24d47792d6a9a0b14998ef9e094d92ac31cb563dea6efec145a6efcad4fd6065029d9bfb7990771c74a14f16930fe
7
- data.tar.gz: 1fdd4817e39ac8445509b047fb7edbf39d41514ea2f1a9302b7c8a2936a1f26843e99256187a7c8c25f56f82f5323216d055f1f2975c25008b58b5a010d7241d
6
+ metadata.gz: 32d76439e35dda8c97148ea109b839b6514c34e8895cde88f53462c30b5072948922e89eef1561b4b5ac6c4ecd94407abe50b4319e26aa5fbcc2f107c4cb33ef
7
+ data.tar.gz: 1c404fefe175978b8a7ef7f791adc8f367c8840726c630874ae27f3e2cf83df1783d5b733aaf169bfd08a42e81b0e3a6f7610f533b83de81cfb2182587e40211
data/AUTHENTICATION.md CHANGED
@@ -1,151 +1,122 @@
1
1
  # Authentication
2
2
 
3
- In general, the google-cloud-security-private_ca-v1beta1 library uses
4
- [Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
5
- credentials to connect to Google Cloud services. When running within
6
- [Google Cloud Platform environments](#google-cloud-platform-environments) the
7
- credentials will be discovered automatically. When running on other
8
- environments, the Service Account credentials can be specified by providing the
9
- path to the
10
- [JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
11
- for the account (or the JSON itself) in
12
- [environment variables](#environment-variables). Additionally, Cloud SDK
13
- credentials can also be discovered automatically, but this is only recommended
14
- during development.
3
+ The recommended way to authenticate to the google-cloud-security-private_ca-v1beta1 library is to use
4
+ [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
5
+ To review all of your authentication options, see [Credentials lookup](#credential-lookup).
15
6
 
16
7
  ## Quickstart
17
8
 
18
- 1. [Create a service account and credentials](#creating-a-service-account).
19
- 2. Set the [environment variable](#environment-variables).
9
+ The following example shows how to set up authentication for a local development
10
+ environment with your user credentials.
20
11
 
21
- ```sh
22
- export PRIVATE_CA_CREDENTIALS=path/to/keyfile.json
23
- ```
24
-
25
- 3. Initialize the client.
12
+ **NOTE:** This method is _not_ recommended for running in production. User credentials
13
+ should be used only during development.
26
14
 
27
- ```ruby
28
- require "google/cloud/security/private_ca/v1beta1"
15
+ 1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
16
+ 2. Set up a local ADC file with your user credentials:
29
17
 
30
- client = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Client.new
18
+ ```sh
19
+ gcloud auth application-default login
31
20
  ```
32
21
 
33
- ## Credential Lookup
34
-
35
- The google-cloud-security-private_ca-v1beta1 library aims to make authentication
36
- as simple as possible, and provides several mechanisms to configure your system
37
- without requiring **Service Account Credentials** directly in code.
38
-
39
- **Credentials** are discovered in the following order:
40
-
41
- 1. Specify credentials in method arguments
42
- 2. Specify credentials in configuration
43
- 3. Discover credentials path in environment variables
44
- 4. Discover credentials JSON in environment variables
45
- 5. Discover credentials file in the Cloud SDK's path
46
- 6. Discover GCP credentials
47
-
48
- ### Google Cloud Platform environments
22
+ 3. Write code as if already authenticated.
49
23
 
50
- When running on Google Cloud Platform (GCP), including Google Compute Engine
51
- (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
52
- Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
53
- Code should be written as if already authenticated.
24
+ For more information about setting up authentication for a local development environment, see
25
+ [Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
54
26
 
55
- ### Environment Variables
27
+ ## Credential Lookup
56
28
 
57
- The **Credentials JSON** can be placed in environment variables instead of
58
- declaring them directly in code. Each service has its own environment variable,
59
- allowing for different service accounts to be used for different services. (See
60
- the READMEs for the individual service gems for details.) The path to the
61
- **Credentials JSON** file can be stored in the environment variable, or the
62
- **Credentials JSON** itself can be stored for environments such as Docker
63
- containers where writing files is difficult or not encouraged.
29
+ The google-cloud-security-private_ca-v1beta1 library provides several mechanisms to configure your system.
30
+ Generally, using Application Default Credentials to facilitate automatic
31
+ credentials discovery is the easist method. But if you need to explicitly specify
32
+ credentials, there are several methods available to you.
64
33
 
65
- The environment variables that google-cloud-security-private_ca-v1beta1
66
- checks for credentials are configured on the service Credentials class (such as
67
- {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Credentials}):
34
+ Credentials are accepted in the following ways, in the following order or precedence:
68
35
 
69
- * `PRIVATE_CA_CREDENTIALS` - Path to JSON file, or JSON contents
70
- * `PRIVATE_CA_KEYFILE` - Path to JSON file, or JSON contents
71
- * `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
72
- * `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
73
- * `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
36
+ 1. Credentials specified in method arguments
37
+ 2. Credentials specified in configuration
38
+ 3. Credentials pointed to or included in environment variables
39
+ 4. Credentials found in local ADC file
40
+ 5. Credentials returned by the metadata server for the attached service account (GCP)
74
41
 
75
- ```ruby
76
- require "google/cloud/security/private_ca/v1beta1"
77
-
78
- ENV["PRIVATE_CA_CREDENTIALS"] = "path/to/keyfile.json"
42
+ ### Configuration
79
43
 
80
- client = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Client.new
81
- ```
44
+ You can configure a path to a JSON credentials file, either for an individual client object or
45
+ globally, for all client objects. The JSON file can contain credentials created for
46
+ [workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
47
+ [workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
48
+ [service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
82
49
 
83
- ### Configuration
50
+ Note: Service account keys are a security risk if not managed correctly. You should
51
+ [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
52
+ whenever possible.
84
53
 
85
- The path to the **Credentials JSON** file can be configured instead of storing
86
- it in an environment variable. Either on an individual client initialization:
54
+ To configure a credentials file for an individual client initialization:
87
55
 
88
56
  ```ruby
89
57
  require "google/cloud/security/private_ca/v1beta1"
90
58
 
91
59
  client = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Client.new do |config|
92
- config.credentials = "path/to/keyfile.json"
60
+ config.credentials = "path/to/credentialfile.json"
93
61
  end
94
62
  ```
95
63
 
96
- Or globally for all clients:
64
+ To configure a credentials file globally for all clients:
97
65
 
98
66
  ```ruby
99
67
  require "google/cloud/security/private_ca/v1beta1"
100
68
 
101
69
  ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Client.configure do |config|
102
- config.credentials = "path/to/keyfile.json"
70
+ config.credentials = "path/to/credentialfile.json"
103
71
  end
104
72
 
105
73
  client = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Client.new
106
74
  ```
107
75
 
108
- ### Cloud SDK
76
+ ### Environment Variables
109
77
 
110
- This option allows for an easy way to authenticate during development. If
111
- credentials are not provided in code or in environment variables, then Cloud SDK
112
- credentials are discovered.
78
+ You can also use an environment variable to provide a JSON credentials file.
79
+ The environment variable can contain a path to the credentials file or, for
80
+ environments such as Docker containers where writing files is not encouraged,
81
+ you can include the credentials file itself.
113
82
 
114
- To configure your system for this, simply:
83
+ The JSON file can contain credentials created for
84
+ [workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
85
+ [workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
86
+ [service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
115
87
 
116
- 1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
117
- 2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
118
- 3. Write code as if already authenticated.
88
+ Note: Service account keys are a security risk if not managed correctly. You should
89
+ [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
90
+ whenever possible.
91
+
92
+ The environment variables that google-cloud-security-private_ca-v1beta1
93
+ checks for credentials are:
119
94
 
120
- **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
121
- *should* only be used during development.
95
+ * `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
96
+ * `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
122
97
 
123
- ## Creating a Service Account
98
+ ```ruby
99
+ require "google/cloud/security/private_ca/v1beta1"
124
100
 
125
- Google Cloud requires **Service Account Credentials** to
126
- connect to the APIs. You will use the **JSON key file** to
127
- connect to most services with google-cloud-security-private_ca-v1beta1.
101
+ ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
128
102
 
129
- If you are not running this client within
130
- [Google Cloud Platform environments](#google-cloud-platform-environments), you
131
- need a Google Developers service account.
103
+ client = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Client.new
104
+ ```
132
105
 
133
- 1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
134
- 2. Create a new project or click on an existing project.
135
- 3. Activate the menu in the upper left and select **APIs & Services**. From
136
- here, you will enable the APIs that your application requires.
106
+ ### Local ADC file
137
107
 
138
- *Note: You may need to enable billing in order to use these services.*
108
+ You can set up a local ADC file with your user credentials for authentication during
109
+ development. If credentials are not provided in code or in environment variables,
110
+ then the local ADC credentials are discovered.
139
111
 
140
- 4. Select **Credentials** from the side navigation.
112
+ Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
141
113
 
142
- Find the "Create credentials" drop down near the top of the page, and select
143
- "Service account" to be guided through downloading a new JSON key file.
114
+ ### Google Cloud Platform environments
144
115
 
145
- If you want to re-use an existing service account, you can easily generate a
146
- new key file. Just select the account you wish to re-use, click the pencil
147
- tool on the right side to edit the service account, select the **Keys** tab,
148
- and then select **Add Key**.
116
+ When running on Google Cloud Platform (GCP), including Google Compute Engine
117
+ (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
118
+ Functions (GCF) and Cloud Run, credentials are retrieved from the attached
119
+ service account automatically. Code should be written as if already authenticated.
149
120
 
150
- The key file you download will be used by this library to authenticate API
151
- requests and should be stored in a secure location.
121
+ For more information, see
122
+ [Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
@@ -32,6 +32,9 @@ module Google
32
32
  # certificate authorities and issued certificates.
33
33
  #
34
34
  class Client
35
+ # @private
36
+ DEFAULT_ENDPOINT_TEMPLATE = "privateca.$UNIVERSE_DOMAIN$"
37
+
35
38
  include Paths
36
39
 
37
40
  # @private
@@ -97,6 +100,15 @@ module Google
97
100
  @config
98
101
  end
99
102
 
103
+ ##
104
+ # The effective universe domain
105
+ #
106
+ # @return [String]
107
+ #
108
+ def universe_domain
109
+ @certificate_authority_service_stub.universe_domain
110
+ end
111
+
100
112
  ##
101
113
  # Create a new CertificateAuthorityService client object.
102
114
  #
@@ -130,8 +142,9 @@ module Google
130
142
  credentials = @config.credentials
131
143
  # Use self-signed JWT if the endpoint is unchanged from default,
132
144
  # but only if the default endpoint does not have a region prefix.
133
- enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
134
- !@config.endpoint.split(".").first.include?("-")
145
+ enable_self_signed_jwt = @config.endpoint.nil? ||
146
+ (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
147
+ !@config.endpoint.split(".").first.include?("-"))
135
148
  credentials ||= Credentials.default scope: @config.scope,
136
149
  enable_self_signed_jwt: enable_self_signed_jwt
137
150
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -144,12 +157,15 @@ module Google
144
157
  config.credentials = credentials
145
158
  config.quota_project = @quota_project_id
146
159
  config.endpoint = @config.endpoint
160
+ config.universe_domain = @config.universe_domain
147
161
  end
148
162
 
149
163
  @certificate_authority_service_stub = ::Gapic::ServiceStub.new(
150
164
  ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Stub,
151
- credentials: credentials,
152
- endpoint: @config.endpoint,
165
+ credentials: credentials,
166
+ endpoint: @config.endpoint,
167
+ endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
168
+ universe_domain: @config.universe_domain,
153
169
  channel_args: @config.channel_args,
154
170
  interceptors: @config.interceptors,
155
171
  channel_pool_config: @config.channel_pool
@@ -2253,9 +2269,9 @@ module Google
2253
2269
  # end
2254
2270
  #
2255
2271
  # @!attribute [rw] endpoint
2256
- # The hostname or hostname:port of the service endpoint.
2257
- # Defaults to `"privateca.googleapis.com"`.
2258
- # @return [::String]
2272
+ # A custom service endpoint, as a hostname or hostname:port. The default is
2273
+ # nil, indicating to use the default endpoint in the current universe domain.
2274
+ # @return [::String,nil]
2259
2275
  # @!attribute [rw] credentials
2260
2276
  # Credentials to send with calls. You may provide any of the following types:
2261
2277
  # * (`String`) The path to a service account key file in JSON format
@@ -2301,13 +2317,20 @@ module Google
2301
2317
  # @!attribute [rw] quota_project
2302
2318
  # A separate project against which to charge quota.
2303
2319
  # @return [::String]
2320
+ # @!attribute [rw] universe_domain
2321
+ # The universe domain within which to make requests. This determines the
2322
+ # default endpoint URL. The default value of nil uses the environment
2323
+ # universe (usually the default "googleapis.com" universe).
2324
+ # @return [::String,nil]
2304
2325
  #
2305
2326
  class Configuration
2306
2327
  extend ::Gapic::Config
2307
2328
 
2329
+ # @private
2330
+ # The endpoint specific to the default "googleapis.com" universe. Deprecated.
2308
2331
  DEFAULT_ENDPOINT = "privateca.googleapis.com"
2309
2332
 
2310
- config_attr :endpoint, DEFAULT_ENDPOINT, ::String
2333
+ config_attr :endpoint, nil, ::String, nil
2311
2334
  config_attr :credentials, nil do |value|
2312
2335
  allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
2313
2336
  allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -2322,6 +2345,7 @@ module Google
2322
2345
  config_attr :metadata, nil, ::Hash, nil
2323
2346
  config_attr :retry_policy, nil, ::Hash, ::Proc, nil
2324
2347
  config_attr :quota_project, nil, ::String, nil
2348
+ config_attr :universe_domain, nil, ::String, nil
2325
2349
 
2326
2350
  # @private
2327
2351
  def initialize parent_config = nil
@@ -27,6 +27,9 @@ module Google
27
27
  module CertificateAuthorityService
28
28
  # Service that implements Longrunning Operations API.
29
29
  class Operations
30
+ # @private
31
+ DEFAULT_ENDPOINT_TEMPLATE = "privateca.$UNIVERSE_DOMAIN$"
32
+
30
33
  # @private
31
34
  attr_reader :operations_stub
32
35
 
@@ -61,6 +64,15 @@ module Google
61
64
  @config
62
65
  end
63
66
 
67
+ ##
68
+ # The effective universe domain
69
+ #
70
+ # @return [String]
71
+ #
72
+ def universe_domain
73
+ @operations_stub.universe_domain
74
+ end
75
+
64
76
  ##
65
77
  # Create a new Operations client object.
66
78
  #
@@ -91,8 +103,10 @@ module Google
91
103
 
92
104
  @operations_stub = ::Gapic::ServiceStub.new(
93
105
  ::Google::Longrunning::Operations::Stub,
94
- credentials: credentials,
95
- endpoint: @config.endpoint,
106
+ credentials: credentials,
107
+ endpoint: @config.endpoint,
108
+ endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
109
+ universe_domain: @config.universe_domain,
96
110
  channel_args: @config.channel_args,
97
111
  interceptors: @config.interceptors,
98
112
  channel_pool_config: @config.channel_pool
@@ -614,9 +628,9 @@ module Google
614
628
  # end
615
629
  #
616
630
  # @!attribute [rw] endpoint
617
- # The hostname or hostname:port of the service endpoint.
618
- # Defaults to `"privateca.googleapis.com"`.
619
- # @return [::String]
631
+ # A custom service endpoint, as a hostname or hostname:port. The default is
632
+ # nil, indicating to use the default endpoint in the current universe domain.
633
+ # @return [::String,nil]
620
634
  # @!attribute [rw] credentials
621
635
  # Credentials to send with calls. You may provide any of the following types:
622
636
  # * (`String`) The path to a service account key file in JSON format
@@ -662,13 +676,20 @@ module Google
662
676
  # @!attribute [rw] quota_project
663
677
  # A separate project against which to charge quota.
664
678
  # @return [::String]
679
+ # @!attribute [rw] universe_domain
680
+ # The universe domain within which to make requests. This determines the
681
+ # default endpoint URL. The default value of nil uses the environment
682
+ # universe (usually the default "googleapis.com" universe).
683
+ # @return [::String,nil]
665
684
  #
666
685
  class Configuration
667
686
  extend ::Gapic::Config
668
687
 
688
+ # @private
689
+ # The endpoint specific to the default "googleapis.com" universe. Deprecated.
669
690
  DEFAULT_ENDPOINT = "privateca.googleapis.com"
670
691
 
671
- config_attr :endpoint, DEFAULT_ENDPOINT, ::String
692
+ config_attr :endpoint, nil, ::String, nil
672
693
  config_attr :credentials, nil do |value|
673
694
  allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
674
695
  allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -683,6 +704,7 @@ module Google
683
704
  config_attr :metadata, nil, ::Hash, nil
684
705
  config_attr :retry_policy, nil, ::Hash, ::Proc, nil
685
706
  config_attr :quota_project, nil, ::String, nil
707
+ config_attr :universe_domain, nil, ::String, nil
686
708
 
687
709
  # @private
688
710
  def initialize parent_config = nil
@@ -34,6 +34,9 @@ module Google
34
34
  # certificate authorities and issued certificates.
35
35
  #
36
36
  class Client
37
+ # @private
38
+ DEFAULT_ENDPOINT_TEMPLATE = "privateca.$UNIVERSE_DOMAIN$"
39
+
37
40
  include Paths
38
41
 
39
42
  # @private
@@ -99,6 +102,15 @@ module Google
99
102
  @config
100
103
  end
101
104
 
105
+ ##
106
+ # The effective universe domain
107
+ #
108
+ # @return [String]
109
+ #
110
+ def universe_domain
111
+ @certificate_authority_service_stub.universe_domain
112
+ end
113
+
102
114
  ##
103
115
  # Create a new CertificateAuthorityService REST client object.
104
116
  #
@@ -126,8 +138,9 @@ module Google
126
138
  credentials = @config.credentials
127
139
  # Use self-signed JWT if the endpoint is unchanged from default,
128
140
  # but only if the default endpoint does not have a region prefix.
129
- enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
130
- !@config.endpoint.split(".").first.include?("-")
141
+ enable_self_signed_jwt = @config.endpoint.nil? ||
142
+ (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
143
+ !@config.endpoint.split(".").first.include?("-"))
131
144
  credentials ||= Credentials.default scope: @config.scope,
132
145
  enable_self_signed_jwt: enable_self_signed_jwt
133
146
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -141,9 +154,15 @@ module Google
141
154
  config.credentials = credentials
142
155
  config.quota_project = @quota_project_id
143
156
  config.endpoint = @config.endpoint
157
+ config.universe_domain = @config.universe_domain
144
158
  end
145
159
 
146
- @certificate_authority_service_stub = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
160
+ @certificate_authority_service_stub = ::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthorityService::Rest::ServiceStub.new(
161
+ endpoint: @config.endpoint,
162
+ endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
163
+ universe_domain: @config.universe_domain,
164
+ credentials: credentials
165
+ )
147
166
  end
148
167
 
149
168
  ##
@@ -2099,9 +2118,9 @@ module Google
2099
2118
  # end
2100
2119
  #
2101
2120
  # @!attribute [rw] endpoint
2102
- # The hostname or hostname:port of the service endpoint.
2103
- # Defaults to `"privateca.googleapis.com"`.
2104
- # @return [::String]
2121
+ # A custom service endpoint, as a hostname or hostname:port. The default is
2122
+ # nil, indicating to use the default endpoint in the current universe domain.
2123
+ # @return [::String,nil]
2105
2124
  # @!attribute [rw] credentials
2106
2125
  # Credentials to send with calls. You may provide any of the following types:
2107
2126
  # * (`String`) The path to a service account key file in JSON format
@@ -2138,13 +2157,20 @@ module Google
2138
2157
  # @!attribute [rw] quota_project
2139
2158
  # A separate project against which to charge quota.
2140
2159
  # @return [::String]
2160
+ # @!attribute [rw] universe_domain
2161
+ # The universe domain within which to make requests. This determines the
2162
+ # default endpoint URL. The default value of nil uses the environment
2163
+ # universe (usually the default "googleapis.com" universe).
2164
+ # @return [::String,nil]
2141
2165
  #
2142
2166
  class Configuration
2143
2167
  extend ::Gapic::Config
2144
2168
 
2169
+ # @private
2170
+ # The endpoint specific to the default "googleapis.com" universe. Deprecated.
2145
2171
  DEFAULT_ENDPOINT = "privateca.googleapis.com"
2146
2172
 
2147
- config_attr :endpoint, DEFAULT_ENDPOINT, ::String
2173
+ config_attr :endpoint, nil, ::String, nil
2148
2174
  config_attr :credentials, nil do |value|
2149
2175
  allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
2150
2176
  allowed.any? { |klass| klass === value }
@@ -2156,6 +2182,7 @@ module Google
2156
2182
  config_attr :metadata, nil, ::Hash, nil
2157
2183
  config_attr :retry_policy, nil, ::Hash, ::Proc, nil
2158
2184
  config_attr :quota_project, nil, ::String, nil
2185
+ config_attr :universe_domain, nil, ::String, nil
2159
2186
 
2160
2187
  # @private
2161
2188
  def initialize parent_config = nil
@@ -27,6 +27,9 @@ module Google
27
27
  module Rest
28
28
  # Service that implements Longrunning Operations API.
29
29
  class Operations
30
+ # @private
31
+ DEFAULT_ENDPOINT_TEMPLATE = "privateca.$UNIVERSE_DOMAIN$"
32
+
30
33
  # @private
31
34
  attr_reader :operations_stub
32
35
 
@@ -61,6 +64,15 @@ module Google
61
64
  @config
62
65
  end
63
66
 
67
+ ##
68
+ # The effective universe domain
69
+ #
70
+ # @return [String]
71
+ #
72
+ def universe_domain
73
+ @operations_stub.universe_domain
74
+ end
75
+
64
76
  ##
65
77
  # Create a new Operations client object.
66
78
  #
@@ -85,8 +97,10 @@ module Google
85
97
  @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
86
98
 
87
99
  @operations_stub = OperationsServiceStub.new(
88
- endpoint: @config.endpoint,
89
- credentials: credentials
100
+ endpoint: @config.endpoint,
101
+ endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
102
+ universe_domain: @config.universe_domain,
103
+ credentials: credentials
90
104
  )
91
105
 
92
106
  # Used by an LRO wrapper for some methods of this service
@@ -479,9 +493,9 @@ module Google
479
493
  # end
480
494
  #
481
495
  # @!attribute [rw] endpoint
482
- # The hostname or hostname:port of the service endpoint.
483
- # Defaults to `"privateca.googleapis.com"`.
484
- # @return [::String]
496
+ # A custom service endpoint, as a hostname or hostname:port. The default is
497
+ # nil, indicating to use the default endpoint in the current universe domain.
498
+ # @return [::String,nil]
485
499
  # @!attribute [rw] credentials
486
500
  # Credentials to send with calls. You may provide any of the following types:
487
501
  # * (`String`) The path to a service account key file in JSON format
@@ -518,13 +532,20 @@ module Google
518
532
  # @!attribute [rw] quota_project
519
533
  # A separate project against which to charge quota.
520
534
  # @return [::String]
535
+ # @!attribute [rw] universe_domain
536
+ # The universe domain within which to make requests. This determines the
537
+ # default endpoint URL. The default value of nil uses the environment
538
+ # universe (usually the default "googleapis.com" universe).
539
+ # @return [::String,nil]
521
540
  #
522
541
  class Configuration
523
542
  extend ::Gapic::Config
524
543
 
544
+ # @private
545
+ # The endpoint specific to the default "googleapis.com" universe. Deprecated.
525
546
  DEFAULT_ENDPOINT = "privateca.googleapis.com"
526
547
 
527
- config_attr :endpoint, DEFAULT_ENDPOINT, ::String
548
+ config_attr :endpoint, nil, ::String, nil
528
549
  config_attr :credentials, nil do |value|
529
550
  allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
530
551
  allowed.any? { |klass| klass === value }
@@ -536,6 +557,7 @@ module Google
536
557
  config_attr :metadata, nil, ::Hash, nil
537
558
  config_attr :retry_policy, nil, ::Hash, ::Proc, nil
538
559
  config_attr :quota_project, nil, ::String, nil
560
+ config_attr :universe_domain, nil, ::String, nil
539
561
 
540
562
  # @private
541
563
  def initialize parent_config = nil
@@ -618,12 +640,15 @@ module Google
618
640
  # Service stub contains baseline method implementations
619
641
  # including transcoding, making the REST call, and deserialing the response.
620
642
  class OperationsServiceStub
621
- def initialize endpoint:, credentials:
643
+ def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
622
644
  # These require statements are intentionally placed here to initialize
623
645
  # the REST modules only when it's required.
624
646
  require "gapic/rest"
625
647
 
626
- @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint, credentials: credentials
648
+ @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
649
+ endpoint_template: endpoint_template,
650
+ universe_domain: universe_domain,
651
+ credentials: credentials
627
652
  end
628
653
 
629
654
  ##
@@ -31,16 +31,28 @@ module Google
31
31
  # including transcoding, making the REST call, and deserialing the response.
32
32
  #
33
33
  class ServiceStub
34
- def initialize endpoint:, credentials:
34
+ def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
35
35
  # These require statements are intentionally placed here to initialize
36
36
  # the REST modules only when it's required.
37
37
  require "gapic/rest"
38
38
 
39
- @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint, credentials: credentials,
39
+ @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
40
+ endpoint_template: endpoint_template,
41
+ universe_domain: universe_domain,
42
+ credentials: credentials,
40
43
  numeric_enums: true,
41
44
  raise_faraday_errors: false
42
45
  end
43
46
 
47
+ ##
48
+ # The effective universe domain
49
+ #
50
+ # @return [String]
51
+ #
52
+ def universe_domain
53
+ @client_stub.universe_domain
54
+ end
55
+
44
56
  ##
45
57
  # Baseline implementation for the create_certificate REST call
46
58
  #
@@ -22,7 +22,7 @@ module Google
22
22
  module Security
23
23
  module PrivateCA
24
24
  module V1beta1
25
- VERSION = "0.7.0"
25
+ VERSION = "0.8.0"
26
26
  end
27
27
  end
28
28
  end
@@ -21,6 +21,7 @@ module Google
21
21
  module Api
22
22
  # Required information for every language.
23
23
  # @!attribute [rw] reference_docs_uri
24
+ # @deprecated This field is deprecated and may be removed in the next major version update.
24
25
  # @return [::String]
25
26
  # Link to automatically generated reference documentation. Example:
26
27
  # https://cloud.google.com/nodejs/docs/reference/asset/latest
@@ -304,6 +305,19 @@ module Google
304
305
  # seconds: 360 # 6 minutes
305
306
  # total_poll_timeout:
306
307
  # seconds: 54000 # 90 minutes
308
+ # @!attribute [rw] auto_populated_fields
309
+ # @return [::Array<::String>]
310
+ # List of top-level fields of the request message, that should be
311
+ # automatically populated by the client libraries based on their
312
+ # (google.api.field_info).format. Currently supported format: UUID4.
313
+ #
314
+ # Example of a YAML configuration:
315
+ #
316
+ # publishing:
317
+ # method_settings:
318
+ # - selector: google.example.v1.ExampleService.CreateExample
319
+ # auto_populated_fields:
320
+ # - request_id
307
321
  class MethodSettings
308
322
  include ::Google::Protobuf::MessageExts
309
323
  extend ::Google::Protobuf::MessageExts::ClassMethods
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-security-private_ca-v1beta1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-12 00:00:00.000000000 Z
11
+ date: 2024-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.20.0
19
+ version: 0.21.1
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: 2.a
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- version: 0.20.0
29
+ version: 0.21.1
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: 2.a
@@ -221,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
221
221
  - !ruby/object:Gem::Version
222
222
  version: '0'
223
223
  requirements: []
224
- rubygems_version: 3.4.19
224
+ rubygems_version: 3.5.3
225
225
  signing_key:
226
226
  specification_version: 4
227
227
  summary: API Client library for the Certificate Authority Service V1beta1 API