RubyGems - google-cloud-security_center-v1 - Versions diffs - 0.32.0 → 0.34.0 - Mend

google-cloud-security_center-v1 0.32.0 → 0.34.0

Files changed (14) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb5f5353f5de55f1dc9bf90184f56161fdbb5924cd9d8fb1198bc481563a94c8
-  data.tar.gz: 70253ea6af60231b4a3d12959812797536b46b878387c2896861534502c97fb5
+  metadata.gz: 22f9163d8d996218045d1259f59294ef11c067d515fa4022ae6406c2dfa9fd20
+  data.tar.gz: ef75ff4357283b582bd46b4abae02beb6b2bbd5edf3e4b5495a8d8fdc2a7f2cd
 SHA512:
-  metadata.gz: 96603c6e7fa25639bccac2877cff799588e283a23a75666cfb952594949030b550ce3f8a2ce0961a1566d3314484a420abb717a3e73eca99e557fd93ab10ed84
-  data.tar.gz: 43fbb35193c78344b9e2ad056447a03117d5b9b4da55c691237cc470202566b6119bc3ccfe86e26010193378f3de39ea1113fad9b513d6ece513f160d67ca043
+  metadata.gz: eea920cc4f7af66074e701d865c63ab756dabd1147fa62ae2d3063cdace2e53f6737ea6f3ace54da5736e7a708eec35985fea62de29dc996bda18d1d05da764e
+  data.tar.gz: b31f8cb3df40543f1d8096204241a7f42f1034f5884aff05b9883c310e08bc43b3dd3a2aa18b572a3ca35885f6245fc989feb9315aab6308c886f1c45d883563

data/AUTHENTICATION.md CHANGED Viewed

@@ -1,151 +1,122 @@
 # Authentication
-In general, the google-cloud-security_center-v1 library uses
-[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
-credentials to connect to Google Cloud services. When running within
-[Google Cloud Platform environments](#google-cloud-platform-environments) the
-credentials will be discovered automatically. When running on other
-environments, the Service Account credentials can be specified by providing the
-path to the
-[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
-for the account (or the JSON itself) in
-[environment variables](#environment-variables). Additionally, Cloud SDK
-credentials can also be discovered automatically, but this is only recommended
-during development.
+The recommended way to authenticate to the google-cloud-security_center-v1 library is to use
+[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
+To review all of your authentication options, see [Credentials lookup](#credential-lookup).
 ## Quickstart
-1. [Create a service account and credentials](#creating-a-service-account).
-2. Set the [environment variable](#environment-variables).
+The following example shows how to set up authentication for a local development
+environment with your user credentials.
-```sh
-export SECURITY_CENTER_CREDENTIALS=path/to/keyfile.json
-```
-3. Initialize the client.
+**NOTE:** This method is _not_ recommended for running in production. User credentials
+should be used only during development.
-```ruby
-require "google/cloud/security_center/v1"
+1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
+2. Set up a local ADC file with your user credentials:
-client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
+```sh
+gcloud auth application-default login
 ```
-## Credential Lookup
-The google-cloud-security_center-v1 library aims to make authentication
-as simple as possible, and provides several mechanisms to configure your system
-without requiring **Service Account Credentials** directly in code.
-**Credentials** are discovered in the following order:
-1. Specify credentials in method arguments
-2. Specify credentials in configuration
-3. Discover credentials path in environment variables
-4. Discover credentials JSON in environment variables
-5. Discover credentials file in the Cloud SDK's path
-6. Discover GCP credentials
-### Google Cloud Platform environments
+3. Write code as if already authenticated.
-When running on Google Cloud Platform (GCP), including Google Compute Engine
-(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
-Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
-Code should be written as if already authenticated.
+For more information about setting up authentication for a local development environment, see
+[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
-### Environment Variables
+## Credential Lookup
-The **Credentials JSON** can be placed in environment variables instead of
-declaring them directly in code. Each service has its own environment variable,
-allowing for different service accounts to be used for different services. (See
-the READMEs for the individual service gems for details.) The path to the
-**Credentials JSON** file can be stored in the environment variable, or the
-**Credentials JSON** itself can be stored for environments such as Docker
-containers where writing files is difficult or not encouraged.
+The google-cloud-security_center-v1 library provides several mechanisms to configure your system.
+Generally, using Application Default Credentials to facilitate automatic
+credentials discovery is the easist method. But if you need to explicitly specify
+credentials, there are several methods available to you.
-The environment variables that google-cloud-security_center-v1
-checks for credentials are configured on the service Credentials class (such as
-{::Google::Cloud::SecurityCenter::V1::SecurityCenter::Credentials}):
+Credentials are accepted in the following ways, in the following order or precedence:
-* `SECURITY_CENTER_CREDENTIALS` - Path to JSON file, or JSON contents
-* `SECURITY_CENTER_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
+1. Credentials specified in method arguments
+2. Credentials specified in configuration
+3. Credentials pointed to or included in environment variables
+4. Credentials found in local ADC file
+5. Credentials returned by the metadata server for the attached service account (GCP)
-```ruby
-require "google/cloud/security_center/v1"
-ENV["SECURITY_CENTER_CREDENTIALS"] = "path/to/keyfile.json"
+### Configuration
-client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
-```
+You can configure a path to a JSON credentials file, either for an individual client object or
+globally, for all client objects. The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
-### Configuration
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
-The path to the **Credentials JSON** file can be configured instead of storing
-it in an environment variable. Either on an individual client initialization:
+To configure a credentials file for an individual client initialization:
 ```ruby
 require "google/cloud/security_center/v1"
 client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 ```
-Or globally for all clients:
+To configure a credentials file globally for all clients:
 ```ruby
 require "google/cloud/security_center/v1"
 ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.configure do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
 ```
-### Cloud SDK
+### Environment Variables
-This option allows for an easy way to authenticate during development. If
-credentials are not provided in code or in environment variables, then Cloud SDK
-credentials are discovered.
+You can also use an environment variable to provide a JSON credentials file.
+The environment variable can contain a path to the credentials file or, for
+environments such as Docker containers where writing files is not encouraged,
+you can include the credentials file itself.
-To configure your system for this, simply:
+The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
-1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
-3. Write code as if already authenticated.
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
+The environment variables that google-cloud-security_center-v1
+checks for credentials are:
-**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
-*should* only be used during development.
+* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
+* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
-## Creating a Service Account
+```ruby
+require "google/cloud/security_center/v1"
-Google Cloud requires **Service Account Credentials** to
-connect to the APIs. You will use the **JSON key file** to
-connect to most services with google-cloud-security_center-v1.
+ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
-If you are not running this client within
-[Google Cloud Platform environments](#google-cloud-platform-environments), you
-need a Google Developers service account.
+client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
+```
-1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
-2. Create a new project or click on an existing project.
-3. Activate the menu in the upper left and select **APIs & Services**. From
-   here, you will enable the APIs that your application requires.
+### Local ADC file
-   *Note: You may need to enable billing in order to use these services.*
+You can set up a local ADC file with your user credentials for authentication during
+development. If credentials are not provided in code or in environment variables,
+then the local ADC credentials are discovered.
-4. Select **Credentials** from the side navigation.
+Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
-   Find the "Create credentials" drop down near the top of the page, and select
-   "Service account" to be guided through downloading a new JSON key file.
+### Google Cloud Platform environments
-   If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, click the pencil
-   tool on the right side to edit the service account, select the **Keys** tab,
-   and then select **Add Key**.
+When running on Google Cloud Platform (GCP), including Google Compute Engine
+(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
+Functions (GCF) and Cloud Run, credentials are retrieved from the attached
+service account automatically. Code should be written as if already authenticated.
-   The key file you download will be used by this library to authenticate API
-   requests and should be stored in a secure location.
+For more information, see
+[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).

data/lib/google/cloud/security_center/v1/security_center/client.rb CHANGED Viewed

@@ -30,6 +30,9 @@ module Google
           # V1 APIs for Security Center service.
           #
           class Client
+            # @private
+            DEFAULT_ENDPOINT_TEMPLATE = "securitycenter.$UNIVERSE_DOMAIN$"
             include Paths
             # @private
@@ -200,6 +203,15 @@ module Google
               @config
             end
+            ##
+            # The effective universe domain
+            #
+            # @return [String]
+            #
+            def universe_domain
+              @security_center_stub.universe_domain
+            end
             ##
             # Create a new SecurityCenter client object.
             #
@@ -233,8 +245,9 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                       !@config.endpoint.split(".").first.include?("-")
+              enable_self_signed_jwt = @config.endpoint.nil? ||
+                                       (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                       !@config.endpoint.split(".").first.include?("-"))
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -247,12 +260,15 @@ module Google
                 config.credentials = credentials
                 config.quota_project = @quota_project_id
                 config.endpoint = @config.endpoint
+                config.universe_domain = @config.universe_domain
               end
               @security_center_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Stub,
-                credentials:  credentials,
-                endpoint:     @config.endpoint,
+                credentials: credentials,
+                endpoint: @config.endpoint,
+                endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
                 channel_pool_config: @config.channel_pool
@@ -3790,6 +3806,99 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
+            ##
+            # Simulates a given SecurityHealthAnalyticsCustomModule and Resource.
+            #
+            # @overload simulate_security_health_analytics_custom_module(request, options = nil)
+            #   Pass arguments to `simulate_security_health_analytics_custom_module` via a request object, either of type
+            #   {::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload simulate_security_health_analytics_custom_module(parent: nil, custom_config: nil, resource: nil)
+            #   Pass arguments to `simulate_security_health_analytics_custom_module` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param parent [::String]
+            #     Required. The relative resource name of the organization, project, or
+            #     folder. For more information about relative resource names, see [Relative
+            #     Resource
+            #     Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
+            #     Example: `organizations/{organization_id}`
+            #   @param custom_config [::Google::Cloud::SecurityCenter::V1::CustomConfig, ::Hash]
+            #     Required. The custom configuration that you need to test.
+            #   @param resource [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest::SimulatedResource, ::Hash]
+            #     Required. Resource data to simulate custom module against.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/security_center/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest.new
+            #
+            #   # Call the simulate_security_health_analytics_custom_module method.
+            #   result = client.simulate_security_health_analytics_custom_module request
+            #
+            #   # The returned object is of type Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse.
+            #   p result
+            #
+            def simulate_security_health_analytics_custom_module request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.simulate_security_health_analytics_custom_module.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::SecurityCenter::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.parent
+                header_params["parent"] = request.parent
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.simulate_security_health_analytics_custom_module.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.simulate_security_health_analytics_custom_module.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @security_center_stub.call_rpc :simulate_security_health_analytics_custom_module, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
             ##
             # Updates external system. This is for a given finding.
             #
@@ -4927,9 +5036,9 @@ module Google
             #   end
             #
             # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"securitycenter.googleapis.com"`.
-            #   @return [::String]
+            #   A custom service endpoint, as a hostname or hostname:port. The default is
+            #   nil, indicating to use the default endpoint in the current universe domain.
+            #   @return [::String,nil]
             # @!attribute [rw] credentials
             #   Credentials to send with calls. You may provide any of the following types:
             #    *  (`String`) The path to a service account key file in JSON format
@@ -4975,13 +5084,20 @@ module Google
             # @!attribute [rw] quota_project
             #   A separate project against which to charge quota.
             #   @return [::String]
+            # @!attribute [rw] universe_domain
+            #   The universe domain within which to make requests. This determines the
+            #   default endpoint URL. The default value of nil uses the environment
+            #   universe (usually the default "googleapis.com" universe).
+            #   @return [::String,nil]
             #
             class Configuration
               extend ::Gapic::Config
+              # @private
+              # The endpoint specific to the default "googleapis.com" universe. Deprecated.
               DEFAULT_ENDPOINT = "securitycenter.googleapis.com"
-              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+              config_attr :endpoint,      nil, ::String, nil
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -4996,6 +5112,7 @@ module Google
               config_attr :metadata,      nil, ::Hash, nil
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
+              config_attr :universe_domain, nil, ::String, nil
               # @private
               def initialize parent_config = nil
@@ -5203,6 +5320,11 @@ module Google
                 #
                 attr_reader :test_iam_permissions
                 ##
+                # RPC-specific configuration for `simulate_security_health_analytics_custom_module`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :simulate_security_health_analytics_custom_module
+                ##
                 # RPC-specific configuration for `update_external_system`
                 # @return [::Gapic::Config::Method]
                 #
@@ -5329,6 +5451,8 @@ module Google
                   @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
                   test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
                   @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
+                  simulate_security_health_analytics_custom_module_config = parent_rpcs.simulate_security_health_analytics_custom_module if parent_rpcs.respond_to? :simulate_security_health_analytics_custom_module
+                  @simulate_security_health_analytics_custom_module = ::Gapic::Config::Method.new simulate_security_health_analytics_custom_module_config
                   update_external_system_config = parent_rpcs.update_external_system if parent_rpcs.respond_to? :update_external_system
                   @update_external_system = ::Gapic::Config::Method.new update_external_system_config
                   update_finding_config = parent_rpcs.update_finding if parent_rpcs.respond_to? :update_finding

data/lib/google/cloud/security_center/v1/security_center/operations.rb CHANGED Viewed

@@ -26,6 +26,9 @@ module Google
         module SecurityCenter
           # Service that implements Longrunning Operations API.
           class Operations
+            # @private
+            DEFAULT_ENDPOINT_TEMPLATE = "securitycenter.$UNIVERSE_DOMAIN$"
             # @private
             attr_reader :operations_stub
@@ -60,6 +63,15 @@ module Google
               @config
             end
+            ##
+            # The effective universe domain
+            #
+            # @return [String]
+            #
+            def universe_domain
+              @operations_stub.universe_domain
+            end
             ##
             # Create a new Operations client object.
             #
@@ -90,8 +102,10 @@ module Google
               @operations_stub = ::Gapic::ServiceStub.new(
                 ::Google::Longrunning::Operations::Stub,
-                credentials:  credentials,
-                endpoint:     @config.endpoint,
+                credentials: credentials,
+                endpoint: @config.endpoint,
+                endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
                 channel_pool_config: @config.channel_pool
@@ -613,9 +627,9 @@ module Google
             #   end
             #
             # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"securitycenter.googleapis.com"`.
-            #   @return [::String]
+            #   A custom service endpoint, as a hostname or hostname:port. The default is
+            #   nil, indicating to use the default endpoint in the current universe domain.
+            #   @return [::String,nil]
             # @!attribute [rw] credentials
             #   Credentials to send with calls. You may provide any of the following types:
             #    *  (`String`) The path to a service account key file in JSON format
@@ -661,13 +675,20 @@ module Google
             # @!attribute [rw] quota_project
             #   A separate project against which to charge quota.
             #   @return [::String]
+            # @!attribute [rw] universe_domain
+            #   The universe domain within which to make requests. This determines the
+            #   default endpoint URL. The default value of nil uses the environment
+            #   universe (usually the default "googleapis.com" universe).
+            #   @return [::String,nil]
             #
             class Configuration
               extend ::Gapic::Config
+              # @private
+              # The endpoint specific to the default "googleapis.com" universe. Deprecated.
               DEFAULT_ENDPOINT = "securitycenter.googleapis.com"
-              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+              config_attr :endpoint,      nil, ::String, nil
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -682,6 +703,7 @@ module Google
               config_attr :metadata,      nil, ::Hash, nil
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
+              config_attr :universe_domain, nil, ::String, nil
               # @private
               def initialize parent_config = nil