RubyGems - google-cloud-security_center-v1 - Versions diffs - 0.32.0 → 0.34.0 - Mend

google-cloud-security_center-v1 0.32.0 → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb5f5353f5de55f1dc9bf90184f56161fdbb5924cd9d8fb1198bc481563a94c8
-  data.tar.gz: 70253ea6af60231b4a3d12959812797536b46b878387c2896861534502c97fb5
+  metadata.gz: 22f9163d8d996218045d1259f59294ef11c067d515fa4022ae6406c2dfa9fd20
+  data.tar.gz: ef75ff4357283b582bd46b4abae02beb6b2bbd5edf3e4b5495a8d8fdc2a7f2cd
 SHA512:
-  metadata.gz: 96603c6e7fa25639bccac2877cff799588e283a23a75666cfb952594949030b550ce3f8a2ce0961a1566d3314484a420abb717a3e73eca99e557fd93ab10ed84
-  data.tar.gz: 43fbb35193c78344b9e2ad056447a03117d5b9b4da55c691237cc470202566b6119bc3ccfe86e26010193378f3de39ea1113fad9b513d6ece513f160d67ca043
+  metadata.gz: eea920cc4f7af66074e701d865c63ab756dabd1147fa62ae2d3063cdace2e53f6737ea6f3ace54da5736e7a708eec35985fea62de29dc996bda18d1d05da764e
+  data.tar.gz: b31f8cb3df40543f1d8096204241a7f42f1034f5884aff05b9883c310e08bc43b3dd3a2aa18b572a3ca35885f6245fc989feb9315aab6308c886f1c45d883563

data/AUTHENTICATION.md CHANGED Viewed

@@ -1,151 +1,122 @@
 # Authentication
-In general, the google-cloud-security_center-v1 library uses
-[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
-credentials to connect to Google Cloud services. When running within
-[Google Cloud Platform environments](#google-cloud-platform-environments) the
-credentials will be discovered automatically. When running on other
-environments, the Service Account credentials can be specified by providing the
-path to the
-[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
-for the account (or the JSON itself) in
-[environment variables](#environment-variables). Additionally, Cloud SDK
-credentials can also be discovered automatically, but this is only recommended
-during development.
+The recommended way to authenticate to the google-cloud-security_center-v1 library is to use
+[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
+To review all of your authentication options, see [Credentials lookup](#credential-lookup).
 ## Quickstart
-1. [Create a service account and credentials](#creating-a-service-account).
-2. Set the [environment variable](#environment-variables).
+The following example shows how to set up authentication for a local development
+environment with your user credentials.
-```sh
-export SECURITY_CENTER_CREDENTIALS=path/to/keyfile.json
-```
-3. Initialize the client.
+**NOTE:** This method is _not_ recommended for running in production. User credentials
+should be used only during development.
-```ruby
-require "google/cloud/security_center/v1"
+1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
+2. Set up a local ADC file with your user credentials:
-client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
+```sh
+gcloud auth application-default login
 ```
-## Credential Lookup
-The google-cloud-security_center-v1 library aims to make authentication
-as simple as possible, and provides several mechanisms to configure your system
-without requiring **Service Account Credentials** directly in code.
-**Credentials** are discovered in the following order:
-1. Specify credentials in method arguments
-2. Specify credentials in configuration
-3. Discover credentials path in environment variables
-4. Discover credentials JSON in environment variables
-5. Discover credentials file in the Cloud SDK's path
-6. Discover GCP credentials
-### Google Cloud Platform environments
+3. Write code as if already authenticated.
-When running on Google Cloud Platform (GCP), including Google Compute Engine
-(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
-Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
-Code should be written as if already authenticated.
+For more information about setting up authentication for a local development environment, see
+[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
-### Environment Variables
+## Credential Lookup
-The **Credentials JSON** can be placed in environment variables instead of
-declaring them directly in code. Each service has its own environment variable,
-allowing for different service accounts to be used for different services. (See
-the READMEs for the individual service gems for details.) The path to the
-**Credentials JSON** file can be stored in the environment variable, or the
-**Credentials JSON** itself can be stored for environments such as Docker
-containers where writing files is difficult or not encouraged.
+The google-cloud-security_center-v1 library provides several mechanisms to configure your system.
+Generally, using Application Default Credentials to facilitate automatic
+credentials discovery is the easist method. But if you need to explicitly specify
+credentials, there are several methods available to you.
-The environment variables that google-cloud-security_center-v1
-checks for credentials are configured on the service Credentials class (such as
-{::Google::Cloud::SecurityCenter::V1::SecurityCenter::Credentials}):
+Credentials are accepted in the following ways, in the following order or precedence:
-* `SECURITY_CENTER_CREDENTIALS` - Path to JSON file, or JSON contents
-* `SECURITY_CENTER_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
+1. Credentials specified in method arguments
+2. Credentials specified in configuration
+3. Credentials pointed to or included in environment variables
+4. Credentials found in local ADC file
+5. Credentials returned by the metadata server for the attached service account (GCP)
-```ruby
-require "google/cloud/security_center/v1"
-ENV["SECURITY_CENTER_CREDENTIALS"] = "path/to/keyfile.json"
+### Configuration
-client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
-```
+You can configure a path to a JSON credentials file, either for an individual client object or
+globally, for all client objects. The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
-### Configuration
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
-The path to the **Credentials JSON** file can be configured instead of storing
-it in an environment variable. Either on an individual client initialization:
+To configure a credentials file for an individual client initialization:
 ```ruby
 require "google/cloud/security_center/v1"
 client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 ```
-Or globally for all clients:
+To configure a credentials file globally for all clients:
 ```ruby
 require "google/cloud/security_center/v1"
 ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.configure do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
 ```
-### Cloud SDK
+### Environment Variables
-This option allows for an easy way to authenticate during development. If
-credentials are not provided in code or in environment variables, then Cloud SDK
-credentials are discovered.
+You can also use an environment variable to provide a JSON credentials file.
+The environment variable can contain a path to the credentials file or, for
+environments such as Docker containers where writing files is not encouraged,
+you can include the credentials file itself.
-To configure your system for this, simply:
+The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
-1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
-3. Write code as if already authenticated.
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
+The environment variables that google-cloud-security_center-v1
+checks for credentials are:
-**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
-*should* only be used during development.
+* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
+* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
-## Creating a Service Account
+```ruby
+require "google/cloud/security_center/v1"
-Google Cloud requires **Service Account Credentials** to
-connect to the APIs. You will use the **JSON key file** to
-connect to most services with google-cloud-security_center-v1.
+ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
-If you are not running this client within
-[Google Cloud Platform environments](#google-cloud-platform-environments), you
-need a Google Developers service account.
+client = ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
+```
-1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
-2. Create a new project or click on an existing project.
-3. Activate the menu in the upper left and select **APIs & Services**. From
-   here, you will enable the APIs that your application requires.
+### Local ADC file
-   *Note: You may need to enable billing in order to use these services.*
+You can set up a local ADC file with your user credentials for authentication during
+development. If credentials are not provided in code or in environment variables,
+then the local ADC credentials are discovered.
-4. Select **Credentials** from the side navigation.
+Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
-   Find the "Create credentials" drop down near the top of the page, and select
-   "Service account" to be guided through downloading a new JSON key file.
+### Google Cloud Platform environments
-   If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, click the pencil
-   tool on the right side to edit the service account, select the **Keys** tab,
-   and then select **Add Key**.
+When running on Google Cloud Platform (GCP), including Google Compute Engine
+(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
+Functions (GCF) and Cloud Run, credentials are retrieved from the attached
+service account automatically. Code should be written as if already authenticated.
-   The key file you download will be used by this library to authenticate API
-   requests and should be stored in a secure location.
+For more information, see
+[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).

data/lib/google/cloud/security_center/v1/security_center/client.rb CHANGED Viewed

@@ -30,6 +30,9 @@ module Google
           # V1 APIs for Security Center service.
           #
           class Client
+            # @private
+            DEFAULT_ENDPOINT_TEMPLATE = "securitycenter.$UNIVERSE_DOMAIN$"
             include Paths
             # @private
@@ -200,6 +203,15 @@ module Google
               @config
             end
+            ##
+            # The effective universe domain
+            #
+            # @return [String]
+            #
+            def universe_domain
+              @security_center_stub.universe_domain
+            end
             ##
             # Create a new SecurityCenter client object.
             #
@@ -233,8 +245,9 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                       !@config.endpoint.split(".").first.include?("-")
+              enable_self_signed_jwt = @config.endpoint.nil? ||
+                                       (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                       !@config.endpoint.split(".").first.include?("-"))
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -247,12 +260,15 @@ module Google
                 config.credentials = credentials
                 config.quota_project = @quota_project_id
                 config.endpoint = @config.endpoint
+                config.universe_domain = @config.universe_domain
               end
               @security_center_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::SecurityCenter::V1::SecurityCenter::Stub,
-                credentials:  credentials,
-                endpoint:     @config.endpoint,
+                credentials: credentials,
+                endpoint: @config.endpoint,
+                endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
                 channel_pool_config: @config.channel_pool
@@ -3790,6 +3806,99 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
+            ##
+            # Simulates a given SecurityHealthAnalyticsCustomModule and Resource.
+            #
+            # @overload simulate_security_health_analytics_custom_module(request, options = nil)
+            #   Pass arguments to `simulate_security_health_analytics_custom_module` via a request object, either of type
+            #   {::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload simulate_security_health_analytics_custom_module(parent: nil, custom_config: nil, resource: nil)
+            #   Pass arguments to `simulate_security_health_analytics_custom_module` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param parent [::String]
+            #     Required. The relative resource name of the organization, project, or
+            #     folder. For more information about relative resource names, see [Relative
+            #     Resource
+            #     Name](https://cloud.google.com/apis/design/resource_names#relative_resource_name)
+            #     Example: `organizations/{organization_id}`
+            #   @param custom_config [::Google::Cloud::SecurityCenter::V1::CustomConfig, ::Hash]
+            #     Required. The custom configuration that you need to test.
+            #   @param resource [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest::SimulatedResource, ::Hash]
+            #     Required. Resource data to simulate custom module against.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/cloud/security_center/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Cloud::SecurityCenter::V1::SecurityCenter::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest.new
+            #
+            #   # Call the simulate_security_health_analytics_custom_module method.
+            #   result = client.simulate_security_health_analytics_custom_module request
+            #
+            #   # The returned object is of type Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleResponse.
+            #   p result
+            #
+            def simulate_security_health_analytics_custom_module request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::SecurityCenter::V1::SimulateSecurityHealthAnalyticsCustomModuleRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.simulate_security_health_analytics_custom_module.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::SecurityCenter::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.parent
+                header_params["parent"] = request.parent
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.simulate_security_health_analytics_custom_module.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.simulate_security_health_analytics_custom_module.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @security_center_stub.call_rpc :simulate_security_health_analytics_custom_module, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
             ##
             # Updates external system. This is for a given finding.
             #
@@ -4927,9 +5036,9 @@ module Google
             #   end
             #
             # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"securitycenter.googleapis.com"`.
-            #   @return [::String]
+            #   A custom service endpoint, as a hostname or hostname:port. The default is
+            #   nil, indicating to use the default endpoint in the current universe domain.
+            #   @return [::String,nil]
             # @!attribute [rw] credentials
             #   Credentials to send with calls. You may provide any of the following types:
             #    *  (`String`) The path to a service account key file in JSON format
@@ -4975,13 +5084,20 @@ module Google
             # @!attribute [rw] quota_project
             #   A separate project against which to charge quota.
             #   @return [::String]
+            # @!attribute [rw] universe_domain
+            #   The universe domain within which to make requests. This determines the
+            #   default endpoint URL. The default value of nil uses the environment
+            #   universe (usually the default "googleapis.com" universe).
+            #   @return [::String,nil]
             #
             class Configuration
               extend ::Gapic::Config
+              # @private
+              # The endpoint specific to the default "googleapis.com" universe. Deprecated.
               DEFAULT_ENDPOINT = "securitycenter.googleapis.com"
-              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+              config_attr :endpoint,      nil, ::String, nil
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -4996,6 +5112,7 @@ module Google
               config_attr :metadata,      nil, ::Hash, nil
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
+              config_attr :universe_domain, nil, ::String, nil
               # @private
               def initialize parent_config = nil
@@ -5203,6 +5320,11 @@ module Google
                 #
                 attr_reader :test_iam_permissions
                 ##
+                # RPC-specific configuration for `simulate_security_health_analytics_custom_module`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :simulate_security_health_analytics_custom_module
+                ##
                 # RPC-specific configuration for `update_external_system`
                 # @return [::Gapic::Config::Method]
                 #
@@ -5329,6 +5451,8 @@ module Google
                   @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
                   test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
                   @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
+                  simulate_security_health_analytics_custom_module_config = parent_rpcs.simulate_security_health_analytics_custom_module if parent_rpcs.respond_to? :simulate_security_health_analytics_custom_module
+                  @simulate_security_health_analytics_custom_module = ::Gapic::Config::Method.new simulate_security_health_analytics_custom_module_config
                   update_external_system_config = parent_rpcs.update_external_system if parent_rpcs.respond_to? :update_external_system
                   @update_external_system = ::Gapic::Config::Method.new update_external_system_config
                   update_finding_config = parent_rpcs.update_finding if parent_rpcs.respond_to? :update_finding

data/lib/google/cloud/security_center/v1/security_center/operations.rb CHANGED Viewed

@@ -26,6 +26,9 @@ module Google
         module SecurityCenter
           # Service that implements Longrunning Operations API.
           class Operations
+            # @private
+            DEFAULT_ENDPOINT_TEMPLATE = "securitycenter.$UNIVERSE_DOMAIN$"
             # @private
             attr_reader :operations_stub
@@ -60,6 +63,15 @@ module Google
               @config
             end
+            ##
+            # The effective universe domain
+            #
+            # @return [String]
+            #
+            def universe_domain
+              @operations_stub.universe_domain
+            end
             ##
             # Create a new Operations client object.
             #
@@ -90,8 +102,10 @@ module Google
               @operations_stub = ::Gapic::ServiceStub.new(
                 ::Google::Longrunning::Operations::Stub,
-                credentials:  credentials,
-                endpoint:     @config.endpoint,
+                credentials: credentials,
+                endpoint: @config.endpoint,
+                endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
                 channel_pool_config: @config.channel_pool
@@ -613,9 +627,9 @@ module Google
             #   end
             #
             # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"securitycenter.googleapis.com"`.
-            #   @return [::String]
+            #   A custom service endpoint, as a hostname or hostname:port. The default is
+            #   nil, indicating to use the default endpoint in the current universe domain.
+            #   @return [::String,nil]
             # @!attribute [rw] credentials
             #   Credentials to send with calls. You may provide any of the following types:
             #    *  (`String`) The path to a service account key file in JSON format
@@ -661,13 +675,20 @@ module Google
             # @!attribute [rw] quota_project
             #   A separate project against which to charge quota.
             #   @return [::String]
+            # @!attribute [rw] universe_domain
+            #   The universe domain within which to make requests. This determines the
+            #   default endpoint URL. The default value of nil uses the environment
+            #   universe (usually the default "googleapis.com" universe).
+            #   @return [::String,nil]
             #
             class Configuration
               extend ::Gapic::Config
+              # @private
+              # The endpoint specific to the default "googleapis.com" universe. Deprecated.
               DEFAULT_ENDPOINT = "securitycenter.googleapis.com"
-              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+              config_attr :endpoint,      nil, ::String, nil
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -682,6 +703,7 @@ module Google
               config_attr :metadata,      nil, ::Hash, nil
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
+              config_attr :universe_domain, nil, ::String, nil
               # @private
               def initialize parent_config = nil