google-cloud-storage 1.29.2 → 1.33.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad286a8539024ffcee1d0239c7db682e3ddb4b6663e5e172354123fa607b96fc
-  data.tar.gz: 29e8c237d1f891d46bddea92ff3151a08c11c32e936376f040d50159668a8f69
+  metadata.gz: 6900463b2861e35e33cef3bda84de638f0f9e7d80e8424755f5eef311bd20352
+  data.tar.gz: 6469082cd9d6b158a71a808874104e20128187c4c611a0fe71dbd80b0f68e54e
 SHA512:
-  metadata.gz: b7121fbfee2ad413e88d6edfbe83c535a9b17173d2431919e72fed6e8f4eba4c94f84b64d588ade51f50d8f20556a8bef37c6ad8cdaeaca8d6fb58a280168825
-  data.tar.gz: 0cb221a85541a6af70d8be63dd137915110eda09295e9711c566ec669bd574376a1f0125c4ebc559efa0a19268569dc74cd2548891400501d9af6bdfe62da8ce
+  metadata.gz: 4d32314a8813b66cf6ec488be10c8ac174cb71a54d175cff9f33809a529f4851ff2482a43c646f114c91cac4bf7fbc90cc4135caab85d1a55ab8c732f11c1c5f
+  data.tar.gz: '08382f70eb5759b7ccb98ac0bb793bed114bd3fcc24b6ca8e3ecc02af2e60540f1761d36133d8299b043155d260d9a659ab2d5b0cda6a27eb40ead70d7b7d6d1'

data/CHANGELOG.md

@@ -1,5 +1,60 @@
 # Release History
 
+### 1.33.0 / 2021-06-29
+
+#### Features
+
+* Add support for PublicAccessPrevention
+  * Add Bucket#public_access_prevention
+  * Add Bucket#public_access_prevention=
+  * Add Bucket#public_access_prevention_enforced?
+  * Add Bucket#public_access_prevention_unspecified?
+  * Add samples for PublicAccessPrevention
+
+### 1.32.0 / 2021-06-22
+
+#### Features
+
+* Add sources_if_generation_match to Bucket#compose
+* Add support for (meta)generation preconditions to File operations
+  * Add if_(meta)generation_match options to Bucket#compose
+  * Add if_(meta)generation_(not_)match options to Bucket#create_file
+  * Add if_(meta)generation_(not_)match options to Bucket#file
+  * Add if_(meta)generation_(not_)match options to File#delete.
+  * Add if_(meta)generation_(not_)match options to File#rewrite
+  * Add generation and if_(meta)generation_(not_)match options to File#update
+  * Add generation and if_(meta)generation_(not_)match options to File::Acl predefined_acl methods
+
+#### Bug Fixes
+
+* Expand googleauth dependency to support future 1.x versions
+* Update File::Verifier to test for File#to_path
+
+### 1.31.1 / 2021-05-19
+
+#### Documentation
+
+* Update IAMCredentialsService#sign_service_account_blob examples
+
+### 1.31.0 / 2021-03-10
+
+#### Features
+
+* Drop support for Ruby 2.4 and add support for Ruby 3.0
+
+### 1.30.0 / 2021-01-13
+
+#### Features
+
+* Replace google-api-client with specific client gems
+  * Remove google-api-client
+  * Add google-apis-iamcredentials_v1
+  * Add google-apis-storage_v1
+
+#### Documentation
+
+* Update Bucket#generate_signed_post_policy_v4 documentation
+
 ### 1.29.2 / 2020-12-14
 
 #### Bug Fixes

data/CONTRIBUTING.md

@@ -24,7 +24,7 @@ be able to accept your pull requests.
 In order to use the google-cloud-storage console and run the project's tests,
 there is a small amount of setup:
 
-1. Install Ruby. google-cloud-storage requires Ruby 2.4+. You may choose to
+1. Install Ruby. google-cloud-storage requires Ruby 2.5+. You may choose to
    manage your Ruby and gem installations with [RVM](https://rvm.io/),
    [rbenv](https://github.com/rbenv/rbenv), or
    [chruby](https://github.com/postmodern/chruby).
@@ -119,15 +119,14 @@ If you alter an example's title, you may encounter breaking tests.
 ### Storage Acceptance Tests
 
 The Storage acceptance tests interact with the live service API. Follow the
-instructions in the {file:AUTHENTICATION.md Authentication guide} for enabling
+instructions in the {file:AUTHENTICATION.md Authentication Guide} for enabling
 the Storage API. Occasionally, some API features may not yet be generally
 available, making it difficult for some contributors to successfully run the
 entire acceptance test suite. However, please ensure that you do successfully
 run acceptance tests for any code areas covered by your pull request.
 
 To run the acceptance tests, first create and configure a project in the Google
-Developers Console, as described in the {file:AUTHENTICATION.md Authentication
-guide}. Be sure to download the JSON KEY file. Make note of the PROJECT_ID and
+Developers Console, as described in the {file:AUTHENTICATION.md Authentication Guide}. Be sure to download the JSON KEY file. Make note of the PROJECT_ID and
 the KEYFILE location on your system.
 
 Before you can run the Storage acceptance tests, you must first create indexes

data/lib/google/cloud/storage/bucket.rb

@@ -309,12 +309,15 @@ module Google
         # @see https://cloud.google.com/storage/docs/access-logs Access Logs
         #
         def logging_bucket
-          @gapi.logging.log_bucket if @gapi.logging
+          @gapi.logging&.log_bucket
         end
 
         ##
         # Updates the destination bucket for the bucket's logs.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @see https://cloud.google.com/storage/docs/access-logs Access Logs
         #
         # @param [String] logging_bucket The bucket to hold the logging output
@@ -333,7 +336,7 @@ module Google
         # @return [String]
         #
         def logging_prefix
-          @gapi.logging.log_object_prefix if @gapi.logging
+          @gapi.logging&.log_object_prefix
         end
 
         ##
@@ -344,6 +347,9 @@ module Google
         # By default, the object prefix is the name of the bucket for which the
         # logs are enabled.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @see https://cloud.google.com/storage/docs/access-logs Access Logs
         #
         # @param [String] logging_prefix The logging object prefix.
@@ -377,6 +383,9 @@ module Google
         # For more information, see [Storage
         # Classes](https://cloud.google.com/storage/docs/storage-classes).
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Symbol, String] new_storage_class Storage class of the bucket.
         #
         def storage_class= new_storage_class
@@ -392,7 +401,7 @@ module Google
         # @return [Boolean]
         #
         def versioning?
-          @gapi.versioning.enabled? unless @gapi.versioning.nil?
+          @gapi.versioning&.enabled?
         end
 
         ##
@@ -400,6 +409,9 @@ module Google
         # Versioning](https://cloud.google.com/storage/docs/object-versioning)
         # is enabled for the bucket.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Boolean] new_versioning true if versioning is to be enabled
         #   for the bucket.
         #
@@ -422,12 +434,15 @@ module Google
         # @return [String] The main page suffix.
         #
         def website_main
-          @gapi.website.main_page_suffix if @gapi.website
+          @gapi.website&.main_page_suffix
         end
 
         ##
         # Updates the main page suffix for a static website.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @see https://cloud.google.com/storage/docs/website-configuration#step4
         #   How to Host a Static Website
         #
@@ -449,7 +464,7 @@ module Google
         # @return [String]
         #
         def website_404
-          @gapi.website.not_found_page if @gapi.website
+          @gapi.website&.not_found_page
         end
 
         ##
@@ -467,6 +482,9 @@ module Google
         ##
         # Updates the hash of user-provided labels.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Hash(String => String)] labels The user-provided labels.
         #
         def labels= labels
@@ -478,6 +496,9 @@ module Google
         # Updates the page returned from a static website served from the bucket
         # when a site visitor requests a resource that does not exist.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @see https://cloud.google.com/storage/docs/website-configuration#step4
         #   How to Host a Static Website
         #
@@ -498,7 +519,7 @@ module Google
         #   the bucket.
         #
         def requester_pays
-          @gapi.billing.requester_pays if @gapi.billing
+          @gapi.billing&.requester_pays
         end
         alias requester_pays? requester_pays
 
@@ -509,6 +530,9 @@ module Google
         # {Project#bucket} and {Project#buckets} to indicate the project to
         # which the access costs should be billed.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Boolean] new_requester_pays When set to `true`, requester pays
         #   is enabled for the bucket.
         #
@@ -550,13 +574,16 @@ module Google
         #   bucket.default_kms_key #=> kms_key_name
         #
         def default_kms_key
-          @gapi.encryption && @gapi.encryption.default_kms_key_name
+          @gapi.encryption&.default_kms_key_name
         end
 
         ##
         # Set the Cloud KMS encryption key that will be used to protect files.
         # For example: `projects/a/locations/b/keyRings/c/cryptoKeys/d`
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [String, nil] new_default_kms_key New Cloud KMS key name, or
         #   `nil` to delete the Cloud KMS encryption key.
         #
@@ -599,7 +626,7 @@ module Google
         #   retention policy exists for the bucket.
         #
         def retention_period
-          @gapi.retention_policy && @gapi.retention_policy.retention_period
+          @gapi.retention_policy&.retention_period
         end
 
         ##
@@ -617,6 +644,9 @@ module Google
         # See also: {#lock_retention_policy!}, {#retention_period},
         # {#retention_effective_at}, and {#retention_policy_locked?}.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Integer, nil] new_retention_period The retention period
         #   defined in seconds. The value must be between 0 and 100 years (in
         #   seconds), or `nil`.
@@ -658,7 +688,7 @@ module Google
         #   policy, if a policy exists.
         #
         def retention_effective_at
-          @gapi.retention_policy && @gapi.retention_policy.effective_time
+          @gapi.retention_policy&.effective_time
         end
 
         ##
@@ -715,6 +745,9 @@ module Google
         #
         # See {File#event_based_hold?} and {File#set_event_based_hold!}.
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Boolean] new_default_event_based_hold The default event-based
         #   hold field for the bucket.
         #
@@ -808,7 +841,7 @@ module Google
         #   bucket.uniform_bucket_level_access? # true
         #
         def uniform_bucket_level_access?
-          return false unless @gapi.iam_configuration && @gapi.iam_configuration.uniform_bucket_level_access
+          return false unless @gapi.iam_configuration&.uniform_bucket_level_access
           !@gapi.iam_configuration.uniform_bucket_level_access.enabled.nil? &&
             @gapi.iam_configuration.uniform_bucket_level_access.enabled
         end
@@ -823,6 +856,9 @@ module Google
         # Before enabling uniform bucket-level access please review [uniform bucket-level
         # access](https://cloud.google.com/storage/docs/uniform-bucket-level-access).
         #
+        # To pass metageneration preconditions, call this method within a
+        # block passed to {#update}.
+        #
         # @param [Boolean] new_uniform_bucket_level_access When set to `true`, uniform bucket-level access is enabled in
         #   the bucket's IAM configuration.
         #
@@ -870,7 +906,7 @@ module Google
         #   puts bucket.uniform_bucket_level_access_locked_at
         #
         def uniform_bucket_level_access_locked_at
-          return nil unless @gapi.iam_configuration && @gapi.iam_configuration.uniform_bucket_level_access
+          return nil unless @gapi.iam_configuration&.uniform_bucket_level_access
           @gapi.iam_configuration.uniform_bucket_level_access.locked_time
         end
 
@@ -895,6 +931,108 @@ module Google
           uniform_bucket_level_access_locked_at
         end
 
+        ##
+        # The value for Public Access Prevention in the bucket's IAM configuration. Currently, `unspecified` and
+        # `enforced` are supported. When set to `enforced`, Public Access Prevention is enforced in the bucket's IAM
+        # configuration. This value can be modified by calling {#public_access_prevention=}.
+        #
+        # @return [String, nil] Currently, `unspecified` and `enforced` are supported. Returns `nil` if the bucket has
+        #    no IAM configuration.
+        #
+        # @example
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-bucket"
+        #
+        #   bucket.public_access_prevention = :enforced
+        #   bucket.public_access_prevention #=> "enforced"
+        #
+        def public_access_prevention
+          @gapi.iam_configuration&.public_access_prevention
+        end
+
+        ##
+        # Sets the value for Public Access Prevention in the bucket's IAM configuration. This value can be queried by
+        # calling {#public_access_prevention}.
+        #
+        # @param [Symbol, String] new_public_access_prevention The bucket's new Public Access Prevention configuration.
+        #   Currently, `unspecified` and `enforced` are supported. When set to `enforced`, Public Access
+        #   Prevention is enforced in the bucket's IAM configuration.
+        #
+        # @example Set Public Access Prevention to enforced:
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-bucket"
+        #
+        #   bucket.public_access_prevention = :enforced
+        #   bucket.public_access_prevention #=> "enforced"
+        #
+        # @example Set Public Access Prevention to unspecified:
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-bucket"
+        #
+        #   bucket.public_access_prevention = :unspecified
+        #   bucket.public_access_prevention #=> "unspecified"
+        #
+        def public_access_prevention= new_public_access_prevention
+          @gapi.iam_configuration ||= API::Bucket::IamConfiguration.new
+          @gapi.iam_configuration.public_access_prevention = new_public_access_prevention.to_s
+          patch_gapi! :iam_configuration
+        end
+
+        ##
+        # Whether the bucket's file IAM configuration enforces Public Access Prevention. The default is `false`. This
+        # value can be modified by calling {Bucket#public_access_prevention=}.
+        #
+        # @return [Boolean] Returns `false` if the bucket has no IAM configuration or if Public Access Prevention is
+        #   not `enforced` in the IAM configuration. Returns `true` if Public Access Prevention is `enforced` in the IAM
+        #   configuration.
+        #
+        # @example
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-bucket"
+        #
+        #   bucket.public_access_prevention = :enforced
+        #   bucket.public_access_prevention_enforced? # true
+        #
+        def public_access_prevention_enforced?
+          return false unless @gapi.iam_configuration&.public_access_prevention
+          @gapi.iam_configuration.public_access_prevention.to_s == "enforced"
+        end
+
+        ##
+        # Whether the value for Public Access Prevention in the bucket's IAM configuration is `unspecified`. The default
+        # is `false`. This value can be modified by calling {Bucket#public_access_prevention=}.
+        #
+        # @return [Boolean] Returns `false` if the bucket has no IAM configuration or if Public Access Prevention is
+        #   not `unspecified` in the IAM configuration. Returns `true` if Public Access Prevention is `unspecified` in
+        #   the IAM configuration.
+        #
+        # @example
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-bucket"
+        #
+        #   bucket.public_access_prevention = :unspecified
+        #   bucket.public_access_prevention_unspecified? # true
+        #
+        def public_access_prevention_unspecified?
+          return false unless @gapi.iam_configuration&.public_access_prevention
+          @gapi.iam_configuration.public_access_prevention.to_s == "unspecified"
+        end
+
         ##
         # Updates the bucket with changes made in the given block in a single
         # PATCH request. The following attributes may be set: {#cors},
@@ -905,6 +1043,12 @@ module Google
         # completely mutable and will be included in the request. (See
         # {Bucket::Cors})
         #
+        # @param [Integer] if_metageneration_match Makes the operation conditional
+        #   on whether the bucket's current metageneration matches the given value.
+        # @param [Integer] if_metageneration_not_match Makes the operation
+        #   conditional on whether the bucket's current metageneration does not
+        #   match the given value.
+        #
         # @yield [bucket] a block yielding a delegate object for updating the
         #   file
         #
@@ -936,14 +1080,27 @@ module Google
         #     end
         #   end
         #
-        def update
+        # @example With a `if_metageneration_match` precondition:
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-todo-app"
+        #   bucket.update if_metageneration_match: 6 do |b|
+        #     b.website_main = "index.html"
+        #   end
+        #
+        def update if_metageneration_match: nil, if_metageneration_not_match: nil
           updater = Updater.new @gapi
           yield updater
           # Add check for mutable cors
           updater.check_for_changed_labels!
           updater.check_for_mutable_cors!
           updater.check_for_mutable_lifecycle!
-          patch_gapi! updater.updates unless updater.updates.empty?
+          return if updater.updates.empty?
+          patch_gapi! updater.updates,
+                      if_metageneration_match: if_metageneration_match,
+                      if_metageneration_not_match: if_metageneration_not_match
         end
 
         ##
@@ -953,6 +1110,12 @@ module Google
         # The API call to delete the bucket may be retried under certain
         # conditions. See {Google::Cloud#storage} to control this behavior.
         #
+        # @param [Integer] if_metageneration_match Makes the operation conditional
+        #   on whether the bucket's current metageneration matches the given value.
+        # @param [Integer] if_metageneration_not_match Makes the operation
+        #   conditional on whether the bucket's current metageneration does not
+        #   match the given value.
+        #
         # @return [Boolean] Returns `true` if the bucket was deleted.
         #
         # @example
@@ -963,10 +1126,12 @@ module Google
         #   bucket = storage.bucket "my-bucket"
         #   bucket.delete
         #
-        def delete
+        def delete if_metageneration_match: nil, if_metageneration_not_match: nil
           ensure_service!
-          service.delete_bucket name, user_project: user_project
-          true
+          service.delete_bucket name,
+                                if_metageneration_match: if_metageneration_match,
+                                if_metageneration_not_match: if_metageneration_not_match,
+                                user_project: user_project
         end
 
         ##
@@ -1040,6 +1205,19 @@ module Google
         # @param [String] path Name (path) of the file.
         # @param [Integer] generation When present, selects a specific revision
         #   of this object. Default is the latest version.
+        # @param [Integer] if_generation_match Makes the operation conditional
+        #   on whether the file's current generation matches the given value.
+        #   Setting to 0 makes the operation succeed only if there are no live
+        #   versions of the file.
+        # @param [Integer] if_generation_not_match Makes the operation conditional
+        #   on whether the file's current generation does not match the given
+        #   value. If no live file exists, the precondition fails. Setting to 0
+        #   makes the operation succeed only if there is a live version of the file.
+        # @param [Integer] if_metageneration_match Makes the operation conditional
+        #   on whether the file's current metageneration matches the given value.
+        # @param [Integer] if_metageneration_not_match Makes the operation
+        #   conditional on whether the file's current metageneration does not
+        #   match the given value.
         # @param [Boolean] skip_lookup Optionally create a Bucket object
         #   without verifying the bucket resource exists on the Storage service.
         #   Calls made on this object will raise errors if the bucket resource
@@ -1061,7 +1239,14 @@ module Google
         #   file = bucket.file "path/to/my-file.ext"
         #   puts file.name
         #
-        def file path, generation: nil, skip_lookup: nil, encryption_key: nil
+        def file path,
+                 generation: nil,
+                 if_generation_match: nil,
+                 if_generation_not_match: nil,
+                 if_metageneration_match: nil,
+                 if_metageneration_not_match: nil,
+                 skip_lookup: nil,
+                 encryption_key: nil
           ensure_service!
           if skip_lookup
             return File.new_lazy name, path, service,
@@ -1069,6 +1254,10 @@ module Google
                                  user_project: user_project
           end
           gapi = service.get_file name, path, generation: generation,
+                                              if_generation_match: if_generation_match,
+                                              if_generation_not_match: if_generation_not_match,
+                                              if_metageneration_match: if_metageneration_match,
+                                              if_metageneration_not_match: if_metageneration_not_match,
                                               key: encryption_key,
                                               user_project: user_project
           File.from_gapi gapi, service, user_project: user_project
@@ -1179,6 +1368,19 @@ module Google
         #   the same location as the bucket.The Service Account associated with
         #   your project requires access to this encryption key. Do not provide
         #   if `encryption_key` is used.
+        # @param [Integer] if_generation_match Makes the operation conditional
+        #   on whether the file's current generation matches the given value.
+        #   Setting to 0 makes the operation succeed only if there are no live
+        #   versions of the file.
+        # @param [Integer] if_generation_not_match Makes the operation conditional
+        #   on whether the file's current generation does not match the given
+        #   value. If no live file exists, the precondition fails. Setting to 0
+        #   makes the operation succeed only if there is a live version of the file.
+        # @param [Integer] if_metageneration_match Makes the operation conditional
+        #   on whether the file's current metageneration matches the given value.
+        # @param [Integer] if_metageneration_not_match Makes the operation
+        #   conditional on whether the file's current metageneration does not
+        #   match the given value.
         #
         # @return [Google::Cloud::Storage::File]
         #
@@ -1262,12 +1464,27 @@ module Google
         #   file.download "path/to/downloaded/gzipped.txt",
         #                 skip_decompress: true
         #
-        def create_file file, path = nil, acl: nil, cache_control: nil,
-                        content_disposition: nil, content_encoding: nil,
-                        content_language: nil, content_type: nil, custom_time: nil,
-                        crc32c: nil, md5: nil, metadata: nil,
-                        storage_class: nil, encryption_key: nil, kms_key: nil,
-                        temporary_hold: nil, event_based_hold: nil
+        def create_file file,
+                        path = nil,
+                        acl: nil,
+                        cache_control: nil,
+                        content_disposition: nil,
+                        content_encoding: nil,
+                        content_language: nil,
+                        content_type: nil,
+                        custom_time: nil,
+                        crc32c: nil,
+                        md5: nil,
+                        metadata: nil,
+                        storage_class: nil,
+                        encryption_key: nil,
+                        kms_key: nil,
+                        temporary_hold: nil,
+                        event_based_hold: nil,
+                        if_generation_match: nil,
+                        if_generation_not_match: nil,
+                        if_metageneration_match: nil,
+                        if_metageneration_not_match: nil
           ensure_service!
           ensure_io_or_file_exists! file
           path ||= file.path if file.respond_to? :path
@@ -1275,22 +1492,29 @@ module Google
           raise ArgumentError, "must provide path" if path.nil?
 
 
-          gapi = service.insert_file name, file, path, acl: File::Acl.predefined_rule_for(acl),
-                                                       md5: md5,
-                                                       cache_control: cache_control,
-                                                       content_type: content_type,
-                                                       custom_time: custom_time,
-                                                       content_disposition: content_disposition,
-                                                       crc32c: crc32c,
-                                                       content_encoding: content_encoding,
-                                                       metadata: metadata,
-                                                       content_language: content_language,
-                                                       key: encryption_key,
-                                                       kms_key: kms_key,
-                                                       storage_class: storage_class_for(storage_class),
-                                                       temporary_hold: temporary_hold,
-                                                       event_based_hold: event_based_hold,
-                                                       user_project: user_project
+          gapi = service.insert_file name,
+                                     file,
+                                     path,
+                                     acl: File::Acl.predefined_rule_for(acl),
+                                     md5: md5,
+                                     cache_control: cache_control,
+                                     content_type: content_type,
+                                     custom_time: custom_time,
+                                     content_disposition: content_disposition,
+                                     crc32c: crc32c,
+                                     content_encoding: content_encoding,
+                                     metadata: metadata,
+                                     content_language: content_language,
+                                     key: encryption_key,
+                                     kms_key: kms_key,
+                                     storage_class: storage_class_for(storage_class),
+                                     temporary_hold: temporary_hold,
+                                     event_based_hold: event_based_hold,
+                                     if_generation_match: if_generation_match,
+                                     if_generation_not_match: if_generation_not_match,
+                                     if_metageneration_match: if_metageneration_match,
+                                     if_metageneration_not_match: if_metageneration_not_match,
+                                     user_project: user_project
           File.from_gapi gapi, service, user_project: user_project
         end
         alias upload_file create_file
@@ -1334,6 +1558,16 @@ module Google
         #   used. All source files must have been encrypted with the same key,
         #   and the resulting destination file will also be encrypted with the
         #   key.
+        # @param [Array<Integer>] if_source_generation_match Makes the operation
+        #   conditional on whether the source files' current generations match the
+        #   given values. The list must match `sources` item-to-item.
+        # @param [Integer] if_generation_match Makes the operation conditional
+        #   on whether the destination file's current generation matches the
+        #   given value. Setting to 0 makes the operation succeed only if there
+        #   are no live versions of the file.
+        # @param [Integer] if_metageneration_match Makes the operation conditional
+        #   on whether the destination file's current metageneration matches the
+        #   given value.
         #
         # @yield [file] A block yielding a delegate file object for setting the
         #   properties of the destination file.
@@ -1382,7 +1616,13 @@ module Google
         #
         #   new_file = bucket.compose [file_1, file_2], "path/to/new-file.ext"
         #
-        def compose sources, destination, acl: nil, encryption_key: nil
+        def compose sources,
+                    destination,
+                    acl: nil,
+                    encryption_key: nil,
+                    if_source_generation_match: nil,
+                    if_generation_match: nil,
+                    if_metageneration_match: nil
           ensure_service!
           sources = Array sources
           if sources.size < 2
@@ -1398,9 +1638,16 @@ module Google
           end
 
           acl_rule = File::Acl.predefined_rule_for acl
-          gapi = service.compose_file name, sources, destination, destination_gapi, acl: acl_rule,
-                                                                                    key: encryption_key,
-                                                                                    user_project: user_project
+          gapi = service.compose_file name,
+                                      sources,
+                                      destination,
+                                      destination_gapi,
+                                      acl: acl_rule,
+                                      key: encryption_key,
+                                      if_source_generation_match: if_source_generation_match,
+                                      if_generation_match: if_generation_match,
+                                      if_metageneration_match: if_metageneration_match,
+                                      user_project: user_project
           File.from_gapi gapi, service, user_project: user_project
         end
         alias compose_file compose
@@ -1545,11 +1792,11 @@ module Google
         #     scopes = ["https://www.googleapis.com/auth/iam"]
         #     iam_client.authorization = Google::Auth.get_application_default scopes
         #
-        #     request = {
-        #       "payload": string_to_sign,
-        #     }
+        #     request = Google::Apis::IamcredentialsV1::SignBlobRequest.new(
+        #       payload: string_to_sign
+        #     )
         #     resource = "projects/-/serviceAccounts/#{issuer}"
-        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response = iam_client.sign_service_account_blob resource, request
         #     response.signed_blob
         #   end
         #
@@ -1647,8 +1894,8 @@ module Google
         end
 
         ##
-        # Generate a PostObject that includes the fields and url to
-        # upload objects via html forms.
+        # Generate a PostObject that includes the fields and URL to
+        # upload objects via HTML forms.
         #
         # Generating a PostObject requires service account credentials,
         # either by connecting with a service account when calling
@@ -1694,7 +1941,7 @@ module Google
         #   Proc should return a signature created using a RPC call to the
         #   [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
         #   method as shown in the example below.
-        # @return [PostObject] An object containing the URL, fields, and values needed to upload files via html forms.
+        # @return [PostObject] An object containing the URL, fields, and values needed to upload files via HTML forms.
         #
         # @raise [SignedUrlUnavailable] If the service account credentials
         #   are missing. Service account credentials are acquired by following the
@@ -1778,11 +2025,11 @@ module Google
         #     scopes = ["https://www.googleapis.com/auth/iam"]
         #     iam_client.authorization = Google::Auth.get_application_default scopes
         #
-        #     request = {
-        #       "payload": string_to_sign,
-        #     }
+        #     request = Google::Apis::IamcredentialsV1::SignBlobRequest.new(
+        #       payload: string_to_sign
+        #     )
         #     resource = "projects/-/serviceAccounts/#{issuer}"
-        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response = iam_client.sign_service_account_blob resource, request
         #     response.signed_blob
         #   end
         #
@@ -1817,10 +2064,14 @@ module Google
         end
 
         ##
-        # Generate a PostObject that includes the fields and url to
-        # upload objects via html forms.
+        # Generate a `PostObject` that includes the fields and URL to
+        # upload objects via HTML forms. The resulting `PostObject` is
+        # based on a policy document created from the method arguments.
+        # This policy provides authorization to ensure that the HTML
+        # form can upload files into the bucket. See [Signatures -
+        # Policy document](https://cloud.google.com/storage/docs/authentication/signatures#policy-document).
         #
-        # Generating a PostObject requires service account credentials,
+        # Generating a `PostObject` requires service account credentials,
         # either by connecting with a service account when calling
         # {Google::Cloud.storage}, or by passing in the service account
         # `issuer` and `signing_key` values. Although the private key can
@@ -1833,6 +2084,8 @@ module Google
         # steps in [Service Account Authentication](
         # https://cloud.google.com/iam/docs/service-accounts).
         #
+        # @see https://cloud.google.com/storage/docs/authentication/signatures#policy-document Signatures -
+        #   Policy document
         # @see https://cloud.google.com/storage/docs/xml-api/post-object
         #
         # @param [String] path Path to the file in Google Cloud Storage.
@@ -1856,9 +2109,14 @@ module Google
         #   method as shown in the example below.
         # @param [Integer] expires The number of seconds until the URL expires.
         #   The default is 604800 (7 days).
-        # @param [Hash] fields User-supplied form fields such as `acl`,
+        # @param [Hash{String => String}] fields User-supplied form fields such as `acl`,
         #   `cache-control`, `success_action_status`, and `success_action_redirect`.
-        # @param [Array<Hash|Array>] conditions User-supplied policy conditions.
+        #   Optional. See [Upload an object with HTML forms - Form
+        #   fields](https://cloud.google.com/storage/docs/xml-api/post-object-forms#form_fields).
+        # @param [Array<Hash{String => String}|Array<String>>] conditions An array of
+        #   policy conditions that every upload must satisfy. For example:
+        #   `[["eq", "$Content-Type", "image/jpeg"]]`. Optional. See [Signatures - Policy
+        #   document](https://cloud.google.com/storage/docs/authentication/signatures#policy-document).
         # @param [String] scheme The URL scheme. The default value is `HTTPS`.
         # @param [Boolean] virtual_hosted_style Whether to use a virtual hosted-style
         #   hostname, which adds the bucket into the host portion of the URI rather
@@ -1871,12 +2129,12 @@ module Google
         #   Cloud Load Balancer which routes to a bucket you own, e.g.
         #   `my-load-balancer-domain.tld`.
         #
-        # @return [PostObject] An object containing the URL, fields, and values needed to upload files via html forms.
+        # @return [PostObject] An object containing the URL, fields, and values needed to
+        #   upload files via HTML forms.
         #
-        # @raise [SignedUrlUnavailable] If the service account credentials
-        #   are missing. Service account credentials are acquired by following the
-        #   steps in [Service Account Authentication](
-        #   https://cloud.google.com/iam/docs/service-accounts).
+        # @raise [SignedUrlUnavailable] If the service account credentials are missing.
+        #   Service account credentials are acquired by following the steps in [Service
+        #   Account Authentication](https://cloud.google.com/iam/docs/service-accounts).
         #
         # @example
         #   require "google/cloud/storage"
@@ -1886,8 +2144,9 @@ module Google
         #   bucket = storage.bucket "my-todo-app"
         #
         #   conditions = [["starts-with", "$acl","public"]]
-        #   post = bucket.generate_signed_post_policy_v4 "avatars/heidi/400x400.png", expires: 10,
-        #                                                                             conditions: conditions
+        #   post = bucket.generate_signed_post_policy_v4 "avatars/heidi/400x400.png",
+        #                                                expires:    10,
+        #                                                conditions: conditions
         #
         #   post.url #=> "https://storage.googleapis.com/my-todo-app/"
         #   post.fields["key"] #=> "my-todo-app/avatars/heidi/400x400.png"
@@ -1916,11 +2175,11 @@ module Google
         #     scopes = ["https://www.googleapis.com/auth/iam"]
         #     iam_client.authorization = Google::Auth.get_application_default scopes
         #
-        #     request = {
-        #       "payload": string_to_sign,
-        #     }
+        #     request = Google::Apis::IamcredentialsV1::SignBlobRequest.new(
+        #       payload: string_to_sign
+        #     )
         #     resource = "projects/-/serviceAccounts/#{issuer}"
-        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response = iam_client.sign_service_account_blob resource, request
         #     response.signed_blob
         #   end
         #
@@ -1928,10 +2187,11 @@ module Google
         #
         #   bucket = storage.bucket "my-todo-app"
         #   conditions = [["starts-with", "$acl","public"]]
-        #   post = bucket.generate_signed_post_policy_v4(
-        #     "avatars/heidi/400x400.png", expires: 10,
-        #     conditions: conditions, issuer: issuer, signer: signer
-        #   )
+        #   post = bucket.generate_signed_post_policy_v4 "avatars/heidi/400x400.png",
+        #                                                expires:    10,
+        #                                                conditions: conditions,
+        #                                                issuer:     issuer,
+        #                                                signer:     signer
         #
         #   post.url #=> "https://storage.googleapis.com/my-todo-app/"
         #   post.fields["key"] #=> "my-todo-app/avatars/heidi/400x400.png"
@@ -2533,7 +2793,10 @@ module Google
           reload!
         end
 
-        def patch_gapi! *attributes
+        def patch_gapi! attributes,
+                        if_metageneration_match: nil,
+                        if_metageneration_not_match: nil
+          attributes = Array(attributes)
           attributes.flatten!
           return if attributes.empty?
           ensure_service!
@@ -2541,7 +2804,10 @@ module Google
             [attr, @gapi.send(attr)]
           end]
           patch_gapi = API::Bucket.new(**patch_args)
-          @gapi = service.patch_bucket name, patch_gapi,
+          @gapi = service.patch_bucket name,
+                                       patch_gapi,
+                                       if_metageneration_match: if_metageneration_match,
+                                       if_metageneration_not_match: if_metageneration_not_match,
                                        user_project: user_project
           @lazy = nil
           self
@@ -2559,9 +2825,11 @@ module Google
         # Yielded to a block to accumulate changes for a patch request.
         class Updater < Bucket
           attr_reader :updates
+
           ##
           # Create an Updater object.
           def initialize gapi
+            super()
             @updates = []
             @gapi = gapi
             @labels = @gapi.labels.to_h.dup