google-identity-access_context_manager 1.1.1 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +72 -99
- data/README.md +1 -27
- data/lib/google/identity/access_context_manager/version.rb +1 -1
- data/lib/google/identity/access_context_manager.rb +11 -7
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5e8acbe68566c5532bfbfe6cdb4c1de1d28a19b64cc08028169b0aa8238dbb5
|
4
|
+
data.tar.gz: b946f07af058c6597532fdc88733448f1e81569cd649140c1ad60a81916914e7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 25295f5e47144e62561c97c49c10eb0c9950e4af693761c44fc8a0c165efc33c3d34f47edbaa45f0d5908e8c6a06aa67eddfce7a85bf414b234ec0cc5933ae35
|
7
|
+
data.tar.gz: 30b75cb6a4f78ed0950ed4932e788cfa5fb5c316f662873df0912f58ee103484f276e47069a22a801474dbc87cbbf916f88667015073ff47a04a0c75320097ae
|
data/AUTHENTICATION.md
CHANGED
@@ -1,149 +1,122 @@
|
|
1
1
|
# Authentication
|
2
2
|
|
3
|
-
|
4
|
-
[
|
5
|
-
|
6
|
-
[Google Cloud Platform environments](#google-cloud-platform-environments) the
|
7
|
-
credentials will be discovered automatically. When running on other
|
8
|
-
environments, the Service Account credentials can be specified by providing the
|
9
|
-
path to the
|
10
|
-
[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
|
11
|
-
for the account (or the JSON itself) in
|
12
|
-
[environment variables](#environment-variables). Additionally, Cloud SDK
|
13
|
-
credentials can also be discovered automatically, but this is only recommended
|
14
|
-
during development.
|
3
|
+
The recommended way to authenticate to the google-identity-access_context_manager library is to use
|
4
|
+
[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
|
5
|
+
To review all of your authentication options, see [Credentials lookup](#credential-lookup).
|
15
6
|
|
16
7
|
## Quickstart
|
17
8
|
|
18
|
-
|
19
|
-
|
9
|
+
The following example shows how to set up authentication for a local development
|
10
|
+
environment with your user credentials.
|
20
11
|
|
21
|
-
|
22
|
-
|
23
|
-
```
|
24
|
-
|
25
|
-
3. Initialize the client.
|
12
|
+
**NOTE:** This method is _not_ recommended for running in production. User credentials
|
13
|
+
should be used only during development.
|
26
14
|
|
27
|
-
|
28
|
-
|
15
|
+
1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
|
16
|
+
2. Set up a local ADC file with your user credentials:
|
29
17
|
|
30
|
-
|
18
|
+
```sh
|
19
|
+
gcloud auth application-default login
|
31
20
|
```
|
32
21
|
|
33
|
-
|
34
|
-
|
35
|
-
The google-identity-access_context_manager library aims to make authentication
|
36
|
-
as simple as possible, and provides several mechanisms to configure your system
|
37
|
-
without requiring **Service Account Credentials** directly in code.
|
38
|
-
|
39
|
-
**Credentials** are discovered in the following order:
|
40
|
-
|
41
|
-
1. Specify credentials in method arguments
|
42
|
-
2. Specify credentials in configuration
|
43
|
-
3. Discover credentials path in environment variables
|
44
|
-
4. Discover credentials JSON in environment variables
|
45
|
-
5. Discover credentials file in the Cloud SDK's path
|
46
|
-
6. Discover GCP credentials
|
47
|
-
|
48
|
-
### Google Cloud Platform environments
|
22
|
+
3. Write code as if already authenticated.
|
49
23
|
|
50
|
-
|
51
|
-
|
52
|
-
Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
|
53
|
-
Code should be written as if already authenticated.
|
24
|
+
For more information about setting up authentication for a local development environment, see
|
25
|
+
[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
|
54
26
|
|
55
|
-
|
27
|
+
## Credential Lookup
|
56
28
|
|
57
|
-
The
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
**Credentials JSON** file can be stored in the environment variable, or the
|
62
|
-
**Credentials JSON** itself can be stored for environments such as Docker
|
63
|
-
containers where writing files is difficult or not encouraged.
|
29
|
+
The google-identity-access_context_manager library provides several mechanisms to configure your system.
|
30
|
+
Generally, using Application Default Credentials to facilitate automatic
|
31
|
+
credentials discovery is the easist method. But if you need to explicitly specify
|
32
|
+
credentials, there are several methods available to you.
|
64
33
|
|
65
|
-
|
66
|
-
checks for credentials are configured on the service Credentials class (such as
|
67
|
-
`::Google::Identity::AccessContextManager::V1::AccessContextManager::Credentials`):
|
34
|
+
Credentials are accepted in the following ways, in the following order or precedence:
|
68
35
|
|
69
|
-
|
70
|
-
|
71
|
-
|
36
|
+
1. Credentials specified in method arguments
|
37
|
+
2. Credentials specified in configuration
|
38
|
+
3. Credentials pointed to or included in environment variables
|
39
|
+
4. Credentials found in local ADC file
|
40
|
+
5. Credentials returned by the metadata server for the attached service account (GCP)
|
72
41
|
|
73
|
-
|
74
|
-
require "google/identity/access_context_manager"
|
75
|
-
|
76
|
-
ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json"
|
42
|
+
### Configuration
|
77
43
|
|
78
|
-
client
|
79
|
-
|
44
|
+
You can configure a path to a JSON credentials file, either for an individual client object or
|
45
|
+
globally, for all client objects. The JSON file can contain credentials created for
|
46
|
+
[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
|
47
|
+
[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
|
48
|
+
[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
|
80
49
|
|
81
|
-
|
50
|
+
Note: Service account keys are a security risk if not managed correctly. You should
|
51
|
+
[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
|
52
|
+
whenever possible.
|
82
53
|
|
83
|
-
|
84
|
-
it in an environment variable. Either on an individual client initialization:
|
54
|
+
To configure a credentials file for an individual client initialization:
|
85
55
|
|
86
56
|
```ruby
|
87
57
|
require "google/identity/access_context_manager"
|
88
58
|
|
89
59
|
client = Google::Identity::AccessContextManager.access_context_manager do |config|
|
90
|
-
config.credentials = "path/to/
|
60
|
+
config.credentials = "path/to/credentialfile.json"
|
91
61
|
end
|
92
62
|
```
|
93
63
|
|
94
|
-
|
64
|
+
To configure a credentials file globally for all clients:
|
95
65
|
|
96
66
|
```ruby
|
97
67
|
require "google/identity/access_context_manager"
|
98
68
|
|
99
69
|
Google::Identity::AccessContextManager.configure do |config|
|
100
|
-
config.credentials = "path/to/
|
70
|
+
config.credentials = "path/to/credentialfile.json"
|
101
71
|
end
|
102
72
|
|
103
73
|
client = Google::Identity::AccessContextManager.access_context_manager
|
104
74
|
```
|
105
75
|
|
106
|
-
###
|
76
|
+
### Environment Variables
|
107
77
|
|
108
|
-
|
109
|
-
|
110
|
-
|
78
|
+
You can also use an environment variable to provide a JSON credentials file.
|
79
|
+
The environment variable can contain a path to the credentials file or, for
|
80
|
+
environments such as Docker containers where writing files is not encouraged,
|
81
|
+
you can include the credentials file itself.
|
111
82
|
|
112
|
-
|
83
|
+
The JSON file can contain credentials created for
|
84
|
+
[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
|
85
|
+
[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
|
86
|
+
[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
|
113
87
|
|
114
|
-
|
115
|
-
|
116
|
-
|
88
|
+
Note: Service account keys are a security risk if not managed correctly. You should
|
89
|
+
[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
|
90
|
+
whenever possible.
|
91
|
+
|
92
|
+
The environment variables that google-identity-access_context_manager
|
93
|
+
checks for credentials are:
|
117
94
|
|
118
|
-
|
119
|
-
*
|
95
|
+
* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
|
96
|
+
* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
|
120
97
|
|
121
|
-
|
98
|
+
```ruby
|
99
|
+
require "google/identity/access_context_manager"
|
122
100
|
|
123
|
-
|
124
|
-
connect to the APIs. You will use the **JSON key file** to
|
125
|
-
connect to most services with google-identity-access_context_manager.
|
101
|
+
ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
|
126
102
|
|
127
|
-
|
128
|
-
|
129
|
-
need a Google Developers service account.
|
103
|
+
client = Google::Identity::AccessContextManager.access_context_manager
|
104
|
+
```
|
130
105
|
|
131
|
-
|
132
|
-
2. Create a new project or click on an existing project.
|
133
|
-
3. Activate the menu in the upper left and select **APIs & Services**. From
|
134
|
-
here, you will enable the APIs that your application requires.
|
106
|
+
### Local ADC file
|
135
107
|
|
136
|
-
|
108
|
+
You can set up a local ADC file with your user credentials for authentication during
|
109
|
+
development. If credentials are not provided in code or in environment variables,
|
110
|
+
then the local ADC credentials are discovered.
|
137
111
|
|
138
|
-
|
112
|
+
Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
|
139
113
|
|
140
|
-
|
141
|
-
"Service account" to be guided through downloading a new JSON key file.
|
114
|
+
### Google Cloud Platform environments
|
142
115
|
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
116
|
+
When running on Google Cloud Platform (GCP), including Google Compute Engine
|
117
|
+
(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
|
118
|
+
Functions (GCF) and Cloud Run, credentials are retrieved from the attached
|
119
|
+
service account automatically. Code should be written as if already authenticated.
|
147
120
|
|
148
|
-
|
149
|
-
|
121
|
+
For more information, see
|
122
|
+
[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
|
data/README.md
CHANGED
@@ -16,7 +16,7 @@ for this library, google-identity-access_context_manager, to see the convenience
|
|
16
16
|
constructing client objects. Reference documentation for the client objects
|
17
17
|
themselves can be found in the client library documentation for the versioned
|
18
18
|
client gems:
|
19
|
-
[google-identity-access_context_manager-v1](https://
|
19
|
+
[google-identity-access_context_manager-v1](https://cloud.google.com/ruby/docs/reference/google-identity-access_context_manager-v1/latest).
|
20
20
|
|
21
21
|
See also the [Product Documentation](https://cloud.google.com/access-context-manager/)
|
22
22
|
for more usage information.
|
@@ -34,32 +34,6 @@ In order to use this library, you first need to go through the following steps:
|
|
34
34
|
1. [Enable the API.](https://console.cloud.google.com/apis/library/accesscontextmanager.googleapis.com)
|
35
35
|
1. {file:AUTHENTICATION.md Set up authentication.}
|
36
36
|
|
37
|
-
## Enabling Logging
|
38
|
-
|
39
|
-
To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
|
40
|
-
The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib/libdoc/logger/rdoc/Logger.html) as shown below,
|
41
|
-
or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
|
42
|
-
that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
|
43
|
-
and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
|
44
|
-
|
45
|
-
Configuring a Ruby stdlib logger:
|
46
|
-
|
47
|
-
```ruby
|
48
|
-
require "logger"
|
49
|
-
|
50
|
-
module MyLogger
|
51
|
-
LOGGER = Logger.new $stderr, level: Logger::WARN
|
52
|
-
def logger
|
53
|
-
LOGGER
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
# Define a gRPC module-level logger method before grpc/logconfig.rb loads.
|
58
|
-
module GRPC
|
59
|
-
extend MyLogger
|
60
|
-
end
|
61
|
-
```
|
62
|
-
|
63
37
|
## Supported Ruby Versions
|
64
38
|
|
65
39
|
This library is supported on Ruby 2.6+.
|
@@ -31,12 +31,14 @@ module Google
|
|
31
31
|
# Create a new client object for AccessContextManager.
|
32
32
|
#
|
33
33
|
# By default, this returns an instance of
|
34
|
-
# [Google::Identity::AccessContextManager::V1::AccessContextManager::Client](https://
|
35
|
-
# for version V1 of the API.
|
36
|
-
# However, you can specify
|
34
|
+
# [Google::Identity::AccessContextManager::V1::AccessContextManager::Client](https://cloud.google.com/ruby/docs/reference/google-identity-access_context_manager-v1/latest/Google-Identity-AccessContextManager-V1-AccessContextManager-Client)
|
35
|
+
# for a gRPC client for version V1 of the API.
|
36
|
+
# However, you can specify a different API version by passing it in the
|
37
37
|
# `version` parameter. If the AccessContextManager service is
|
38
38
|
# supported by that API version, and the corresponding gem is available, the
|
39
39
|
# appropriate versioned client will be returned.
|
40
|
+
# You can also specify a different transport by passing `:rest` or `:grpc` in
|
41
|
+
# the `transport` parameter.
|
40
42
|
#
|
41
43
|
# ## About AccessContextManager
|
42
44
|
#
|
@@ -54,17 +56,19 @@ module Google
|
|
54
56
|
#
|
55
57
|
# @param version [::String, ::Symbol] The API version to connect to. Optional.
|
56
58
|
# Defaults to `:v1`.
|
57
|
-
# @
|
59
|
+
# @param transport [:grpc, :rest] The transport to use. Defaults to `:grpc`.
|
60
|
+
# @return [::Object] A client object for the specified version.
|
58
61
|
#
|
59
|
-
def self.access_context_manager version: :v1, &block
|
62
|
+
def self.access_context_manager version: :v1, transport: :grpc, &block
|
60
63
|
require "google/identity/access_context_manager/#{version.to_s.downcase}"
|
61
64
|
|
62
65
|
package_name = Google::Identity::AccessContextManager
|
63
66
|
.constants
|
64
67
|
.select { |sym| sym.to_s.downcase == version.to_s.downcase.tr("_", "") }
|
65
68
|
.first
|
66
|
-
|
67
|
-
|
69
|
+
service_module = Google::Identity::AccessContextManager.const_get(package_name).const_get(:AccessContextManager)
|
70
|
+
service_module = service_module.const_get(:Rest) if transport == :rest
|
71
|
+
service_module.const_get(:Client).new(&block)
|
68
72
|
end
|
69
73
|
end
|
70
74
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-identity-access_context_manager
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-cloud-core
|
@@ -30,7 +30,7 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '0.
|
33
|
+
version: '0.7'
|
34
34
|
- - "<"
|
35
35
|
- !ruby/object:Gem::Version
|
36
36
|
version: 2.a
|
@@ -40,7 +40,7 @@ dependencies:
|
|
40
40
|
requirements:
|
41
41
|
- - ">="
|
42
42
|
- !ruby/object:Gem::Version
|
43
|
-
version: '0.
|
43
|
+
version: '0.7'
|
44
44
|
- - "<"
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: 2.a
|
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
189
189
|
- !ruby/object:Gem::Version
|
190
190
|
version: '0'
|
191
191
|
requirements: []
|
192
|
-
rubygems_version: 3.3
|
192
|
+
rubygems_version: 3.5.3
|
193
193
|
signing_key:
|
194
194
|
specification_version: 4
|
195
195
|
summary: API Client library for the Access Context Manager API
|