grpc-google-iam-v1 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6c9f0026845f652027d464b297d7b4c2d71d55f6a07ec497678b44ff3cb94d2e
-  data.tar.gz: 927caa301f41ebd95354aeb370d76167e913dfedd60c59e1ddbd1ce7b855cbd5
+  metadata.gz: 87ad1a78620e139620a16f087d33f200eb0437e35c181952e11eb2117b757820
+  data.tar.gz: 8ef90db72bea9e35d8227cfc06f6c13b4ce5d5df0e81964345c4e0ec14ed4dae
 SHA512:
-  metadata.gz: deb1ef1be3472791144d2fddebdd97c45fbce35eba36c7d104f820c873eda556d09dd94f85f80da79439b85fbc4750162277e2aba904b45bd473bc79e98ab030
-  data.tar.gz: 2a1f9d80441a57fb78926ded8b5b9bf72b9423fb8834a4f952c17314c226de0fa3dd0b35a35a23801759d7f30359ec2096056470d865688382400419015228cb
+  metadata.gz: b504ebbd5c0a0c0026c98565884ca9f1312b99584a3cd2345a8d2ee2a3f8ddf42eab370b3c61ed25817749e719963c284355f14503916a687f3421c31c7f572e
+  data.tar.gz: 0de9dbea6ecc0cda65de5bd1d3b3eb848e73fabe539187e493488398d0435fd8db46a2ec30dcc6902d7fd77fea29934240312ad2ca8fb194072b5ed756755464

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Release History
 
+### 1.3.0 (2023-08-07)
+
+#### Features
+
+* Updated generated protobuf output to use binary descriptors for better future compatibility ([#172](https://github.com/googleapis/common-protos-ruby/issues/172)) 
+
 ### 1.2.0 (2022-08-17)
 
 #### Features

data/lib/google/iam/v1/iam_policy_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/iam/v1/iam_policy.proto
 
@@ -11,25 +12,34 @@ require 'google/iam/v1/options_pb'
 require 'google/iam/v1/policy_pb'
 require 'google/protobuf/field_mask_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("google/iam/v1/iam_policy.proto", :syntax => :proto3) do
-    add_message "google.iam.v1.SetIamPolicyRequest" do
-      optional :resource, :string, 1
-      optional :policy, :message, 2, "google.iam.v1.Policy"
-      optional :update_mask, :message, 3, "google.protobuf.FieldMask"
-    end
-    add_message "google.iam.v1.GetIamPolicyRequest" do
-      optional :resource, :string, 1
-      optional :options, :message, 2, "google.iam.v1.GetPolicyOptions"
-    end
-    add_message "google.iam.v1.TestIamPermissionsRequest" do
-      optional :resource, :string, 1
-      repeated :permissions, :string, 2
-    end
-    add_message "google.iam.v1.TestIamPermissionsResponse" do
-      repeated :permissions, :string, 1
+
+descriptor_data = "\n\x1egoogle/iam/v1/iam_policy.proto\x12\rgoogle.iam.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1bgoogle/iam/v1/options.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a google/protobuf/field_mask.proto\"\x8f\x01\n\x13SetIamPolicyRequest\x12\x1b\n\x08resource\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12*\n\x06policy\x18\x02 \x01(\x0b\x32\x15.google.iam.v1.PolicyB\x03\xe0\x41\x02\x12/\n\x0bupdate_mask\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"d\n\x13GetIamPolicyRequest\x12\x1b\n\x08resource\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x30\n\x07options\x18\x02 \x01(\x0b\x32\x1f.google.iam.v1.GetPolicyOptions\"R\n\x19TestIamPermissionsRequest\x12\x1b\n\x08resource\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x18\n\x0bpermissions\x18\x02 \x03(\tB\x03\xe0\x41\x02\"1\n\x1aTestIamPermissionsResponse\x12\x13\n\x0bpermissions\x18\x01 \x03(\t2\xb4\x03\n\tIAMPolicy\x12t\n\x0cSetIamPolicy\x12\".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/{resource=**}:setIamPolicy:\x01*\x12t\n\x0cGetIamPolicy\x12\".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\")\x82\xd3\xe4\x93\x02#\"\x1e/v1/{resource=**}:getIamPolicy:\x01*\x12\x9a\x01\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse\"/\x82\xd3\xe4\x93\x02)\"$/v1/{resource=**}:testIamPermissions:\x01*\x1a\x1e\xca\x41\x1biam-meta-api.googleapis.comB\x7f\n\x11\x63om.google.iam.v1B\x0eIamPolicyProtoP\x01Z)cloud.google.com/go/iam/apiv1/iampb;iampb\xf8\x01\x01\xaa\x02\x13Google.Cloud.Iam.V1\xca\x02\x13Google\\Cloud\\Iam\\V1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.iam.v1.Policy", "google/iam/v1/policy.proto"],
+    ["google.protobuf.FieldMask", "google/protobuf/field_mask.proto"],
+    ["google.iam.v1.GetPolicyOptions", "google/iam/v1/options.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Google
@@ -42,3 +52,161 @@ module Google
     end
   end
 end
+
+#### Source proto file: google/iam/v1/iam_policy.proto ####
+#
+# // Copyright 2022 Google LLC
+# //
+# // Licensed under the Apache License, Version 2.0 (the "License");
+# // you may not use this file except in compliance with the License.
+# // You may obtain a copy of the License at
+# //
+# //     http://www.apache.org/licenses/LICENSE-2.0
+# //
+# // Unless required by applicable law or agreed to in writing, software
+# // distributed under the License is distributed on an "AS IS" BASIS,
+# // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# // See the License for the specific language governing permissions and
+# // limitations under the License.
+#
+# syntax = "proto3";
+#
+# package google.iam.v1;
+#
+# import "google/api/annotations.proto";
+# import "google/api/client.proto";
+# import "google/api/field_behavior.proto";
+# import "google/api/resource.proto";
+# import "google/iam/v1/options.proto";
+# import "google/iam/v1/policy.proto";
+# import "google/protobuf/field_mask.proto";
+#
+# option cc_enable_arenas = true;
+# option csharp_namespace = "Google.Cloud.Iam.V1";
+# option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb";
+# option java_multiple_files = true;
+# option java_outer_classname = "IamPolicyProto";
+# option java_package = "com.google.iam.v1";
+# option php_namespace = "Google\\Cloud\\Iam\\V1";
+#
+# // API Overview
+# //
+# //
+# // Manages Identity and Access Management (IAM) policies.
+# //
+# // Any implementation of an API that offers access control features
+# // implements the google.iam.v1.IAMPolicy interface.
+# //
+# // ## Data model
+# //
+# // Access control is applied when a principal (user or service account), takes
+# // some action on a resource exposed by a service. Resources, identified by
+# // URI-like names, are the unit of access control specification. Service
+# // implementations can choose the granularity of access control and the
+# // supported permissions for their resources.
+# // For example one database service may allow access control to be
+# // specified only at the Table level, whereas another might allow access control
+# // to also be specified at the Column level.
+# //
+# // ## Policy Structure
+# //
+# // See google.iam.v1.Policy
+# //
+# // This is intentionally not a CRUD style API because access control policies
+# // are created and deleted implicitly with the resources to which they are
+# // attached.
+# service IAMPolicy {
+#   option (google.api.default_host) = "iam-meta-api.googleapis.com";
+#
+#   // Sets the access control policy on the specified resource. Replaces any
+#   // existing policy.
+#   //
+#   // Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
+#   rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) {
+#     option (google.api.http) = {
+#       post: "/v1/{resource=**}:setIamPolicy"
+#       body: "*"
+#     };
+#   }
+#
+#   // Gets the access control policy for a resource.
+#   // Returns an empty policy if the resource exists and does not have a policy
+#   // set.
+#   rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) {
+#     option (google.api.http) = {
+#       post: "/v1/{resource=**}:getIamPolicy"
+#       body: "*"
+#     };
+#   }
+#
+#   // Returns permissions that a caller has on the specified resource.
+#   // If the resource does not exist, this will return an empty set of
+#   // permissions, not a `NOT_FOUND` error.
+#   //
+#   // Note: This operation is designed to be used for building permission-aware
+#   // UIs and command-line tools, not for authorization checking. This operation
+#   // may "fail open" without warning.
+#   rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) {
+#     option (google.api.http) = {
+#       post: "/v1/{resource=**}:testIamPermissions"
+#       body: "*"
+#     };
+#   }
+# }
+#
+# // Request message for `SetIamPolicy` method.
+# message SetIamPolicyRequest {
+#   // REQUIRED: The resource for which the policy is being specified.
+#   // See the operation documentation for the appropriate value for this field.
+#   string resource = 1 [
+#     (google.api.field_behavior) = REQUIRED,
+#     (google.api.resource_reference).type = "*"];
+#
+#   // REQUIRED: The complete policy to be applied to the `resource`. The size of
+#   // the policy is limited to a few 10s of KB. An empty policy is a
+#   // valid policy but certain Cloud Platform services (such as Projects)
+#   // might reject them.
+#   Policy policy = 2 [(google.api.field_behavior) = REQUIRED];
+#
+#   // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+#   // the fields in the mask will be modified. If no mask is provided, the
+#   // following default mask is used:
+#   //
+#   // `paths: "bindings, etag"`
+#   google.protobuf.FieldMask update_mask = 3;
+# }
+#
+# // Request message for `GetIamPolicy` method.
+# message GetIamPolicyRequest {
+#   // REQUIRED: The resource for which the policy is being requested.
+#   // See the operation documentation for the appropriate value for this field.
+#   string resource = 1 [
+#     (google.api.field_behavior) = REQUIRED,
+#     (google.api.resource_reference).type = "*"];
+#
+#   // OPTIONAL: A `GetPolicyOptions` object for specifying options to
+#   // `GetIamPolicy`.
+#   GetPolicyOptions options = 2;
+# }
+#
+# // Request message for `TestIamPermissions` method.
+# message TestIamPermissionsRequest {
+#   // REQUIRED: The resource for which the policy detail is being requested.
+#   // See the operation documentation for the appropriate value for this field.
+#   string resource = 1[
+#     (google.api.field_behavior) = REQUIRED,
+#     (google.api.resource_reference).type = "*"];
+#
+#   // The set of permissions to check for the `resource`. Permissions with
+#   // wildcards (such as '*' or 'storage.*') are not allowed. For more
+#   // information see
+#   // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+#   repeated string permissions = 2 [(google.api.field_behavior) = REQUIRED];
+# }
+#
+# // Response message for `TestIamPermissions` method.
+# message TestIamPermissionsResponse {
+#   // A subset of `TestPermissionsRequest.permissions` that the caller is
+#   // allowed.
+#   repeated string permissions = 1;
+# }

data/lib/google/iam/v1/options_pb.rb

@@ -1,14 +1,34 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/iam/v1/options.proto
 
 require 'google/protobuf'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("google/iam/v1/options.proto", :syntax => :proto3) do
-    add_message "google.iam.v1.GetPolicyOptions" do
-      optional :requested_policy_version, :int32, 1
+
+descriptor_data = "\n\x1bgoogle/iam/v1/options.proto\x12\rgoogle.iam.v1\"4\n\x10GetPolicyOptions\x12 \n\x18requested_policy_version\x18\x01 \x01(\x05\x42}\n\x11\x63om.google.iam.v1B\x0cOptionsProtoP\x01Z)cloud.google.com/go/iam/apiv1/iampb;iampb\xf8\x01\x01\xaa\x02\x13Google.Cloud.Iam.V1\xca\x02\x13Google\\Cloud\\Iam\\V1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Google
@@ -18,3 +38,54 @@ module Google
     end
   end
 end
+
+#### Source proto file: google/iam/v1/options.proto ####
+#
+# // Copyright 2022 Google LLC
+# //
+# // Licensed under the Apache License, Version 2.0 (the "License");
+# // you may not use this file except in compliance with the License.
+# // You may obtain a copy of the License at
+# //
+# //     http://www.apache.org/licenses/LICENSE-2.0
+# //
+# // Unless required by applicable law or agreed to in writing, software
+# // distributed under the License is distributed on an "AS IS" BASIS,
+# // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# // See the License for the specific language governing permissions and
+# // limitations under the License.
+#
+# syntax = "proto3";
+#
+# package google.iam.v1;
+#
+# option cc_enable_arenas = true;
+# option csharp_namespace = "Google.Cloud.Iam.V1";
+# option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb";
+# option java_multiple_files = true;
+# option java_outer_classname = "OptionsProto";
+# option java_package = "com.google.iam.v1";
+# option php_namespace = "Google\\Cloud\\Iam\\V1";
+#
+# // Encapsulates settings provided to GetIamPolicy.
+# message GetPolicyOptions {
+#   // Optional. The maximum policy version that will be used to format the
+#   // policy.
+#   //
+#   // Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+#   // rejected.
+#   //
+#   // Requests for policies with any conditional role bindings must specify
+#   // version 3. Policies with no conditional role bindings may specify any valid
+#   // value or leave the field unset.
+#   //
+#   // The policy in the response might use the policy version that you specified,
+#   // or it might use a lower policy version. For example, if you specify version
+#   // 3, but the policy has no conditional role bindings, the response uses
+#   // version 1.
+#   //
+#   // To learn which resources support conditions in their IAM policies, see the
+#   // [IAM
+#   // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+#   int32 requested_policy_version = 1;
+# }

data/lib/google/iam/v1/policy_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/iam/v1/policy.proto
 
@@ -5,60 +6,32 @@ require 'google/protobuf'
 
 require 'google/type/expr_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("google/iam/v1/policy.proto", :syntax => :proto3) do
-    add_message "google.iam.v1.Policy" do
-      optional :version, :int32, 1
-      repeated :bindings, :message, 4, "google.iam.v1.Binding"
-      repeated :audit_configs, :message, 6, "google.iam.v1.AuditConfig"
-      optional :etag, :bytes, 3
-    end
-    add_message "google.iam.v1.Binding" do
-      optional :role, :string, 1
-      repeated :members, :string, 2
-      optional :condition, :message, 3, "google.type.Expr"
-    end
-    add_message "google.iam.v1.AuditConfig" do
-      optional :service, :string, 1
-      repeated :audit_log_configs, :message, 3, "google.iam.v1.AuditLogConfig"
-    end
-    add_message "google.iam.v1.AuditLogConfig" do
-      optional :log_type, :enum, 1, "google.iam.v1.AuditLogConfig.LogType"
-      repeated :exempted_members, :string, 2
-    end
-    add_enum "google.iam.v1.AuditLogConfig.LogType" do
-      value :LOG_TYPE_UNSPECIFIED, 0
-      value :ADMIN_READ, 1
-      value :DATA_WRITE, 2
-      value :DATA_READ, 3
-    end
-    add_message "google.iam.v1.PolicyDelta" do
-      repeated :binding_deltas, :message, 1, "google.iam.v1.BindingDelta"
-      repeated :audit_config_deltas, :message, 2, "google.iam.v1.AuditConfigDelta"
-    end
-    add_message "google.iam.v1.BindingDelta" do
-      optional :action, :enum, 1, "google.iam.v1.BindingDelta.Action"
-      optional :role, :string, 2
-      optional :member, :string, 3
-      optional :condition, :message, 4, "google.type.Expr"
-    end
-    add_enum "google.iam.v1.BindingDelta.Action" do
-      value :ACTION_UNSPECIFIED, 0
-      value :ADD, 1
-      value :REMOVE, 2
-    end
-    add_message "google.iam.v1.AuditConfigDelta" do
-      optional :action, :enum, 1, "google.iam.v1.AuditConfigDelta.Action"
-      optional :service, :string, 2
-      optional :exempted_member, :string, 3
-      optional :log_type, :string, 4
-    end
-    add_enum "google.iam.v1.AuditConfigDelta.Action" do
-      value :ACTION_UNSPECIFIED, 0
-      value :ADD, 1
-      value :REMOVE, 2
+
+descriptor_data = "\n\x1agoogle/iam/v1/policy.proto\x12\rgoogle.iam.v1\x1a\x16google/type/expr.proto\"\x84\x01\n\x06Policy\x12\x0f\n\x07version\x18\x01 \x01(\x05\x12(\n\x08\x62indings\x18\x04 \x03(\x0b\x32\x16.google.iam.v1.Binding\x12\x31\n\raudit_configs\x18\x06 \x03(\x0b\x32\x1a.google.iam.v1.AuditConfig\x12\x0c\n\x04\x65tag\x18\x03 \x01(\x0c\"N\n\x07\x42inding\x12\x0c\n\x04role\x18\x01 \x01(\t\x12\x0f\n\x07members\x18\x02 \x03(\t\x12$\n\tcondition\x18\x03 \x01(\x0b\x32\x11.google.type.Expr\"X\n\x0b\x41uditConfig\x12\x0f\n\x07service\x18\x01 \x01(\t\x12\x38\n\x11\x61udit_log_configs\x18\x03 \x03(\x0b\x32\x1d.google.iam.v1.AuditLogConfig\"\xb7\x01\n\x0e\x41uditLogConfig\x12\x37\n\x08log_type\x18\x01 \x01(\x0e\x32%.google.iam.v1.AuditLogConfig.LogType\x12\x18\n\x10\x65xempted_members\x18\x02 \x03(\t\"R\n\x07LogType\x12\x18\n\x14LOG_TYPE_UNSPECIFIED\x10\x00\x12\x0e\n\nADMIN_READ\x10\x01\x12\x0e\n\nDATA_WRITE\x10\x02\x12\r\n\tDATA_READ\x10\x03\"\x80\x01\n\x0bPolicyDelta\x12\x33\n\x0e\x62inding_deltas\x18\x01 \x03(\x0b\x32\x1b.google.iam.v1.BindingDelta\x12<\n\x13\x61udit_config_deltas\x18\x02 \x03(\x0b\x32\x1f.google.iam.v1.AuditConfigDelta\"\xbd\x01\n\x0c\x42indingDelta\x12\x32\n\x06\x61\x63tion\x18\x01 \x01(\x0e\x32\".google.iam.v1.BindingDelta.Action\x12\x0c\n\x04role\x18\x02 \x01(\t\x12\x0e\n\x06member\x18\x03 \x01(\t\x12$\n\tcondition\x18\x04 \x01(\x0b\x32\x11.google.type.Expr\"5\n\x06\x41\x63tion\x12\x16\n\x12\x41\x43TION_UNSPECIFIED\x10\x00\x12\x07\n\x03\x41\x44\x44\x10\x01\x12\n\n\x06REMOVE\x10\x02\"\xbd\x01\n\x10\x41uditConfigDelta\x12\x36\n\x06\x61\x63tion\x18\x01 \x01(\x0e\x32&.google.iam.v1.AuditConfigDelta.Action\x12\x0f\n\x07service\x18\x02 \x01(\t\x12\x17\n\x0f\x65xempted_member\x18\x03 \x01(\t\x12\x10\n\x08log_type\x18\x04 \x01(\t\"5\n\x06\x41\x63tion\x12\x16\n\x12\x41\x43TION_UNSPECIFIED\x10\x00\x12\x07\n\x03\x41\x44\x44\x10\x01\x12\n\n\x06REMOVE\x10\x02\x42|\n\x11\x63om.google.iam.v1B\x0bPolicyProtoP\x01Z)cloud.google.com/go/iam/apiv1/iampb;iampb\xf8\x01\x01\xaa\x02\x13Google.Cloud.Iam.V1\xca\x02\x13Google\\Cloud\\Iam\\V1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.type.Expr", "google/type/expr.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Google
@@ -77,3 +50,416 @@ module Google
     end
   end
 end
+
+#### Source proto file: google/iam/v1/policy.proto ####
+#
+# // Copyright 2023 Google LLC
+# //
+# // Licensed under the Apache License, Version 2.0 (the "License");
+# // you may not use this file except in compliance with the License.
+# // You may obtain a copy of the License at
+# //
+# //     http://www.apache.org/licenses/LICENSE-2.0
+# //
+# // Unless required by applicable law or agreed to in writing, software
+# // distributed under the License is distributed on an "AS IS" BASIS,
+# // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# // See the License for the specific language governing permissions and
+# // limitations under the License.
+#
+# syntax = "proto3";
+#
+# package google.iam.v1;
+#
+# import "google/type/expr.proto";
+#
+# option cc_enable_arenas = true;
+# option csharp_namespace = "Google.Cloud.Iam.V1";
+# option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb";
+# option java_multiple_files = true;
+# option java_outer_classname = "PolicyProto";
+# option java_package = "com.google.iam.v1";
+# option php_namespace = "Google\\Cloud\\Iam\\V1";
+#
+# // An Identity and Access Management (IAM) policy, which specifies access
+# // controls for Google Cloud resources.
+# //
+# //
+# // A `Policy` is a collection of `bindings`. A `binding` binds one or more
+# // `members`, or principals, to a single `role`. Principals can be user
+# // accounts, service accounts, Google groups, and domains (such as G Suite). A
+# // `role` is a named list of permissions; each `role` can be an IAM predefined
+# // role or a user-created custom role.
+# //
+# // For some types of Google Cloud resources, a `binding` can also specify a
+# // `condition`, which is a logical expression that allows access to a resource
+# // only if the expression evaluates to `true`. A condition can add constraints
+# // based on attributes of the request, the resource, or both. To learn which
+# // resources support conditions in their IAM policies, see the
+# // [IAM
+# // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+# //
+# // **JSON example:**
+# //
+# // ```
+# //     {
+# //       "bindings": [
+# //         {
+# //           "role": "roles/resourcemanager.organizationAdmin",
+# //           "members": [
+# //             "user:mike@example.com",
+# //             "group:admins@example.com",
+# //             "domain:google.com",
+# //             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+# //           ]
+# //         },
+# //         {
+# //           "role": "roles/resourcemanager.organizationViewer",
+# //           "members": [
+# //             "user:eve@example.com"
+# //           ],
+# //           "condition": {
+# //             "title": "expirable access",
+# //             "description": "Does not grant access after Sep 2020",
+# //             "expression": "request.time <
+# //             timestamp('2020-10-01T00:00:00.000Z')",
+# //           }
+# //         }
+# //       ],
+# //       "etag": "BwWWja0YfJA=",
+# //       "version": 3
+# //     }
+# // ```
+# //
+# // **YAML example:**
+# //
+# // ```
+# //     bindings:
+# //     - members:
+# //       - user:mike@example.com
+# //       - group:admins@example.com
+# //       - domain:google.com
+# //       - serviceAccount:my-project-id@appspot.gserviceaccount.com
+# //       role: roles/resourcemanager.organizationAdmin
+# //     - members:
+# //       - user:eve@example.com
+# //       role: roles/resourcemanager.organizationViewer
+# //       condition:
+# //         title: expirable access
+# //         description: Does not grant access after Sep 2020
+# //         expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+# //     etag: BwWWja0YfJA=
+# //     version: 3
+# // ```
+# //
+# // For a description of IAM and its features, see the
+# // [IAM documentation](https://cloud.google.com/iam/docs/).
+# message Policy {
+#   // Specifies the format of the policy.
+#   //
+#   // Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+#   // are rejected.
+#   //
+#   // Any operation that affects conditional role bindings must specify version
+#   // `3`. This requirement applies to the following operations:
+#   //
+#   // * Getting a policy that includes a conditional role binding
+#   // * Adding a conditional role binding to a policy
+#   // * Changing a conditional role binding in a policy
+#   // * Removing any role binding, with or without a condition, from a policy
+#   //   that includes conditions
+#   //
+#   // **Important:** If you use IAM Conditions, you must include the `etag` field
+#   // whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+#   // you to overwrite a version `3` policy with a version `1` policy, and all of
+#   // the conditions in the version `3` policy are lost.
+#   //
+#   // If a policy does not include any conditions, operations on that policy may
+#   // specify any valid version or leave the field unset.
+#   //
+#   // To learn which resources support conditions in their IAM policies, see the
+#   // [IAM
+#   // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+#   int32 version = 1;
+#
+#   // Associates a list of `members`, or principals, with a `role`. Optionally,
+#   // may specify a `condition` that determines how and when the `bindings` are
+#   // applied. Each of the `bindings` must contain at least one principal.
+#   //
+#   // The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
+#   // of these principals can be Google groups. Each occurrence of a principal
+#   // counts towards these limits. For example, if the `bindings` grant 50
+#   // different roles to `user:alice@example.com`, and not to any other
+#   // principal, then you can add another 1,450 principals to the `bindings` in
+#   // the `Policy`.
+#   repeated Binding bindings = 4;
+#
+#   // Specifies cloud audit logging configuration for this policy.
+#   repeated AuditConfig audit_configs = 6;
+#
+#   // `etag` is used for optimistic concurrency control as a way to help
+#   // prevent simultaneous updates of a policy from overwriting each other.
+#   // It is strongly suggested that systems make use of the `etag` in the
+#   // read-modify-write cycle to perform policy updates in order to avoid race
+#   // conditions: An `etag` is returned in the response to `getIamPolicy`, and
+#   // systems are expected to put that etag in the request to `setIamPolicy` to
+#   // ensure that their change will be applied to the same version of the policy.
+#   //
+#   // **Important:** If you use IAM Conditions, you must include the `etag` field
+#   // whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+#   // you to overwrite a version `3` policy with a version `1` policy, and all of
+#   // the conditions in the version `3` policy are lost.
+#   bytes etag = 3;
+# }
+#
+# // Associates `members`, or principals, with a `role`.
+# message Binding {
+#   // Role that is assigned to the list of `members`, or principals.
+#   // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+#   string role = 1;
+#
+#   // Specifies the principals requesting access for a Google Cloud resource.
+#   // `members` can have the following values:
+#   //
+#   // * `allUsers`: A special identifier that represents anyone who is
+#   //    on the internet; with or without a Google account.
+#   //
+#   // * `allAuthenticatedUsers`: A special identifier that represents anyone
+#   //    who is authenticated with a Google account or a service account.
+#   //
+#   // * `user:{emailid}`: An email address that represents a specific Google
+#   //    account. For example, `alice@example.com` .
+#   //
+#   //
+#   // * `serviceAccount:{emailid}`: An email address that represents a service
+#   //    account. For example, `my-other-app@appspot.gserviceaccount.com`.
+#   //
+#   // * `group:{emailid}`: An email address that represents a Google group.
+#   //    For example, `admins@example.com`.
+#   //
+#   // * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+#   //    identifier) representing a user that has been recently deleted. For
+#   //    example, `alice@example.com?uid=123456789012345678901`. If the user is
+#   //    recovered, this value reverts to `user:{emailid}` and the recovered user
+#   //    retains the role in the binding.
+#   //
+#   // * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+#   //    unique identifier) representing a service account that has been recently
+#   //    deleted. For example,
+#   //    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+#   //    If the service account is undeleted, this value reverts to
+#   //    `serviceAccount:{emailid}` and the undeleted service account retains the
+#   //    role in the binding.
+#   //
+#   // * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+#   //    identifier) representing a Google group that has been recently
+#   //    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+#   //    the group is recovered, this value reverts to `group:{emailid}` and the
+#   //    recovered group retains the role in the binding.
+#   //
+#   //
+#   // * `domain:{domain}`: The G Suite domain (primary) that represents all the
+#   //    users of that domain. For example, `google.com` or `example.com`.
+#   //
+#   //
+#   repeated string members = 2;
+#
+#   // The condition that is associated with this binding.
+#   //
+#   // If the condition evaluates to `true`, then this binding applies to the
+#   // current request.
+#   //
+#   // If the condition evaluates to `false`, then this binding does not apply to
+#   // the current request. However, a different role binding might grant the same
+#   // role to one or more of the principals in this binding.
+#   //
+#   // To learn which resources support conditions in their IAM policies, see the
+#   // [IAM
+#   // documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+#   google.type.Expr condition = 3;
+# }
+#
+# // Specifies the audit configuration for a service.
+# // The configuration determines which permission types are logged, and what
+# // identities, if any, are exempted from logging.
+# // An AuditConfig must have one or more AuditLogConfigs.
+# //
+# // If there are AuditConfigs for both `allServices` and a specific service,
+# // the union of the two AuditConfigs is used for that service: the log_types
+# // specified in each AuditConfig are enabled, and the exempted_members in each
+# // AuditLogConfig are exempted.
+# //
+# // Example Policy with multiple AuditConfigs:
+# //
+# //     {
+# //       "audit_configs": [
+# //         {
+# //           "service": "allServices",
+# //           "audit_log_configs": [
+# //             {
+# //               "log_type": "DATA_READ",
+# //               "exempted_members": [
+# //                 "user:jose@example.com"
+# //               ]
+# //             },
+# //             {
+# //               "log_type": "DATA_WRITE"
+# //             },
+# //             {
+# //               "log_type": "ADMIN_READ"
+# //             }
+# //           ]
+# //         },
+# //         {
+# //           "service": "sampleservice.googleapis.com",
+# //           "audit_log_configs": [
+# //             {
+# //               "log_type": "DATA_READ"
+# //             },
+# //             {
+# //               "log_type": "DATA_WRITE",
+# //               "exempted_members": [
+# //                 "user:aliya@example.com"
+# //               ]
+# //             }
+# //           ]
+# //         }
+# //       ]
+# //     }
+# //
+# // For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+# // logging. It also exempts `jose@example.com` from DATA_READ logging, and
+# // `aliya@example.com` from DATA_WRITE logging.
+# message AuditConfig {
+#   // Specifies a service that will be enabled for audit logging.
+#   // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+#   // `allServices` is a special value that covers all services.
+#   string service = 1;
+#
+#   // The configuration for logging of each type of permission.
+#   repeated AuditLogConfig audit_log_configs = 3;
+# }
+#
+# // Provides the configuration for logging a type of permissions.
+# // Example:
+# //
+# //     {
+# //       "audit_log_configs": [
+# //         {
+# //           "log_type": "DATA_READ",
+# //           "exempted_members": [
+# //             "user:jose@example.com"
+# //           ]
+# //         },
+# //         {
+# //           "log_type": "DATA_WRITE"
+# //         }
+# //       ]
+# //     }
+# //
+# // This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+# // jose@example.com from DATA_READ logging.
+# message AuditLogConfig {
+#   // The list of valid permission types for which logging can be configured.
+#   // Admin writes are always logged, and are not configurable.
+#   enum LogType {
+#     // Default case. Should never be this.
+#     LOG_TYPE_UNSPECIFIED = 0;
+#
+#     // Admin reads. Example: CloudIAM getIamPolicy
+#     ADMIN_READ = 1;
+#
+#     // Data writes. Example: CloudSQL Users create
+#     DATA_WRITE = 2;
+#
+#     // Data reads. Example: CloudSQL Users list
+#     DATA_READ = 3;
+#   }
+#
+#   // The log type that this config enables.
+#   LogType log_type = 1;
+#
+#   // Specifies the identities that do not cause logging for this type of
+#   // permission.
+#   // Follows the same format of
+#   // [Binding.members][google.iam.v1.Binding.members].
+#   repeated string exempted_members = 2;
+# }
+#
+# // The difference delta between two policies.
+# message PolicyDelta {
+#   // The delta for Bindings between two policies.
+#   repeated BindingDelta binding_deltas = 1;
+#
+#   // The delta for AuditConfigs between two policies.
+#   repeated AuditConfigDelta audit_config_deltas = 2;
+# }
+#
+# // One delta entry for Binding. Each individual change (only one member in each
+# // entry) to a binding will be a separate entry.
+# message BindingDelta {
+#   // The type of action performed on a Binding in a policy.
+#   enum Action {
+#     // Unspecified.
+#     ACTION_UNSPECIFIED = 0;
+#
+#     // Addition of a Binding.
+#     ADD = 1;
+#
+#     // Removal of a Binding.
+#     REMOVE = 2;
+#   }
+#
+#   // The action that was performed on a Binding.
+#   // Required
+#   Action action = 1;
+#
+#   // Role that is assigned to `members`.
+#   // For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+#   // Required
+#   string role = 2;
+#
+#   // A single identity requesting access for a Google Cloud resource.
+#   // Follows the same format of Binding.members.
+#   // Required
+#   string member = 3;
+#
+#   // The condition that is associated with this binding.
+#   google.type.Expr condition = 4;
+# }
+#
+# // One delta entry for AuditConfig. Each individual change (only one
+# // exempted_member in each entry) to a AuditConfig will be a separate entry.
+# message AuditConfigDelta {
+#   // The type of action performed on an audit configuration in a policy.
+#   enum Action {
+#     // Unspecified.
+#     ACTION_UNSPECIFIED = 0;
+#
+#     // Addition of an audit configuration.
+#     ADD = 1;
+#
+#     // Removal of an audit configuration.
+#     REMOVE = 2;
+#   }
+#
+#   // The action that was performed on an audit configuration in a policy.
+#   // Required
+#   Action action = 1;
+#
+#   // Specifies a service that was configured for Cloud Audit Logging.
+#   // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+#   // `allServices` is a special value that covers all services.
+#   // Required
+#   string service = 2;
+#
+#   // A single identity that is exempted from "data access" audit
+#   // logging for the `service` specified above.
+#   // Follows the same format of Binding.members.
+#   string exempted_member = 3;
+#
+#   // Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
+#   // enabled, and cannot be configured.
+#   // Required
+#   string log_type = 4;
+# }

data/lib/grpc/google/iam/v1/version.rb

@@ -17,7 +17,7 @@
 module Google
   module Iam
     module V1
-      VERSION = "1.2.0".freeze
+      VERSION = "1.3.0".freeze
     end
   end
 end

metadata

@@ -1,63 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: grpc-google-iam-v1
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-17 00:00:00.000000000 Z
+date: 2023-08-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: googleapis-common-protos
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.12
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.12
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: google-protobuf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.14'
+        version: '3.18'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.14'
+        version: '3.18'
 - !ruby/object:Gem::Dependency
   name: grpc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.27'
+        version: '1.41'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.27'
+        version: '1.41'
 description: Common protos and gRPC services for Google IAM
 email:
 - googleapis-packages@google.com
@@ -91,7 +85,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.14
+rubygems_version: 3.4.2
 signing_key: 
 specification_version: 4
 summary: Common protos and gRPC services for Google IAM