# frozen_string_literal: true
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
require "google/cloud/errors"
require "google/iam/v1/iam_policy_pb"
require "google/iam/v1/iam_policy/rest/service_stub"
module Google
module Iam
module V1
module IAMPolicy
module Rest
##
# REST client for the IAMPolicy service.
#
# API Overview
#
#
# Manages Identity and Access Management (IAM) policies.
#
# Any implementation of an API that offers access control features
# implements the google.iam.v1.IAMPolicy interface.
#
# ## Data model
#
# Access control is applied when a principal (user or service account), takes
# some action on a resource exposed by a service. Resources, identified by
# URI-like names, are the unit of access control specification. Service
# implementations can choose the granularity of access control and the
# supported permissions for their resources.
# For example one database service may allow access control to be
# specified only at the Table level, whereas another might allow access control
# to also be specified at the Column level.
#
# ## Policy Structure
#
# See google.iam.v1.Policy
#
# This is intentionally not a CRUD style API because access control policies
# are created and deleted implicitly with the resources to which they are
# attached.
#
class Client
# @private
attr_reader :iam_policy_stub
##
# Configure the IAMPolicy Client class.
#
# See {::Google::Iam::V1::IAMPolicy::Rest::Client::Configuration}
# for a description of the configuration fields.
#
# @example
#
# # Modify the configuration for all IAMPolicy clients
# ::Google::Iam::V1::IAMPolicy::Rest::Client.configure do |config|
# config.timeout = 10.0
# end
#
# @yield [config] Configure the Client client.
# @yieldparam config [Client::Configuration]
#
# @return [Client::Configuration]
#
def self.configure
@configure ||= begin
namespace = ["Google", "Iam", "V1"]
parent_config = while namespace.any?
parent_name = namespace.join "::"
parent_const = const_get parent_name
break parent_const.configure if parent_const.respond_to? :configure
namespace.pop
end
default_config = Client::Configuration.new parent_config
default_config
end
yield @configure if block_given?
@configure
end
##
# Configure the IAMPolicy Client instance.
#
# The configuration is set to the derived mode, meaning that values can be changed,
# but structural changes (adding new fields, etc.) are not allowed. Structural changes
# should be made on {Client.configure}.
#
# See {::Google::Iam::V1::IAMPolicy::Rest::Client::Configuration}
# for a description of the configuration fields.
#
# @yield [config] Configure the Client client.
# @yieldparam config [Client::Configuration]
#
# @return [Client::Configuration]
#
def configure
yield @config if block_given?
@config
end
##
# Create a new IAMPolicy REST client object.
#
# @example
#
# # Create a client using the default configuration
# client = ::Google::Iam::V1::IAMPolicy::Rest::Client.new
#
# # Create a client using a custom configuration
# client = ::Google::Iam::V1::IAMPolicy::Rest::Client.new do |config|
# config.timeout = 10.0
# end
#
# @yield [config] Configure the IAMPolicy client.
# @yieldparam config [Client::Configuration]
#
def initialize
# Create the configuration object
@config = Configuration.new Client.configure
# Yield the configuration if needed
yield @config if block_given?
# Create credentials
credentials = @config.credentials
# Use self-signed JWT if the endpoint is unchanged from default,
# but only if the default endpoint does not have a region prefix.
enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
!@config.endpoint.split(".").first.include?("-")
credentials ||= Credentials.default scope: @config.scope,
enable_self_signed_jwt: enable_self_signed_jwt
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
credentials = Credentials.new credentials, scope: @config.scope
end
@quota_project_id = @config.quota_project
@quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id
@iam_policy_stub = ::Google::Iam::V1::IAMPolicy::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
end
# Service calls
##
# Sets the access control policy on the specified resource. Replaces any
# existing policy.
#
# Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
#
# @overload set_iam_policy(request, options = nil)
# Pass arguments to `set_iam_policy` via a request object, either of type
# {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
#
# @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
# A request object representing the call parameters. Required. To specify no
# parameters, or to keep all the default parameter values, pass an empty Hash.
# @param options [::Gapic::CallOptions, ::Hash]
# Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
#
# @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
# Pass arguments to `set_iam_policy` via keyword arguments. Note that at
# least one keyword argument is required. To specify no parameters, or to keep all
# the default parameter values, pass an empty Hash as a request object (see above).
#
# @param resource [::String]
# REQUIRED: The resource for which the policy is being specified.
# See the operation documentation for the appropriate value for this field.
# @param policy [::Google::Iam::V1::Policy, ::Hash]
# REQUIRED: The complete policy to be applied to the `resource`. The size of
# the policy is limited to a few 10s of KB. An empty policy is a
# valid policy but certain Cloud Platform services (such as Projects)
# might reject them.
# @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
# the fields in the mask will be modified. If no mask is provided, the
# following default mask is used:
#
# `paths: "bindings, etag"`
# @yield [result, response] Access the result along with the Faraday response object
# @yieldparam result [::Google::Iam::V1::Policy]
# @yieldparam response [::Faraday::Response]
#
# @return [::Google::Iam::V1::Policy]
#
# @raise [::Google::Cloud::Error] if the REST call is aborted.
def set_iam_policy request, options = nil
raise ::ArgumentError, "request must be provided" if request.nil?
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest
# Converts hash and nil to an options object
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
# Customize the options with defaults
call_metadata = @config.rpcs.set_iam_policy.metadata.to_h
# Set x-goog-api-client and x-goog-user-project headers
call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
lib_name: @config.lib_name, lib_version: @config.lib_version,
gapic_version: ::Google::Iam::V1::VERSION,
transports_version_send: [:rest]
call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
options.apply_defaults timeout: @config.rpcs.set_iam_policy.timeout,
metadata: call_metadata,
retry_policy: @config.rpcs.set_iam_policy.retry_policy
options.apply_defaults timeout: @config.timeout,
metadata: @config.metadata,
retry_policy: @config.retry_policy
bindings_override = @config.bindings_override["google.iam.v1.IAMPolicy.SetIamPolicy"]
@iam_policy_stub.set_iam_policy request, options, bindings_override: bindings_override do |result, response|
yield result, response if block_given?
return result
end
rescue ::Gapic::Rest::Error => e
raise ::Google::Cloud::Error.from_error(e)
end
##
# Gets the access control policy for a resource.
# Returns an empty policy if the resource exists and does not have a policy
# set.
#
# @overload get_iam_policy(request, options = nil)
# Pass arguments to `get_iam_policy` via a request object, either of type
# {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
#
# @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
# A request object representing the call parameters. Required. To specify no
# parameters, or to keep all the default parameter values, pass an empty Hash.
# @param options [::Gapic::CallOptions, ::Hash]
# Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
#
# @overload get_iam_policy(resource: nil, options: nil)
# Pass arguments to `get_iam_policy` via keyword arguments. Note that at
# least one keyword argument is required. To specify no parameters, or to keep all
# the default parameter values, pass an empty Hash as a request object (see above).
#
# @param resource [::String]
# REQUIRED: The resource for which the policy is being requested.
# See the operation documentation for the appropriate value for this field.
# @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
# OPTIONAL: A `GetPolicyOptions` object for specifying options to
# `GetIamPolicy`.
# @yield [result, response] Access the result along with the Faraday response object
# @yieldparam result [::Google::Iam::V1::Policy]
# @yieldparam response [::Faraday::Response]
#
# @return [::Google::Iam::V1::Policy]
#
# @raise [::Google::Cloud::Error] if the REST call is aborted.
def get_iam_policy request, options = nil
raise ::ArgumentError, "request must be provided" if request.nil?
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest
# Converts hash and nil to an options object
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
# Customize the options with defaults
call_metadata = @config.rpcs.get_iam_policy.metadata.to_h
# Set x-goog-api-client and x-goog-user-project headers
call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
lib_name: @config.lib_name, lib_version: @config.lib_version,
gapic_version: ::Google::Iam::V1::VERSION,
transports_version_send: [:rest]
call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
options.apply_defaults timeout: @config.rpcs.get_iam_policy.timeout,
metadata: call_metadata,
retry_policy: @config.rpcs.get_iam_policy.retry_policy
options.apply_defaults timeout: @config.timeout,
metadata: @config.metadata,
retry_policy: @config.retry_policy
bindings_override = @config.bindings_override["google.iam.v1.IAMPolicy.GetIamPolicy"]
@iam_policy_stub.get_iam_policy request, options, bindings_override: bindings_override do |result, response|
yield result, response if block_given?
return result
end
rescue ::Gapic::Rest::Error => e
raise ::Google::Cloud::Error.from_error(e)
end
##
# Returns permissions that a caller has on the specified resource.
# If the resource does not exist, this will return an empty set of
# permissions, not a `NOT_FOUND` error.
#
# Note: This operation is designed to be used for building permission-aware
# UIs and command-line tools, not for authorization checking. This operation
# may "fail open" without warning.
#
# @overload test_iam_permissions(request, options = nil)
# Pass arguments to `test_iam_permissions` via a request object, either of type
# {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
#
# @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
# A request object representing the call parameters. Required. To specify no
# parameters, or to keep all the default parameter values, pass an empty Hash.
# @param options [::Gapic::CallOptions, ::Hash]
# Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
#
# @overload test_iam_permissions(resource: nil, permissions: nil)
# Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
# least one keyword argument is required. To specify no parameters, or to keep all
# the default parameter values, pass an empty Hash as a request object (see above).
#
# @param resource [::String]
# REQUIRED: The resource for which the policy detail is being requested.
# See the operation documentation for the appropriate value for this field.
# @param permissions [::Array<::String>]
# The set of permissions to check for the `resource`. Permissions with
# wildcards (such as '*' or 'storage.*') are not allowed. For more
# information see
# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
# @yield [result, response] Access the result along with the Faraday response object
# @yieldparam result [::Google::Iam::V1::TestIamPermissionsResponse]
# @yieldparam response [::Faraday::Response]
#
# @return [::Google::Iam::V1::TestIamPermissionsResponse]
#
# @raise [::Google::Cloud::Error] if the REST call is aborted.
def test_iam_permissions request, options = nil
raise ::ArgumentError, "request must be provided" if request.nil?
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest
# Converts hash and nil to an options object
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
# Customize the options with defaults
call_metadata = @config.rpcs.test_iam_permissions.metadata.to_h
# Set x-goog-api-client and x-goog-user-project headers
call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
lib_name: @config.lib_name, lib_version: @config.lib_version,
gapic_version: ::Google::Iam::V1::VERSION,
transports_version_send: [:rest]
call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
options.apply_defaults timeout: @config.rpcs.test_iam_permissions.timeout,
metadata: call_metadata,
retry_policy: @config.rpcs.test_iam_permissions.retry_policy
options.apply_defaults timeout: @config.timeout,
metadata: @config.metadata,
retry_policy: @config.retry_policy
bindings_override = @config.bindings_override["google.iam.v1.IAMPolicy.TestIamPermissions"]
@iam_policy_stub.test_iam_permissions request, options, bindings_override: bindings_override do |result, response|
yield result, response if block_given?
return result
end
rescue ::Gapic::Rest::Error => e
raise ::Google::Cloud::Error.from_error(e)
end
##
# Configuration class for the IAMPolicy REST API.
#
# This class represents the configuration for IAMPolicy REST,
# providing control over timeouts, retry behavior, logging, transport
# parameters, and other low-level controls. Certain parameters can also be
# applied individually to specific RPCs. See
# {::Google::Iam::V1::IAMPolicy::Rest::Client::Configuration::Rpcs}
# for a list of RPCs that can be configured independently.
#
# Configuration can be applied globally to all clients, or to a single client
# on construction.
#
# @example
#
# # Modify the global config, setting the timeout for
# # set_iam_policy to 20 seconds,
# # and all remaining timeouts to 10 seconds.
# ::Google::Iam::V1::IAMPolicy::Rest::Client.configure do |config|
# config.timeout = 10.0
# config.rpcs.set_iam_policy.timeout = 20.0
# end
#
# # Apply the above configuration only to a new client.
# client = ::Google::Iam::V1::IAMPolicy::Rest::Client.new do |config|
# config.timeout = 10.0
# config.rpcs.set_iam_policy.timeout = 20.0
# end
#
# @!attribute [rw] endpoint
# The hostname or hostname:port of the service endpoint.
# Defaults to `"iam-meta-api.googleapis.com"`.
# @return [::String]
# @!attribute [rw] credentials
# Credentials to send with calls. You may provide any of the following types:
# * (`String`) The path to a service account key file in JSON format
# * (`Hash`) A service account key as a Hash
# * (`Google::Auth::Credentials`) A googleauth credentials object
# (see the [googleauth docs](https://googleapis.dev/ruby/googleauth/latest/index.html))
# * (`Signet::OAuth2::Client`) A signet oauth2 client object
# (see the [signet docs](https://googleapis.dev/ruby/signet/latest/Signet/OAuth2/Client.html))
# * (`nil`) indicating no credentials
# @return [::Object]
# @!attribute [rw] scope
# The OAuth scopes
# @return [::Array<::String>]
# @!attribute [rw] lib_name
# The library name as recorded in instrumentation and logging
# @return [::String]
# @!attribute [rw] lib_version
# The library version as recorded in instrumentation and logging
# @return [::String]
# @!attribute [rw] timeout
# The call timeout in seconds.
# @return [::Numeric]
# @!attribute [rw] metadata
# Additional headers to be sent with the call.
# @return [::Hash{::Symbol=>::String}]
# @!attribute [rw] retry_policy
# The retry policy. The value is a hash with the following keys:
# * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
# * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
# * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
# * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
# trigger a retry.
# @return [::Hash]
# @!attribute [rw] quota_project
# A separate project against which to charge quota.
# @return [::String]
#
class Configuration
extend ::Gapic::Config
config_attr :endpoint, "iam-meta-api.googleapis.com", ::String
config_attr :credentials, nil do |value|
allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
allowed.any? { |klass| klass === value }
end
config_attr :scope, nil, ::String, ::Array, nil
config_attr :lib_name, nil, ::String, nil
config_attr :lib_version, nil, ::String, nil
config_attr :timeout, nil, ::Numeric, nil
config_attr :metadata, nil, ::Hash, nil
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
config_attr :quota_project, nil, ::String, nil
# @private
# Overrides for http bindings for the RPCs of this service
# are only used when this service is used as mixin, and only
# by the host service.
# @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
config_attr :bindings_override, {}, ::Hash, nil
# @private
def initialize parent_config = nil
@parent_config = parent_config unless parent_config.nil?
yield self if block_given?
end
##
# Configurations for individual RPCs
# @return [Rpcs]
#
def rpcs
@rpcs ||= begin
parent_rpcs = nil
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
Rpcs.new parent_rpcs
end
end
##
# Configuration RPC class for the IAMPolicy API.
#
# Includes fields providing the configuration for each RPC in this service.
# Each configuration object is of type `Gapic::Config::Method` and includes
# the following configuration fields:
#
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional headers
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
# include the following keys:
# * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
# * `:max_delay` (*type:* `Numeric`) - The max delay in seconds.
# * `:multiplier` (*type:* `Numeric`) - The incremental backoff multiplier.
# * `:retry_codes` (*type:* `Array<String>`) - The error codes that should
# trigger a retry.
#
class Rpcs
##
# RPC-specific configuration for `set_iam_policy`
# @return [::Gapic::Config::Method]
#
attr_reader :set_iam_policy
##
# RPC-specific configuration for `get_iam_policy`
# @return [::Gapic::Config::Method]
#
attr_reader :get_iam_policy
##
# RPC-specific configuration for `test_iam_permissions`
# @return [::Gapic::Config::Method]
#
attr_reader :test_iam_permissions
# @private
def initialize parent_rpcs = nil
set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
@set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
@get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
@test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
yield self if block_given?
end
end
end
end
end
end
end
end
end