diff --git a/google-cloud-domains/.owlbot-manifest.json b/google-cloud-domains/.owlbot-manifest.json index b5b41e2c7c10..2604b47bc0a6 100644 --- a/google-cloud-domains/.owlbot-manifest.json +++ b/google-cloud-domains/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-domains/.toys.rb b/google-cloud-domains/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-domains/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-domains/AUTHENTICATION.md b/google-cloud-domains/AUTHENTICATION.md index 20d055bbf336..8a7d812f6960 100644 --- a/google-cloud-domains/AUTHENTICATION.md +++ b/google-cloud-domains/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-domains library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-domains library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DOMAINS_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/domains" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Domains.domains +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-domains library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-domains library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-domains -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Domains::V1beta1::Domains::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DOMAINS_CREDENTIALS` - Path to JSON file, or JSON contents -* `DOMAINS_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/domains" - -ENV["DOMAINS_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Domains.domains -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/domains" client = Google::Cloud::Domains.domains do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/domains" Google::Cloud::Domains.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Domains.domains ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-domains +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/domains" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-domains. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Domains.domains +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-edge_network/.owlbot-manifest.json b/google-cloud-edge_network/.owlbot-manifest.json index ca93d5d6c2e3..f2b5da8857b5 100644 --- a/google-cloud-edge_network/.owlbot-manifest.json +++ b/google-cloud-edge_network/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-edge_network/.toys.rb b/google-cloud-edge_network/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-edge_network/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-edge_network/AUTHENTICATION.md b/google-cloud-edge_network/AUTHENTICATION.md index 2bb8d7dae395..6013b4365a0f 100644 --- a/google-cloud-edge_network/AUTHENTICATION.md +++ b/google-cloud-edge_network/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-edge_network library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-edge_network library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/edge_network" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::EdgeNetwork.edge_network +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-edge_network library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-edge_network library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-edge_network -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::EdgeNetwork::V1::EdgeNetwork::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/edge_network" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::EdgeNetwork.edge_network -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/edge_network" client = Google::Cloud::EdgeNetwork.edge_network do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/edge_network" Google::Cloud::EdgeNetwork.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::EdgeNetwork.edge_network ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-edge_network +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/edge_network" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-edge_network. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::EdgeNetwork.edge_network +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-essential_contacts/.owlbot-manifest.json b/google-cloud-essential_contacts/.owlbot-manifest.json index 1883c8c3a960..c897d1ddf63e 100644 --- a/google-cloud-essential_contacts/.owlbot-manifest.json +++ b/google-cloud-essential_contacts/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-essential_contacts/.toys.rb b/google-cloud-essential_contacts/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-essential_contacts/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-essential_contacts/AUTHENTICATION.md b/google-cloud-essential_contacts/AUTHENTICATION.md index d8b89869238f..d9c103556cac 100644 --- a/google-cloud-essential_contacts/AUTHENTICATION.md +++ b/google-cloud-essential_contacts/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-essential_contacts library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-essential_contacts library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export ESSENTIAL_CONTACTS_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/essential_contacts" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::EssentialContacts.essential_contacts_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-essential_contacts library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-essential_contacts library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-essential_contacts -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::EssentialContacts::V1::EssentialContactsService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `ESSENTIAL_CONTACTS_CREDENTIALS` - Path to JSON file, or JSON contents -* `ESSENTIAL_CONTACTS_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/essential_contacts" - -ENV["ESSENTIAL_CONTACTS_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::EssentialContacts.essential_contacts_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/essential_contacts" client = Google::Cloud::EssentialContacts.essential_contacts_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/essential_contacts" Google::Cloud::EssentialContacts.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::EssentialContacts.essential_contacts_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-essential_contacts +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/essential_contacts" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-essential_contacts. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::EssentialContacts.essential_contacts_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-eventarc-publishing/.owlbot-manifest.json b/google-cloud-eventarc-publishing/.owlbot-manifest.json index 51e4d3c031de..fd81e3421c05 100644 --- a/google-cloud-eventarc-publishing/.owlbot-manifest.json +++ b/google-cloud-eventarc-publishing/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-eventarc-publishing/.toys.rb b/google-cloud-eventarc-publishing/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-eventarc-publishing/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-eventarc-publishing/AUTHENTICATION.md b/google-cloud-eventarc-publishing/AUTHENTICATION.md index e3f53a850d63..03c28d6b5626 100644 --- a/google-cloud-eventarc-publishing/AUTHENTICATION.md +++ b/google-cloud-eventarc-publishing/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-eventarc-publishing library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-eventarc-publishing library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export EVENTARC_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/eventarc/publishing" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Eventarc::Publishing.publisher +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-eventarc-publishing library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-eventarc-publishing library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-eventarc-publishing -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Eventarc::Publishing::V1::Publisher::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `EVENTARC_CREDENTIALS` - Path to JSON file, or JSON contents -* `EVENTARC_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/eventarc/publishing" - -ENV["EVENTARC_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Eventarc::Publishing.publisher -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/eventarc/publishing" client = Google::Cloud::Eventarc::Publishing.publisher do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/eventarc/publishing" Google::Cloud::Eventarc::Publishing.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Eventarc::Publishing.publisher ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-eventarc-publishing +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/eventarc/publishing" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-eventarc-publishing. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Eventarc::Publishing.publisher +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-eventarc/.owlbot-manifest.json b/google-cloud-eventarc/.owlbot-manifest.json index 5811c46214a2..dab73bc10253 100644 --- a/google-cloud-eventarc/.owlbot-manifest.json +++ b/google-cloud-eventarc/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-eventarc/.toys.rb b/google-cloud-eventarc/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-eventarc/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-eventarc/AUTHENTICATION.md b/google-cloud-eventarc/AUTHENTICATION.md index a89a3d5ee40f..00ef6b0b71d4 100644 --- a/google-cloud-eventarc/AUTHENTICATION.md +++ b/google-cloud-eventarc/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-eventarc library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-eventarc library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export EVENTARC_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/eventarc" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Eventarc.eventarc +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-eventarc library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-eventarc library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-eventarc -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Eventarc::V1::Eventarc::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `EVENTARC_CREDENTIALS` - Path to JSON file, or JSON contents -* `EVENTARC_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/eventarc" - -ENV["EVENTARC_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Eventarc.eventarc -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/eventarc" client = Google::Cloud::Eventarc.eventarc do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/eventarc" Google::Cloud::Eventarc.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Eventarc.eventarc ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-eventarc +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/eventarc" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-eventarc. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Eventarc.eventarc +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-filestore/.owlbot-manifest.json b/google-cloud-filestore/.owlbot-manifest.json index aa7d68441045..d545d536ea49 100644 --- a/google-cloud-filestore/.owlbot-manifest.json +++ b/google-cloud-filestore/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-filestore/.toys.rb b/google-cloud-filestore/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-filestore/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-filestore/AUTHENTICATION.md b/google-cloud-filestore/AUTHENTICATION.md index 95ddcebc1a57..ce8085556ee5 100644 --- a/google-cloud-filestore/AUTHENTICATION.md +++ b/google-cloud-filestore/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-filestore library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-filestore library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/filestore" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Filestore.cloud_filestore_manager +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-filestore library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-filestore library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-filestore -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Filestore::V1::CloudFilestoreManager::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/filestore" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Filestore.cloud_filestore_manager -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/filestore" client = Google::Cloud::Filestore.cloud_filestore_manager do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/filestore" Google::Cloud::Filestore.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Filestore.cloud_filestore_manager ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-filestore +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/filestore" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-filestore. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Filestore.cloud_filestore_manager +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-firestore-admin/.owlbot-manifest.json b/google-cloud-firestore-admin/.owlbot-manifest.json index 50ffe7cb55ac..a311e38872b2 100644 --- a/google-cloud-firestore-admin/.owlbot-manifest.json +++ b/google-cloud-firestore-admin/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-firestore-admin/.toys.rb b/google-cloud-firestore-admin/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-firestore-admin/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-firestore-admin/AUTHENTICATION.md b/google-cloud-firestore-admin/AUTHENTICATION.md index 3719748e739d..3477215a6592 100644 --- a/google-cloud-firestore-admin/AUTHENTICATION.md +++ b/google-cloud-firestore-admin/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-firestore-admin library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-firestore-admin library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export FIRESTORE_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/firestore/admin" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Firestore::Admin.firestore_admin +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-firestore-admin library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-firestore-admin library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-firestore-admin -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Firestore::Admin::V1::FirestoreAdmin::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `FIRESTORE_CREDENTIALS` - Path to JSON file, or JSON contents -* `FIRESTORE_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/firestore/admin" - -ENV["FIRESTORE_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Firestore::Admin.firestore_admin -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/firestore/admin" client = Google::Cloud::Firestore::Admin.firestore_admin do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/firestore/admin" Google::Cloud::Firestore::Admin.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Firestore::Admin.firestore_admin ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-firestore-admin +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/firestore/admin" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-firestore-admin. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Firestore::Admin.firestore_admin +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-functions/.owlbot-manifest.json b/google-cloud-functions/.owlbot-manifest.json index 11f68f5e1fb7..66907f4c6e9a 100644 --- a/google-cloud-functions/.owlbot-manifest.json +++ b/google-cloud-functions/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-functions/.toys.rb b/google-cloud-functions/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-functions/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-functions/AUTHENTICATION.md b/google-cloud-functions/AUTHENTICATION.md index dc73c9583c12..979e47e38325 100644 --- a/google-cloud-functions/AUTHENTICATION.md +++ b/google-cloud-functions/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-functions library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-functions library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export FUNCTIONS_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/functions" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Functions.cloud_functions_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-functions library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-functions library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-functions -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Functions::V1::CloudFunctionsService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `FUNCTIONS_CREDENTIALS` - Path to JSON file, or JSON contents -* `FUNCTIONS_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/functions" - -ENV["FUNCTIONS_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Functions.cloud_functions_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/functions" client = Google::Cloud::Functions.cloud_functions_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/functions" Google::Cloud::Functions.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Functions.cloud_functions_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-functions +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/functions" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-functions. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Functions.cloud_functions_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-gke_backup/.owlbot-manifest.json b/google-cloud-gke_backup/.owlbot-manifest.json index 2a07ee2b4193..cb9b05b1d849 100644 --- a/google-cloud-gke_backup/.owlbot-manifest.json +++ b/google-cloud-gke_backup/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-gke_backup/.toys.rb b/google-cloud-gke_backup/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-gke_backup/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-gke_backup/AUTHENTICATION.md b/google-cloud-gke_backup/AUTHENTICATION.md index f62a5ee31c45..77be14ebc09c 100644 --- a/google-cloud-gke_backup/AUTHENTICATION.md +++ b/google-cloud-gke_backup/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-gke_backup library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-gke_backup library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/gke_backup" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::GkeBackup.backup_for_gke +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-gke_backup library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-gke_backup library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-gke_backup -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::GkeBackup::V1::BackupForGKE::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/gke_backup" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::GkeBackup.backup_for_gke -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/gke_backup" client = Google::Cloud::GkeBackup.backup_for_gke do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/gke_backup" Google::Cloud::GkeBackup.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::GkeBackup.backup_for_gke ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-gke_backup +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/gke_backup" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-gke_backup. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::GkeBackup.backup_for_gke +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-gke_connect-gateway/.owlbot-manifest.json b/google-cloud-gke_connect-gateway/.owlbot-manifest.json index c55f9f5a9520..2d938ac6f908 100644 --- a/google-cloud-gke_connect-gateway/.owlbot-manifest.json +++ b/google-cloud-gke_connect-gateway/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-gke_connect-gateway/.toys.rb b/google-cloud-gke_connect-gateway/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-gke_connect-gateway/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-gke_connect-gateway/AUTHENTICATION.md b/google-cloud-gke_connect-gateway/AUTHENTICATION.md index 190421f11a4d..61a73b1e1c62 100644 --- a/google-cloud-gke_connect-gateway/AUTHENTICATION.md +++ b/google-cloud-gke_connect-gateway/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-gke_connect-gateway library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-gke_connect-gateway library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GKE_CONNECT_GATEWAY_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/gke_connect/gateway" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::GkeConnect::Gateway.gateway_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-gke_connect-gateway library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-gke_connect-gateway library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-gke_connect-gateway -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::GkeConnect::Gateway::V1beta1::GatewayService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GKE_CONNECT_GATEWAY_CREDENTIALS` - Path to JSON file, or JSON contents -* `GKE_CONNECT_GATEWAY_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/gke_connect/gateway" - -ENV["GKE_CONNECT_GATEWAY_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::GkeConnect::Gateway.gateway_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/gke_connect/gateway" client = Google::Cloud::GkeConnect::Gateway.gateway_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/gke_connect/gateway" Google::Cloud::GkeConnect::Gateway.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::GkeConnect::Gateway.gateway_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-gke_connect-gateway +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/gke_connect/gateway" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-gke_connect-gateway. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::GkeConnect::Gateway.gateway_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-gke_hub/.owlbot-manifest.json b/google-cloud-gke_hub/.owlbot-manifest.json index 946fc5e467b9..abf428e0dd47 100644 --- a/google-cloud-gke_hub/.owlbot-manifest.json +++ b/google-cloud-gke_hub/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-gke_hub/.toys.rb b/google-cloud-gke_hub/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-gke_hub/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-gke_hub/AUTHENTICATION.md b/google-cloud-gke_hub/AUTHENTICATION.md index 6b4b12b7c118..57707d0ac65d 100644 --- a/google-cloud-gke_hub/AUTHENTICATION.md +++ b/google-cloud-gke_hub/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-gke_hub library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-gke_hub library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GKE_HUB_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/gke_hub" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::GkeHub.gke_hub +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-gke_hub library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-gke_hub library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-gke_hub -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::GkeHub::V1::GkeHub::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GKE_HUB_CREDENTIALS` - Path to JSON file, or JSON contents -* `GKE_HUB_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/gke_hub" - -ENV["GKE_HUB_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::GkeHub.gke_hub -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/gke_hub" client = Google::Cloud::GkeHub.gke_hub do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/gke_hub" Google::Cloud::GkeHub.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::GkeHub.gke_hub ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-gke_hub +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/gke_hub" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-gke_hub. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::GkeHub.gke_hub +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-gke_multi_cloud/.owlbot-manifest.json b/google-cloud-gke_multi_cloud/.owlbot-manifest.json index b9f4d1f857d4..4d444dacc7b3 100644 --- a/google-cloud-gke_multi_cloud/.owlbot-manifest.json +++ b/google-cloud-gke_multi_cloud/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-gke_multi_cloud/.toys.rb b/google-cloud-gke_multi_cloud/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-gke_multi_cloud/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-gke_multi_cloud/AUTHENTICATION.md b/google-cloud-gke_multi_cloud/AUTHENTICATION.md index 7d3eccd3f874..71bfeeefcae7 100644 --- a/google-cloud-gke_multi_cloud/AUTHENTICATION.md +++ b/google-cloud-gke_multi_cloud/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-gke_multi_cloud library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-gke_multi_cloud library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/gke_multi_cloud" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::GkeMultiCloud.attached_clusters +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-gke_multi_cloud library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-gke_multi_cloud library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-gke_multi_cloud -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::GkeMultiCloud::V1::AttachedClusters::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/gke_multi_cloud" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::GkeMultiCloud.attached_clusters -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/gke_multi_cloud" client = Google::Cloud::GkeMultiCloud.attached_clusters do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/gke_multi_cloud" Google::Cloud::GkeMultiCloud.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::GkeMultiCloud.attached_clusters ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-gke_multi_cloud +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/gke_multi_cloud" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-gke_multi_cloud. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::GkeMultiCloud.attached_clusters +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-gsuite_add_ons/.owlbot-manifest.json b/google-cloud-gsuite_add_ons/.owlbot-manifest.json index a78b1bd3dfb9..85ec2af2c825 100644 --- a/google-cloud-gsuite_add_ons/.owlbot-manifest.json +++ b/google-cloud-gsuite_add_ons/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-gsuite_add_ons/.toys.rb b/google-cloud-gsuite_add_ons/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-gsuite_add_ons/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-gsuite_add_ons/AUTHENTICATION.md b/google-cloud-gsuite_add_ons/AUTHENTICATION.md index 4fed7b83304c..3391e1e6c965 100644 --- a/google-cloud-gsuite_add_ons/AUTHENTICATION.md +++ b/google-cloud-gsuite_add_ons/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-gsuite_add_ons library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-gsuite_add_ons library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/gsuite_add_ons" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::GSuiteAddOns.gsuite_add_ons +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-gsuite_add_ons library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-gsuite_add_ons library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-gsuite_add_ons -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::GSuiteAddOns::V1::GSuiteAddOns::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/gsuite_add_ons" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::GSuiteAddOns.gsuite_add_ons -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/gsuite_add_ons" client = Google::Cloud::GSuiteAddOns.gsuite_add_ons do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/gsuite_add_ons" Google::Cloud::GSuiteAddOns.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::GSuiteAddOns.gsuite_add_ons ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-gsuite_add_ons +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/gsuite_add_ons" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-gsuite_add_ons. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::GSuiteAddOns.gsuite_add_ons +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-iap/.owlbot-manifest.json b/google-cloud-iap/.owlbot-manifest.json index cf357577debb..70db9d22d159 100644 --- a/google-cloud-iap/.owlbot-manifest.json +++ b/google-cloud-iap/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-iap/.toys.rb b/google-cloud-iap/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-iap/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-iap/AUTHENTICATION.md b/google-cloud-iap/AUTHENTICATION.md index ead93122741a..d758469ffe3d 100644 --- a/google-cloud-iap/AUTHENTICATION.md +++ b/google-cloud-iap/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-iap library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-iap library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export IAP_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/iap" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Iap.identity_aware_proxy_admin_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-iap library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-iap library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-iap -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `IAP_CREDENTIALS` - Path to JSON file, or JSON contents -* `IAP_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/iap" - -ENV["IAP_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Iap.identity_aware_proxy_admin_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/iap" client = Google::Cloud::Iap.identity_aware_proxy_admin_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/iap" Google::Cloud::Iap.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Iap.identity_aware_proxy_admin_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-iap +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/iap" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-iap. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Iap.identity_aware_proxy_admin_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-ids/.owlbot-manifest.json b/google-cloud-ids/.owlbot-manifest.json index 37fa3e2a8603..facee37f1d59 100644 --- a/google-cloud-ids/.owlbot-manifest.json +++ b/google-cloud-ids/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-ids/.toys.rb b/google-cloud-ids/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-ids/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-ids/AUTHENTICATION.md b/google-cloud-ids/AUTHENTICATION.md index 62559f3c821b..d592cae399f4 100644 --- a/google-cloud-ids/AUTHENTICATION.md +++ b/google-cloud-ids/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-ids library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-ids library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/ids" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::IDS.ids +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-ids library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-ids library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-ids -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::IDS::V1::IDS::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/ids" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::IDS.ids -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/ids" client = Google::Cloud::IDS.ids do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/ids" Google::Cloud::IDS.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::IDS.ids ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-ids +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/ids" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-ids. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::IDS.ids +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-iot/.owlbot-manifest.json b/google-cloud-iot/.owlbot-manifest.json index 2b3220e35225..18919584f1fa 100644 --- a/google-cloud-iot/.owlbot-manifest.json +++ b/google-cloud-iot/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-iot/.toys.rb b/google-cloud-iot/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-iot/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-iot/AUTHENTICATION.md b/google-cloud-iot/AUTHENTICATION.md index 2351b6993f04..7070619c3ad5 100644 --- a/google-cloud-iot/AUTHENTICATION.md +++ b/google-cloud-iot/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-iot library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-iot library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export IOT_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/iot" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Iot.device_manager +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-iot library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-iot library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-iot -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Iot::V1::DeviceManager::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `IOT_CREDENTIALS` - Path to JSON file, or JSON contents -* `IOT_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/iot" - -ENV["IOT_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Iot.device_manager -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/iot" client = Google::Cloud::Iot.device_manager do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/iot" Google::Cloud::Iot.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Iot.device_manager ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-iot +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/iot" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-iot. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Iot.device_manager +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-kms-inventory/.owlbot-manifest.json b/google-cloud-kms-inventory/.owlbot-manifest.json index 74b67df74ee1..0db452749c78 100644 --- a/google-cloud-kms-inventory/.owlbot-manifest.json +++ b/google-cloud-kms-inventory/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-kms-inventory/.toys.rb b/google-cloud-kms-inventory/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-kms-inventory/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-kms-inventory/AUTHENTICATION.md b/google-cloud-kms-inventory/AUTHENTICATION.md index 605552b3f46f..d46e9564a0d4 100644 --- a/google-cloud-kms-inventory/AUTHENTICATION.md +++ b/google-cloud-kms-inventory/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-kms-inventory library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-kms-inventory library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/kms/inventory" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Kms::Inventory.key_dashboard_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-kms-inventory library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-kms-inventory library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-kms-inventory -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Kms::Inventory::V1::KeyDashboardService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/kms/inventory" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Kms::Inventory.key_dashboard_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/kms/inventory" client = Google::Cloud::Kms::Inventory.key_dashboard_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/kms/inventory" Google::Cloud::Kms::Inventory.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Kms::Inventory.key_dashboard_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-kms-inventory +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/kms/inventory" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-kms-inventory. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Kms::Inventory.key_dashboard_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-kms/.owlbot-manifest.json b/google-cloud-kms/.owlbot-manifest.json index 76b966f521e7..8f86f371d774 100644 --- a/google-cloud-kms/.owlbot-manifest.json +++ b/google-cloud-kms/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-kms/.toys.rb b/google-cloud-kms/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-kms/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-kms/AUTHENTICATION.md b/google-cloud-kms/AUTHENTICATION.md index f415323d6a87..d94610f7e651 100644 --- a/google-cloud-kms/AUTHENTICATION.md +++ b/google-cloud-kms/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-kms library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-kms library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export KMS_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/kms" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Kms.ekm_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-kms library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-kms library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-kms -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Kms::V1::EkmService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `KMS_CREDENTIALS` - Path to JSON file, or JSON contents -* `KMS_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/kms" - -ENV["KMS_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Kms.ekm_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/kms" client = Google::Cloud::Kms.ekm_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/kms" Google::Cloud::Kms.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Kms.ekm_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-kms +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/kms" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-kms. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Kms.ekm_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-language/.owlbot-manifest.json b/google-cloud-language/.owlbot-manifest.json index c4cfeb88281b..533945c7c039 100644 --- a/google-cloud-language/.owlbot-manifest.json +++ b/google-cloud-language/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-language/.toys.rb b/google-cloud-language/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-language/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-language/AUTHENTICATION.md b/google-cloud-language/AUTHENTICATION.md index 8542c0e48fb3..cdda15a56626 100644 --- a/google-cloud-language/AUTHENTICATION.md +++ b/google-cloud-language/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-language library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-language library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export LANGUAGE_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/language" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Language.language_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-language library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-language library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-language -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Language::V1::LanguageService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `LANGUAGE_CREDENTIALS` - Path to JSON file, or JSON contents -* `LANGUAGE_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/language" - -ENV["LANGUAGE_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Language.language_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/language" client = Google::Cloud::Language.language_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/language" Google::Cloud::Language.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Language.language_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-language +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/language" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-language. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Language.language_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-life_sciences/.owlbot-manifest.json b/google-cloud-life_sciences/.owlbot-manifest.json index a9d2ba8c9509..9666365dfe0b 100644 --- a/google-cloud-life_sciences/.owlbot-manifest.json +++ b/google-cloud-life_sciences/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-life_sciences/.toys.rb b/google-cloud-life_sciences/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-life_sciences/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-life_sciences/AUTHENTICATION.md b/google-cloud-life_sciences/AUTHENTICATION.md index ec372808f208..adc904082f35 100644 --- a/google-cloud-life_sciences/AUTHENTICATION.md +++ b/google-cloud-life_sciences/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-life_sciences library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-life_sciences library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export LIFE_SCIENCES_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/life_sciences" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::LifeSciences.workflows_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-life_sciences library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-life_sciences library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-life_sciences -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::LifeSciences::V2beta::WorkflowsService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `LIFE_SCIENCES_CREDENTIALS` - Path to JSON file, or JSON contents -* `LIFE_SCIENCES_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/life_sciences" - -ENV["LIFE_SCIENCES_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::LifeSciences.workflows_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/life_sciences" client = Google::Cloud::LifeSciences.workflows_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/life_sciences" Google::Cloud::LifeSciences.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::LifeSciences.workflows_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-life_sciences +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/life_sciences" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-life_sciences. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::LifeSciences.workflows_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-managed_identities/.owlbot-manifest.json b/google-cloud-managed_identities/.owlbot-manifest.json index 69b567cec775..06fe242dda4b 100644 --- a/google-cloud-managed_identities/.owlbot-manifest.json +++ b/google-cloud-managed_identities/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-managed_identities/.toys.rb b/google-cloud-managed_identities/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-managed_identities/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-managed_identities/AUTHENTICATION.md b/google-cloud-managed_identities/AUTHENTICATION.md index a946df0ffc47..10e69e8f4fde 100644 --- a/google-cloud-managed_identities/AUTHENTICATION.md +++ b/google-cloud-managed_identities/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-managed_identities library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-managed_identities library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export MANAGED_IDENTITIES_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/managed_identities" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::ManagedIdentities.managed_identities_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-managed_identities library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-managed_identities library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-managed_identities -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::ManagedIdentities::V1::ManagedIdentitiesService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `MANAGED_IDENTITIES_CREDENTIALS` - Path to JSON file, or JSON contents -* `MANAGED_IDENTITIES_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/managed_identities" - -ENV["MANAGED_IDENTITIES_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::ManagedIdentities.managed_identities_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/managed_identities" client = Google::Cloud::ManagedIdentities.managed_identities_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/managed_identities" Google::Cloud::ManagedIdentities.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::ManagedIdentities.managed_identities_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-managed_identities +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/managed_identities" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-managed_identities. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::ManagedIdentities.managed_identities_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-media_translation/.owlbot-manifest.json b/google-cloud-media_translation/.owlbot-manifest.json index 82adb29c503e..fd8c270821d3 100644 --- a/google-cloud-media_translation/.owlbot-manifest.json +++ b/google-cloud-media_translation/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-media_translation/.toys.rb b/google-cloud-media_translation/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-media_translation/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-media_translation/AUTHENTICATION.md b/google-cloud-media_translation/AUTHENTICATION.md index 955fb650eb9e..7c8a9c244b38 100644 --- a/google-cloud-media_translation/AUTHENTICATION.md +++ b/google-cloud-media_translation/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-media_translation library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-media_translation library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export MEDIA_TRANSLATION_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/media_translation" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::MediaTranslation.speech_translation_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-media_translation library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-media_translation library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-media_translation -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::MediaTranslation::V1beta1::SpeechTranslationService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `MEDIA_TRANSLATION_CREDENTIALS` - Path to JSON file, or JSON contents -* `MEDIA_TRANSLATION_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/media_translation" - -ENV["MEDIA_TRANSLATION_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::MediaTranslation.speech_translation_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/media_translation" client = Google::Cloud::MediaTranslation.speech_translation_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/media_translation" Google::Cloud::MediaTranslation.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::MediaTranslation.speech_translation_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-media_translation +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/media_translation" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-media_translation. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::MediaTranslation.speech_translation_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-memcache/.owlbot-manifest.json b/google-cloud-memcache/.owlbot-manifest.json index c87f34edb9e1..6bd6f93dca7c 100644 --- a/google-cloud-memcache/.owlbot-manifest.json +++ b/google-cloud-memcache/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-memcache/.toys.rb b/google-cloud-memcache/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-memcache/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-memcache/AUTHENTICATION.md b/google-cloud-memcache/AUTHENTICATION.md index e78dea2bab48..25561c3ce8f2 100644 --- a/google-cloud-memcache/AUTHENTICATION.md +++ b/google-cloud-memcache/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-memcache library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-memcache library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export MEMCACHE_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/memcache" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Memcache.cloud_memcache +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-memcache library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-memcache library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-memcache -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Memcache::V1beta2::CloudMemcache::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `MEMCACHE_CREDENTIALS` - Path to JSON file, or JSON contents -* `MEMCACHE_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/memcache" - -ENV["MEMCACHE_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Memcache.cloud_memcache -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/memcache" client = Google::Cloud::Memcache.cloud_memcache do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/memcache" Google::Cloud::Memcache.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Memcache.cloud_memcache ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-memcache +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/memcache" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-memcache. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Memcache.cloud_memcache +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-metastore/.owlbot-manifest.json b/google-cloud-metastore/.owlbot-manifest.json index 4d1efa93eee9..c15d8e781109 100644 --- a/google-cloud-metastore/.owlbot-manifest.json +++ b/google-cloud-metastore/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-metastore/.toys.rb b/google-cloud-metastore/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-metastore/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-metastore/AUTHENTICATION.md b/google-cloud-metastore/AUTHENTICATION.md index 30e893353100..1e0366853cb0 100644 --- a/google-cloud-metastore/AUTHENTICATION.md +++ b/google-cloud-metastore/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-metastore library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-metastore library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export METASTORE_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/metastore" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Metastore.dataproc_metastore +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-metastore library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-metastore library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-metastore -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Metastore::V1::DataprocMetastore::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `METASTORE_CREDENTIALS` - Path to JSON file, or JSON contents -* `METASTORE_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/metastore" - -ENV["METASTORE_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Metastore.dataproc_metastore -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/metastore" client = Google::Cloud::Metastore.dataproc_metastore do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/metastore" Google::Cloud::Metastore.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Metastore.dataproc_metastore ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-metastore +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/metastore" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-metastore. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Metastore.dataproc_metastore +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-migration_center/.owlbot-manifest.json b/google-cloud-migration_center/.owlbot-manifest.json index 4bbec0a2dec3..87ff813929d7 100644 --- a/google-cloud-migration_center/.owlbot-manifest.json +++ b/google-cloud-migration_center/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-migration_center/.toys.rb b/google-cloud-migration_center/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-migration_center/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-migration_center/AUTHENTICATION.md b/google-cloud-migration_center/AUTHENTICATION.md index 33b2c11b70ce..6191260572b4 100644 --- a/google-cloud-migration_center/AUTHENTICATION.md +++ b/google-cloud-migration_center/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-migration_center library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-migration_center library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/migration_center" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::MigrationCenter.migration_center +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-migration_center library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-migration_center library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-migration_center -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::MigrationCenter::V1::MigrationCenter::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/migration_center" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::MigrationCenter.migration_center -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/migration_center" client = Google::Cloud::MigrationCenter.migration_center do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/migration_center" Google::Cloud::MigrationCenter.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::MigrationCenter.migration_center ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-migration_center +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/migration_center" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-migration_center. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::MigrationCenter.migration_center +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-monitoring/.owlbot-manifest.json b/google-cloud-monitoring/.owlbot-manifest.json index c55de3dd4ec9..5529dc3074c3 100644 --- a/google-cloud-monitoring/.owlbot-manifest.json +++ b/google-cloud-monitoring/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-monitoring/.toys.rb b/google-cloud-monitoring/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-monitoring/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-monitoring/AUTHENTICATION.md b/google-cloud-monitoring/AUTHENTICATION.md index 24d90c9b905e..349c4e89f097 100644 --- a/google-cloud-monitoring/AUTHENTICATION.md +++ b/google-cloud-monitoring/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-monitoring library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-monitoring library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export MONITORING_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/monitoring" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Monitoring.alert_policy_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-monitoring library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-monitoring library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-monitoring -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Monitoring::V3::AlertPolicyService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `MONITORING_CREDENTIALS` - Path to JSON file, or JSON contents -* `MONITORING_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/monitoring" - -ENV["MONITORING_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Monitoring.alert_policy_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/monitoring" client = Google::Cloud::Monitoring.alert_policy_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/monitoring" Google::Cloud::Monitoring.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Monitoring.alert_policy_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-monitoring +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/monitoring" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-monitoring. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Monitoring.alert_policy_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-netapp/.owlbot-manifest.json b/google-cloud-netapp/.owlbot-manifest.json index 450978a1f3f8..de7e87a5c654 100644 --- a/google-cloud-netapp/.owlbot-manifest.json +++ b/google-cloud-netapp/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-netapp/.toys.rb b/google-cloud-netapp/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-netapp/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-netapp/AUTHENTICATION.md b/google-cloud-netapp/AUTHENTICATION.md index 43ab3492d69f..f7e7aa3c23f5 100644 --- a/google-cloud-netapp/AUTHENTICATION.md +++ b/google-cloud-netapp/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-netapp library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-netapp library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/netapp" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::NetApp.netapp +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-netapp library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-netapp library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-netapp -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::NetApp::V1::NetApp::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/netapp" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::NetApp.netapp -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/netapp" client = Google::Cloud::NetApp.netapp do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/netapp" Google::Cloud::NetApp.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::NetApp.netapp ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-netapp +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/netapp" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-netapp. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::NetApp.netapp +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-network_connectivity/.owlbot-manifest.json b/google-cloud-network_connectivity/.owlbot-manifest.json index f56034610c6f..b970ca0ab26d 100644 --- a/google-cloud-network_connectivity/.owlbot-manifest.json +++ b/google-cloud-network_connectivity/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-network_connectivity/.toys.rb b/google-cloud-network_connectivity/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-network_connectivity/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-network_connectivity/AUTHENTICATION.md b/google-cloud-network_connectivity/AUTHENTICATION.md index 73e5e4d9caf2..bbe1a30ebac2 100644 --- a/google-cloud-network_connectivity/AUTHENTICATION.md +++ b/google-cloud-network_connectivity/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-network_connectivity library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-network_connectivity library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export NETWORK_CONNECTIVITY_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/network_connectivity" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::NetworkConnectivity.hub_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-network_connectivity library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-network_connectivity library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-network_connectivity -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::NetworkConnectivity::V1::HubService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `NETWORK_CONNECTIVITY_CREDENTIALS` - Path to JSON file, or JSON contents -* `NETWORK_CONNECTIVITY_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/network_connectivity" - -ENV["NETWORK_CONNECTIVITY_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::NetworkConnectivity.hub_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/network_connectivity" client = Google::Cloud::NetworkConnectivity.hub_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/network_connectivity" Google::Cloud::NetworkConnectivity.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::NetworkConnectivity.hub_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-network_connectivity +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/network_connectivity" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-network_connectivity. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::NetworkConnectivity.hub_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-network_management/.owlbot-manifest.json b/google-cloud-network_management/.owlbot-manifest.json index 502866822857..8c77cd98b5ad 100644 --- a/google-cloud-network_management/.owlbot-manifest.json +++ b/google-cloud-network_management/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-network_management/.toys.rb b/google-cloud-network_management/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-network_management/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-network_management/AUTHENTICATION.md b/google-cloud-network_management/AUTHENTICATION.md index 2e0a25755b60..5409d91d56fe 100644 --- a/google-cloud-network_management/AUTHENTICATION.md +++ b/google-cloud-network_management/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-network_management library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-network_management library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/network_management" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::NetworkManagement.reachability_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-network_management library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-network_management library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-network_management -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::NetworkManagement::V1::ReachabilityService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/network_management" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::NetworkManagement.reachability_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/network_management" client = Google::Cloud::NetworkManagement.reachability_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/network_management" Google::Cloud::NetworkManagement.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::NetworkManagement.reachability_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-network_management +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/network_management" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-network_management. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::NetworkManagement.reachability_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-network_security/.owlbot-manifest.json b/google-cloud-network_security/.owlbot-manifest.json index c3b14690affd..a8565fca7a86 100644 --- a/google-cloud-network_security/.owlbot-manifest.json +++ b/google-cloud-network_security/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-network_security/.toys.rb b/google-cloud-network_security/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-network_security/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-network_security/AUTHENTICATION.md b/google-cloud-network_security/AUTHENTICATION.md index 37c5046d0b45..972132bc33cf 100644 --- a/google-cloud-network_security/AUTHENTICATION.md +++ b/google-cloud-network_security/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-network_security library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-network_security library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/network_security" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::NetworkSecurity.network_security +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-network_security library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-network_security library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-network_security -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::NetworkSecurity::V1beta1::NetworkSecurity::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/network_security" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::NetworkSecurity.network_security -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/network_security" client = Google::Cloud::NetworkSecurity.network_security do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/network_security" Google::Cloud::NetworkSecurity.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::NetworkSecurity.network_security ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-network_security +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/network_security" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-network_security. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::NetworkSecurity.network_security +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-notebooks/.owlbot-manifest.json b/google-cloud-notebooks/.owlbot-manifest.json index a90d46d84130..5b71e0868156 100644 --- a/google-cloud-notebooks/.owlbot-manifest.json +++ b/google-cloud-notebooks/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-notebooks/.toys.rb b/google-cloud-notebooks/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-notebooks/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-notebooks/AUTHENTICATION.md b/google-cloud-notebooks/AUTHENTICATION.md index d775aa00726f..52eebf943559 100644 --- a/google-cloud-notebooks/AUTHENTICATION.md +++ b/google-cloud-notebooks/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-notebooks library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-notebooks library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export NOTEBOOKS_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/notebooks" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Notebooks.notebook_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-notebooks library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-notebooks library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-notebooks -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Notebooks::V1beta1::NotebookService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `NOTEBOOKS_CREDENTIALS` - Path to JSON file, or JSON contents -* `NOTEBOOKS_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/notebooks" - -ENV["NOTEBOOKS_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Notebooks.notebook_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/notebooks" client = Google::Cloud::Notebooks.notebook_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/notebooks" Google::Cloud::Notebooks.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Notebooks.notebook_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-notebooks +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/notebooks" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-notebooks. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Notebooks.notebook_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-optimization/.owlbot-manifest.json b/google-cloud-optimization/.owlbot-manifest.json index dce30a9364f9..6ccb99e93620 100644 --- a/google-cloud-optimization/.owlbot-manifest.json +++ b/google-cloud-optimization/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-optimization/.toys.rb b/google-cloud-optimization/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-optimization/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-optimization/AUTHENTICATION.md b/google-cloud-optimization/AUTHENTICATION.md index bfd5c7a9d513..1dd45fb9695e 100644 --- a/google-cloud-optimization/AUTHENTICATION.md +++ b/google-cloud-optimization/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-optimization library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-optimization library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/optimization" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Optimization.fleet_routing +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-optimization library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-optimization library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-optimization -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Optimization::V1::FleetRouting::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/optimization" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Optimization.fleet_routing -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/optimization" client = Google::Cloud::Optimization.fleet_routing do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/optimization" Google::Cloud::Optimization.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Optimization.fleet_routing ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-optimization +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/optimization" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-optimization. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Optimization.fleet_routing +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-orchestration-airflow-service/.owlbot-manifest.json b/google-cloud-orchestration-airflow-service/.owlbot-manifest.json index 50762076092d..cea957c5bae2 100644 --- a/google-cloud-orchestration-airflow-service/.owlbot-manifest.json +++ b/google-cloud-orchestration-airflow-service/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-orchestration-airflow-service/.toys.rb b/google-cloud-orchestration-airflow-service/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-orchestration-airflow-service/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-orchestration-airflow-service/AUTHENTICATION.md b/google-cloud-orchestration-airflow-service/AUTHENTICATION.md index f22b807b7f4b..16a6241392df 100644 --- a/google-cloud-orchestration-airflow-service/AUTHENTICATION.md +++ b/google-cloud-orchestration-airflow-service/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-orchestration-airflow-service library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-orchestration-airflow-service library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/orchestration/airflow/service" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Orchestration::Airflow::Service.environments +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-orchestration-airflow-service library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-orchestration-airflow-service library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-orchestration-airflow-service -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Orchestration::Airflow::Service::V1::Environments::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/orchestration/airflow/service" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Orchestration::Airflow::Service.environments -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/orchestration/airflow/service" client = Google::Cloud::Orchestration::Airflow::Service.environments do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/orchestration/airflow/service" Google::Cloud::Orchestration::Airflow::Service.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Orchestration::Airflow::Service.environments ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-orchestration-airflow-service +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/orchestration/airflow/service" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-orchestration-airflow-service. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Orchestration::Airflow::Service.environments +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).