diff --git a/google-cloud-video-stitcher/.owlbot-manifest.json b/google-cloud-video-stitcher/.owlbot-manifest.json index 2359abc8f6ca..219ef3903549 100644 --- a/google-cloud-video-stitcher/.owlbot-manifest.json +++ b/google-cloud-video-stitcher/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-video-stitcher/.toys.rb b/google-cloud-video-stitcher/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-video-stitcher/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-video-stitcher/AUTHENTICATION.md b/google-cloud-video-stitcher/AUTHENTICATION.md index 591ef630ce93..29291481d100 100644 --- a/google-cloud-video-stitcher/AUTHENTICATION.md +++ b/google-cloud-video-stitcher/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-video-stitcher library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-video-stitcher library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/video/stitcher" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Video::Stitcher.video_stitcher_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-video-stitcher library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-video-stitcher library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-video-stitcher -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Video::Stitcher::V1::VideoStitcherService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/video/stitcher" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Video::Stitcher.video_stitcher_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/video/stitcher" client = Google::Cloud::Video::Stitcher.video_stitcher_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/video/stitcher" Google::Cloud::Video::Stitcher.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Video::Stitcher.video_stitcher_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-video-stitcher +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/video/stitcher" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-video-stitcher. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Video::Stitcher.video_stitcher_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-video-transcoder/.owlbot-manifest.json b/google-cloud-video-transcoder/.owlbot-manifest.json index f3d69bca2ea4..6b5e8b29ad5f 100644 --- a/google-cloud-video-transcoder/.owlbot-manifest.json +++ b/google-cloud-video-transcoder/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-video-transcoder/.toys.rb b/google-cloud-video-transcoder/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-video-transcoder/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-video-transcoder/AUTHENTICATION.md b/google-cloud-video-transcoder/AUTHENTICATION.md index 852b29456711..ca4fc9490fae 100644 --- a/google-cloud-video-transcoder/AUTHENTICATION.md +++ b/google-cloud-video-transcoder/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-video-transcoder library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-video-transcoder library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export TRANSCODER_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/video/transcoder" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Video::Transcoder.transcoder_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-video-transcoder library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-video-transcoder library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-video-transcoder -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Video::Transcoder::V1::TranscoderService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `TRANSCODER_CREDENTIALS` - Path to JSON file, or JSON contents -* `TRANSCODER_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/video/transcoder" - -ENV["TRANSCODER_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Video::Transcoder.transcoder_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/video/transcoder" client = Google::Cloud::Video::Transcoder.transcoder_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/video/transcoder" Google::Cloud::Video::Transcoder.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Video::Transcoder.transcoder_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-video-transcoder +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/video/transcoder" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-video-transcoder. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Video::Transcoder.transcoder_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-video_intelligence/.owlbot-manifest.json b/google-cloud-video_intelligence/.owlbot-manifest.json index 769f1252307b..7f6cd7bdf709 100644 --- a/google-cloud-video_intelligence/.owlbot-manifest.json +++ b/google-cloud-video_intelligence/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-video_intelligence/.toys.rb b/google-cloud-video_intelligence/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-video_intelligence/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-video_intelligence/AUTHENTICATION.md b/google-cloud-video_intelligence/AUTHENTICATION.md index 0160c41f7174..50632cc6b490 100644 --- a/google-cloud-video_intelligence/AUTHENTICATION.md +++ b/google-cloud-video_intelligence/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-video_intelligence library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-video_intelligence library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export VIDEO_INTELLIGENCE_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/video_intelligence" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::VideoIntelligence.video_intelligence_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-video_intelligence library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-video_intelligence library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-video_intelligence -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::VideoIntelligence::V1::VideoIntelligenceService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `VIDEO_INTELLIGENCE_CREDENTIALS` - Path to JSON file, or JSON contents -* `VIDEO_INTELLIGENCE_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/video_intelligence" - -ENV["VIDEO_INTELLIGENCE_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::VideoIntelligence.video_intelligence_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/video_intelligence" client = Google::Cloud::VideoIntelligence.video_intelligence_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/video_intelligence" Google::Cloud::VideoIntelligence.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::VideoIntelligence.video_intelligence_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-video_intelligence +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/video_intelligence" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-video_intelligence. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::VideoIntelligence.video_intelligence_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-vision/.owlbot-manifest.json b/google-cloud-vision/.owlbot-manifest.json index e6bc84abb5ea..46f5bc3bbcc8 100644 --- a/google-cloud-vision/.owlbot-manifest.json +++ b/google-cloud-vision/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-vision/.toys.rb b/google-cloud-vision/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-vision/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-vision/AUTHENTICATION.md b/google-cloud-vision/AUTHENTICATION.md index f86018267176..78f8aa975d0f 100644 --- a/google-cloud-vision/AUTHENTICATION.md +++ b/google-cloud-vision/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-vision library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-vision library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export VISION_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/vision" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Vision.product_search +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-vision library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-vision library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-vision -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Vision::V1::ProductSearch::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `VISION_CREDENTIALS` - Path to JSON file, or JSON contents -* `VISION_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/vision" - -ENV["VISION_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Vision.product_search -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/vision" client = Google::Cloud::Vision.product_search do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/vision" Google::Cloud::Vision.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Vision.product_search ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-vision +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/vision" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-vision. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Vision.product_search +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-vm_migration/.owlbot-manifest.json b/google-cloud-vm_migration/.owlbot-manifest.json index 71bae4b7992a..1b0e1d52dda8 100644 --- a/google-cloud-vm_migration/.owlbot-manifest.json +++ b/google-cloud-vm_migration/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-vm_migration/.toys.rb b/google-cloud-vm_migration/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-vm_migration/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-vm_migration/AUTHENTICATION.md b/google-cloud-vm_migration/AUTHENTICATION.md index 6808081f8afa..0049961c9a33 100755 --- a/google-cloud-vm_migration/AUTHENTICATION.md +++ b/google-cloud-vm_migration/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-vm_migration library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-vm_migration library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/vm_migration" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::VMMigration.vm_migration +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-vm_migration library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-vm_migration library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-vm_migration -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::VMMigration::V1::VMMigration::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/vm_migration" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::VMMigration.vm_migration -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/vm_migration" client = Google::Cloud::VMMigration.vm_migration do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/vm_migration" Google::Cloud::VMMigration.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::VMMigration.vm_migration ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-vm_migration +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/vm_migration" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-vm_migration. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::VMMigration.vm_migration +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-vmware_engine/.owlbot-manifest.json b/google-cloud-vmware_engine/.owlbot-manifest.json index 251006388d11..e99cc4c12e69 100644 --- a/google-cloud-vmware_engine/.owlbot-manifest.json +++ b/google-cloud-vmware_engine/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-vmware_engine/.toys.rb b/google-cloud-vmware_engine/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-vmware_engine/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-vmware_engine/AUTHENTICATION.md b/google-cloud-vmware_engine/AUTHENTICATION.md index 8d2f13379a26..374984db0f3a 100644 --- a/google-cloud-vmware_engine/AUTHENTICATION.md +++ b/google-cloud-vmware_engine/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-vmware_engine library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-vmware_engine library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/vmware_engine" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::VmwareEngine.vmware_engine +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-vmware_engine library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-vmware_engine library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-vmware_engine -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::VmwareEngine::V1::VmwareEngine::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/vmware_engine" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::VmwareEngine.vmware_engine -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/vmware_engine" client = Google::Cloud::VmwareEngine.vmware_engine do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/vmware_engine" Google::Cloud::VmwareEngine.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::VmwareEngine.vmware_engine ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-vmware_engine +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/vmware_engine" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-vmware_engine. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::VmwareEngine.vmware_engine +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-vpc_access/.owlbot-manifest.json b/google-cloud-vpc_access/.owlbot-manifest.json index 0ace1545be1a..7a04ad96399a 100644 --- a/google-cloud-vpc_access/.owlbot-manifest.json +++ b/google-cloud-vpc_access/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-vpc_access/.toys.rb b/google-cloud-vpc_access/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-vpc_access/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-vpc_access/AUTHENTICATION.md b/google-cloud-vpc_access/AUTHENTICATION.md index f98341fd49d1..89d9c318560a 100644 --- a/google-cloud-vpc_access/AUTHENTICATION.md +++ b/google-cloud-vpc_access/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-vpc_access library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-vpc_access library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export VPC_ACCESS_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/vpc_access" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::VpcAccess.vpc_access_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-vpc_access library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-vpc_access library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-vpc_access -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::VpcAccess::V1::VpcAccessService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `VPC_ACCESS_CREDENTIALS` - Path to JSON file, or JSON contents -* `VPC_ACCESS_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/vpc_access" - -ENV["VPC_ACCESS_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::VpcAccess.vpc_access_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/vpc_access" client = Google::Cloud::VpcAccess.vpc_access_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/vpc_access" Google::Cloud::VpcAccess.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::VpcAccess.vpc_access_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-vpc_access +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/vpc_access" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-vpc_access. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::VpcAccess.vpc_access_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).