From fc0079507cbf2361240acc9c5a020ca78bb36f72 Mon Sep 17 00:00:00 2001 From: yoshi-code-bot <70984784+yoshi-code-bot@users.noreply.github.com> Date: Wed, 10 Jan 2024 11:00:14 -0800 Subject: [PATCH] chore(multi): Add toys file and update authentication documentation (#23809) --- .../.owlbot-manifest.json | 1 + google-cloud-data_catalog-lineage/.toys.rb | 28 +++ .../AUTHENTICATION.md | 171 ++++++++--------- .../.owlbot-manifest.json | 1 + google-cloud-data_catalog/.toys.rb | 28 +++ google-cloud-data_catalog/AUTHENTICATION.md | 173 ++++++++---------- .../.owlbot-manifest.json | 1 + google-cloud-data_fusion/.toys.rb | 28 +++ google-cloud-data_fusion/AUTHENTICATION.md | 171 ++++++++--------- .../.owlbot-manifest.json | 1 + google-cloud-data_labeling/.toys.rb | 28 +++ google-cloud-data_labeling/AUTHENTICATION.md | 173 ++++++++---------- google-cloud-dataflow/.owlbot-manifest.json | 1 + google-cloud-dataflow/.toys.rb | 28 +++ google-cloud-dataflow/AUTHENTICATION.md | 173 ++++++++---------- google-cloud-dataform/.owlbot-manifest.json | 1 + google-cloud-dataform/.toys.rb | 28 +++ google-cloud-dataform/AUTHENTICATION.md | 171 ++++++++--------- google-cloud-dataplex/.owlbot-manifest.json | 1 + google-cloud-dataplex/.toys.rb | 28 +++ google-cloud-dataplex/AUTHENTICATION.md | 171 ++++++++--------- google-cloud-dataproc/.owlbot-manifest.json | 1 + google-cloud-dataproc/.toys.rb | 28 +++ google-cloud-dataproc/AUTHENTICATION.md | 173 ++++++++---------- google-cloud-dataqna/.owlbot-manifest.json | 1 + google-cloud-dataqna/.toys.rb | 28 +++ google-cloud-dataqna/AUTHENTICATION.md | 173 ++++++++---------- .../.owlbot-manifest.json | 1 + google-cloud-datastore-admin/.toys.rb | 28 +++ .../AUTHENTICATION.md | 173 ++++++++---------- google-cloud-datastream/.owlbot-manifest.json | 1 + google-cloud-datastream/.toys.rb | 28 +++ google-cloud-datastream/AUTHENTICATION.md | 171 ++++++++--------- google-cloud-deploy/.owlbot-manifest.json | 1 + google-cloud-deploy/.toys.rb | 28 +++ google-cloud-deploy/AUTHENTICATION.md | 171 ++++++++--------- google-cloud-dialogflow/.owlbot-manifest.json | 1 + google-cloud-dialogflow/.toys.rb | 28 +++ google-cloud-dialogflow/AUTHENTICATION.md | 173 ++++++++---------- .../.owlbot-manifest.json | 1 + google-cloud-discovery_engine/.toys.rb | 28 +++ .../AUTHENTICATION.md | 171 ++++++++--------- google-cloud-dlp/.owlbot-manifest.json | 1 + google-cloud-dlp/.toys.rb | 28 +++ google-cloud-dlp/AUTHENTICATION.md | 173 ++++++++---------- .../.owlbot-manifest.json | 1 + google-cloud-document_ai/.toys.rb | 28 +++ google-cloud-document_ai/AUTHENTICATION.md | 173 ++++++++---------- 48 files changed, 1616 insertions(+), 1602 deletions(-) create mode 100644 google-cloud-data_catalog-lineage/.toys.rb create mode 100644 google-cloud-data_catalog/.toys.rb create mode 100644 google-cloud-data_fusion/.toys.rb create mode 100644 google-cloud-data_labeling/.toys.rb create mode 100644 google-cloud-dataflow/.toys.rb create mode 100644 google-cloud-dataform/.toys.rb create mode 100644 google-cloud-dataplex/.toys.rb create mode 100644 google-cloud-dataproc/.toys.rb create mode 100644 google-cloud-dataqna/.toys.rb create mode 100644 google-cloud-datastore-admin/.toys.rb create mode 100644 google-cloud-datastream/.toys.rb create mode 100644 google-cloud-deploy/.toys.rb create mode 100644 google-cloud-dialogflow/.toys.rb create mode 100644 google-cloud-discovery_engine/.toys.rb create mode 100644 google-cloud-dlp/.toys.rb create mode 100644 google-cloud-document_ai/.toys.rb diff --git a/google-cloud-data_catalog-lineage/.owlbot-manifest.json b/google-cloud-data_catalog-lineage/.owlbot-manifest.json index 8acfc85ccdaa..7f86fc197407 100644 --- a/google-cloud-data_catalog-lineage/.owlbot-manifest.json +++ b/google-cloud-data_catalog-lineage/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-data_catalog-lineage/.toys.rb b/google-cloud-data_catalog-lineage/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-data_catalog-lineage/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-data_catalog-lineage/AUTHENTICATION.md b/google-cloud-data_catalog-lineage/AUTHENTICATION.md index cdd8145d873a..264f8d4f3a59 100644 --- a/google-cloud-data_catalog-lineage/AUTHENTICATION.md +++ b/google-cloud-data_catalog-lineage/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-data_catalog-lineage library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-data_catalog-lineage library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/data_catalog/lineage" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DataCatalog::Lineage.lineage +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-data_catalog-lineage library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-data_catalog-lineage library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-data_catalog-lineage -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DataCatalog::Lineage::V1::Lineage::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/data_catalog/lineage" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DataCatalog::Lineage.lineage -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/data_catalog/lineage" client = Google::Cloud::DataCatalog::Lineage.lineage do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/data_catalog/lineage" Google::Cloud::DataCatalog::Lineage.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DataCatalog::Lineage.lineage ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-data_catalog-lineage +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/data_catalog/lineage" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-data_catalog-lineage. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DataCatalog::Lineage.lineage +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-data_catalog/.owlbot-manifest.json b/google-cloud-data_catalog/.owlbot-manifest.json index 02b45be64ee5..06709b42e5af 100644 --- a/google-cloud-data_catalog/.owlbot-manifest.json +++ b/google-cloud-data_catalog/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-data_catalog/.toys.rb b/google-cloud-data_catalog/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-data_catalog/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-data_catalog/AUTHENTICATION.md b/google-cloud-data_catalog/AUTHENTICATION.md index a7768b6bcf88..ff13405d40a0 100644 --- a/google-cloud-data_catalog/AUTHENTICATION.md +++ b/google-cloud-data_catalog/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-data_catalog library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-data_catalog library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DATA_CATALOG_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/data_catalog" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DataCatalog.data_catalog +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-data_catalog library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-data_catalog library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-data_catalog -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DataCatalog::V1::DataCatalog::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DATA_CATALOG_CREDENTIALS` - Path to JSON file, or JSON contents -* `DATA_CATALOG_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/data_catalog" - -ENV["DATA_CATALOG_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DataCatalog.data_catalog -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/data_catalog" client = Google::Cloud::DataCatalog.data_catalog do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/data_catalog" Google::Cloud::DataCatalog.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DataCatalog.data_catalog ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-data_catalog +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/data_catalog" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-data_catalog. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DataCatalog.data_catalog +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-data_fusion/.owlbot-manifest.json b/google-cloud-data_fusion/.owlbot-manifest.json index c183090a37f8..b20c8b623e90 100644 --- a/google-cloud-data_fusion/.owlbot-manifest.json +++ b/google-cloud-data_fusion/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-data_fusion/.toys.rb b/google-cloud-data_fusion/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-data_fusion/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-data_fusion/AUTHENTICATION.md b/google-cloud-data_fusion/AUTHENTICATION.md index 3f529795c8f2..112617f229a5 100644 --- a/google-cloud-data_fusion/AUTHENTICATION.md +++ b/google-cloud-data_fusion/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-data_fusion library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-data_fusion library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/data_fusion" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DataFusion.data_fusion +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-data_fusion library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-data_fusion library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-data_fusion -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DataFusion::V1::DataFusion::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/data_fusion" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DataFusion.data_fusion -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/data_fusion" client = Google::Cloud::DataFusion.data_fusion do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/data_fusion" Google::Cloud::DataFusion.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DataFusion.data_fusion ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-data_fusion +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/data_fusion" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-data_fusion. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DataFusion.data_fusion +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-data_labeling/.owlbot-manifest.json b/google-cloud-data_labeling/.owlbot-manifest.json index 4fc19fcfc340..6bfa8a14881b 100644 --- a/google-cloud-data_labeling/.owlbot-manifest.json +++ b/google-cloud-data_labeling/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-data_labeling/.toys.rb b/google-cloud-data_labeling/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-data_labeling/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-data_labeling/AUTHENTICATION.md b/google-cloud-data_labeling/AUTHENTICATION.md index cda7921beb80..61eedf6ed6d4 100644 --- a/google-cloud-data_labeling/AUTHENTICATION.md +++ b/google-cloud-data_labeling/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-data_labeling library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-data_labeling library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DATA_LABELING_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/data_labeling" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DataLabeling.data_labeling_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-data_labeling library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-data_labeling library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-data_labeling -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DataLabeling::V1beta1::DataLabelingService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DATA_LABELING_CREDENTIALS` - Path to JSON file, or JSON contents -* `DATA_LABELING_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/data_labeling" - -ENV["DATA_LABELING_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DataLabeling.data_labeling_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/data_labeling" client = Google::Cloud::DataLabeling.data_labeling_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/data_labeling" Google::Cloud::DataLabeling.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DataLabeling.data_labeling_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-data_labeling +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/data_labeling" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-data_labeling. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DataLabeling.data_labeling_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dataflow/.owlbot-manifest.json b/google-cloud-dataflow/.owlbot-manifest.json index 2991bc3ae808..a9f783450b07 100644 --- a/google-cloud-dataflow/.owlbot-manifest.json +++ b/google-cloud-dataflow/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dataflow/.toys.rb b/google-cloud-dataflow/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dataflow/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dataflow/AUTHENTICATION.md b/google-cloud-dataflow/AUTHENTICATION.md index fc6513757872..7c3c71310bb3 100644 --- a/google-cloud-dataflow/AUTHENTICATION.md +++ b/google-cloud-dataflow/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-dataflow library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dataflow library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DATAFLOW_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dataflow" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Dataflow.snapshots +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dataflow library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dataflow library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dataflow -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Dataflow::V1beta3::Snapshots::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DATAFLOW_CREDENTIALS` - Path to JSON file, or JSON contents -* `DATAFLOW_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dataflow" - -ENV["DATAFLOW_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Dataflow.snapshots -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dataflow" client = Google::Cloud::Dataflow.snapshots do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dataflow" Google::Cloud::Dataflow.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Dataflow.snapshots ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dataflow +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dataflow" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dataflow. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Dataflow.snapshots +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dataform/.owlbot-manifest.json b/google-cloud-dataform/.owlbot-manifest.json index 9fd32a240414..79966b878b59 100644 --- a/google-cloud-dataform/.owlbot-manifest.json +++ b/google-cloud-dataform/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dataform/.toys.rb b/google-cloud-dataform/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dataform/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dataform/AUTHENTICATION.md b/google-cloud-dataform/AUTHENTICATION.md index 7c93820e1438..31936a9c23a8 100644 --- a/google-cloud-dataform/AUTHENTICATION.md +++ b/google-cloud-dataform/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-dataform library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dataform library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dataform" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Dataform.dataform +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dataform library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dataform library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dataform -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Dataform::V1beta1::Dataform::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dataform" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Dataform.dataform -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dataform" client = Google::Cloud::Dataform.dataform do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dataform" Google::Cloud::Dataform.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Dataform.dataform ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dataform +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dataform" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dataform. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Dataform.dataform +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dataplex/.owlbot-manifest.json b/google-cloud-dataplex/.owlbot-manifest.json index 263f629df607..2649303203db 100644 --- a/google-cloud-dataplex/.owlbot-manifest.json +++ b/google-cloud-dataplex/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dataplex/.toys.rb b/google-cloud-dataplex/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dataplex/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dataplex/AUTHENTICATION.md b/google-cloud-dataplex/AUTHENTICATION.md index d34b675fd01d..38e956f75fb8 100644 --- a/google-cloud-dataplex/AUTHENTICATION.md +++ b/google-cloud-dataplex/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-dataplex library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dataplex library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dataplex" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Dataplex.content_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dataplex library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dataplex library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dataplex -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Dataplex::V1::ContentService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dataplex" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Dataplex.content_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dataplex" client = Google::Cloud::Dataplex.content_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dataplex" Google::Cloud::Dataplex.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Dataplex.content_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dataplex +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dataplex" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dataplex. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Dataplex.content_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dataproc/.owlbot-manifest.json b/google-cloud-dataproc/.owlbot-manifest.json index 55e37ffa6e70..7799e6fcfa4c 100644 --- a/google-cloud-dataproc/.owlbot-manifest.json +++ b/google-cloud-dataproc/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dataproc/.toys.rb b/google-cloud-dataproc/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dataproc/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dataproc/AUTHENTICATION.md b/google-cloud-dataproc/AUTHENTICATION.md index 7dd899e3600a..7f8587eec9fa 100644 --- a/google-cloud-dataproc/AUTHENTICATION.md +++ b/google-cloud-dataproc/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-dataproc library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dataproc library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DATAPROC_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dataproc" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Dataproc.autoscaling_policy_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dataproc library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dataproc library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dataproc -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Dataproc::V1::AutoscalingPolicyService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DATAPROC_CREDENTIALS` - Path to JSON file, or JSON contents -* `DATAPROC_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dataproc" - -ENV["DATAPROC_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Dataproc.autoscaling_policy_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dataproc" client = Google::Cloud::Dataproc.autoscaling_policy_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dataproc" Google::Cloud::Dataproc.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Dataproc.autoscaling_policy_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dataproc +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dataproc" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dataproc. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Dataproc.autoscaling_policy_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dataqna/.owlbot-manifest.json b/google-cloud-dataqna/.owlbot-manifest.json index dab168a8427a..9105c4eae537 100644 --- a/google-cloud-dataqna/.owlbot-manifest.json +++ b/google-cloud-dataqna/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dataqna/.toys.rb b/google-cloud-dataqna/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dataqna/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dataqna/AUTHENTICATION.md b/google-cloud-dataqna/AUTHENTICATION.md index 0b14deed52b7..ddaf1b6aba4d 100644 --- a/google-cloud-dataqna/AUTHENTICATION.md +++ b/google-cloud-dataqna/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-dataqna library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dataqna library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export BIGQUERY_DATAQNA_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dataqna" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DataQnA.auto_suggestion_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dataqna library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dataqna library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dataqna -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DataQnA::V1alpha::AutoSuggestionService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `BIGQUERY_DATAQNA_CREDENTIALS` - Path to JSON file, or JSON contents -* `BIGQUERY_DATAQNA_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dataqna" - -ENV["BIGQUERY_DATAQNA_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DataQnA.auto_suggestion_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dataqna" client = Google::Cloud::DataQnA.auto_suggestion_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dataqna" Google::Cloud::DataQnA.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DataQnA.auto_suggestion_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dataqna +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dataqna" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dataqna. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DataQnA.auto_suggestion_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-datastore-admin/.owlbot-manifest.json b/google-cloud-datastore-admin/.owlbot-manifest.json index 33db077e973b..7a1d1618f875 100644 --- a/google-cloud-datastore-admin/.owlbot-manifest.json +++ b/google-cloud-datastore-admin/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-datastore-admin/.toys.rb b/google-cloud-datastore-admin/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-datastore-admin/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-datastore-admin/AUTHENTICATION.md b/google-cloud-datastore-admin/AUTHENTICATION.md index ab3598c44de6..7fd8d664a2e6 100644 --- a/google-cloud-datastore-admin/AUTHENTICATION.md +++ b/google-cloud-datastore-admin/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-datastore-admin library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-datastore-admin library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DATASTORE_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/datastore/admin" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Datastore::Admin.datastore_admin +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-datastore-admin library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-datastore-admin library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-datastore-admin -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Datastore::Admin::V1::DatastoreAdmin::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DATASTORE_CREDENTIALS` - Path to JSON file, or JSON contents -* `DATASTORE_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/datastore/admin" - -ENV["DATASTORE_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Datastore::Admin.datastore_admin -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/datastore/admin" client = Google::Cloud::Datastore::Admin.datastore_admin do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/datastore/admin" Google::Cloud::Datastore::Admin.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Datastore::Admin.datastore_admin ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-datastore-admin +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/datastore/admin" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-datastore-admin. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Datastore::Admin.datastore_admin +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-datastream/.owlbot-manifest.json b/google-cloud-datastream/.owlbot-manifest.json index 5347f824d50e..a7315adf4250 100644 --- a/google-cloud-datastream/.owlbot-manifest.json +++ b/google-cloud-datastream/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-datastream/.toys.rb b/google-cloud-datastream/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-datastream/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-datastream/AUTHENTICATION.md b/google-cloud-datastream/AUTHENTICATION.md index 5254324b3051..aa8f82ca84b6 100644 --- a/google-cloud-datastream/AUTHENTICATION.md +++ b/google-cloud-datastream/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-datastream library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-datastream library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/datastream" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Datastream.datastream +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-datastream library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-datastream library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-datastream -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Datastream::V1::Datastream::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/datastream" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Datastream.datastream -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/datastream" client = Google::Cloud::Datastream.datastream do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/datastream" Google::Cloud::Datastream.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Datastream.datastream ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-datastream +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/datastream" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-datastream. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Datastream.datastream +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-deploy/.owlbot-manifest.json b/google-cloud-deploy/.owlbot-manifest.json index 52525058ea0a..7e1bbf502df1 100644 --- a/google-cloud-deploy/.owlbot-manifest.json +++ b/google-cloud-deploy/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-deploy/.toys.rb b/google-cloud-deploy/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-deploy/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-deploy/AUTHENTICATION.md b/google-cloud-deploy/AUTHENTICATION.md index c6957f210348..2f901720e72f 100644 --- a/google-cloud-deploy/AUTHENTICATION.md +++ b/google-cloud-deploy/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-deploy library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-deploy library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/deploy" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Deploy.cloud_deploy +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-deploy library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-deploy library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-deploy -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Deploy::V1::CloudDeploy::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/deploy" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Deploy.cloud_deploy -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/deploy" client = Google::Cloud::Deploy.cloud_deploy do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/deploy" Google::Cloud::Deploy.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Deploy.cloud_deploy ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-deploy +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/deploy" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-deploy. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Deploy.cloud_deploy +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dialogflow/.owlbot-manifest.json b/google-cloud-dialogflow/.owlbot-manifest.json index f87e42dd47f6..1dd7b2ba179a 100644 --- a/google-cloud-dialogflow/.owlbot-manifest.json +++ b/google-cloud-dialogflow/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dialogflow/.toys.rb b/google-cloud-dialogflow/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dialogflow/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dialogflow/AUTHENTICATION.md b/google-cloud-dialogflow/AUTHENTICATION.md index bcc91a4e4a73..1e9f6034be37 100644 --- a/google-cloud-dialogflow/AUTHENTICATION.md +++ b/google-cloud-dialogflow/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-dialogflow library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dialogflow library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DIALOGFLOW_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dialogflow" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Dialogflow.agents +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dialogflow library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dialogflow library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dialogflow -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Dialogflow::V2::Agents::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DIALOGFLOW_CREDENTIALS` - Path to JSON file, or JSON contents -* `DIALOGFLOW_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dialogflow" - -ENV["DIALOGFLOW_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Dialogflow.agents -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dialogflow" client = Google::Cloud::Dialogflow.agents do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dialogflow" Google::Cloud::Dialogflow.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Dialogflow.agents ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dialogflow +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dialogflow" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dialogflow. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Dialogflow.agents +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-discovery_engine/.owlbot-manifest.json b/google-cloud-discovery_engine/.owlbot-manifest.json index cafd4e9fd580..f81b7b856348 100644 --- a/google-cloud-discovery_engine/.owlbot-manifest.json +++ b/google-cloud-discovery_engine/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-discovery_engine/.toys.rb b/google-cloud-discovery_engine/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-discovery_engine/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-discovery_engine/AUTHENTICATION.md b/google-cloud-discovery_engine/AUTHENTICATION.md index e6fba3a6331e..c9b17c8083a8 100644 --- a/google-cloud-discovery_engine/AUTHENTICATION.md +++ b/google-cloud-discovery_engine/AUTHENTICATION.md @@ -1,149 +1,122 @@ # Authentication -In general, the google-cloud-discovery_engine library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-discovery_engine library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/discovery_engine" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DiscoveryEngine.completion_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-discovery_engine library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-discovery_engine library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-discovery_engine -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DiscoveryEngine::V1::CompletionService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/discovery_engine" - -ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DiscoveryEngine.completion_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/discovery_engine" client = Google::Cloud::DiscoveryEngine.completion_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/discovery_engine" Google::Cloud::DiscoveryEngine.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DiscoveryEngine.completion_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-discovery_engine +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/discovery_engine" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-discovery_engine. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DiscoveryEngine.completion_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-dlp/.owlbot-manifest.json b/google-cloud-dlp/.owlbot-manifest.json index 6a4ae5ff9572..8c71c7dcba89 100644 --- a/google-cloud-dlp/.owlbot-manifest.json +++ b/google-cloud-dlp/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-dlp/.toys.rb b/google-cloud-dlp/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-dlp/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-dlp/AUTHENTICATION.md b/google-cloud-dlp/AUTHENTICATION.md index cc3d497eb7a6..9208c6f35132 100644 --- a/google-cloud-dlp/AUTHENTICATION.md +++ b/google-cloud-dlp/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-dlp library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-dlp library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DLP_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/dlp" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::Dlp.dlp_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-dlp library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-dlp library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-dlp -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::Dlp::V2::DlpService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DLP_CREDENTIALS` - Path to JSON file, or JSON contents -* `DLP_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/dlp" - -ENV["DLP_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::Dlp.dlp_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/dlp" client = Google::Cloud::Dlp.dlp_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/dlp" Google::Cloud::Dlp.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::Dlp.dlp_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-dlp +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/dlp" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-dlp. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::Dlp.dlp_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa). diff --git a/google-cloud-document_ai/.owlbot-manifest.json b/google-cloud-document_ai/.owlbot-manifest.json index 5bb935208e2a..f4020be3fad2 100644 --- a/google-cloud-document_ai/.owlbot-manifest.json +++ b/google-cloud-document_ai/.owlbot-manifest.json @@ -3,6 +3,7 @@ ".gitignore", ".repo-metadata.json", ".rubocop.yml", + ".toys.rb", ".yardopts", "AUTHENTICATION.md", "CHANGELOG.md", diff --git a/google-cloud-document_ai/.toys.rb b/google-cloud-document_ai/.toys.rb new file mode 100644 index 000000000000..23434bdd5d5b --- /dev/null +++ b/google-cloud-document_ai/.toys.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +toys_version! ">= 0.15.3" + +if ENV["RUBY_COMMON_TOOLS"] + common_tools_dir = File.expand_path ENV["RUBY_COMMON_TOOLS"] + load File.join(common_tools_dir, "toys", "gapic") +else + load_git remote: "https://github.com/googleapis/ruby-common-tools.git", + path: "toys/gapic", + update: true +end diff --git a/google-cloud-document_ai/AUTHENTICATION.md b/google-cloud-document_ai/AUTHENTICATION.md index 0868c96df791..5f01d23d10d6 100644 --- a/google-cloud-document_ai/AUTHENTICATION.md +++ b/google-cloud-document_ai/AUTHENTICATION.md @@ -1,151 +1,122 @@ # Authentication -In general, the google-cloud-document_ai library uses -[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) -credentials to connect to Google Cloud services. When running within -[Google Cloud Platform environments](#google-cloud-platform-environments) the -credentials will be discovered automatically. When running on other -environments, the Service Account credentials can be specified by providing the -path to the -[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys) -for the account (or the JSON itself) in -[environment variables](#environment-variables). Additionally, Cloud SDK -credentials can also be discovered automatically, but this is only recommended -during development. +The recommended way to authenticate to the google-cloud-document_ai library is to use +[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials). +To review all of your authentication options, see [Credentials lookup](#credential-lookup). ## Quickstart -1. [Create a service account and credentials](#creating-a-service-account). -2. Set the [environment variable](#environment-variables). +The following example shows how to set up authentication for a local development +environment with your user credentials. -```sh -export DOCUMENT_AI_CREDENTIALS=path/to/keyfile.json -``` - -3. Initialize the client. +**NOTE:** This method is _not_ recommended for running in production. User credentials +should be used only during development. -```ruby -require "google/cloud/document_ai" +1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk). +2. Set up a local ADC file with your user credentials: -client = Google::Cloud::DocumentAI.document_processor_service +```sh +gcloud auth application-default login ``` -## Credential Lookup - -The google-cloud-document_ai library aims to make authentication -as simple as possible, and provides several mechanisms to configure your system -without requiring **Service Account Credentials** directly in code. - -**Credentials** are discovered in the following order: - -1. Specify credentials in method arguments -2. Specify credentials in configuration -3. Discover credentials path in environment variables -4. Discover credentials JSON in environment variables -5. Discover credentials file in the Cloud SDK's path -6. Discover GCP credentials - -### Google Cloud Platform environments +3. Write code as if already authenticated. -When running on Google Cloud Platform (GCP), including Google Compute Engine -(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud -Functions (GCF) and Cloud Run, **Credentials** are discovered automatically. -Code should be written as if already authenticated. +For more information about setting up authentication for a local development environment, see +[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev). -### Environment Variables +## Credential Lookup -The **Credentials JSON** can be placed in environment variables instead of -declaring them directly in code. Each service has its own environment variable, -allowing for different service accounts to be used for different services. (See -the READMEs for the individual service gems for details.) The path to the -**Credentials JSON** file can be stored in the environment variable, or the -**Credentials JSON** itself can be stored for environments such as Docker -containers where writing files is difficult or not encouraged. +The google-cloud-document_ai library provides several mechanisms to configure your system. +Generally, using Application Default Credentials to facilitate automatic +credentials discovery is the easist method. But if you need to explicitly specify +credentials, there are several methods available to you. -The environment variables that google-cloud-document_ai -checks for credentials are configured on the service Credentials class (such as -`::Google::Cloud::DocumentAI::V1::DocumentProcessorService::Credentials`): +Credentials are accepted in the following ways, in the following order or precedence: -* `DOCUMENT_AI_CREDENTIALS` - Path to JSON file, or JSON contents -* `DOCUMENT_AI_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents -* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents -* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file +1. Credentials specified in method arguments +2. Credentials specified in configuration +3. Credentials pointed to or included in environment variables +4. Credentials found in local ADC file +5. Credentials returned by the metadata server for the attached service account (GCP) -```ruby -require "google/cloud/document_ai" - -ENV["DOCUMENT_AI_CREDENTIALS"] = "path/to/keyfile.json" +### Configuration -client = Google::Cloud::DocumentAI.document_processor_service -``` +You can configure a path to a JSON credentials file, either for an individual client object or +globally, for all client objects. The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -### Configuration +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. -The path to the **Credentials JSON** file can be configured instead of storing -it in an environment variable. Either on an individual client initialization: +To configure a credentials file for an individual client initialization: ```ruby require "google/cloud/document_ai" client = Google::Cloud::DocumentAI.document_processor_service do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end ``` -Or globally for all clients: +To configure a credentials file globally for all clients: ```ruby require "google/cloud/document_ai" Google::Cloud::DocumentAI.configure do |config| - config.credentials = "path/to/keyfile.json" + config.credentials = "path/to/credentialfile.json" end client = Google::Cloud::DocumentAI.document_processor_service ``` -### Cloud SDK +### Environment Variables -This option allows for an easy way to authenticate during development. If -credentials are not provided in code or in environment variables, then Cloud SDK -credentials are discovered. +You can also use an environment variable to provide a JSON credentials file. +The environment variable can contain a path to the credentials file or, for +environments such as Docker containers where writing files is not encouraged, +you can include the credentials file itself. -To configure your system for this, simply: +The JSON file can contain credentials created for +[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation), +[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a +[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key). -1. [Download and install the Cloud SDK](https://cloud.google.com/sdk) -2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login` -3. Write code as if already authenticated. +Note: Service account keys are a security risk if not managed correctly. You should +[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree) +whenever possible. + +The environment variables that google-cloud-document_ai +checks for credentials are: -**NOTE:** This is _not_ recommended for running in production. The Cloud SDK -*should* only be used during development. +* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents +* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file -## Creating a Service Account +```ruby +require "google/cloud/document_ai" -Google Cloud requires **Service Account Credentials** to -connect to the APIs. You will use the **JSON key file** to -connect to most services with google-cloud-document_ai. +ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json" -If you are not running this client within -[Google Cloud Platform environments](#google-cloud-platform-environments), you -need a Google Developers service account. +client = Google::Cloud::DocumentAI.document_processor_service +``` -1. Visit the [Google Cloud Console](https://console.cloud.google.com/project). -2. Create a new project or click on an existing project. -3. Activate the menu in the upper left and select **APIs & Services**. From - here, you will enable the APIs that your application requires. +### Local ADC file - *Note: You may need to enable billing in order to use these services.* +You can set up a local ADC file with your user credentials for authentication during +development. If credentials are not provided in code or in environment variables, +then the local ADC credentials are discovered. -4. Select **Credentials** from the side navigation. +Follow the steps in [Quickstart](#quickstart) to set up a local ADC file. - Find the "Create credentials" drop down near the top of the page, and select - "Service account" to be guided through downloading a new JSON key file. +### Google Cloud Platform environments - If you want to re-use an existing service account, you can easily generate a - new key file. Just select the account you wish to re-use, click the pencil - tool on the right side to edit the service account, select the **Keys** tab, - and then select **Add Key**. +When running on Google Cloud Platform (GCP), including Google Compute Engine +(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud +Functions (GCF) and Cloud Run, credentials are retrieved from the attached +service account automatically. Code should be written as if already authenticated. - The key file you download will be used by this library to authenticate API - requests and should be stored in a secure location. +For more information, see +[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).