googleapis · scotthart · Aug 30, 2023 · Aug 17, 2023 · Aug 17, 2023 · Aug 29, 2023
@@ -845,6 +845,10 @@
 ./include/google/cloud/policysimulator/v1/internal
 ./include/google/cloud/policysimulator/v1/mocks
 ./include/google/cloud/policytroubleshooter
+./include/google/cloud/policytroubleshooter/iam
+./include/google/cloud/policytroubleshooter/iam/v3
+./include/google/cloud/policytroubleshooter/iam/v3/internal
+./include/google/cloud/policytroubleshooter/iam/v3/mocks
 ./include/google/cloud/policytroubleshooter/mocks
 ./include/google/cloud/policytroubleshooter/v1
 ./include/google/cloud/policytroubleshooter/v1/internal

diff --git a/cmake/templates/config.cmake.in b/cmake/templates/config.cmake.in
@@ -14,6 +14,7 @@
 
 include(CMakeFindDependencyMacro)
 # google_cloud_cpp_googleapis finds both gRPC and Protobuf, no need to load them here.
+find_dependency(google_cloud_cpp_iam_policy)
 find_dependency(google_cloud_cpp_googleapis)
 find_dependency(google_cloud_cpp_common)
 find_dependency(google_cloud_cpp_grpc_utils)

@@ -222,6 +222,8 @@ set(external_googleapis_installed_libraries_list
     google_cloud_cpp_iam_v1_iam_policy_protos
     google_cloud_cpp_iam_v1_options_protos
     google_cloud_cpp_iam_v1_policy_protos
+    google_cloud_cpp_iam_v2_deny_protos
+    google_cloud_cpp_iam_v2_policy_protos
     google_cloud_cpp_logging_protos
     google_cloud_cpp_longrunning_operations_protos)
 
@@ -321,6 +323,10 @@ external_googleapis_add_library("google/iam/v1/policy.proto"
 external_googleapis_add_library("google/rpc/status.proto"
                                 rpc_error_details_protos)
 
+external_googleapis_add_library(
+    "google/longrunning/operations.proto" api_annotations_protos
+    api_client_protos rpc_status_protos)
+
 external_googleapis_add_library(
     "google/iam/v1/iam_policy.proto"
     api_annotations_protos
@@ -330,9 +336,11 @@ external_googleapis_add_library(
     iam_v1_options_protos
     iam_v1_policy_protos)
 
+external_googleapis_add_library("google/iam/v2/deny.proto" type_expr_protos)
+
 external_googleapis_add_library(
-    "google/longrunning/operations.proto" api_annotations_protos
-    api_client_protos rpc_status_protos)
+    "google/iam/v2/policy.proto" api_annotations_protos api_client_protos
+    api_field_behavior_protos iam_v2_deny_protos longrunning_operations_protos)
 
 google_cloud_cpp_load_protolist(cloud_common_list "protolists/common.list")
 google_cloud_cpp_load_protodeps(cloud_common_deps "protodeps/common.deps")

@@ -4,5 +4,7 @@
 @com_google_googleapis//google/api:http_proto
 @com_google_googleapis//google/api:launch_stage_proto
 @com_google_googleapis//google/iam/v1:policy_proto
+@com_google_googleapis//google/iam/v2:policy_proto
+@com_google_googleapis//google/longrunning:operations_proto
 @com_google_googleapis//google/rpc:status_proto
 @com_google_googleapis//google/type:expr_proto
@@ -1,2 +1,3 @@
+@com_google_googleapis//google/cloud/policytroubleshooter/iam/v3:troubleshooter.proto
 @com_google_googleapis//google/cloud/policytroubleshooter/v1:checker.proto
 @com_google_googleapis//google/cloud/policytroubleshooter/v1:explanations.proto
@@ -211,7 +211,11 @@ declare -A -r LIBRARIES=(
       "@com_google_googleapis//google/cloud/oslogin/common:common_cc_grpc"
   )"
   ["policysimulator"]="@com_google_googleapis//google/cloud/policysimulator/v1:policysimulator_cc_grpc"
-  ["policytroubleshooter"]="@com_google_googleapis//google/cloud/policytroubleshooter/v1:policytroubleshooter_cc_grpc"
+  ["policytroubleshooter"]="$(
+    printf ",%s" \
+      "@com_google_googleapis//google/cloud/policytroubleshooter/v1:policytroubleshooter_cc_grpc" \
+      "@com_google_googleapis//google/cloud/policytroubleshooter/iam/v3:iam_cc_grpc"
+  )"
   ["privateca"]="@com_google_googleapis//google/cloud/security/privateca/v1:privateca_cc_grpc"
   ["profiler"]="@com_google_googleapis//google/devtools/cloudprofiler/v2:cloudprofiler_cc_grpc"
   ["pubsub"]="@com_google_googleapis//google/pubsub/v1:pubsub_cc_grpc"

@@ -2253,6 +2253,13 @@ service {
   retryable_status_codes: ["kUnavailable"]
 }
 
+service {
+  service_proto_path: "google/cloud/policytroubleshooter/iam/v3/troubleshooter.proto"
+  product_path: "google/cloud/policytroubleshooter/iam/v3"
+  initial_copyright_year: "2023"
+  retryable_status_codes: ["kUnavailable"]
+}
+
 # IDS (Cloud Intrusion Detection System)
 service {
   service_proto_path: "google/cloud/ids/v1/ids.proto"

@@ -19,6 +19,7 @@ licenses(["notice"])  # Apache 2.0
 service_dirs = [
     "",
     "v1/",
+    "iam/v3/",
 ]
 
 src_dirs = service_dirs + [d + "internal/" for d in service_dirs]
@@ -46,7 +47,9 @@ cc_library(
     deps = [
         "//:common",
         "//:grpc_utils",
+        "@com_google_googleapis//google/cloud/policytroubleshooter/iam/v3:iam_cc_grpc",
         "@com_google_googleapis//google/cloud/policytroubleshooter/v1:policytroubleshooter_cc_grpc",
+        "@com_google_googleapis//google/iam/v2:iam_cc_grpc",
     ],
 )
 

@@ -16,10 +16,14 @@
 
 include(GoogleCloudCppLibrary)
 
-set(GOOGLE_CLOUD_CPP_SERVICE_DIRS "" "v1/")
+set(GOOGLE_CLOUD_CPP_SERVICE_DIRS "" "v1/" "iam/v3/")
 
-google_cloud_cpp_add_ga_grpc_library(policytroubleshooter
-                                     "Policy Troubleshooter API")
+set(GOOGLE_CLOUD_CPP_DOXYGEN_EXTRA_INCLUDES
+    "${PROJECT_BINARY_DIR}/google/cloud/iam_policy")
+
+google_cloud_cpp_add_ga_grpc_library(
+    policytroubleshooter "Policy Troubleshooter API" CROSS_LIB_DEPS
+    "iam_policy")
 
 if (BUILD_TESTING AND GOOGLE_CLOUD_CPP_ENABLE_CXX_EXCEPTIONS)
     add_executable(policytroubleshooter_quickstart "quickstart/quickstart.cc")

@@ -14,6 +14,14 @@ environment variables are convenient when troubleshooting problems.
   `EndpointOption` (which defaults to "policytroubleshooter.googleapis.com")
   used by `MakeIamCheckerConnection()`.
 
+- `GOOGLE_CLOUD_CPP_POLICIES_ENDPOINT=...` overrides the
+  `EndpointOption` (which defaults to "iam.googleapis.com")
+  used by `MakePoliciesConnection()`.
+
+- `GOOGLE_CLOUD_CPP_POLICY_TROUBLESHOOTER_ENDPOINT=...` overrides the
+  `EndpointOption` (which defaults to "policytroubleshooter.googleapis.com")
+  used by `MakePolicyTroubleshooterConnection()`.
+
 <!-- inject-endpoint-env-vars-end -->
 
 @see google::cloud::EndpointOption

@@ -22,12 +22,19 @@ which should give you a taste of the Policy Troubleshooter API C++ client librar
 ## Main classes
 
 <!-- inject-client-list-start -->
-The main class in this library is
-[`policytroubleshooter_v1::IamCheckerClient`](@ref google::cloud::policytroubleshooter_v1::IamCheckerClient). All RPCs are exposed
-as member functions of this class. Other classes provide helpers, configuration
-parameters, and infrastructure to mock
-[`policytroubleshooter_v1::IamCheckerClient`](@ref google::cloud::policytroubleshooter_v1::IamCheckerClient) when testing your
+This library offers multiple `*Client` classes, which are listed below. Each one
+of these classes exposes all the RPCs for a service as member functions of the
+class. This library groups multiple services because they are part of the same
+product or are often used together. A typical example may be the administrative
+and data plane operations for a single product.
+
+The library also has other classes that provide helpers, configuration
+parameters, and infrastructure to mock the `*Client` classes when testing your
 application.
+
+- [\c policytroubleshooter_iam_v3::PoliciesClient](@ref google::cloud::policytroubleshooter_iam_v3::PoliciesClient)
+- [\c policytroubleshooter_iam_v3::PolicyTroubleshooterClient](@ref google::cloud::policytroubleshooter_iam_v3::PolicyTroubleshooterClient)
+- [\c policytroubleshooter_v1::IamCheckerClient](@ref google::cloud::policytroubleshooter_v1::IamCheckerClient)
 <!-- inject-client-list-end -->
 
 ## More Information

@@ -9,7 +9,13 @@ this default. You can do so by providing the
 The following example shows how to explicitly load a service account key file:
 
 <!-- inject-service-account-snippet-start -->
-@snippet iam_checker_client_samples.cc with-service-account
+@snippet policies_client_samples.cc with-service-account
+
+Follow these links to find examples for other \c *Client classes:
+
+- [\c policytroubleshooter_iam_v3::PoliciesClient](@ref policytroubleshooter_iam_v3::PoliciesClient-service-account-snippet)
+- [\c policytroubleshooter_iam_v3::PolicyTroubleshooterClient](@ref policytroubleshooter_iam_v3::PolicyTroubleshooterClient-service-account-snippet)
+- [\c policytroubleshooter_v1::IamCheckerClient](@ref policytroubleshooter_v1::IamCheckerClient-service-account-snippet)
 
 <!-- inject-service-account-snippet-end -->
 
@@ -27,6 +33,18 @@ guide for more details.
 
 // <!-- inject-authentication-pages-start -->
 
+/*! @page policytroubleshooter_iam_v3::PoliciesClient-service-account-snippet Override policytroubleshooter_iam_v3::PoliciesClient Authentication Defaults
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policies_client_samples.cc with-service-account
+
+*/
+
+/*! @page policytroubleshooter_iam_v3::PolicyTroubleshooterClient-service-account-snippet Override policytroubleshooter_iam_v3::PolicyTroubleshooterClient Authentication Defaults
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policy_troubleshooter_client_samples.cc with-service-account
+
+*/
+
 /*! @page policytroubleshooter_v1::IamCheckerClient-service-account-snippet Override policytroubleshooter_v1::IamCheckerClient Authentication Defaults
 
 @snippet google/cloud/policytroubleshooter/v1/samples/iam_checker_client_samples.cc with-service-account

@@ -7,16 +7,34 @@ library. Use the
 client library to change this default.
 
 <!-- inject-endpoint-snippet-start -->
-For example, this will override the default endpoint for `policytroubleshooter_v1::IamCheckerClient`:
+For example, this will override the default endpoint for `policytroubleshooter_iam_v3::PoliciesClient`:
 
-@snippet iam_checker_client_samples.cc set-client-endpoint
+@snippet policies_client_samples.cc set-client-endpoint
+
+Follow these links to find examples for other \c *Client classes:
+
+- [\c policytroubleshooter_iam_v3::PoliciesClient](@ref policytroubleshooter_iam_v3::PoliciesClient-endpoint-snippet)
+- [\c policytroubleshooter_iam_v3::PolicyTroubleshooterClient](@ref policytroubleshooter_iam_v3::PolicyTroubleshooterClient-endpoint-snippet)
+- [\c policytroubleshooter_v1::IamCheckerClient](@ref policytroubleshooter_v1::IamCheckerClient-endpoint-snippet)
 
 <!-- inject-endpoint-snippet-end -->
 
 */
 
 // <!-- inject-endpoint-pages-start -->
 
+/*! @page policytroubleshooter_iam_v3::PoliciesClient-endpoint-snippet Override policytroubleshooter_iam_v3::PoliciesClient Endpoint Configuration
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policies_client_samples.cc set-client-endpoint
+
+*/
+
+/*! @page policytroubleshooter_iam_v3::PolicyTroubleshooterClient-endpoint-snippet Override policytroubleshooter_iam_v3::PolicyTroubleshooterClient Endpoint Configuration
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policy_troubleshooter_client_samples.cc set-client-endpoint
+
+*/
+
 /*! @page policytroubleshooter_v1::IamCheckerClient-endpoint-snippet Override policytroubleshooter_v1::IamCheckerClient Endpoint Configuration
 
 @snippet google/cloud/policytroubleshooter/v1/samples/iam_checker_client_samples.cc set-client-endpoint

@@ -68,15 +68,21 @@ will use `FooBarIdempotencyPolicy`. This policy is very conservative.
 @section policytroubleshooter-override-retry-example Example
 
 <!-- inject-retry-snippet-start -->
-For example, this will override the retry policies for `policytroubleshooter_v1::IamCheckerClient`:
+For example, this will override the retry policies for `policytroubleshooter_iam_v3::PoliciesClient`:
 
-@snippet iam_checker_client_samples.cc set-retry-policy
+@snippet policies_client_samples.cc set-retry-policy
 
 This assumes you have created a custom idempotency policy. Such as:
 
-@snippet iam_checker_client_samples.cc custom-idempotency-policy
+@snippet policies_client_samples.cc custom-idempotency-policy
 
 
+Follow these links to find examples for other \c *Client classes:
+
+- [\c policytroubleshooter_iam_v3::PoliciesClient](@ref policytroubleshooter_iam_v3::PoliciesClient-retry-snippet)
+- [\c policytroubleshooter_iam_v3::PolicyTroubleshooterClient](@ref policytroubleshooter_iam_v3::PolicyTroubleshooterClient-retry-snippet)
+- [\c policytroubleshooter_v1::IamCheckerClient](@ref policytroubleshooter_v1::IamCheckerClient-retry-snippet)
+
 <!-- inject-retry-snippet-end -->
 
 @section policytroubleshooter-override-retry-more-information More Information
@@ -91,6 +97,30 @@ This assumes you have created a custom idempotency policy. Such as:
 
 // <!-- inject-retry-pages-start -->
 
+/*! @page policytroubleshooter_iam_v3::PoliciesClient-retry-snippet Override policytroubleshooter_iam_v3::PoliciesClient Retry Policies
+
+This shows how to override the retry policies for policytroubleshooter_iam_v3::PoliciesClient:
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policies_client_samples.cc set-retry-policy
+
+Assuming you have created a custom idempotency policy. Such as:
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policies_client_samples.cc custom-idempotency-policy
+
+*/
+
+/*! @page policytroubleshooter_iam_v3::PolicyTroubleshooterClient-retry-snippet Override policytroubleshooter_iam_v3::PolicyTroubleshooterClient Retry Policies
+
+This shows how to override the retry policies for policytroubleshooter_iam_v3::PolicyTroubleshooterClient:
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policy_troubleshooter_client_samples.cc set-retry-policy
+
+Assuming you have created a custom idempotency policy. Such as:
+
+@snippet google/cloud/policytroubleshooter/iam/v3/samples/policy_troubleshooter_client_samples.cc custom-idempotency-policy
+
+*/
+
 /*! @page policytroubleshooter_v1::IamCheckerClient-retry-snippet Override policytroubleshooter_v1::IamCheckerClient Retry Policies
 
 This shows how to override the retry policies for policytroubleshooter_v1::IamCheckerClient:

@@ -0,0 +1,14 @@
+{
+    "api_id": "policytroubleshooter.googleapis.com",
+    "api_shortname": "policytroubleshooter",
+    "client_documentation": "https://cloud.google.com/cpp/docs/reference/policytroubleshooter/latest",
+    "distribution_name": "google-cloud-cpp",
+    "issue_tracker": "https://issuetracker.google.com/issues?q=componentid:690790%20status=open",
+    "language": "cpp",
+    "library_type": "GAPIC_AUTO",
+    "name_pretty": "Policy Troubleshooter API",
+    "product_documentation": "https://cloud.google.com/policy-intelligence/docs/troubleshoot-access",
+    "release_level": "stable",
+    "repo": "googleapis/google-cloud-cpp",
+    "requires_billing": true
+}