diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval/__init__.py b/packages/google-cloud-access-approval/google/cloud/accessapproval/__init__.py index 544e1ae4ed98..85949e5b0396 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval/__init__.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval/__init__.py @@ -21,6 +21,7 @@ AccessApprovalClient, ) from google.cloud.accessapproval_v1.types.accessapproval import ( + AccessApprovalServiceAccount, AccessApprovalSettings, AccessLocations, AccessReason, @@ -32,17 +33,21 @@ DismissDecision, EnrolledService, EnrollmentLevel, + GetAccessApprovalServiceAccountMessage, GetAccessApprovalSettingsMessage, GetApprovalRequestMessage, + InvalidateApprovalRequestMessage, ListApprovalRequestsMessage, ListApprovalRequestsResponse, ResourceProperties, + SignatureInfo, UpdateAccessApprovalSettingsMessage, ) __all__ = ( "AccessApprovalClient", "AccessApprovalAsyncClient", + "AccessApprovalServiceAccount", "AccessApprovalSettings", "AccessLocations", "AccessReason", @@ -53,11 +58,14 @@ "DismissApprovalRequestMessage", "DismissDecision", "EnrolledService", + "GetAccessApprovalServiceAccountMessage", "GetAccessApprovalSettingsMessage", "GetApprovalRequestMessage", + "InvalidateApprovalRequestMessage", "ListApprovalRequestsMessage", "ListApprovalRequestsResponse", "ResourceProperties", + "SignatureInfo", "UpdateAccessApprovalSettingsMessage", "EnrollmentLevel", ) diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/__init__.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/__init__.py index ea3cfe50df5a..94dc8ead9bdd 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/__init__.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/__init__.py @@ -16,6 +16,7 @@ from .services.access_approval import AccessApprovalAsyncClient, AccessApprovalClient from .types.accessapproval import ( + AccessApprovalServiceAccount, AccessApprovalSettings, AccessLocations, AccessReason, @@ -27,17 +28,21 @@ DismissDecision, EnrolledService, EnrollmentLevel, + GetAccessApprovalServiceAccountMessage, GetAccessApprovalSettingsMessage, GetApprovalRequestMessage, + InvalidateApprovalRequestMessage, ListApprovalRequestsMessage, ListApprovalRequestsResponse, ResourceProperties, + SignatureInfo, UpdateAccessApprovalSettingsMessage, ) __all__ = ( "AccessApprovalAsyncClient", "AccessApprovalClient", + "AccessApprovalServiceAccount", "AccessApprovalSettings", "AccessLocations", "AccessReason", @@ -49,10 +54,13 @@ "DismissDecision", "EnrolledService", "EnrollmentLevel", + "GetAccessApprovalServiceAccountMessage", "GetAccessApprovalSettingsMessage", "GetApprovalRequestMessage", + "InvalidateApprovalRequestMessage", "ListApprovalRequestsMessage", "ListApprovalRequestsResponse", "ResourceProperties", + "SignatureInfo", "UpdateAccessApprovalSettingsMessage", ) diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/gapic_metadata.json b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/gapic_metadata.json index 3d269234e33a..015885dc9a58 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/gapic_metadata.json +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/gapic_metadata.json @@ -25,6 +25,11 @@ "dismiss_approval_request" ] }, + "GetAccessApprovalServiceAccount": { + "methods": [ + "get_access_approval_service_account" + ] + }, "GetAccessApprovalSettings": { "methods": [ "get_access_approval_settings" @@ -35,6 +40,11 @@ "get_approval_request" ] }, + "InvalidateApprovalRequest": { + "methods": [ + "invalidate_approval_request" + ] + }, "ListApprovalRequests": { "methods": [ "list_approval_requests" @@ -65,6 +75,11 @@ "dismiss_approval_request" ] }, + "GetAccessApprovalServiceAccount": { + "methods": [ + "get_access_approval_service_account" + ] + }, "GetAccessApprovalSettings": { "methods": [ "get_access_approval_settings" @@ -75,6 +90,11 @@ "get_approval_request" ] }, + "InvalidateApprovalRequest": { + "methods": [ + "invalidate_approval_request" + ] + }, "ListApprovalRequests": { "methods": [ "list_approval_requests" diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/async_client.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/async_client.py index eb101662c29e..1e28e14d303a 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/async_client.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/async_client.py @@ -85,6 +85,12 @@ class AccessApprovalAsyncClient: DEFAULT_ENDPOINT = AccessApprovalClient.DEFAULT_ENDPOINT DEFAULT_MTLS_ENDPOINT = AccessApprovalClient.DEFAULT_MTLS_ENDPOINT + access_approval_service_account_path = staticmethod( + AccessApprovalClient.access_approval_service_account_path + ) + parse_access_approval_service_account_path = staticmethod( + AccessApprovalClient.parse_access_approval_service_account_path + ) access_approval_settings_path = staticmethod( AccessApprovalClient.access_approval_settings_path ) @@ -629,6 +635,86 @@ async def sample_dismiss_approval_request(): # Done; return the response. return response + async def invalidate_approval_request( + self, + request: Union[accessapproval.InvalidateApprovalRequestMessage, dict] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> accessapproval.ApprovalRequest: + r"""Invalidates an existing ApprovalRequest. Returns the updated + ApprovalRequest. + + NOTE: This does not deny access to the resource if another + request has been made and approved. It only invalidates a single + approval. + + Returns FAILED_PRECONDITION if the request exists but is not in + an approved state. + + .. code-block:: python + + from google.cloud import accessapproval_v1 + + async def sample_invalidate_approval_request(): + # Create a client + client = accessapproval_v1.AccessApprovalAsyncClient() + + # Initialize request argument(s) + request = accessapproval_v1.InvalidateApprovalRequestMessage( + ) + + # Make the request + response = await client.invalidate_approval_request(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.accessapproval_v1.types.InvalidateApprovalRequestMessage, dict]): + The request object. Request to invalidate an existing + approval. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.accessapproval_v1.types.ApprovalRequest: + A request for the customer to approve + access to a resource. + + """ + # Create or coerce a protobuf request object. + request = accessapproval.InvalidateApprovalRequestMessage(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.invalidate_approval_request, + default_timeout=600.0, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + async def get_access_approval_settings( self, request: Union[accessapproval.GetAccessApprovalSettingsMessage, dict] = None, @@ -940,6 +1026,106 @@ async def sample_delete_access_approval_settings(): metadata=metadata, ) + async def get_access_approval_service_account( + self, + request: Union[ + accessapproval.GetAccessApprovalServiceAccountMessage, dict + ] = None, + *, + name: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> accessapproval.AccessApprovalServiceAccount: + r"""Retrieves the service account that is used by Access + Approval to access KMS keys for signing approved + approval requests. + + .. code-block:: python + + from google.cloud import accessapproval_v1 + + async def sample_get_access_approval_service_account(): + # Create a client + client = accessapproval_v1.AccessApprovalAsyncClient() + + # Initialize request argument(s) + request = accessapproval_v1.GetAccessApprovalServiceAccountMessage( + ) + + # Make the request + response = await client.get_access_approval_service_account(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.accessapproval_v1.types.GetAccessApprovalServiceAccountMessage, dict]): + The request object. Request to get an Access Approval + service account. + name (:class:`str`): + Name of the + AccessApprovalServiceAccount to + retrieve. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.accessapproval_v1.types.AccessApprovalServiceAccount: + Access Approval service account + related to a + project/folder/organization. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = accessapproval.GetAccessApprovalServiceAccountMessage(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_access_approval_service_account, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + async def __aenter__(self): return self diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/client.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/client.py index e4c6060b4023..60cbcdce3df4 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/client.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/client.py @@ -201,6 +201,21 @@ def transport(self) -> AccessApprovalTransport: """ return self._transport + @staticmethod + def access_approval_service_account_path( + project: str, + ) -> str: + """Returns a fully-qualified access_approval_service_account string.""" + return "projects/{project}/serviceAccount".format( + project=project, + ) + + @staticmethod + def parse_access_approval_service_account_path(path: str) -> Dict[str, str]: + """Parses a access_approval_service_account path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/serviceAccount$", path) + return m.groupdict() if m else {} + @staticmethod def access_approval_settings_path( project: str, @@ -842,6 +857,89 @@ def sample_dismiss_approval_request(): # Done; return the response. return response + def invalidate_approval_request( + self, + request: Union[accessapproval.InvalidateApprovalRequestMessage, dict] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> accessapproval.ApprovalRequest: + r"""Invalidates an existing ApprovalRequest. Returns the updated + ApprovalRequest. + + NOTE: This does not deny access to the resource if another + request has been made and approved. It only invalidates a single + approval. + + Returns FAILED_PRECONDITION if the request exists but is not in + an approved state. + + .. code-block:: python + + from google.cloud import accessapproval_v1 + + def sample_invalidate_approval_request(): + # Create a client + client = accessapproval_v1.AccessApprovalClient() + + # Initialize request argument(s) + request = accessapproval_v1.InvalidateApprovalRequestMessage( + ) + + # Make the request + response = client.invalidate_approval_request(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.accessapproval_v1.types.InvalidateApprovalRequestMessage, dict]): + The request object. Request to invalidate an existing + approval. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.accessapproval_v1.types.ApprovalRequest: + A request for the customer to approve + access to a resource. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a accessapproval.InvalidateApprovalRequestMessage. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, accessapproval.InvalidateApprovalRequestMessage): + request = accessapproval.InvalidateApprovalRequestMessage(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.invalidate_approval_request + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + def get_access_approval_settings( self, request: Union[accessapproval.GetAccessApprovalSettingsMessage, dict] = None, @@ -1150,6 +1248,110 @@ def sample_delete_access_approval_settings(): metadata=metadata, ) + def get_access_approval_service_account( + self, + request: Union[ + accessapproval.GetAccessApprovalServiceAccountMessage, dict + ] = None, + *, + name: str = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> accessapproval.AccessApprovalServiceAccount: + r"""Retrieves the service account that is used by Access + Approval to access KMS keys for signing approved + approval requests. + + .. code-block:: python + + from google.cloud import accessapproval_v1 + + def sample_get_access_approval_service_account(): + # Create a client + client = accessapproval_v1.AccessApprovalClient() + + # Initialize request argument(s) + request = accessapproval_v1.GetAccessApprovalServiceAccountMessage( + ) + + # Make the request + response = client.get_access_approval_service_account(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.accessapproval_v1.types.GetAccessApprovalServiceAccountMessage, dict]): + The request object. Request to get an Access Approval + service account. + name (str): + Name of the + AccessApprovalServiceAccount to + retrieve. + + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.accessapproval_v1.types.AccessApprovalServiceAccount: + Access Approval service account + related to a + project/folder/organization. + + """ + # Create or coerce a protobuf request object. + # Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + has_flattened_params = any([name]) + if request is not None and has_flattened_params: + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + # Minor optimization to avoid making a copy if the user passes + # in a accessapproval.GetAccessApprovalServiceAccountMessage. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance( + request, accessapproval.GetAccessApprovalServiceAccountMessage + ): + request = accessapproval.GetAccessApprovalServiceAccountMessage(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.get_access_approval_service_account + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + def __enter__(self): return self diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/base.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/base.py index b27c00eceadc..3bd9fd905831 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/base.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/base.py @@ -160,6 +160,11 @@ def _prep_wrapped_messages(self, client_info): default_timeout=600.0, client_info=client_info, ), + self.invalidate_approval_request: gapic_v1.method.wrap_method( + self.invalidate_approval_request, + default_timeout=600.0, + client_info=client_info, + ), self.get_access_approval_settings: gapic_v1.method.wrap_method( self.get_access_approval_settings, default_retry=retries.Retry( @@ -184,6 +189,11 @@ def _prep_wrapped_messages(self, client_info): default_timeout=600.0, client_info=client_info, ), + self.get_access_approval_service_account: gapic_v1.method.wrap_method( + self.get_access_approval_service_account, + default_timeout=None, + client_info=client_info, + ), } def close(self): @@ -240,6 +250,17 @@ def dismiss_approval_request( ]: raise NotImplementedError() + @property + def invalidate_approval_request( + self, + ) -> Callable[ + [accessapproval.InvalidateApprovalRequestMessage], + Union[ + accessapproval.ApprovalRequest, Awaitable[accessapproval.ApprovalRequest] + ], + ]: + raise NotImplementedError() + @property def get_access_approval_settings( self, @@ -273,6 +294,18 @@ def delete_access_approval_settings( ]: raise NotImplementedError() + @property + def get_access_approval_service_account( + self, + ) -> Callable[ + [accessapproval.GetAccessApprovalServiceAccountMessage], + Union[ + accessapproval.AccessApprovalServiceAccount, + Awaitable[accessapproval.AccessApprovalServiceAccount], + ], + ]: + raise NotImplementedError() + @property def kind(self) -> str: raise NotImplementedError() diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc.py index 6f6102cae499..5d49b2d17384 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc.py @@ -391,6 +391,43 @@ def dismiss_approval_request( ) return self._stubs["dismiss_approval_request"] + @property + def invalidate_approval_request( + self, + ) -> Callable[ + [accessapproval.InvalidateApprovalRequestMessage], + accessapproval.ApprovalRequest, + ]: + r"""Return a callable for the invalidate approval request method over gRPC. + + Invalidates an existing ApprovalRequest. Returns the updated + ApprovalRequest. + + NOTE: This does not deny access to the resource if another + request has been made and approved. It only invalidates a single + approval. + + Returns FAILED_PRECONDITION if the request exists but is not in + an approved state. + + Returns: + Callable[[~.InvalidateApprovalRequestMessage], + ~.ApprovalRequest]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "invalidate_approval_request" not in self._stubs: + self._stubs["invalidate_approval_request"] = self.grpc_channel.unary_unary( + "/google.cloud.accessapproval.v1.AccessApproval/InvalidateApprovalRequest", + request_serializer=accessapproval.InvalidateApprovalRequestMessage.serialize, + response_deserializer=accessapproval.ApprovalRequest.deserialize, + ) + return self._stubs["invalidate_approval_request"] + @property def get_access_approval_settings( self, @@ -493,6 +530,40 @@ def delete_access_approval_settings( ) return self._stubs["delete_access_approval_settings"] + @property + def get_access_approval_service_account( + self, + ) -> Callable[ + [accessapproval.GetAccessApprovalServiceAccountMessage], + accessapproval.AccessApprovalServiceAccount, + ]: + r"""Return a callable for the get access approval service + account method over gRPC. + + Retrieves the service account that is used by Access + Approval to access KMS keys for signing approved + approval requests. + + Returns: + Callable[[~.GetAccessApprovalServiceAccountMessage], + ~.AccessApprovalServiceAccount]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_access_approval_service_account" not in self._stubs: + self._stubs[ + "get_access_approval_service_account" + ] = self.grpc_channel.unary_unary( + "/google.cloud.accessapproval.v1.AccessApproval/GetAccessApprovalServiceAccount", + request_serializer=accessapproval.GetAccessApprovalServiceAccountMessage.serialize, + response_deserializer=accessapproval.AccessApprovalServiceAccount.deserialize, + ) + return self._stubs["get_access_approval_service_account"] + def close(self): self.grpc_channel.close() diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc_asyncio.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc_asyncio.py index d29c78b10e21..36019a5ff839 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc_asyncio.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/services/access_approval/transports/grpc_asyncio.py @@ -397,6 +397,43 @@ def dismiss_approval_request( ) return self._stubs["dismiss_approval_request"] + @property + def invalidate_approval_request( + self, + ) -> Callable[ + [accessapproval.InvalidateApprovalRequestMessage], + Awaitable[accessapproval.ApprovalRequest], + ]: + r"""Return a callable for the invalidate approval request method over gRPC. + + Invalidates an existing ApprovalRequest. Returns the updated + ApprovalRequest. + + NOTE: This does not deny access to the resource if another + request has been made and approved. It only invalidates a single + approval. + + Returns FAILED_PRECONDITION if the request exists but is not in + an approved state. + + Returns: + Callable[[~.InvalidateApprovalRequestMessage], + Awaitable[~.ApprovalRequest]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "invalidate_approval_request" not in self._stubs: + self._stubs["invalidate_approval_request"] = self.grpc_channel.unary_unary( + "/google.cloud.accessapproval.v1.AccessApproval/InvalidateApprovalRequest", + request_serializer=accessapproval.InvalidateApprovalRequestMessage.serialize, + response_deserializer=accessapproval.ApprovalRequest.deserialize, + ) + return self._stubs["invalidate_approval_request"] + @property def get_access_approval_settings( self, @@ -499,6 +536,40 @@ def delete_access_approval_settings( ) return self._stubs["delete_access_approval_settings"] + @property + def get_access_approval_service_account( + self, + ) -> Callable[ + [accessapproval.GetAccessApprovalServiceAccountMessage], + Awaitable[accessapproval.AccessApprovalServiceAccount], + ]: + r"""Return a callable for the get access approval service + account method over gRPC. + + Retrieves the service account that is used by Access + Approval to access KMS keys for signing approved + approval requests. + + Returns: + Callable[[~.GetAccessApprovalServiceAccountMessage], + Awaitable[~.AccessApprovalServiceAccount]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_access_approval_service_account" not in self._stubs: + self._stubs[ + "get_access_approval_service_account" + ] = self.grpc_channel.unary_unary( + "/google.cloud.accessapproval.v1.AccessApproval/GetAccessApprovalServiceAccount", + request_serializer=accessapproval.GetAccessApprovalServiceAccountMessage.serialize, + response_deserializer=accessapproval.AccessApprovalServiceAccount.deserialize, + ) + return self._stubs["get_access_approval_service_account"] + def close(self): return self.grpc_channel.close() diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/__init__.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/__init__.py index 1f900f93e84d..b97dd670abf7 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/__init__.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/__init__.py @@ -14,6 +14,7 @@ # limitations under the License. # from .accessapproval import ( + AccessApprovalServiceAccount, AccessApprovalSettings, AccessLocations, AccessReason, @@ -25,15 +26,19 @@ DismissDecision, EnrolledService, EnrollmentLevel, + GetAccessApprovalServiceAccountMessage, GetAccessApprovalSettingsMessage, GetApprovalRequestMessage, + InvalidateApprovalRequestMessage, ListApprovalRequestsMessage, ListApprovalRequestsResponse, ResourceProperties, + SignatureInfo, UpdateAccessApprovalSettingsMessage, ) __all__ = ( + "AccessApprovalServiceAccount", "AccessApprovalSettings", "AccessLocations", "AccessReason", @@ -44,11 +49,14 @@ "DismissApprovalRequestMessage", "DismissDecision", "EnrolledService", + "GetAccessApprovalServiceAccountMessage", "GetAccessApprovalSettingsMessage", "GetApprovalRequestMessage", + "InvalidateApprovalRequestMessage", "ListApprovalRequestsMessage", "ListApprovalRequestsResponse", "ResourceProperties", + "SignatureInfo", "UpdateAccessApprovalSettingsMessage", "EnrollmentLevel", ) diff --git a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/accessapproval.py b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/accessapproval.py index a1ca29327d8b..b020c68595a8 100644 --- a/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/accessapproval.py +++ b/packages/google-cloud-access-approval/google/cloud/accessapproval_v1/types/accessapproval.py @@ -23,20 +23,24 @@ "EnrollmentLevel", "AccessLocations", "AccessReason", + "SignatureInfo", "ApproveDecision", "DismissDecision", "ResourceProperties", "ApprovalRequest", "EnrolledService", "AccessApprovalSettings", + "AccessApprovalServiceAccount", "ListApprovalRequestsMessage", "ListApprovalRequestsResponse", "GetApprovalRequestMessage", "ApproveApprovalRequestMessage", "DismissApprovalRequestMessage", + "InvalidateApprovalRequestMessage", "GetAccessApprovalSettingsMessage", "UpdateAccessApprovalSettingsMessage", "DeleteAccessApprovalSettingsMessage", + "GetAccessApprovalServiceAccountMessage", }, ) @@ -112,6 +116,8 @@ class Type(proto.Enum): CUSTOMER_INITIATED_SUPPORT = 1 GOOGLE_INITIATED_SERVICE = 2 GOOGLE_INITIATED_REVIEW = 3 + THIRD_PARTY_DATA_REQUEST = 4 + GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5 type_ = proto.Field( proto.ENUM, @@ -124,6 +130,49 @@ class Type(proto.Enum): ) +class SignatureInfo(proto.Message): + r"""Information about the digital signature of the resource. + + This message has `oneof`_ fields (mutually exclusive fields). + For each oneof, at most one member field can be set at the same time. + Setting any member of the oneof automatically clears all other + members. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + signature (bytes): + The digital signature. + google_public_key_pem (str): + The public key for the Google default + signing, encoded in PEM format. The signature + was created using a private key which may be + verified using this public key. + + This field is a member of `oneof`_ ``verification_info``. + customer_kms_key_version (str): + The resource name of the customer + CryptoKeyVersion used for signing. + + This field is a member of `oneof`_ ``verification_info``. + """ + + signature = proto.Field( + proto.BYTES, + number=1, + ) + google_public_key_pem = proto.Field( + proto.STRING, + number=2, + oneof="verification_info", + ) + customer_kms_key_version = proto.Field( + proto.STRING, + number=3, + oneof="verification_info", + ) + + class ApproveDecision(proto.Message): r"""A decision that has been made to approve access to a resource. @@ -133,6 +182,14 @@ class ApproveDecision(proto.Message): The time at which approval was granted. expire_time (google.protobuf.timestamp_pb2.Timestamp): The time at which the approval expires. + invalidate_time (google.protobuf.timestamp_pb2.Timestamp): + If set, denotes the timestamp at which the + approval is invalidated. + signature_info (google.cloud.accessapproval_v1.types.SignatureInfo): + The signature for the ApprovalRequest and + details on how it was signed. + auto_approved (bool): + True when the request has been auto-approved. """ approve_time = proto.Field( @@ -145,6 +202,20 @@ class ApproveDecision(proto.Message): number=2, message=timestamp_pb2.Timestamp, ) + invalidate_time = proto.Field( + proto.MESSAGE, + number=3, + message=timestamp_pb2.Timestamp, + ) + signature_info = proto.Field( + proto.MESSAGE, + number=4, + message="SignatureInfo", + ) + auto_approved = proto.Field( + proto.BOOL, + number=5, + ) class DismissDecision(proto.Message): @@ -156,7 +227,7 @@ class DismissDecision(proto.Message): dismissed. implicit (bool): This field will be true if the - ApprovalRequest was implcitly dismissed due to + ApprovalRequest was implicitly dismissed due to inaction by the access approval approvers (the request is not acted on by the approvers before the exiration time). @@ -404,6 +475,29 @@ class AccessApprovalSettings(proto.Message): or Folder (this field will always be unset for the organization since organizations do not have ancestors). + active_key_version (str): + The asymmetric crypto key version to use for signing + approval requests. Empty active_key_version indicates that a + Google-managed key should be used for signing. This property + will be ignored if set by an ancestor of this resource, and + new non-empty values may not be set. + ancestor_has_active_key_version (bool): + Output only. This field is read only (not settable via + UpdateAccessApprovalSettings method). If the field is true, + that indicates that an ancestor of this Project or Folder + has set active_key_version (this field will always be unset + for the organization since organizations do not have + ancestors). + invalid_key_version (bool): + Output only. This field is read only (not settable via + UpdateAccessApprovalSettings method). If the field is true, + that indicates that there is some configuration issue with + the active_key_version configured at this level in the + resource hierarchy (e.g. it doesn't exist or the Access + Approval service account doesn't have the correct + permissions on it, etc.) This key version is not necessarily + the effective key version at this level, as key versions are + inherited top-down. """ name = proto.Field( @@ -423,6 +517,44 @@ class AccessApprovalSettings(proto.Message): proto.BOOL, number=4, ) + active_key_version = proto.Field( + proto.STRING, + number=6, + ) + ancestor_has_active_key_version = proto.Field( + proto.BOOL, + number=7, + ) + invalid_key_version = proto.Field( + proto.BOOL, + number=8, + ) + + +class AccessApprovalServiceAccount(proto.Message): + r"""Access Approval service account related to a + project/folder/organization. + + Attributes: + name (str): + The resource name of the Access Approval service account. + Format is one of: + + - "projects/{project}/serviceAccount" + - "folders/{folder}/serviceAccount" + - "organizations/{organization}/serviceAccount". + account_email (str): + Email address of the service account. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + account_email = proto.Field( + proto.STRING, + number=2, + ) class ListApprovalRequestsMessage(proto.Message): @@ -548,6 +680,20 @@ class DismissApprovalRequestMessage(proto.Message): ) +class InvalidateApprovalRequestMessage(proto.Message): + r"""Request to invalidate an existing approval. + + Attributes: + name (str): + Name of the ApprovalRequest to invalidate. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + class GetAccessApprovalSettingsMessage(proto.Message): r"""Request to get access approval settings. @@ -609,4 +755,19 @@ class DeleteAccessApprovalSettingsMessage(proto.Message): ) +class GetAccessApprovalServiceAccountMessage(proto.Message): + r"""Request to get an Access Approval service account. + + Attributes: + name (str): + Name of the AccessApprovalServiceAccount to + retrieve. + """ + + name = proto.Field( + proto.STRING, + number=1, + ) + + __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_get_access_approval_service_account_async.py b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_get_access_approval_service_account_async.py new file mode 100644 index 000000000000..c9dac610bfe2 --- /dev/null +++ b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_get_access_approval_service_account_async.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetAccessApprovalServiceAccount +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-access-approval + + +# [START accessapproval_v1_generated_AccessApproval_GetAccessApprovalServiceAccount_async] +from google.cloud import accessapproval_v1 + + +async def sample_get_access_approval_service_account(): + # Create a client + client = accessapproval_v1.AccessApprovalAsyncClient() + + # Initialize request argument(s) + request = accessapproval_v1.GetAccessApprovalServiceAccountMessage( + ) + + # Make the request + response = await client.get_access_approval_service_account(request=request) + + # Handle the response + print(response) + +# [END accessapproval_v1_generated_AccessApproval_GetAccessApprovalServiceAccount_async] diff --git a/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_get_access_approval_service_account_sync.py b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_get_access_approval_service_account_sync.py new file mode 100644 index 000000000000..d1d51b00cf0a --- /dev/null +++ b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_get_access_approval_service_account_sync.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetAccessApprovalServiceAccount +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-access-approval + + +# [START accessapproval_v1_generated_AccessApproval_GetAccessApprovalServiceAccount_sync] +from google.cloud import accessapproval_v1 + + +def sample_get_access_approval_service_account(): + # Create a client + client = accessapproval_v1.AccessApprovalClient() + + # Initialize request argument(s) + request = accessapproval_v1.GetAccessApprovalServiceAccountMessage( + ) + + # Make the request + response = client.get_access_approval_service_account(request=request) + + # Handle the response + print(response) + +# [END accessapproval_v1_generated_AccessApproval_GetAccessApprovalServiceAccount_sync] diff --git a/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_invalidate_approval_request_async.py b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_invalidate_approval_request_async.py new file mode 100644 index 000000000000..7950e4ae7ac6 --- /dev/null +++ b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_invalidate_approval_request_async.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for InvalidateApprovalRequest +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-access-approval + + +# [START accessapproval_v1_generated_AccessApproval_InvalidateApprovalRequest_async] +from google.cloud import accessapproval_v1 + + +async def sample_invalidate_approval_request(): + # Create a client + client = accessapproval_v1.AccessApprovalAsyncClient() + + # Initialize request argument(s) + request = accessapproval_v1.InvalidateApprovalRequestMessage( + ) + + # Make the request + response = await client.invalidate_approval_request(request=request) + + # Handle the response + print(response) + +# [END accessapproval_v1_generated_AccessApproval_InvalidateApprovalRequest_async] diff --git a/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_invalidate_approval_request_sync.py b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_invalidate_approval_request_sync.py new file mode 100644 index 000000000000..45add082e99f --- /dev/null +++ b/packages/google-cloud-access-approval/samples/generated_samples/accessapproval_v1_generated_access_approval_invalidate_approval_request_sync.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for InvalidateApprovalRequest +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-access-approval + + +# [START accessapproval_v1_generated_AccessApproval_InvalidateApprovalRequest_sync] +from google.cloud import accessapproval_v1 + + +def sample_invalidate_approval_request(): + # Create a client + client = accessapproval_v1.AccessApprovalClient() + + # Initialize request argument(s) + request = accessapproval_v1.InvalidateApprovalRequestMessage( + ) + + # Make the request + response = client.invalidate_approval_request(request=request) + + # Handle the response + print(response) + +# [END accessapproval_v1_generated_AccessApproval_InvalidateApprovalRequest_sync] diff --git a/packages/google-cloud-access-approval/samples/generated_samples/snippet_metadata_accessapproval_v1.json b/packages/google-cloud-access-approval/samples/generated_samples/snippet_metadata_accessapproval_v1.json index c5bc16a2bb7f..8d50827e0157 100644 --- a/packages/google-cloud-access-approval/samples/generated_samples/snippet_metadata_accessapproval_v1.json +++ b/packages/google-cloud-access-approval/samples/generated_samples/snippet_metadata_accessapproval_v1.json @@ -471,6 +471,167 @@ ], "title": "accessapproval_v1_generated_access_approval_dismiss_approval_request_sync.py" }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.accessapproval_v1.AccessApprovalAsyncClient", + "shortName": "AccessApprovalAsyncClient" + }, + "fullName": "google.cloud.accessapproval_v1.AccessApprovalAsyncClient.get_access_approval_service_account", + "method": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval.GetAccessApprovalServiceAccount", + "service": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval", + "shortName": "AccessApproval" + }, + "shortName": "GetAccessApprovalServiceAccount" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.accessapproval_v1.types.GetAccessApprovalServiceAccountMessage" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.accessapproval_v1.types.AccessApprovalServiceAccount", + "shortName": "get_access_approval_service_account" + }, + "description": "Sample for GetAccessApprovalServiceAccount", + "file": "accessapproval_v1_generated_access_approval_get_access_approval_service_account_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "accessapproval_v1_generated_AccessApproval_GetAccessApprovalServiceAccount_async", + "segments": [ + { + "end": 43, + "start": 27, + "type": "FULL" + }, + { + "end": 43, + "start": 27, + "type": "SHORT" + }, + { + "end": 33, + "start": 31, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 37, + "start": 34, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 40, + "start": 38, + "type": "REQUEST_EXECUTION" + }, + { + "end": 44, + "start": 41, + "type": "RESPONSE_HANDLING" + } + ], + "title": "accessapproval_v1_generated_access_approval_get_access_approval_service_account_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.accessapproval_v1.AccessApprovalClient", + "shortName": "AccessApprovalClient" + }, + "fullName": "google.cloud.accessapproval_v1.AccessApprovalClient.get_access_approval_service_account", + "method": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval.GetAccessApprovalServiceAccount", + "service": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval", + "shortName": "AccessApproval" + }, + "shortName": "GetAccessApprovalServiceAccount" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.accessapproval_v1.types.GetAccessApprovalServiceAccountMessage" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.accessapproval_v1.types.AccessApprovalServiceAccount", + "shortName": "get_access_approval_service_account" + }, + "description": "Sample for GetAccessApprovalServiceAccount", + "file": "accessapproval_v1_generated_access_approval_get_access_approval_service_account_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "accessapproval_v1_generated_AccessApproval_GetAccessApprovalServiceAccount_sync", + "segments": [ + { + "end": 43, + "start": 27, + "type": "FULL" + }, + { + "end": 43, + "start": 27, + "type": "SHORT" + }, + { + "end": 33, + "start": 31, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 37, + "start": 34, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 40, + "start": 38, + "type": "REQUEST_EXECUTION" + }, + { + "end": 44, + "start": 41, + "type": "RESPONSE_HANDLING" + } + ], + "title": "accessapproval_v1_generated_access_approval_get_access_approval_service_account_sync.py" + }, { "canonical": true, "clientMethod": { @@ -793,6 +954,159 @@ ], "title": "accessapproval_v1_generated_access_approval_get_approval_request_sync.py" }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.accessapproval_v1.AccessApprovalAsyncClient", + "shortName": "AccessApprovalAsyncClient" + }, + "fullName": "google.cloud.accessapproval_v1.AccessApprovalAsyncClient.invalidate_approval_request", + "method": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval.InvalidateApprovalRequest", + "service": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval", + "shortName": "AccessApproval" + }, + "shortName": "InvalidateApprovalRequest" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.accessapproval_v1.types.InvalidateApprovalRequestMessage" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.accessapproval_v1.types.ApprovalRequest", + "shortName": "invalidate_approval_request" + }, + "description": "Sample for InvalidateApprovalRequest", + "file": "accessapproval_v1_generated_access_approval_invalidate_approval_request_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "accessapproval_v1_generated_AccessApproval_InvalidateApprovalRequest_async", + "segments": [ + { + "end": 43, + "start": 27, + "type": "FULL" + }, + { + "end": 43, + "start": 27, + "type": "SHORT" + }, + { + "end": 33, + "start": 31, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 37, + "start": 34, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 40, + "start": 38, + "type": "REQUEST_EXECUTION" + }, + { + "end": 44, + "start": 41, + "type": "RESPONSE_HANDLING" + } + ], + "title": "accessapproval_v1_generated_access_approval_invalidate_approval_request_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.accessapproval_v1.AccessApprovalClient", + "shortName": "AccessApprovalClient" + }, + "fullName": "google.cloud.accessapproval_v1.AccessApprovalClient.invalidate_approval_request", + "method": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval.InvalidateApprovalRequest", + "service": { + "fullName": "google.cloud.accessapproval.v1.AccessApproval", + "shortName": "AccessApproval" + }, + "shortName": "InvalidateApprovalRequest" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.accessapproval_v1.types.InvalidateApprovalRequestMessage" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.accessapproval_v1.types.ApprovalRequest", + "shortName": "invalidate_approval_request" + }, + "description": "Sample for InvalidateApprovalRequest", + "file": "accessapproval_v1_generated_access_approval_invalidate_approval_request_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "accessapproval_v1_generated_AccessApproval_InvalidateApprovalRequest_sync", + "segments": [ + { + "end": 43, + "start": 27, + "type": "FULL" + }, + { + "end": 43, + "start": 27, + "type": "SHORT" + }, + { + "end": 33, + "start": 31, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 37, + "start": 34, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 40, + "start": 38, + "type": "REQUEST_EXECUTION" + }, + { + "end": 44, + "start": 41, + "type": "RESPONSE_HANDLING" + } + ], + "title": "accessapproval_v1_generated_access_approval_invalidate_approval_request_sync.py" + }, { "canonical": true, "clientMethod": { diff --git a/packages/google-cloud-access-approval/scripts/fixup_accessapproval_v1_keywords.py b/packages/google-cloud-access-approval/scripts/fixup_accessapproval_v1_keywords.py index afa40f21e2b7..dbdede764f68 100644 --- a/packages/google-cloud-access-approval/scripts/fixup_accessapproval_v1_keywords.py +++ b/packages/google-cloud-access-approval/scripts/fixup_accessapproval_v1_keywords.py @@ -42,8 +42,10 @@ class accessapprovalCallTransformer(cst.CSTTransformer): 'approve_approval_request': ('name', 'expire_time', ), 'delete_access_approval_settings': ('name', ), 'dismiss_approval_request': ('name', ), + 'get_access_approval_service_account': ('name', ), 'get_access_approval_settings': ('name', ), 'get_approval_request': ('name', ), + 'invalidate_approval_request': ('name', ), 'list_approval_requests': ('parent', 'filter', 'page_size', 'page_token', ), 'update_access_approval_settings': ('settings', 'update_mask', ), } diff --git a/packages/google-cloud-access-approval/tests/unit/gapic/accessapproval_v1/test_access_approval.py b/packages/google-cloud-access-approval/tests/unit/gapic/accessapproval_v1/test_access_approval.py index f7940ac42c3b..38d2721f5589 100644 --- a/packages/google-cloud-access-approval/tests/unit/gapic/accessapproval_v1/test_access_approval.py +++ b/packages/google-cloud-access-approval/tests/unit/gapic/accessapproval_v1/test_access_approval.py @@ -1678,6 +1678,174 @@ async def test_dismiss_approval_request_field_headers_async(): ) in kw["metadata"] +@pytest.mark.parametrize( + "request_type", + [ + accessapproval.InvalidateApprovalRequestMessage, + dict, + ], +) +def test_invalidate_approval_request(request_type, transport: str = "grpc"): + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.invalidate_approval_request), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = accessapproval.ApprovalRequest( + name="name_value", + requested_resource_name="requested_resource_name_value", + approve=accessapproval.ApproveDecision( + approve_time=timestamp_pb2.Timestamp(seconds=751) + ), + ) + response = client.invalidate_approval_request(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == accessapproval.InvalidateApprovalRequestMessage() + + # Establish that the response is the type that we expect. + assert isinstance(response, accessapproval.ApprovalRequest) + assert response.name == "name_value" + assert response.requested_resource_name == "requested_resource_name_value" + + +def test_invalidate_approval_request_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.invalidate_approval_request), "__call__" + ) as call: + client.invalidate_approval_request() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == accessapproval.InvalidateApprovalRequestMessage() + + +@pytest.mark.asyncio +async def test_invalidate_approval_request_async( + transport: str = "grpc_asyncio", + request_type=accessapproval.InvalidateApprovalRequestMessage, +): + client = AccessApprovalAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.invalidate_approval_request), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + accessapproval.ApprovalRequest( + name="name_value", + requested_resource_name="requested_resource_name_value", + ) + ) + response = await client.invalidate_approval_request(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == accessapproval.InvalidateApprovalRequestMessage() + + # Establish that the response is the type that we expect. + assert isinstance(response, accessapproval.ApprovalRequest) + assert response.name == "name_value" + assert response.requested_resource_name == "requested_resource_name_value" + + +@pytest.mark.asyncio +async def test_invalidate_approval_request_async_from_dict(): + await test_invalidate_approval_request_async(request_type=dict) + + +def test_invalidate_approval_request_field_headers(): + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = accessapproval.InvalidateApprovalRequestMessage() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.invalidate_approval_request), "__call__" + ) as call: + call.return_value = accessapproval.ApprovalRequest() + client.invalidate_approval_request(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_invalidate_approval_request_field_headers_async(): + client = AccessApprovalAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = accessapproval.InvalidateApprovalRequestMessage() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.invalidate_approval_request), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + accessapproval.ApprovalRequest() + ) + await client.invalidate_approval_request(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + @pytest.mark.parametrize( "request_type", [ @@ -1704,6 +1872,9 @@ def test_get_access_approval_settings(request_type, transport: str = "grpc"): name="name_value", notification_emails=["notification_emails_value"], enrolled_ancestor=True, + active_key_version="active_key_version_value", + ancestor_has_active_key_version=True, + invalid_key_version=True, ) response = client.get_access_approval_settings(request) @@ -1717,6 +1888,9 @@ def test_get_access_approval_settings(request_type, transport: str = "grpc"): assert response.name == "name_value" assert response.notification_emails == ["notification_emails_value"] assert response.enrolled_ancestor is True + assert response.active_key_version == "active_key_version_value" + assert response.ancestor_has_active_key_version is True + assert response.invalid_key_version is True def test_get_access_approval_settings_empty_call(): @@ -1761,6 +1935,9 @@ async def test_get_access_approval_settings_async( name="name_value", notification_emails=["notification_emails_value"], enrolled_ancestor=True, + active_key_version="active_key_version_value", + ancestor_has_active_key_version=True, + invalid_key_version=True, ) ) response = await client.get_access_approval_settings(request) @@ -1775,6 +1952,9 @@ async def test_get_access_approval_settings_async( assert response.name == "name_value" assert response.notification_emails == ["notification_emails_value"] assert response.enrolled_ancestor is True + assert response.active_key_version == "active_key_version_value" + assert response.ancestor_has_active_key_version is True + assert response.invalid_key_version is True @pytest.mark.asyncio @@ -1959,6 +2139,9 @@ def test_update_access_approval_settings(request_type, transport: str = "grpc"): name="name_value", notification_emails=["notification_emails_value"], enrolled_ancestor=True, + active_key_version="active_key_version_value", + ancestor_has_active_key_version=True, + invalid_key_version=True, ) response = client.update_access_approval_settings(request) @@ -1972,6 +2155,9 @@ def test_update_access_approval_settings(request_type, transport: str = "grpc"): assert response.name == "name_value" assert response.notification_emails == ["notification_emails_value"] assert response.enrolled_ancestor is True + assert response.active_key_version == "active_key_version_value" + assert response.ancestor_has_active_key_version is True + assert response.invalid_key_version is True def test_update_access_approval_settings_empty_call(): @@ -2016,6 +2202,9 @@ async def test_update_access_approval_settings_async( name="name_value", notification_emails=["notification_emails_value"], enrolled_ancestor=True, + active_key_version="active_key_version_value", + ancestor_has_active_key_version=True, + invalid_key_version=True, ) ) response = await client.update_access_approval_settings(request) @@ -2030,6 +2219,9 @@ async def test_update_access_approval_settings_async( assert response.name == "name_value" assert response.notification_emails == ["notification_emails_value"] assert response.enrolled_ancestor is True + assert response.active_key_version == "active_key_version_value" + assert response.ancestor_has_active_key_version is True + assert response.invalid_key_version is True @pytest.mark.asyncio @@ -2433,6 +2625,257 @@ async def test_delete_access_approval_settings_flattened_error_async(): ) +@pytest.mark.parametrize( + "request_type", + [ + accessapproval.GetAccessApprovalServiceAccountMessage, + dict, + ], +) +def test_get_access_approval_service_account(request_type, transport: str = "grpc"): + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = accessapproval.AccessApprovalServiceAccount( + name="name_value", + account_email="account_email_value", + ) + response = client.get_access_approval_service_account(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == accessapproval.GetAccessApprovalServiceAccountMessage() + + # Establish that the response is the type that we expect. + assert isinstance(response, accessapproval.AccessApprovalServiceAccount) + assert response.name == "name_value" + assert response.account_email == "account_email_value" + + +def test_get_access_approval_service_account_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + client.get_access_approval_service_account() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == accessapproval.GetAccessApprovalServiceAccountMessage() + + +@pytest.mark.asyncio +async def test_get_access_approval_service_account_async( + transport: str = "grpc_asyncio", + request_type=accessapproval.GetAccessApprovalServiceAccountMessage, +): + client = AccessApprovalAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + accessapproval.AccessApprovalServiceAccount( + name="name_value", + account_email="account_email_value", + ) + ) + response = await client.get_access_approval_service_account(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == accessapproval.GetAccessApprovalServiceAccountMessage() + + # Establish that the response is the type that we expect. + assert isinstance(response, accessapproval.AccessApprovalServiceAccount) + assert response.name == "name_value" + assert response.account_email == "account_email_value" + + +@pytest.mark.asyncio +async def test_get_access_approval_service_account_async_from_dict(): + await test_get_access_approval_service_account_async(request_type=dict) + + +def test_get_access_approval_service_account_field_headers(): + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = accessapproval.GetAccessApprovalServiceAccountMessage() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + call.return_value = accessapproval.AccessApprovalServiceAccount() + client.get_access_approval_service_account(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_access_approval_service_account_field_headers_async(): + client = AccessApprovalAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = accessapproval.GetAccessApprovalServiceAccountMessage() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + accessapproval.AccessApprovalServiceAccount() + ) + await client.get_access_approval_service_account(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +def test_get_access_approval_service_account_flattened(): + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = accessapproval.AccessApprovalServiceAccount() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_access_approval_service_account( + name="name_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + + +def test_get_access_approval_service_account_flattened_error(): + client = AccessApprovalClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_access_approval_service_account( + accessapproval.GetAccessApprovalServiceAccountMessage(), + name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_access_approval_service_account_flattened_async(): + client = AccessApprovalAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_access_approval_service_account), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = accessapproval.AccessApprovalServiceAccount() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + accessapproval.AccessApprovalServiceAccount() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_access_approval_service_account( + name="name_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_get_access_approval_service_account_flattened_error_async(): + client = AccessApprovalAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_access_approval_service_account( + accessapproval.GetAccessApprovalServiceAccountMessage(), + name="name_value", + ) + + def test_credentials_transport_error(): # It is an error to provide credentials and a transport instance. transport = transports.AccessApprovalGrpcTransport( @@ -2574,9 +3017,11 @@ def test_access_approval_base_transport(): "get_approval_request", "approve_approval_request", "dismiss_approval_request", + "invalidate_approval_request", "get_access_approval_settings", "update_access_approval_settings", "delete_access_approval_settings", + "get_access_approval_service_account", ) for method in methods: with pytest.raises(NotImplementedError): @@ -2900,8 +3345,28 @@ def test_access_approval_transport_channel_mtls_with_adc(transport_class): assert transport.grpc_channel == mock_grpc_channel -def test_access_approval_settings_path(): +def test_access_approval_service_account_path(): project = "squid" + expected = "projects/{project}/serviceAccount".format( + project=project, + ) + actual = AccessApprovalClient.access_approval_service_account_path(project) + assert expected == actual + + +def test_parse_access_approval_service_account_path(): + expected = { + "project": "clam", + } + path = AccessApprovalClient.access_approval_service_account_path(**expected) + + # Check that the path construction is reversible. + actual = AccessApprovalClient.parse_access_approval_service_account_path(path) + assert expected == actual + + +def test_access_approval_settings_path(): + project = "whelk" expected = "projects/{project}/accessApprovalSettings".format( project=project, ) @@ -2911,7 +3376,7 @@ def test_access_approval_settings_path(): def test_parse_access_approval_settings_path(): expected = { - "project": "clam", + "project": "octopus", } path = AccessApprovalClient.access_approval_settings_path(**expected) @@ -2921,8 +3386,8 @@ def test_parse_access_approval_settings_path(): def test_approval_request_path(): - project = "whelk" - approval_request = "octopus" + project = "oyster" + approval_request = "nudibranch" expected = "projects/{project}/approvalRequests/{approval_request}".format( project=project, approval_request=approval_request, @@ -2933,8 +3398,8 @@ def test_approval_request_path(): def test_parse_approval_request_path(): expected = { - "project": "oyster", - "approval_request": "nudibranch", + "project": "cuttlefish", + "approval_request": "mussel", } path = AccessApprovalClient.approval_request_path(**expected) @@ -2944,7 +3409,7 @@ def test_parse_approval_request_path(): def test_common_billing_account_path(): - billing_account = "cuttlefish" + billing_account = "winkle" expected = "billingAccounts/{billing_account}".format( billing_account=billing_account, ) @@ -2954,7 +3419,7 @@ def test_common_billing_account_path(): def test_parse_common_billing_account_path(): expected = { - "billing_account": "mussel", + "billing_account": "nautilus", } path = AccessApprovalClient.common_billing_account_path(**expected) @@ -2964,7 +3429,7 @@ def test_parse_common_billing_account_path(): def test_common_folder_path(): - folder = "winkle" + folder = "scallop" expected = "folders/{folder}".format( folder=folder, ) @@ -2974,7 +3439,7 @@ def test_common_folder_path(): def test_parse_common_folder_path(): expected = { - "folder": "nautilus", + "folder": "abalone", } path = AccessApprovalClient.common_folder_path(**expected) @@ -2984,7 +3449,7 @@ def test_parse_common_folder_path(): def test_common_organization_path(): - organization = "scallop" + organization = "squid" expected = "organizations/{organization}".format( organization=organization, ) @@ -2994,7 +3459,7 @@ def test_common_organization_path(): def test_parse_common_organization_path(): expected = { - "organization": "abalone", + "organization": "clam", } path = AccessApprovalClient.common_organization_path(**expected) @@ -3004,7 +3469,7 @@ def test_parse_common_organization_path(): def test_common_project_path(): - project = "squid" + project = "whelk" expected = "projects/{project}".format( project=project, ) @@ -3014,7 +3479,7 @@ def test_common_project_path(): def test_parse_common_project_path(): expected = { - "project": "clam", + "project": "octopus", } path = AccessApprovalClient.common_project_path(**expected) @@ -3024,8 +3489,8 @@ def test_parse_common_project_path(): def test_common_location_path(): - project = "whelk" - location = "octopus" + project = "oyster" + location = "nudibranch" expected = "projects/{project}/locations/{location}".format( project=project, location=location, @@ -3036,8 +3501,8 @@ def test_common_location_path(): def test_parse_common_location_path(): expected = { - "project": "oyster", - "location": "nudibranch", + "project": "cuttlefish", + "location": "mussel", } path = AccessApprovalClient.common_location_path(**expected)