Skip to content

Commit

Permalink
chore(logging): Add Google::Logging::V2::CmekSettings to the lower-le…
Browse files Browse the repository at this point in the history 
…vel client

* Add ConfigServiceV2Client#get_cmek_settings
* Add ConfigServiceV2Client#update_cmek_settings
* Add V2::LogSink#description
* Add V2::LogSink#disabled
* Add V2:: BigQueryOptions#uses_timestamp_column_partitioning
* Update documentation
  • Loading branch information
@yoshi-automation
yoshi-automation authored Feb 11, 2020
1 parent 4e685f4 commit 5619231
Show file tree
Hide file tree
Showing 15 changed files with 371 additions and 36 deletions.
137 changes: 137 additions & 0 deletions google-cloud-logging/lib/google/cloud/logging/v2/config_service_v2_client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -461,6 +461,22 @@ def initialize \
{'name' => request.name}
end
)
@get_cmek_settings = Google::Gax.create_api_call(
@config_service_v2_stub.method(:get_cmek_settings),
defaults["get_cmek_settings"],
exception_transformer: exception_transformer,
params_extractor: proc do |request|
{'name' => request.name}
end
)
@update_cmek_settings = Google::Gax.create_api_call(
@config_service_v2_stub.method(:update_cmek_settings),
defaults["update_cmek_settings"],
exception_transformer: exception_transformer,
params_extractor: proc do |request|
{'name' => request.name}
end
)
end

# Service calls
Expand Down Expand Up @@ -992,6 +1008,127 @@ def delete_exclusion \
@delete_exclusion.call(req, options, &block)
nil
end

# Gets the Logs Router CMEK settings for the given resource.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in
# the GCP organization.
#
# See [Enabling CMEK for Logs
# Router](/logging/docs/routing/managed-encryption) for more information.
#
# @param name [String]
# Required. The resource for which to retrieve CMEK settings.
#
# "projects/[PROJECT_ID]/cmekSettings"
# "organizations/[ORGANIZATION_ID]/cmekSettings"
# "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
# "folders/[FOLDER_ID]/cmekSettings"
#
# Example: `"organizations/12345/cmekSettings"`.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in
# the GCP organization.
# @param options [Google::Gax::CallOptions]
# Overrides the default settings for this call, e.g, timeout,
# retries, etc.
# @yield [result, operation] Access the result along with the RPC operation
# @yieldparam result [Google::Logging::V2::CmekSettings]
# @yieldparam operation [GRPC::ActiveCall::Operation]
# @return [Google::Logging::V2::CmekSettings]
# @raise [Google::Gax::GaxError] if the RPC is aborted.
# @example
# require "google/cloud/logging/v2"
#
# config_client = Google::Cloud::Logging::V2::ConfigServiceV2Client.new
# response = config_client.get_cmek_settings

def get_cmek_settings \
name: nil,
options: nil,
&block
req = {
name: name
}.delete_if { |_, v| v.nil? }
req = Google::Gax::to_proto(req, Google::Logging::V2::GetCmekSettingsRequest)
@get_cmek_settings.call(req, options, &block)
end

# Updates the Logs Router CMEK settings for the given resource.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in
# the GCP organization.
#
# {Google::Logging::V2::ConfigServiceV2::UpdateCmekSettings UpdateCmekSettings}
# will fail if 1) `kms_key_name` is invalid, or 2) the associated service
# account does not have the required
# `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key, or
# 3) access to the key is disabled.
#
# See [Enabling CMEK for Logs
# Router](/logging/docs/routing/managed-encryption) for more information.
#
# @param name [String]
# Required. The resource name for the CMEK settings to update.
#
# "projects/[PROJECT_ID]/cmekSettings"
# "organizations/[ORGANIZATION_ID]/cmekSettings"
# "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
# "folders/[FOLDER_ID]/cmekSettings"
#
# Example: `"organizations/12345/cmekSettings"`.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in
# the GCP organization.
# @param cmek_settings [Google::Logging::V2::CmekSettings | Hash]
# Required. The CMEK settings to update.
#
# See [Enabling CMEK for Logs
# Router](/logging/docs/routing/managed-encryption) for more information.
# A hash of the same form as `Google::Logging::V2::CmekSettings`
# can also be provided.
# @param update_mask [Google::Protobuf::FieldMask | Hash]
# Optional. Field mask identifying which fields from `cmek_settings` should
# be updated. A field will be overwritten if and only if it is in the update
# mask. Output only fields cannot be updated.
#
# See {Google::Protobuf::FieldMask FieldMask} for more information.
#
# Example: `"updateMask=kmsKeyName"`
# A hash of the same form as `Google::Protobuf::FieldMask`
# can also be provided.
# @param options [Google::Gax::CallOptions]
# Overrides the default settings for this call, e.g, timeout,
# retries, etc.
# @yield [result, operation] Access the result along with the RPC operation
# @yieldparam result [Google::Logging::V2::CmekSettings]
# @yieldparam operation [GRPC::ActiveCall::Operation]
# @return [Google::Logging::V2::CmekSettings]
# @raise [Google::Gax::GaxError] if the RPC is aborted.
# @example
# require "google/cloud/logging/v2"
#
# config_client = Google::Cloud::Logging::V2::ConfigServiceV2Client.new
# response = config_client.update_cmek_settings

def update_cmek_settings \
name: nil,
cmek_settings: nil,
update_mask: nil,
options: nil,
&block
req = {
name: name,
cmek_settings: cmek_settings,
update_mask: update_mask
}.delete_if { |_, v| v.nil? }
req = Google::Gax::to_proto(req, Google::Logging::V2::UpdateCmekSettingsRequest)
@update_cmek_settings.call(req, options, &block)
end
end
end
end
Expand Down
16 changes: 15 additions & 1 deletion google-cloud-logging/lib/google/cloud/logging/v2/config_service_v2_client_config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@
"INTERNAL",
"UNAVAILABLE"
],
"non_idempotent": []
"non_idempotent": [],
"idempotent2": [
"DEADLINE_EXCEEDED",
"UNAVAILABLE"
]
},
"retry_params": {
"default": {
Expand Down Expand Up @@ -79,6 +83,16 @@
"timeout_millis": 60000,
"retry_codes_name": "idempotent",
"retry_params_name": "default"
},
"GetCmekSettings": {
"timeout_millis": 60000,
"retry_codes_name": "idempotent2",
"retry_params_name": "default"
},
"UpdateCmekSettings": {
"timeout_millis": 60000,
"retry_codes_name": "non_idempotent",
"retry_params_name": "default"
}
}
}
Expand Down
13 changes: 9 additions & 4 deletions google-cloud-logging/lib/google/cloud/logging/v2/doc/google/logging/v2/log_entry.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,15 @@ module V2
# @return [String]
# Optional. A unique identifier for the log entry. If you provide a value,
# then Logging considers other log entries in the same project, with the same
# `timestamp`, and with the same `insert_id` to be duplicates which can be
# removed. If omitted in new log entries, then Logging assigns its own unique
# identifier. The `insert_id` is also used to order log entries that have the
# same `timestamp` value.
# `timestamp`, and with the same `insert_id` to be duplicates which are
# removed in a single query result. However, there are no guarantees of
# de-duplication in the export of logs.
#
# If the `insert_id` is omitted when writing a log entry, the Logging API
# assigns its own unique identifier in this field.
#
# In queries, the `insert_id` is also used to order log entries that have
# the same `log_name` and `timestamp` values.
# @!attribute [rw] http_request
# @return [Google::Logging::Type::HttpRequest]
# Optional. Information about the HTTP request associated with this log
Expand Down
2 changes: 1 addition & 1 deletion google-cloud-logging/lib/google/cloud/logging/v2/doc/google/logging/v2/logging.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ class WriteLogEntriesResponse; end
# @!attribute [rw] filter
# @return [String]
# Optional. A filter that chooses which log entries to return. See [Advanced
# Logs Filters](/logging/docs/view/advanced_filters). Only log entries that
# Logs Queries](/logging/docs/view/advanced-queries). Only log entries that
# match the filter are returned. An empty filter matches all log entries in
# the resources listed in `resource_names`. Referencing a parent resource
# that is not listed in `resource_names` will cause the filter to return no
Expand Down
129 changes: 128 additions & 1 deletion google-cloud-logging/lib/google/cloud/logging/v2/doc/google/logging/v2/logging_config.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ module V2
# project. Example: `"my-syslog-errors-to-pubsub"`. Sink identifiers are
# limited to 100 characters and can include only the following characters:
# upper and lower-case alphanumeric characters, underscores, hyphens, and
# periods.
# periods. First character has to be alphanumeric.
# @!attribute [rw] destination
# @return [String]
# Required. The export destination:
Expand All @@ -47,6 +47,14 @@ module V2
# that match the filter. For example:
#
# logName="projects/[PROJECT_ID]/logs/[LOG_ID]" AND severity>=ERROR
# @!attribute [rw] description
# @return [String]
# Optional. A description of this sink.
# The maximum length of the description is 8000 characters.
# @!attribute [rw] disabled
# @return [true, false]
# Optional. If set to True, then this sink is disabled and it does not
# export any log entries.
# @!attribute [rw] output_version_format
# @return [Google::Logging::V2::LogSink::VersionFormat]
# Deprecated. The log entry format to use for this sink's exported log
Expand Down Expand Up @@ -127,6 +135,14 @@ module VersionFormat
# present and [special query
# syntax](/bigquery/docs/querying-partitioned-tables) has to be used instead.
# In both cases, tables are sharded based on UTC timezone.
# @!attribute [rw] uses_timestamp_column_partitioning
# @return [true, false]
# Output only. True if new timestamp column based partitioning is in use,
# false if legacy ingestion-time partitioning is in use.
# All new sinks will have this field set true and will use timestamp column
# based partitioning. If use_partitioned_tables is false, this value has no
# meaning and will be false. Legacy sinks using partitioned tables will have
# this field set to false.
class BigQueryOptions; end

# The parameters to `ListSinks`.
Expand Down Expand Up @@ -277,6 +293,7 @@ class DeleteSinkRequest; end
# Required. A client-assigned identifier, such as
# `"load-balancer-exclusion"`. Identifiers are limited to 100 characters and
# can include only letters, digits, underscores, hyphens, and periods.
# First character has to be alphanumeric.
# @!attribute [rw] description
# @return [String]
# Optional. A description of this exclusion.
Expand Down Expand Up @@ -409,6 +426,116 @@ class UpdateExclusionRequest; end
#
# Example: `"projects/my-project-id/exclusions/my-exclusion-id"`.
class DeleteExclusionRequest; end

# The parameters to
# {Google::Logging::V2::ConfigServiceV2::GetCmekSettings GetCmekSettings}.
#
# See [Enabling CMEK for Logs Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
# for more information.
# @!attribute [rw] name
# @return [String]
# Required. The resource for which to retrieve CMEK settings.
#
# "projects/[PROJECT_ID]/cmekSettings"
# "organizations/[ORGANIZATION_ID]/cmekSettings"
# "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
# "folders/[FOLDER_ID]/cmekSettings"
#
# Example: `"organizations/12345/cmekSettings"`.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in
# the GCP organization.
class GetCmekSettingsRequest; end

# The parameters to
# {Google::Logging::V2::ConfigServiceV2::UpdateCmekSettings UpdateCmekSettings}.
#
# See [Enabling CMEK for Logs Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
# for more information.
# @!attribute [rw] name
# @return [String]
# Required. The resource name for the CMEK settings to update.
#
# "projects/[PROJECT_ID]/cmekSettings"
# "organizations/[ORGANIZATION_ID]/cmekSettings"
# "billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
# "folders/[FOLDER_ID]/cmekSettings"
#
# Example: `"organizations/12345/cmekSettings"`.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in
# the GCP organization.
# @!attribute [rw] cmek_settings
# @return [Google::Logging::V2::CmekSettings]
# Required. The CMEK settings to update.
#
# See [Enabling CMEK for Logs
# Router](/logging/docs/routing/managed-encryption) for more information.
# @!attribute [rw] update_mask
# @return [Google::Protobuf::FieldMask]
# Optional. Field mask identifying which fields from `cmek_settings` should
# be updated. A field will be overwritten if and only if it is in the update
# mask. Output only fields cannot be updated.
#
# See {Google::Protobuf::FieldMask FieldMask} for more information.
#
# Example: `"updateMask=kmsKeyName"`
class UpdateCmekSettingsRequest; end

# Describes the customer-managed encryption key (CMEK) settings associated with
# a project, folder, organization, billing account, or flexible resource.
#
# Note: CMEK for the Logs Router can currently only be configured for GCP
# organizations. Once configured, it applies to all projects and folders in the
# GCP organization.
#
# See [Enabling CMEK for Logs Router](https://cloud.google.com/logging/docs/routing/managed-encryption)
# for more information.
# @!attribute [rw] name
# @return [String]
# Output Only. The resource name of the CMEK settings.
# @!attribute [rw] kms_key_name
# @return [String]
# The resource name for the configured Cloud KMS key.
#
# KMS key name format:
# "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]"
#
# For example:
# `"projects/my-project-id/locations/my-region/keyRings/key-ring-name/cryptoKeys/key-name"`
#
#
#
# To enable CMEK for the Logs Router, set this field to a valid
# `kms_key_name` for which the associated service account has the required
# `roles/cloudkms.cryptoKeyEncrypterDecrypter` role assigned for the key.
#
# The Cloud KMS key used by the Log Router can be updated by changing the
# `kms_key_name` to a new valid key name. Encryption operations that are in
# progress will be completed with the key that was in use when they started.
# Decryption operations will be completed using the key that was used at the
# time of encryption unless access to that key has been revoked.
#
# To disable CMEK for the Logs Router, set this field to an empty string.
#
# See [Enabling CMEK for Logs
# Router](/logging/docs/routing/managed-encryption) for more information.
# @!attribute [rw] service_account_id
# @return [String]
# Output Only. The service account that will be used by the Logs Router to
# access your Cloud KMS key.
#
# Before enabling CMEK for Logs Router, you must first assign the role
# `roles/cloudkms.cryptoKeyEncrypterDecrypter` to the service account that
# the Logs Router will use to access your Cloud KMS key. Use
# {Google::Logging::V2::ConfigServiceV2::GetCmekSettings GetCmekSettings} to
# obtain the service account ID.
#
# See [Enabling CMEK for Logs
# Router](/logging/docs/routing/managed-encryption) for more information.
class CmekSettings; end
end
end
end
Loading

0 comments on commit 5619231

Please sign in to comment.