diff --git a/AccessApproval/metadata/V1/Accessapproval.php b/AccessApproval/metadata/V1/Accessapproval.php
index 5db89951e8b..4f80f3e5390 100644
Binary files a/AccessApproval/metadata/V1/Accessapproval.php and b/AccessApproval/metadata/V1/Accessapproval.php differ
diff --git a/AccessApproval/src/V1/AccessApprovalGrpcClient.php b/AccessApproval/src/V1/AccessApprovalGrpcClient.php
index 33286eee537..63e3dfe44f0 100644
--- a/AccessApproval/src/V1/AccessApprovalGrpcClient.php
+++ b/AccessApproval/src/V1/AccessApprovalGrpcClient.php
@@ -138,6 +138,28 @@ public function DismissApprovalRequest(\Google\Cloud\AccessApproval\V1\DismissAp
$metadata, $options);
}
+ /**
+ * Invalidates an existing ApprovalRequest. Returns the updated
+ * ApprovalRequest.
+ *
+ * NOTE: This does not deny access to the resource if another request has been
+ * made and approved. It only invalidates a single approval.
+ *
+ * Returns FAILED_PRECONDITION if the request exists but is not in an approved
+ * state.
+ * @param \Google\Cloud\AccessApproval\V1\InvalidateApprovalRequestMessage $argument input argument
+ * @param array $metadata metadata
+ * @param array $options call options
+ * @return \Grpc\UnaryCall
+ */
+ public function InvalidateApprovalRequest(\Google\Cloud\AccessApproval\V1\InvalidateApprovalRequestMessage $argument,
+ $metadata = [], $options = []) {
+ return $this->_simpleRequest('/google.cloud.accessapproval.v1.AccessApproval/InvalidateApprovalRequest',
+ $argument,
+ ['\Google\Cloud\AccessApproval\V1\ApprovalRequest', 'decode'],
+ $metadata, $options);
+ }
+
/**
* Gets the settings associated with a project, folder, or organization.
* @param \Google\Cloud\AccessApproval\V1\GetAccessApprovalSettingsMessage $argument input argument
@@ -189,4 +211,20 @@ public function DeleteAccessApprovalSettings(\Google\Cloud\AccessApproval\V1\Del
$metadata, $options);
}
+ /**
+ * Retrieves the service account that is used by Access Approval to access KMS
+ * keys for signing approved approval requests.
+ * @param \Google\Cloud\AccessApproval\V1\GetAccessApprovalServiceAccountMessage $argument input argument
+ * @param array $metadata metadata
+ * @param array $options call options
+ * @return \Grpc\UnaryCall
+ */
+ public function GetAccessApprovalServiceAccount(\Google\Cloud\AccessApproval\V1\GetAccessApprovalServiceAccountMessage $argument,
+ $metadata = [], $options = []) {
+ return $this->_simpleRequest('/google.cloud.accessapproval.v1.AccessApproval/GetAccessApprovalServiceAccount',
+ $argument,
+ ['\Google\Cloud\AccessApproval\V1\AccessApprovalServiceAccount', 'decode'],
+ $metadata, $options);
+ }
+
}
diff --git a/AccessApproval/src/V1/AccessApprovalServiceAccount.php b/AccessApproval/src/V1/AccessApprovalServiceAccount.php
new file mode 100644
index 00000000000..137eb4db945
--- /dev/null
+++ b/AccessApproval/src/V1/AccessApprovalServiceAccount.php
@@ -0,0 +1,113 @@
+google.cloud.accessapproval.v1.AccessApprovalServiceAccount
+ */
+class AccessApprovalServiceAccount extends \Google\Protobuf\Internal\Message
+{
+ /**
+ * The resource name of the Access Approval service account. Format is one of:
+ * * "projects/{project}/serviceAccount"
+ * * "folders/{folder}/serviceAccount"
+ * * "organizations/{organization}/serviceAccount"
+ *
+ * Generated from protobuf field string name = 1 [(.google.api.resource_reference) = {
+ */
+ private $name = '';
+ /**
+ * Email address of the service account.
+ *
+ * Generated from protobuf field string account_email = 2;
+ */
+ private $account_email = '';
+
+ /**
+ * Constructor.
+ *
+ * @param array $data {
+ * Optional. Data for populating the Message object.
+ *
+ * @type string $name
+ * The resource name of the Access Approval service account. Format is one of:
+ * * "projects/{project}/serviceAccount"
+ * * "folders/{folder}/serviceAccount"
+ * * "organizations/{organization}/serviceAccount"
+ * @type string $account_email
+ * Email address of the service account.
+ * }
+ */
+ public function __construct($data = NULL) {
+ \GPBMetadata\Google\Cloud\Accessapproval\V1\Accessapproval::initOnce();
+ parent::__construct($data);
+ }
+
+ /**
+ * The resource name of the Access Approval service account. Format is one of:
+ * * "projects/{project}/serviceAccount"
+ * * "folders/{folder}/serviceAccount"
+ * * "organizations/{organization}/serviceAccount"
+ *
+ * Generated from protobuf field string name = 1 [(.google.api.resource_reference) = {
+ * @return string
+ */
+ public function getName()
+ {
+ return $this->name;
+ }
+
+ /**
+ * The resource name of the Access Approval service account. Format is one of:
+ * * "projects/{project}/serviceAccount"
+ * * "folders/{folder}/serviceAccount"
+ * * "organizations/{organization}/serviceAccount"
+ *
+ * Generated from protobuf field string name = 1 [(.google.api.resource_reference) = {
+ * @param string $var
+ * @return $this
+ */
+ public function setName($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->name = $var;
+
+ return $this;
+ }
+
+ /**
+ * Email address of the service account.
+ *
+ * Generated from protobuf field string account_email = 2;
+ * @return string
+ */
+ public function getAccountEmail()
+ {
+ return $this->account_email;
+ }
+
+ /**
+ * Email address of the service account.
+ *
+ * Generated from protobuf field string account_email = 2;
+ * @param string $var
+ * @return $this
+ */
+ public function setAccountEmail($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->account_email = $var;
+
+ return $this;
+ }
+
+}
+
diff --git a/AccessApproval/src/V1/AccessApprovalSettings.php b/AccessApproval/src/V1/AccessApprovalSettings.php
index a20cc7354a3..fd5835b8dc1 100644
--- a/AccessApproval/src/V1/AccessApprovalSettings.php
+++ b/AccessApproval/src/V1/AccessApprovalSettings.php
@@ -58,6 +58,36 @@ class AccessApprovalSettings extends \Google\Protobuf\Internal\Message
* Generated from protobuf field bool enrolled_ancestor = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
*/
private $enrolled_ancestor = false;
+ /**
+ * The asymmetric crypto key version to use for signing approval requests.
+ * Empty active_key_version indicates that a Google-managed key should be used
+ * for signing. This property will be ignored if set by an ancestor of this
+ * resource, and new non-empty values may not be set.
+ *
+ * Generated from protobuf field string active_key_version = 6;
+ */
+ private $active_key_version = '';
+ /**
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that an ancestor of this
+ * Project or Folder has set active_key_version (this field will always be
+ * unset for the organization since organizations do not have ancestors).
+ *
+ * Generated from protobuf field bool ancestor_has_active_key_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+ */
+ private $ancestor_has_active_key_version = false;
+ /**
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that there is some
+ * configuration issue with the active_key_version configured at this level in
+ * the resource hierarchy (e.g. it doesn't exist or the Access Approval
+ * service account doesn't have the correct permissions on it, etc.) This key
+ * version is not necessarily the effective key version at this level, as key
+ * versions are inherited top-down.
+ *
+ * Generated from protobuf field bool invalid_key_version = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+ */
+ private $invalid_key_version = false;
/**
* Constructor.
@@ -92,6 +122,24 @@ class AccessApprovalSettings extends \Google\Protobuf\Internal\Message
* indicates that at least one service is enrolled for Access Approval in one
* or more ancestors of the Project or Folder (this field will always be
* unset for the organization since organizations do not have ancestors).
+ * @type string $active_key_version
+ * The asymmetric crypto key version to use for signing approval requests.
+ * Empty active_key_version indicates that a Google-managed key should be used
+ * for signing. This property will be ignored if set by an ancestor of this
+ * resource, and new non-empty values may not be set.
+ * @type bool $ancestor_has_active_key_version
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that an ancestor of this
+ * Project or Folder has set active_key_version (this field will always be
+ * unset for the organization since organizations do not have ancestors).
+ * @type bool $invalid_key_version
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that there is some
+ * configuration issue with the active_key_version configured at this level in
+ * the resource hierarchy (e.g. it doesn't exist or the Access Approval
+ * service account doesn't have the correct permissions on it, etc.) This key
+ * version is not necessarily the effective key version at this level, as key
+ * versions are inherited top-down.
* }
*/
public function __construct($data = NULL) {
@@ -241,5 +289,107 @@ public function setEnrolledAncestor($var)
return $this;
}
+ /**
+ * The asymmetric crypto key version to use for signing approval requests.
+ * Empty active_key_version indicates that a Google-managed key should be used
+ * for signing. This property will be ignored if set by an ancestor of this
+ * resource, and new non-empty values may not be set.
+ *
+ * Generated from protobuf field string active_key_version = 6;
+ * @return string
+ */
+ public function getActiveKeyVersion()
+ {
+ return $this->active_key_version;
+ }
+
+ /**
+ * The asymmetric crypto key version to use for signing approval requests.
+ * Empty active_key_version indicates that a Google-managed key should be used
+ * for signing. This property will be ignored if set by an ancestor of this
+ * resource, and new non-empty values may not be set.
+ *
+ * Generated from protobuf field string active_key_version = 6;
+ * @param string $var
+ * @return $this
+ */
+ public function setActiveKeyVersion($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->active_key_version = $var;
+
+ return $this;
+ }
+
+ /**
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that an ancestor of this
+ * Project or Folder has set active_key_version (this field will always be
+ * unset for the organization since organizations do not have ancestors).
+ *
+ * Generated from protobuf field bool ancestor_has_active_key_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+ * @return bool
+ */
+ public function getAncestorHasActiveKeyVersion()
+ {
+ return $this->ancestor_has_active_key_version;
+ }
+
+ /**
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that an ancestor of this
+ * Project or Folder has set active_key_version (this field will always be
+ * unset for the organization since organizations do not have ancestors).
+ *
+ * Generated from protobuf field bool ancestor_has_active_key_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+ * @param bool $var
+ * @return $this
+ */
+ public function setAncestorHasActiveKeyVersion($var)
+ {
+ GPBUtil::checkBool($var);
+ $this->ancestor_has_active_key_version = $var;
+
+ return $this;
+ }
+
+ /**
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that there is some
+ * configuration issue with the active_key_version configured at this level in
+ * the resource hierarchy (e.g. it doesn't exist or the Access Approval
+ * service account doesn't have the correct permissions on it, etc.) This key
+ * version is not necessarily the effective key version at this level, as key
+ * versions are inherited top-down.
+ *
+ * Generated from protobuf field bool invalid_key_version = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+ * @return bool
+ */
+ public function getInvalidKeyVersion()
+ {
+ return $this->invalid_key_version;
+ }
+
+ /**
+ * Output only. This field is read only (not settable via UpdateAccessApprovalSettings
+ * method). If the field is true, that indicates that there is some
+ * configuration issue with the active_key_version configured at this level in
+ * the resource hierarchy (e.g. it doesn't exist or the Access Approval
+ * service account doesn't have the correct permissions on it, etc.) This key
+ * version is not necessarily the effective key version at this level, as key
+ * versions are inherited top-down.
+ *
+ * Generated from protobuf field bool invalid_key_version = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+ * @param bool $var
+ * @return $this
+ */
+ public function setInvalidKeyVersion($var)
+ {
+ GPBUtil::checkBool($var);
+ $this->invalid_key_version = $var;
+
+ return $this;
+ }
+
}
diff --git a/AccessApproval/src/V1/AccessReason/Type.php b/AccessApproval/src/V1/AccessReason/Type.php
index 560f5444613..24a289d1d54 100644
--- a/AccessApproval/src/V1/AccessReason/Type.php
+++ b/AccessApproval/src/V1/AccessReason/Type.php
@@ -34,9 +34,9 @@ class Type
const CUSTOMER_INITIATED_SUPPORT = 1;
/**
* The principal accessed customer data in order to diagnose or resolve a
- * suspected issue in services or a known outage. Often this access is used
- * to confirm that customers are not affected by a suspected service issue
- * or to remediate a reversible system issue.
+ * suspected issue in services. Often this access is used to confirm that
+ * customers are not affected by a suspected service issue or to remediate a
+ * reversible system issue.
*
* Generated from protobuf enum GOOGLE_INITIATED_SERVICE = 2;
*/
@@ -48,12 +48,29 @@ class Type
* Generated from protobuf enum GOOGLE_INITIATED_REVIEW = 3;
*/
const GOOGLE_INITIATED_REVIEW = 3;
+ /**
+ * The principal was compelled to access customer data in order to respond
+ * to a legal third party data request or process, including legal processes
+ * from customers themselves.
+ *
+ * Generated from protobuf enum THIRD_PARTY_DATA_REQUEST = 4;
+ */
+ const THIRD_PARTY_DATA_REQUEST = 4;
+ /**
+ * The principal accessed customer data in order to diagnose or resolve a
+ * suspected issue in services or a known outage.
+ *
+ * Generated from protobuf enum GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5;
+ */
+ const GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 5;
private static $valueToName = [
self::TYPE_UNSPECIFIED => 'TYPE_UNSPECIFIED',
self::CUSTOMER_INITIATED_SUPPORT => 'CUSTOMER_INITIATED_SUPPORT',
self::GOOGLE_INITIATED_SERVICE => 'GOOGLE_INITIATED_SERVICE',
self::GOOGLE_INITIATED_REVIEW => 'GOOGLE_INITIATED_REVIEW',
+ self::THIRD_PARTY_DATA_REQUEST => 'THIRD_PARTY_DATA_REQUEST',
+ self::GOOGLE_RESPONSE_TO_PRODUCTION_ALERT => 'GOOGLE_RESPONSE_TO_PRODUCTION_ALERT',
];
public static function name($value)
diff --git a/AccessApproval/src/V1/ApproveDecision.php b/AccessApproval/src/V1/ApproveDecision.php
index ad8362b7870..82d73a8d781 100644
--- a/AccessApproval/src/V1/ApproveDecision.php
+++ b/AccessApproval/src/V1/ApproveDecision.php
@@ -27,6 +27,24 @@ class ApproveDecision extends \Google\Protobuf\Internal\Message
* Generated from protobuf field .google.protobuf.Timestamp expire_time = 2;
*/
private $expire_time = null;
+ /**
+ * If set, denotes the timestamp at which the approval is invalidated.
+ *
+ * Generated from protobuf field .google.protobuf.Timestamp invalidate_time = 3;
+ */
+ private $invalidate_time = null;
+ /**
+ * The signature for the ApprovalRequest and details on how it was signed.
+ *
+ * Generated from protobuf field .google.cloud.accessapproval.v1.SignatureInfo signature_info = 4;
+ */
+ private $signature_info = null;
+ /**
+ * True when the request has been auto-approved.
+ *
+ * Generated from protobuf field bool auto_approved = 5;
+ */
+ private $auto_approved = false;
/**
* Constructor.
@@ -38,6 +56,12 @@ class ApproveDecision extends \Google\Protobuf\Internal\Message
* The time at which approval was granted.
* @type \Google\Protobuf\Timestamp $expire_time
* The time at which the approval expires.
+ * @type \Google\Protobuf\Timestamp $invalidate_time
+ * If set, denotes the timestamp at which the approval is invalidated.
+ * @type \Google\Cloud\AccessApproval\V1\SignatureInfo $signature_info
+ * The signature for the ApprovalRequest and details on how it was signed.
+ * @type bool $auto_approved
+ * True when the request has been auto-approved.
* }
*/
public function __construct($data = NULL) {
@@ -117,5 +141,103 @@ public function setExpireTime($var)
return $this;
}
+ /**
+ * If set, denotes the timestamp at which the approval is invalidated.
+ *
+ * Generated from protobuf field .google.protobuf.Timestamp invalidate_time = 3;
+ * @return \Google\Protobuf\Timestamp|null
+ */
+ public function getInvalidateTime()
+ {
+ return $this->invalidate_time;
+ }
+
+ public function hasInvalidateTime()
+ {
+ return isset($this->invalidate_time);
+ }
+
+ public function clearInvalidateTime()
+ {
+ unset($this->invalidate_time);
+ }
+
+ /**
+ * If set, denotes the timestamp at which the approval is invalidated.
+ *
+ * Generated from protobuf field .google.protobuf.Timestamp invalidate_time = 3;
+ * @param \Google\Protobuf\Timestamp $var
+ * @return $this
+ */
+ public function setInvalidateTime($var)
+ {
+ GPBUtil::checkMessage($var, \Google\Protobuf\Timestamp::class);
+ $this->invalidate_time = $var;
+
+ return $this;
+ }
+
+ /**
+ * The signature for the ApprovalRequest and details on how it was signed.
+ *
+ * Generated from protobuf field .google.cloud.accessapproval.v1.SignatureInfo signature_info = 4;
+ * @return \Google\Cloud\AccessApproval\V1\SignatureInfo|null
+ */
+ public function getSignatureInfo()
+ {
+ return $this->signature_info;
+ }
+
+ public function hasSignatureInfo()
+ {
+ return isset($this->signature_info);
+ }
+
+ public function clearSignatureInfo()
+ {
+ unset($this->signature_info);
+ }
+
+ /**
+ * The signature for the ApprovalRequest and details on how it was signed.
+ *
+ * Generated from protobuf field .google.cloud.accessapproval.v1.SignatureInfo signature_info = 4;
+ * @param \Google\Cloud\AccessApproval\V1\SignatureInfo $var
+ * @return $this
+ */
+ public function setSignatureInfo($var)
+ {
+ GPBUtil::checkMessage($var, \Google\Cloud\AccessApproval\V1\SignatureInfo::class);
+ $this->signature_info = $var;
+
+ return $this;
+ }
+
+ /**
+ * True when the request has been auto-approved.
+ *
+ * Generated from protobuf field bool auto_approved = 5;
+ * @return bool
+ */
+ public function getAutoApproved()
+ {
+ return $this->auto_approved;
+ }
+
+ /**
+ * True when the request has been auto-approved.
+ *
+ * Generated from protobuf field bool auto_approved = 5;
+ * @param bool $var
+ * @return $this
+ */
+ public function setAutoApproved($var)
+ {
+ GPBUtil::checkBool($var);
+ $this->auto_approved = $var;
+
+ return $this;
+ }
+
}
diff --git a/AccessApproval/src/V1/DismissDecision.php b/AccessApproval/src/V1/DismissDecision.php
index b9e87fff8a4..4e9a5653868 100644
--- a/AccessApproval/src/V1/DismissDecision.php
+++ b/AccessApproval/src/V1/DismissDecision.php
@@ -22,8 +22,8 @@ class DismissDecision extends \Google\Protobuf\Internal\Message
*/
private $dismiss_time = null;
/**
- * This field will be true if the ApprovalRequest was implcitly dismissed
- * due to inaction by the access approval approvers (the request is not acted
+ * This field will be true if the ApprovalRequest was implicitly dismissed due
+ * to inaction by the access approval approvers (the request is not acted
* on by the approvers before the exiration time).
*
* Generated from protobuf field bool implicit = 2;
@@ -39,8 +39,8 @@ class DismissDecision extends \Google\Protobuf\Internal\Message
* @type \Google\Protobuf\Timestamp $dismiss_time
* The time at which the approval request was dismissed.
* @type bool $implicit
- * This field will be true if the ApprovalRequest was implcitly dismissed
- * due to inaction by the access approval approvers (the request is not acted
+ * This field will be true if the ApprovalRequest was implicitly dismissed due
+ * to inaction by the access approval approvers (the request is not acted
* on by the approvers before the exiration time).
* }
*/
@@ -86,8 +86,8 @@ public function setDismissTime($var)
}
/**
- * This field will be true if the ApprovalRequest was implcitly dismissed
- * due to inaction by the access approval approvers (the request is not acted
+ * This field will be true if the ApprovalRequest was implicitly dismissed due
+ * to inaction by the access approval approvers (the request is not acted
* on by the approvers before the exiration time).
*
* Generated from protobuf field bool implicit = 2;
@@ -99,8 +99,8 @@ public function getImplicit()
}
/**
- * This field will be true if the ApprovalRequest was implcitly dismissed
- * due to inaction by the access approval approvers (the request is not acted
+ * This field will be true if the ApprovalRequest was implicitly dismissed due
+ * to inaction by the access approval approvers (the request is not acted
* on by the approvers before the exiration time).
*
* Generated from protobuf field bool implicit = 2;
diff --git a/AccessApproval/src/V1/Gapic/AccessApprovalGapicClient.php b/AccessApproval/src/V1/Gapic/AccessApprovalGapicClient.php
index 5b2d6a0c168..82eefe7fabc 100644
--- a/AccessApproval/src/V1/Gapic/AccessApprovalGapicClient.php
+++ b/AccessApproval/src/V1/Gapic/AccessApprovalGapicClient.php
@@ -34,13 +34,16 @@
use Google\ApiCore\Transport\TransportInterface;
use Google\ApiCore\ValidationException;
use Google\Auth\FetchAuthTokenInterface;
+use Google\Cloud\AccessApproval\V1\AccessApprovalServiceAccount;
use Google\Cloud\AccessApproval\V1\AccessApprovalSettings;
use Google\Cloud\AccessApproval\V1\ApprovalRequest;
use Google\Cloud\AccessApproval\V1\ApproveApprovalRequestMessage;
use Google\Cloud\AccessApproval\V1\DeleteAccessApprovalSettingsMessage;
use Google\Cloud\AccessApproval\V1\DismissApprovalRequestMessage;
+use Google\Cloud\AccessApproval\V1\GetAccessApprovalServiceAccountMessage;
use Google\Cloud\AccessApproval\V1\GetAccessApprovalSettingsMessage;
use Google\Cloud\AccessApproval\V1\GetApprovalRequestMessage;
+use Google\Cloud\AccessApproval\V1\InvalidateApprovalRequestMessage;
use Google\Cloud\AccessApproval\V1\ListApprovalRequestsMessage;
use Google\Cloud\AccessApproval\V1\ListApprovalRequestsResponse;
use Google\Cloud\AccessApproval\V1\UpdateAccessApprovalSettingsMessage;
@@ -731,6 +734,50 @@ public function dismissApprovalRequest(array $optionalArgs = [])
return $this->startCall('DismissApprovalRequest', ApprovalRequest::class, $optionalArgs, $request)->wait();
}
+ /**
+ * Retrieves the service account that is used by Access Approval to access KMS
+ * keys for signing approved approval requests.
+ *
+ * Sample code:
+ * ```
+ * $accessApprovalClient = new AccessApprovalClient();
+ * try {
+ * $response = $accessApprovalClient->getAccessApprovalServiceAccount();
+ * } finally {
+ * $accessApprovalClient->close();
+ * }
+ * ```
+ *
+ * @param array $optionalArgs {
+ * Optional.
+ *
+ * @type string $name
+ * Name of the AccessApprovalServiceAccount to retrieve.
+ * @type RetrySettings|array $retrySettings
+ * Retry settings to use for this call. Can be a
+ * {@see Google\ApiCore\RetrySettings} object, or an associative array of retry
+ * settings parameters. See the documentation on
+ * {@see Google\ApiCore\RetrySettings} for example usage.
+ * }
+ *
+ * @return \Google\Cloud\AccessApproval\V1\AccessApprovalServiceAccount
+ *
+ * @throws ApiException if the remote call fails
+ */
+ public function getAccessApprovalServiceAccount(array $optionalArgs = [])
+ {
+ $request = new GetAccessApprovalServiceAccountMessage();
+ $requestParamHeaders = [];
+ if (isset($optionalArgs['name'])) {
+ $request->setName($optionalArgs['name']);
+ $requestParamHeaders['name'] = $optionalArgs['name'];
+ }
+
+ $requestParams = new RequestParamsHeaderDescriptor($requestParamHeaders);
+ $optionalArgs['headers'] = isset($optionalArgs['headers']) ? array_merge($requestParams->getHeader(), $optionalArgs['headers']) : $requestParams->getHeader();
+ return $this->startCall('GetAccessApprovalServiceAccount', AccessApprovalServiceAccount::class, $optionalArgs, $request)->wait();
+ }
+
/**
* Gets the settings associated with a project, folder, or organization.
*
@@ -820,6 +867,56 @@ public function getApprovalRequest(array $optionalArgs = [])
return $this->startCall('GetApprovalRequest', ApprovalRequest::class, $optionalArgs, $request)->wait();
}
+ /**
+ * Invalidates an existing ApprovalRequest. Returns the updated
+ * ApprovalRequest.
+ *
+ * NOTE: This does not deny access to the resource if another request has been
+ * made and approved. It only invalidates a single approval.
+ *
+ * Returns FAILED_PRECONDITION if the request exists but is not in an approved
+ * state.
+ *
+ * Sample code:
+ * ```
+ * $accessApprovalClient = new AccessApprovalClient();
+ * try {
+ * $response = $accessApprovalClient->invalidateApprovalRequest();
+ * } finally {
+ * $accessApprovalClient->close();
+ * }
+ * ```
+ *
+ * @param array $optionalArgs {
+ * Optional.
+ *
+ * @type string $name
+ * Name of the ApprovalRequest to invalidate.
+ * @type RetrySettings|array $retrySettings
+ * Retry settings to use for this call. Can be a
+ * {@see Google\ApiCore\RetrySettings} object, or an associative array of retry
+ * settings parameters. See the documentation on
+ * {@see Google\ApiCore\RetrySettings} for example usage.
+ * }
+ *
+ * @return \Google\Cloud\AccessApproval\V1\ApprovalRequest
+ *
+ * @throws ApiException if the remote call fails
+ */
+ public function invalidateApprovalRequest(array $optionalArgs = [])
+ {
+ $request = new InvalidateApprovalRequestMessage();
+ $requestParamHeaders = [];
+ if (isset($optionalArgs['name'])) {
+ $request->setName($optionalArgs['name']);
+ $requestParamHeaders['name'] = $optionalArgs['name'];
+ }
+
+ $requestParams = new RequestParamsHeaderDescriptor($requestParamHeaders);
+ $optionalArgs['headers'] = isset($optionalArgs['headers']) ? array_merge($requestParams->getHeader(), $optionalArgs['headers']) : $requestParams->getHeader();
+ return $this->startCall('InvalidateApprovalRequest', ApprovalRequest::class, $optionalArgs, $request)->wait();
+ }
+
/**
* Lists approval requests associated with a project, folder, or organization.
* Approval requests can be filtered by state (pending, active, dismissed).
diff --git a/AccessApproval/src/V1/GetAccessApprovalServiceAccountMessage.php b/AccessApproval/src/V1/GetAccessApprovalServiceAccountMessage.php
new file mode 100644
index 00000000000..3dff1feaa03
--- /dev/null
+++ b/AccessApproval/src/V1/GetAccessApprovalServiceAccountMessage.php
@@ -0,0 +1,67 @@
+google.cloud.accessapproval.v1.GetAccessApprovalServiceAccountMessage
+ */
+class GetAccessApprovalServiceAccountMessage extends \Google\Protobuf\Internal\Message
+{
+ /**
+ * Name of the AccessApprovalServiceAccount to retrieve.
+ *
+ * Generated from protobuf field string name = 1;
+ */
+ private $name = '';
+
+ /**
+ * Constructor.
+ *
+ * @param array $data {
+ * Optional. Data for populating the Message object.
+ *
+ * @type string $name
+ * Name of the AccessApprovalServiceAccount to retrieve.
+ * }
+ */
+ public function __construct($data = NULL) {
+ \GPBMetadata\Google\Cloud\Accessapproval\V1\Accessapproval::initOnce();
+ parent::__construct($data);
+ }
+
+ /**
+ * Name of the AccessApprovalServiceAccount to retrieve.
+ *
+ * Generated from protobuf field string name = 1;
+ * @return string
+ */
+ public function getName()
+ {
+ return $this->name;
+ }
+
+ /**
+ * Name of the AccessApprovalServiceAccount to retrieve.
+ *
+ * Generated from protobuf field string name = 1;
+ * @param string $var
+ * @return $this
+ */
+ public function setName($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->name = $var;
+
+ return $this;
+ }
+
+}
+
diff --git a/AccessApproval/src/V1/InvalidateApprovalRequestMessage.php b/AccessApproval/src/V1/InvalidateApprovalRequestMessage.php
new file mode 100644
index 00000000000..edc0d04e019
--- /dev/null
+++ b/AccessApproval/src/V1/InvalidateApprovalRequestMessage.php
@@ -0,0 +1,67 @@
+google.cloud.accessapproval.v1.InvalidateApprovalRequestMessage
+ */
+class InvalidateApprovalRequestMessage extends \Google\Protobuf\Internal\Message
+{
+ /**
+ * Name of the ApprovalRequest to invalidate.
+ *
+ * Generated from protobuf field string name = 1 [(.google.api.resource_reference) = {
+ */
+ private $name = '';
+
+ /**
+ * Constructor.
+ *
+ * @param array $data {
+ * Optional. Data for populating the Message object.
+ *
+ * @type string $name
+ * Name of the ApprovalRequest to invalidate.
+ * }
+ */
+ public function __construct($data = NULL) {
+ \GPBMetadata\Google\Cloud\Accessapproval\V1\Accessapproval::initOnce();
+ parent::__construct($data);
+ }
+
+ /**
+ * Name of the ApprovalRequest to invalidate.
+ *
+ * Generated from protobuf field string name = 1 [(.google.api.resource_reference) = {
+ * @return string
+ */
+ public function getName()
+ {
+ return $this->name;
+ }
+
+ /**
+ * Name of the ApprovalRequest to invalidate.
+ *
+ * Generated from protobuf field string name = 1 [(.google.api.resource_reference) = {
+ * @param string $var
+ * @return $this
+ */
+ public function setName($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->name = $var;
+
+ return $this;
+ }
+
+}
+
diff --git a/AccessApproval/src/V1/SignatureInfo.php b/AccessApproval/src/V1/SignatureInfo.php
new file mode 100644
index 00000000000..19d3409f6b2
--- /dev/null
+++ b/AccessApproval/src/V1/SignatureInfo.php
@@ -0,0 +1,148 @@
+google.cloud.accessapproval.v1.SignatureInfo
+ */
+class SignatureInfo extends \Google\Protobuf\Internal\Message
+{
+ /**
+ * The digital signature.
+ *
+ * Generated from protobuf field bytes signature = 1;
+ */
+ private $signature = '';
+ protected $verification_info;
+
+ /**
+ * Constructor.
+ *
+ * @param array $data {
+ * Optional. Data for populating the Message object.
+ *
+ * @type string $signature
+ * The digital signature.
+ * @type string $google_public_key_pem
+ * The public key for the Google default signing, encoded in PEM format. The
+ * signature was created using a private key which may be verified using
+ * this public key.
+ * @type string $customer_kms_key_version
+ * The resource name of the customer CryptoKeyVersion used for signing.
+ * }
+ */
+ public function __construct($data = NULL) {
+ \GPBMetadata\Google\Cloud\Accessapproval\V1\Accessapproval::initOnce();
+ parent::__construct($data);
+ }
+
+ /**
+ * The digital signature.
+ *
+ * Generated from protobuf field bytes signature = 1;
+ * @return string
+ */
+ public function getSignature()
+ {
+ return $this->signature;
+ }
+
+ /**
+ * The digital signature.
+ *
+ * Generated from protobuf field bytes signature = 1;
+ * @param string $var
+ * @return $this
+ */
+ public function setSignature($var)
+ {
+ GPBUtil::checkString($var, False);
+ $this->signature = $var;
+
+ return $this;
+ }
+
+ /**
+ * The public key for the Google default signing, encoded in PEM format. The
+ * signature was created using a private key which may be verified using
+ * this public key.
+ *
+ * Generated from protobuf field string google_public_key_pem = 2;
+ * @return string
+ */
+ public function getGooglePublicKeyPem()
+ {
+ return $this->readOneof(2);
+ }
+
+ public function hasGooglePublicKeyPem()
+ {
+ return $this->hasOneof(2);
+ }
+
+ /**
+ * The public key for the Google default signing, encoded in PEM format. The
+ * signature was created using a private key which may be verified using
+ * this public key.
+ *
+ * Generated from protobuf field string google_public_key_pem = 2;
+ * @param string $var
+ * @return $this
+ */
+ public function setGooglePublicKeyPem($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->writeOneof(2, $var);
+
+ return $this;
+ }
+
+ /**
+ * The resource name of the customer CryptoKeyVersion used for signing.
+ *
+ * Generated from protobuf field string customer_kms_key_version = 3;
+ * @return string
+ */
+ public function getCustomerKmsKeyVersion()
+ {
+ return $this->readOneof(3);
+ }
+
+ public function hasCustomerKmsKeyVersion()
+ {
+ return $this->hasOneof(3);
+ }
+
+ /**
+ * The resource name of the customer CryptoKeyVersion used for signing.
+ *
+ * Generated from protobuf field string customer_kms_key_version = 3;
+ * @param string $var
+ * @return $this
+ */
+ public function setCustomerKmsKeyVersion($var)
+ {
+ GPBUtil::checkString($var, True);
+ $this->writeOneof(3, $var);
+
+ return $this;
+ }
+
+ /**
+ * @return string
+ */
+ public function getVerificationInfo()
+ {
+ return $this->whichOneof("verification_info");
+ }
+
+}
+
diff --git a/AccessApproval/src/V1/gapic_metadata.json b/AccessApproval/src/V1/gapic_metadata.json
index 8a0cc1440f3..0365e1233d2 100644
--- a/AccessApproval/src/V1/gapic_metadata.json
+++ b/AccessApproval/src/V1/gapic_metadata.json
@@ -25,6 +25,11 @@
"dismissApprovalRequest"
]
},
+ "GetAccessApprovalServiceAccount": {
+ "methods": [
+ "getAccessApprovalServiceAccount"
+ ]
+ },
"GetAccessApprovalSettings": {
"methods": [
"getAccessApprovalSettings"
@@ -35,6 +40,11 @@
"getApprovalRequest"
]
},
+ "InvalidateApprovalRequest": {
+ "methods": [
+ "invalidateApprovalRequest"
+ ]
+ },
"ListApprovalRequests": {
"methods": [
"listApprovalRequests"
diff --git a/AccessApproval/src/V1/resources/access_approval_client_config.json b/AccessApproval/src/V1/resources/access_approval_client_config.json
index 687fe3f28f5..0a381804211 100644
--- a/AccessApproval/src/V1/resources/access_approval_client_config.json
+++ b/AccessApproval/src/V1/resources/access_approval_client_config.json
@@ -53,6 +53,11 @@
"retry_codes_name": "no_retry_1_codes",
"retry_params_name": "no_retry_1_params"
},
+ "GetAccessApprovalServiceAccount": {
+ "timeout_millis": 60000,
+ "retry_codes_name": "no_retry_codes",
+ "retry_params_name": "no_retry_params"
+ },
"GetAccessApprovalSettings": {
"timeout_millis": 600000,
"retry_codes_name": "retry_policy_1_codes",
@@ -63,6 +68,11 @@
"retry_codes_name": "retry_policy_1_codes",
"retry_params_name": "retry_policy_1_params"
},
+ "InvalidateApprovalRequest": {
+ "timeout_millis": 600000,
+ "retry_codes_name": "no_retry_1_codes",
+ "retry_params_name": "no_retry_1_params"
+ },
"ListApprovalRequests": {
"timeout_millis": 600000,
"retry_codes_name": "retry_policy_1_codes",
diff --git a/AccessApproval/src/V1/resources/access_approval_rest_client_config.php b/AccessApproval/src/V1/resources/access_approval_rest_client_config.php
index 0b539bea1b2..f8b61bcd51c 100644
--- a/AccessApproval/src/V1/resources/access_approval_rest_client_config.php
+++ b/AccessApproval/src/V1/resources/access_approval_rest_client_config.php
@@ -72,6 +72,27 @@
],
],
],
+ 'GetAccessApprovalServiceAccount' => [
+ 'method' => 'get',
+ 'uriTemplate' => '/v1/{name=projects/*/serviceAccount}',
+ 'additionalBindings' => [
+ [
+ 'method' => 'get',
+ 'uriTemplate' => '/v1/{name=folders/*/serviceAccount}',
+ ],
+ [
+ 'method' => 'get',
+ 'uriTemplate' => '/v1/{name=organizations/*/serviceAccount}',
+ ],
+ ],
+ 'placeholders' => [
+ 'name' => [
+ 'getters' => [
+ 'getName',
+ ],
+ ],
+ ],
+ ],
'GetAccessApprovalSettings' => [
'method' => 'get',
'uriTemplate' => '/v1/{name=projects/*/accessApprovalSettings}',
@@ -114,6 +135,30 @@
],
],
],
+ 'InvalidateApprovalRequest' => [
+ 'method' => 'post',
+ 'uriTemplate' => '/v1/{name=projects/*/approvalRequests/*}:invalidate',
+ 'body' => '*',
+ 'additionalBindings' => [
+ [
+ 'method' => 'post',
+ 'uriTemplate' => '/v1/{name=folders/*/approvalRequests/*}:invalidate',
+ 'body' => '*',
+ ],
+ [
+ 'method' => 'post',
+ 'uriTemplate' => '/v1/{name=organizations/*/approvalRequests/*}:invalidate',
+ 'body' => '*',
+ ],
+ ],
+ 'placeholders' => [
+ 'name' => [
+ 'getters' => [
+ 'getName',
+ ],
+ ],
+ ],
+ ],
'ListApprovalRequests' => [
'method' => 'get',
'uriTemplate' => '/v1/{parent=projects/*}/approvalRequests',
diff --git a/AccessApproval/tests/Unit/V1/AccessApprovalClientTest.php b/AccessApproval/tests/Unit/V1/AccessApprovalClientTest.php
index e6dbdc669b3..c49a78f18e0 100644
--- a/AccessApproval/tests/Unit/V1/AccessApprovalClientTest.php
+++ b/AccessApproval/tests/Unit/V1/AccessApprovalClientTest.php
@@ -29,6 +29,7 @@
use Google\ApiCore\Testing\MockTransport;
use Google\Cloud\AccessApproval\V1\AccessApprovalClient;
+use Google\Cloud\AccessApproval\V1\AccessApprovalServiceAccount;
use Google\Cloud\AccessApproval\V1\AccessApprovalSettings;
use Google\Cloud\AccessApproval\V1\ApprovalRequest;
use Google\Cloud\AccessApproval\V1\ListApprovalRequestsResponse;
@@ -245,6 +246,66 @@ public function dismissApprovalRequestExceptionTest()
$this->assertTrue($transport->isExhausted());
}
+ /**
+ * @test
+ */
+ public function getAccessApprovalServiceAccountTest()
+ {
+ $transport = $this->createTransport();
+ $client = $this->createClient([
+ 'transport' => $transport,
+ ]);
+ $this->assertTrue($transport->isExhausted());
+ // Mock response
+ $name2 = 'name2-1052831874';
+ $accountEmail = 'accountEmail-539286774';
+ $expectedResponse = new AccessApprovalServiceAccount();
+ $expectedResponse->setName($name2);
+ $expectedResponse->setAccountEmail($accountEmail);
+ $transport->addResponse($expectedResponse);
+ $response = $client->getAccessApprovalServiceAccount();
+ $this->assertEquals($expectedResponse, $response);
+ $actualRequests = $transport->popReceivedCalls();
+ $this->assertSame(1, count($actualRequests));
+ $actualFuncCall = $actualRequests[0]->getFuncCall();
+ $actualRequestObject = $actualRequests[0]->getRequestObject();
+ $this->assertSame('/google.cloud.accessapproval.v1.AccessApproval/GetAccessApprovalServiceAccount', $actualFuncCall);
+ $this->assertTrue($transport->isExhausted());
+ }
+
+ /**
+ * @test
+ */
+ public function getAccessApprovalServiceAccountExceptionTest()
+ {
+ $transport = $this->createTransport();
+ $client = $this->createClient([
+ 'transport' => $transport,
+ ]);
+ $this->assertTrue($transport->isExhausted());
+ $status = new stdClass();
+ $status->code = Code::DATA_LOSS;
+ $status->details = 'internal error';
+ $expectedExceptionMessage = json_encode([
+ 'message' => 'internal error',
+ 'code' => Code::DATA_LOSS,
+ 'status' => 'DATA_LOSS',
+ 'details' => [],
+ ], JSON_PRETTY_PRINT);
+ $transport->addResponse(null, $status);
+ try {
+ $client->getAccessApprovalServiceAccount();
+ // If the $client method call did not throw, fail the test
+ $this->fail('Expected an ApiException, but no exception was thrown.');
+ } catch (ApiException $ex) {
+ $this->assertEquals($status->code, $ex->getCode());
+ $this->assertEquals($expectedExceptionMessage, $ex->getMessage());
+ }
+ // Call popReceivedCalls to ensure the stub is exhausted
+ $transport->popReceivedCalls();
+ $this->assertTrue($transport->isExhausted());
+ }
+
/**
* @test
*/
@@ -258,9 +319,15 @@ public function getAccessApprovalSettingsTest()
// Mock response
$name2 = 'name2-1052831874';
$enrolledAncestor = false;
+ $activeKeyVersion = 'activeKeyVersion559224639';
+ $ancestorHasActiveKeyVersion = true;
+ $invalidKeyVersion = true;
$expectedResponse = new AccessApprovalSettings();
$expectedResponse->setName($name2);
$expectedResponse->setEnrolledAncestor($enrolledAncestor);
+ $expectedResponse->setActiveKeyVersion($activeKeyVersion);
+ $expectedResponse->setAncestorHasActiveKeyVersion($ancestorHasActiveKeyVersion);
+ $expectedResponse->setInvalidKeyVersion($invalidKeyVersion);
$transport->addResponse($expectedResponse);
$response = $client->getAccessApprovalSettings();
$this->assertEquals($expectedResponse, $response);
@@ -365,6 +432,66 @@ public function getApprovalRequestExceptionTest()
$this->assertTrue($transport->isExhausted());
}
+ /**
+ * @test
+ */
+ public function invalidateApprovalRequestTest()
+ {
+ $transport = $this->createTransport();
+ $client = $this->createClient([
+ 'transport' => $transport,
+ ]);
+ $this->assertTrue($transport->isExhausted());
+ // Mock response
+ $name2 = 'name2-1052831874';
+ $requestedResourceName = 'requestedResourceName-1409378037';
+ $expectedResponse = new ApprovalRequest();
+ $expectedResponse->setName($name2);
+ $expectedResponse->setRequestedResourceName($requestedResourceName);
+ $transport->addResponse($expectedResponse);
+ $response = $client->invalidateApprovalRequest();
+ $this->assertEquals($expectedResponse, $response);
+ $actualRequests = $transport->popReceivedCalls();
+ $this->assertSame(1, count($actualRequests));
+ $actualFuncCall = $actualRequests[0]->getFuncCall();
+ $actualRequestObject = $actualRequests[0]->getRequestObject();
+ $this->assertSame('/google.cloud.accessapproval.v1.AccessApproval/InvalidateApprovalRequest', $actualFuncCall);
+ $this->assertTrue($transport->isExhausted());
+ }
+
+ /**
+ * @test
+ */
+ public function invalidateApprovalRequestExceptionTest()
+ {
+ $transport = $this->createTransport();
+ $client = $this->createClient([
+ 'transport' => $transport,
+ ]);
+ $this->assertTrue($transport->isExhausted());
+ $status = new stdClass();
+ $status->code = Code::DATA_LOSS;
+ $status->details = 'internal error';
+ $expectedExceptionMessage = json_encode([
+ 'message' => 'internal error',
+ 'code' => Code::DATA_LOSS,
+ 'status' => 'DATA_LOSS',
+ 'details' => [],
+ ], JSON_PRETTY_PRINT);
+ $transport->addResponse(null, $status);
+ try {
+ $client->invalidateApprovalRequest();
+ // If the $client method call did not throw, fail the test
+ $this->fail('Expected an ApiException, but no exception was thrown.');
+ } catch (ApiException $ex) {
+ $this->assertEquals($status->code, $ex->getCode());
+ $this->assertEquals($expectedExceptionMessage, $ex->getMessage());
+ }
+ // Call popReceivedCalls to ensure the stub is exhausted
+ $transport->popReceivedCalls();
+ $this->assertTrue($transport->isExhausted());
+ }
+
/**
* @test
*/
@@ -444,9 +571,15 @@ public function updateAccessApprovalSettingsTest()
// Mock response
$name = 'name3373707';
$enrolledAncestor = false;
+ $activeKeyVersion = 'activeKeyVersion559224639';
+ $ancestorHasActiveKeyVersion = true;
+ $invalidKeyVersion = true;
$expectedResponse = new AccessApprovalSettings();
$expectedResponse->setName($name);
$expectedResponse->setEnrolledAncestor($enrolledAncestor);
+ $expectedResponse->setActiveKeyVersion($activeKeyVersion);
+ $expectedResponse->setAncestorHasActiveKeyVersion($ancestorHasActiveKeyVersion);
+ $expectedResponse->setInvalidKeyVersion($invalidKeyVersion);
$transport->addResponse($expectedResponse);
$response = $client->updateAccessApprovalSettings();
$this->assertEquals($expectedResponse, $response);