Skip to content
This repository was archived by the owner on Jul 6, 2023. It is now read-only.

Commit 7adc601

Browse files
fix: updating metadata messages for all long running operations (#57)
* fix!: updating metadata messages for all long running operations This change might be breaking for client libraries in some languages. PiperOrigin-RevId: 419931787 Source-Link: googleapis/googleapis@060a1d3 Source-Link: https://github.com/googleapis/googleapis-gen/commit/7cd2e70a397502ac04e7a1cea5f5358a6ee3288f Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiN2NkMmU3MGEzOTc1MDJhYzA0ZTdhMWNlYTVmNTM1OGE2ZWUzMjg4ZiJ9 * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com>
1 parent 517c7f8 commit 7adc601

File tree

6 files changed

+51
-28
lines changed

6 files changed

+51
-28
lines changed

google/cloud/network_security_v1beta1/services/network_security/async_client.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,10 @@
5757

5858

5959
class NetworkSecurityAsyncClient:
60-
""""""
60+
"""Network Security API provides resources to configure
61+
authentication and authorization policies. Refer to per API
62+
resource documentation for more information.
63+
"""
6164

6265
_client: NetworkSecurityClient
6366

google/cloud/network_security_v1beta1/services/network_security/client.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,10 @@ def get_transport_class(cls, label: str = None,) -> Type[NetworkSecurityTranspor
9393

9494

9595
class NetworkSecurityClient(metaclass=NetworkSecurityClientMeta):
96-
""""""
96+
"""Network Security API provides resources to configure
97+
authentication and authorization policies. Refer to per API
98+
resource documentation for more information.
99+
"""
97100

98101
@staticmethod
99102
def _get_default_mtls_endpoint(api_endpoint):

google/cloud/network_security_v1beta1/services/network_security/transports/grpc.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,10 @@
4444
class NetworkSecurityGrpcTransport(NetworkSecurityTransport):
4545
"""gRPC backend transport for NetworkSecurity.
4646
47+
Network Security API provides resources to configure
48+
authentication and authorization policies. Refer to per API
49+
resource documentation for more information.
50+
4751
This class defines the same methods as the primary client, so the
4852
primary client can load the underlying transport implementation
4953
and call it.

google/cloud/network_security_v1beta1/services/network_security/transports/grpc_asyncio.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,10 @@
4545
class NetworkSecurityGrpcAsyncIOTransport(NetworkSecurityTransport):
4646
"""gRPC AsyncIO backend transport for NetworkSecurity.
4747
48+
Network Security API provides resources to configure
49+
authentication and authorization policies. Refer to per API
50+
resource documentation for more information.
51+
4852
This class defines the same methods as the primary client, so the
4953
primary client can load the underlying transport implementation
5054
and call it.

google/cloud/network_security_v1beta1/types/authorization_policy.py

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -104,12 +104,18 @@ class Source(proto.Message):
104104
authorization. At least one principal should match. Each
105105
peer can be an exact match, or a prefix match (example,
106106
"namespace/*") or a suffix match (example, //
107-
*/service-account") or a presence match "*".
107+
*/service-account") or a presence match "*". Authorization
108+
based on the principal name without certificate validation
109+
(configured by ServerTlsPolicy resource) is considered
110+
insecure.
108111
ip_blocks (Sequence[str]):
109112
Optional. List of CIDR ranges to match based
110113
on source IP address. At least one IP block
111114
should match. Single IP (e.g., "1.2.3.4") and
112115
CIDR (e.g., "1.2.3.0/24") are supported.
116+
Authorization based on source IP alone should be
117+
avoided. The IP addresses of any load balancers
118+
or proxies should be considered untrusted.
113119
"""
114120

115121
principals = proto.RepeatedField(proto.STRING, number=1,)
@@ -120,11 +126,11 @@ class Destination(proto.Message):
120126
121127
Attributes:
122128
hosts (Sequence[str]):
123-
Required. List of host names to match. Matched against HOST
124-
header in http requests. At least one host should match.
125-
Each host can be an exact match, or a prefix match (example
126-
"mydomain.*") or a suffix match (example // *.myorg.com") or
127-
a presence(any) match "*".
129+
Required. List of host names to match. Matched against the
130+
":authority" header in http requests. At least one host
131+
should match. Each host can be an exact match, or a prefix
132+
match (example "mydomain.*") or a suffix match (example //
133+
*.myorg.com") or a presence(any) match "*".
128134
ports (Sequence[int]):
129135
Required. List of destination ports to match.
130136
At least one port should match.
@@ -136,7 +142,11 @@ class Destination(proto.Message):
136142
Optional. Match against key:value pair in
137143
http header. Provides a flexible match based on
138144
HTTP headers, for potentially advanced use
139-
cases. At least one header should match.
145+
cases. At least one header should match. Avoid
146+
using header matches to make authorization
147+
decisions unless there is a strong guarantee
148+
that requests arrive through a trusted client or
149+
proxy.
140150
"""
141151

142152
class HttpHeaderMatch(proto.Message):

google/cloud/network_security_v1beta1/types/server_tls_policy.py

Lines changed: 18 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -46,45 +46,44 @@ class ServerTlsPolicy(proto.Message):
4646
the pattern
4747
``projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}``
4848
description (str):
49-
Optional. Free-text description of the
50-
resource.
49+
Free-text description of the resource.
5150
create_time (google.protobuf.timestamp_pb2.Timestamp):
5251
Output only. The timestamp when the resource
5352
was created.
5453
update_time (google.protobuf.timestamp_pb2.Timestamp):
5554
Output only. The timestamp when the resource
5655
was updated.
5756
labels (Sequence[google.cloud.network_security_v1beta1.types.ServerTlsPolicy.LabelsEntry]):
58-
Optional. Set of label tags associated with
59-
the resource.
57+
Set of label tags associated with the
58+
resource.
6059
allow_open (bool):
61-
Optional. Determines if server allows plaintext connections.
62-
If set to true, server allows plain text connections. By
63-
default, it is set to false. This setting is not exclusive
64-
of other encryption modes. For example, if allow_open and
65-
mtls_policy are set, server allows both plain text and mTLS
66-
connections. See documentation of other encryption modes to
67-
confirm compatibility.
60+
Determines if server allows plaintext connections. If set to
61+
true, server allows plain text connections. By default, it
62+
is set to false. This setting is not exclusive of other
63+
encryption modes. For example, if ``allow_open`` and
64+
``mtls_policy`` are set, server allows both plain text and
65+
mTLS connections. See documentation of other encryption
66+
modes to confirm compatibility.
6867
server_certificate (google.cloud.network_security_v1beta1.types.CertificateProvider):
69-
Optional. Defines a mechanism to provision server identity
70-
(public and private keys). Cannot be combined with
71-
allow_open as a permissive mode that allows both plain text
72-
and TLS is not supported.
68+
Defines a mechanism to provision server identity (public and
69+
private keys). Cannot be combined with ``allow_open`` as a
70+
permissive mode that allows both plain text and TLS is not
71+
supported.
7372
mtls_policy (google.cloud.network_security_v1beta1.types.ServerTlsPolicy.MTLSPolicy):
74-
Optional. Defines a mechanism to provision peer validation
73+
Defines a mechanism to provision peer validation
7574
certificates for peer to peer authentication (Mutual TLS -
7675
mTLS). If not specified, client certificate will not be
7776
requested. The connection is treated as TLS and not mTLS. If
78-
allow_open and mtls_policy are set, server allows both plain
79-
text and mTLS connections.
77+
``allow_open`` and ``mtls_policy`` are set, server allows
78+
both plain text and mTLS connections.
8079
"""
8180

8281
class MTLSPolicy(proto.Message):
8382
r"""Specification of the MTLSPolicy.
8483
8584
Attributes:
8685
client_validation_ca (Sequence[google.cloud.network_security_v1beta1.types.ValidationCA]):
87-
Required. Defines the mechanism to obtain the
86+
Defines the mechanism to obtain the
8887
Certificate Authority certificate to validate
8988
the client certificate.
9089
"""

0 commit comments

Comments
 (0)