feat: [google-cloud-storage-transfer] support Azure federated identity (#13943)

- [ ] Regenerate this pull request now.

BEGIN_COMMIT_OVERRIDE
feat: support Azure federated identity
feat: support BYOSA
docs: A comment for message `ObjectConditions` is changed
docs: A comment for field `list_url` in message
`.google.storagetransfer.v1.HttpData` is changed
docs: A comment for field `overwrite_objects_already_existing_in_sink`
in message `.google.storagetransfer.v1.TransferOptions` is changed
docs: A comment for field `end_time_of_day` in message
`.google.storagetransfer.v1.Schedule` is changed
docs: A comment for enum value `COPY` in enum `LoggableAction` is
changed
END_COMMIT_OVERRIDE


PiperOrigin-RevId: 762602696

Source-Link:
googleapis/googleapis@bbeb053

Source-Link:
googleapis/googleapis-gen@449fe07
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXN0b3JhZ2UtdHJhbnNmZXIvLk93bEJvdC55YW1sIiwiaCI6IjQ0OWZlMDdjMmEwMDg5NzQwNWRjYzBkNDdjMmM3YjYxZTUzMjg0MGQifQ==

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

packages/google-cloud-storage-transfer/google/cloud/storage_transfer_v1/types/transfer_types.py

@@ -136,6 +136,13 @@ class ObjectConditions(proto.Message):
     field of S3 objects, and the ``Last-Modified`` header of Azure
     blobs.
 
+    For S3 objects, the ``LastModified`` value is the time the object
+    begins uploading. If the object meets your "last modification time"
+    criteria, but has not finished uploading, the object is not
+    transferred. See `Transfer from Amazon S3 to Cloud
+    Storage <https://cloud.google.com/storage-transfer/docs/create-transfers/agentless/s3#transfer_options>`__
+    for more information.
+
     Transfers with a
     [PosixFilesystem][google.storagetransfer.v1.PosixFilesystem] source
     or destination don't support ``ObjectConditions``.
@@ -499,8 +506,48 @@ class AzureBlobStorageData(proto.Message):
             [azure_credentials][google.storagetransfer.v1.AzureBlobStorageData.azure_credentials].
 
             Format: ``projects/{project_number}/secrets/{secret_name}``
+        federated_identity_config (google.cloud.storage_transfer_v1.types.AzureBlobStorageData.FederatedIdentityConfig):
+            Optional. Federated identity config of a user registered
+            Azure application.
+
+            If ``federated_identity_config`` is specified, do not
+            specify
+            [azure_credentials][google.storagetransfer.v1.AzureBlobStorageData.azure_credentials]
+            or
+            [credentials_secret][google.storagetransfer.v1.AzureBlobStorageData.credentials_secret].
     """
 
+    class FederatedIdentityConfig(proto.Message):
+        r"""The identity of an Azure application through which Storage Transfer
+        Service can authenticate requests using Azure workload identity
+        federation.
+
+        Storage Transfer Service can issue requests to Azure Storage through
+        registered Azure applications, eliminating the need to pass
+        credentials to Storage Transfer Service directly.
+
+        To configure federated identity, see `Configure access to Microsoft
+        Azure
+        Storage <https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#option_3_authenticate_using_federated_identity>`__.
+
+        Attributes:
+            client_id (str):
+                Required. The client (application) ID of the
+                application with federated credentials.
+            tenant_id (str):
+                Required. The tenant (directory) ID of the
+                application with federated credentials.
+        """
+
+        client_id: str = proto.Field(
+            proto.STRING,
+            number=1,
+        )
+        tenant_id: str = proto.Field(
+            proto.STRING,
+            number=2,
+        )
+
     storage_account: str = proto.Field(
         proto.STRING,
         number=1,
@@ -522,6 +569,11 @@ class AzureBlobStorageData(proto.Message):
         proto.STRING,
         number=7,
     )
+    federated_identity_config: FederatedIdentityConfig = proto.Field(
+        proto.MESSAGE,
+        number=8,
+        message=FederatedIdentityConfig,
+    )
 
 
 class HttpData(proto.Message):
@@ -568,10 +620,11 @@ class HttpData(proto.Message):
 
     Attributes:
         list_url (str):
-            Required. The URL that points to the file
-            that stores the object list entries. This file
-            must allow public access.  Currently, only URLs
-            with HTTP and HTTPS schemes are supported.
+            Required. The URL that points to the file that stores the
+            object list entries. This file must allow public access. The
+            URL is either an HTTP/HTTPS address (e.g.
+            ``https://example.com/urllist.tsv``) or a Cloud Storage path
+            (e.g. ``gs://my-bucket/urllist.tsv``).
     """
 
     list_url: str = proto.Field(
@@ -868,7 +921,7 @@ class TransferOptions(proto.Message):
             When to overwrite objects that already exist
             in the sink. The default is that only objects
             that are different from the source are
-            ovewritten. If true, all objects in the sink
+            overwritten. If true, all objects in the sink
             whose name matches an object in the source are
             overwritten with the source object.
         delete_objects_unique_in_sink (bool):
@@ -1529,7 +1582,7 @@ class Schedule(proto.Message):
             ``end_time_of_day`` specifies the end date and time for
             starting new transfer operations. This field must be greater
             than or equal to the timestamp corresponding to the
-            combintation of
+            combination of
             [schedule_start_date][google.storagetransfer.v1.Schedule.schedule_start_date]
             and
             [start_time_of_day][google.storagetransfer.v1.Schedule.start_time_of_day],
@@ -1659,6 +1712,24 @@ class TransferJob(proto.Message):
         project_id (str):
             The ID of the Google Cloud project that owns
             the job.
+        service_account (str):
+            Optional. The user-managed service account to which to
+            delegate service agent permissions. You can grant Cloud
+            Storage bucket permissions to this service account instead
+            of to the Transfer Service service agent.
+
+            Format is
+            ``projects/-/serviceAccounts/ACCOUNT_EMAIL_OR_UNIQUEID``
+
+            Either the service account email
+            (``SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com``)
+            or the unique ID (``123456789012345678901``) are accepted in
+            the string. The ``-`` wildcard character is required;
+            replacing it with a project ID is invalid.
+
+            See
+            https://cloud.google.com//storage-transfer/docs/delegate-service-agent-permissions
+            for required permissions.
         transfer_spec (google.cloud.storage_transfer_v1.types.TransferSpec):
             Transfer specification.
         replication_spec (google.cloud.storage_transfer_v1.types.ReplicationSpec):
@@ -1740,6 +1811,10 @@ class Status(proto.Enum):
         proto.STRING,
         number=3,
     )
+    service_account: str = proto.Field(
+        proto.STRING,
+        number=18,
+    )
     transfer_spec: "TransferSpec" = proto.Field(
         proto.MESSAGE,
         number=4,
@@ -2162,7 +2237,7 @@ class LoggableAction(proto.Enum):
                 Deleting objects at the source or the
                 destination.
             COPY (3):
-                Copying objects to Google Cloud Storage.
+                Copying objects to the destination.
         """
         LOGGABLE_ACTION_UNSPECIFIED = 0
         FIND = 1
@@ -2183,10 +2258,15 @@ class LoggableActionState(proto.Enum):
                 ``LoggableAction`` terminated in an error state. ``FAILED``
                 actions are logged as
                 [ERROR][google.logging.type.LogSeverity.ERROR].
+            SKIPPED (3):
+                The ``COPY`` action was skipped for this file. Only
+                supported for agent-based transfers. ``SKIPPED`` actions are
+                logged as [INFO][google.logging.type.LogSeverity.INFO].
         """
         LOGGABLE_ACTION_STATE_UNSPECIFIED = 0
         SUCCEEDED = 1
         FAILED = 2
+        SKIPPED = 3
 
     log_actions: MutableSequence[LoggableAction] = proto.RepeatedField(
         proto.ENUM,

packages/google-cloud-storage-transfer/tests/unit/gapic/storage_transfer_v1/test_storage_transfer_service.py

@@ -1477,6 +1477,7 @@ def test_create_transfer_job(request_type, transport: str = "grpc"):
             name="name_value",
             description="description_value",
             project_id="project_id_value",
+            service_account="service_account_value",
             status=transfer_types.TransferJob.Status.ENABLED,
             latest_operation_name="latest_operation_name_value",
         )
@@ -1493,6 +1494,7 @@ def test_create_transfer_job(request_type, transport: str = "grpc"):
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -1627,6 +1629,7 @@ async def test_create_transfer_job_async(
                 name="name_value",
                 description="description_value",
                 project_id="project_id_value",
+                service_account="service_account_value",
                 status=transfer_types.TransferJob.Status.ENABLED,
                 latest_operation_name="latest_operation_name_value",
             )
@@ -1644,6 +1647,7 @@ async def test_create_transfer_job_async(
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -1679,6 +1683,7 @@ def test_update_transfer_job(request_type, transport: str = "grpc"):
             name="name_value",
             description="description_value",
             project_id="project_id_value",
+            service_account="service_account_value",
             status=transfer_types.TransferJob.Status.ENABLED,
             latest_operation_name="latest_operation_name_value",
         )
@@ -1695,6 +1700,7 @@ def test_update_transfer_job(request_type, transport: str = "grpc"):
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -1835,6 +1841,7 @@ async def test_update_transfer_job_async(
                 name="name_value",
                 description="description_value",
                 project_id="project_id_value",
+                service_account="service_account_value",
                 status=transfer_types.TransferJob.Status.ENABLED,
                 latest_operation_name="latest_operation_name_value",
             )
@@ -1852,6 +1859,7 @@ async def test_update_transfer_job_async(
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -1950,6 +1958,7 @@ def test_get_transfer_job(request_type, transport: str = "grpc"):
             name="name_value",
             description="description_value",
             project_id="project_id_value",
+            service_account="service_account_value",
             status=transfer_types.TransferJob.Status.ENABLED,
             latest_operation_name="latest_operation_name_value",
         )
@@ -1966,6 +1975,7 @@ def test_get_transfer_job(request_type, transport: str = "grpc"):
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -2100,6 +2110,7 @@ async def test_get_transfer_job_async(
                 name="name_value",
                 description="description_value",
                 project_id="project_id_value",
+                service_account="service_account_value",
                 status=transfer_types.TransferJob.Status.ENABLED,
                 latest_operation_name="latest_operation_name_value",
             )
@@ -2117,6 +2128,7 @@ async def test_get_transfer_job_async(
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -8207,6 +8219,7 @@ async def test_create_transfer_job_empty_call_grpc_asyncio():
                 name="name_value",
                 description="description_value",
                 project_id="project_id_value",
+                service_account="service_account_value",
                 status=transfer_types.TransferJob.Status.ENABLED,
                 latest_operation_name="latest_operation_name_value",
             )
@@ -8240,6 +8253,7 @@ async def test_update_transfer_job_empty_call_grpc_asyncio():
                 name="name_value",
                 description="description_value",
                 project_id="project_id_value",
+                service_account="service_account_value",
                 status=transfer_types.TransferJob.Status.ENABLED,
                 latest_operation_name="latest_operation_name_value",
             )
@@ -8271,6 +8285,7 @@ async def test_get_transfer_job_empty_call_grpc_asyncio():
                 name="name_value",
                 description="description_value",
                 project_id="project_id_value",
+                service_account="service_account_value",
                 status=transfer_types.TransferJob.Status.ENABLED,
                 latest_operation_name="latest_operation_name_value",
             )
@@ -8744,6 +8759,7 @@ def test_create_transfer_job_rest_call_success(request_type):
         "name": "name_value",
         "description": "description_value",
         "project_id": "project_id_value",
+        "service_account": "service_account_value",
         "transfer_spec": {
             "gcs_data_sink": {
                 "bucket_name": "bucket_name_value",
@@ -8772,6 +8788,10 @@ def test_create_transfer_job_rest_call_success(request_type):
                 "container": "container_value",
                 "path": "path_value",
                 "credentials_secret": "credentials_secret_value",
+                "federated_identity_config": {
+                    "client_id": "client_id_value",
+                    "tenant_id": "tenant_id_value",
+                },
             },
             "aws_s3_compatible_data_source": {
                 "bucket_name": "bucket_name_value",
@@ -8940,6 +8960,7 @@ def get_message_fields(field):
             name="name_value",
             description="description_value",
             project_id="project_id_value",
+            service_account="service_account_value",
             status=transfer_types.TransferJob.Status.ENABLED,
             latest_operation_name="latest_operation_name_value",
         )
@@ -8961,6 +8982,7 @@ def get_message_fields(field):
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -9076,6 +9098,7 @@ def test_update_transfer_job_rest_call_success(request_type):
             name="name_value",
             description="description_value",
             project_id="project_id_value",
+            service_account="service_account_value",
             status=transfer_types.TransferJob.Status.ENABLED,
             latest_operation_name="latest_operation_name_value",
         )
@@ -9097,6 +9120,7 @@ def test_update_transfer_job_rest_call_success(request_type):
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"
 
@@ -9210,6 +9234,7 @@ def test_get_transfer_job_rest_call_success(request_type):
             name="name_value",
             description="description_value",
             project_id="project_id_value",
+            service_account="service_account_value",
             status=transfer_types.TransferJob.Status.ENABLED,
             latest_operation_name="latest_operation_name_value",
         )
@@ -9231,6 +9256,7 @@ def test_get_transfer_job_rest_call_success(request_type):
     assert response.name == "name_value"
     assert response.description == "description_value"
     assert response.project_id == "project_id_value"
+    assert response.service_account == "service_account_value"
     assert response.status == transfer_types.TransferJob.Status.ENABLED
     assert response.latest_operation_name == "latest_operation_name_value"