@@ -248,16 +248,13 @@ class AzureBlobStorageData
248248 # @return [String]
249249 attr_accessor :credentials_secret
250250
251- # Identities of a user registered Azure application that enables identity
252- # federation to trust tokens issued by the user's Google service account. For
253- # more information about Azure application and identity federation, see [
254- # Register an application with the Microsoft identity platform] (https://learn.
255- # microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure
256- # RBAC roles then need be assigned to the Azure application to authorize access
257- # to the user's Azure data source. For more information about Azure RBAC roles
258- # for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/
259- # en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-
260- # access-rights-with-rbac)
251+ # The identity of an Azure application through which Storage Transfer Service
252+ # can authenticate requests using Azure workload identity federation. Storage
253+ # Transfer Service can issue requests to Azure Storage through registered Azure
254+ # applications, eliminating the need to pass credentials to Storage Transfer
255+ # Service directly. To configure federated identity, see [Configure access to
256+ # Microsoft Azure Storage](https://cloud.google.com/storage-transfer/docs/source-
257+ # microsoft-azure#option_3_authenticate_using_federated_identity).
261258 # Corresponds to the JSON property `federatedIdentityConfig`
262259 # @return [Google::Apis::StoragetransferV1::FederatedIdentityConfig]
263260 attr_accessor :federated_identity_config
@@ -499,26 +496,24 @@ def update!(**args)
499496 end
500497 end
501498
502- # Identities of a user registered Azure application that enables identity
503- # federation to trust tokens issued by the user's Google service account. For
504- # more information about Azure application and identity federation, see [
505- # Register an application with the Microsoft identity platform] (https://learn.
506- # microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure
507- # RBAC roles then need be assigned to the Azure application to authorize access
508- # to the user's Azure data source. For more information about Azure RBAC roles
509- # for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/
510- # en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-
511- # access-rights-with-rbac)
499+ # The identity of an Azure application through which Storage Transfer Service
500+ # can authenticate requests using Azure workload identity federation. Storage
501+ # Transfer Service can issue requests to Azure Storage through registered Azure
502+ # applications, eliminating the need to pass credentials to Storage Transfer
503+ # Service directly. To configure federated identity, see [Configure access to
504+ # Microsoft Azure Storage](https://cloud.google.com/storage-transfer/docs/source-
505+ # microsoft-azure#option_3_authenticate_using_federated_identity).
512506 class FederatedIdentityConfig
513507 include Google ::Apis ::Core ::Hashable
514508
515- # Required. Client (application) ID of the application with federated
509+ # Required. The client (application) ID of the application with federated
516510 # credentials.
517511 # Corresponds to the JSON property `clientId`
518512 # @return [String]
519513 attr_accessor :client_id
520514
521- # Required. Tenant (directory) ID of the application with federated credentials.
515+ # Required. The tenant (directory) ID of the application with federated
516+ # credentials.
522517 # Corresponds to the JSON property `tenantId`
523518 # @return [String]
524519 attr_accessor :tenant_id
@@ -1637,16 +1632,15 @@ class TransferJob
16371632 # @return [Google::Apis::StoragetransferV1::Schedule]
16381633 attr_accessor :schedule
16391634
1640- # Optional. The service account to be used to access resources in the consumer
1641- # project in the transfer job. We accept `email` or `uniqueId` for the service
1642- # account. Service account format is projects/-/serviceAccounts/`
1643- # ACCOUNT_EMAIL_OR_UNIQUEID` See https://cloud.google.com/iam/docs/reference/
1644- # credentials/rest/v1/projects.serviceAccounts/generateAccessToken#path-
1645- # parameters for details. Caller requires the following IAM permission on the
1646- # specified service account: `iam.serviceAccounts.actAs`. project-PROJECT_NUMBER@
1647- # storage-transfer-service.iam.gserviceaccount.com requires the following IAM
1648- # permission on the specified service account: `iam.serviceAccounts.
1649- # getAccessToken`
1635+ # Optional. The user-managed service account to which to delegate service agent
1636+ # permissions. You can grant Cloud Storage bucket permissions to this service
1637+ # account instead of to the Transfer Service service agent. Format is `projects/-
1638+ # /serviceAccounts/ACCOUNT_EMAIL_OR_UNIQUEID` Either the service account email (`
1639+ # SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com`) or the unique ID (`
1640+ # 123456789012345678901`) are accepted in the string. The `-` wildcard character
1641+ # is required; replacing it with a project ID is invalid. See https://cloud.
1642+ # google.com//storage-transfer/docs/delegate-service-agent-permissions for
1643+ # required permissions.
16501644 # Corresponds to the JSON property `serviceAccount`
16511645 # @return [String]
16521646 attr_accessor :service_account
0 commit comments