google-apis-binaryauthorization_v1 0.27.0 → 0.28.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 94fbd1a8b383bdc8a6efee555b0b87e44c3b1ba3273600cb3ee2715c3945fff8
4
- data.tar.gz: de005458c987eb9cf58b9314839258ababcd2591f6dde2d3b5e22e29205d2048
3
+ metadata.gz: 2d90c39f24d19819ebb370b9bde01f5622f2d10872b1fa77ea275f9ede3fb690
4
+ data.tar.gz: 5dba18ae6cce5c0d688b4f34b3e16d0fc9c5e6977934b1f2787054442e1d4220
5
5
  SHA512:
6
- metadata.gz: 8f7ea44fba93760efaf2daadc54436cecde027882efa46ebd1eb47a99049fbc3616bfa01d63a0f43025ea45af1efee32d72ab80a93c9fcf4258dfe8241d9cfff
7
- data.tar.gz: 67cb793b872e71287ae047056a0de87d55c68f8cfdceda5d35bd0d8317e60c57f94d20029dd97cb51d7eba98bffd06b33fbc856f705953308ad2e1556cd9bd71
6
+ metadata.gz: f0ec5fd8227c01799eec8991bcfe779fdcb2d85af800394d30b9640affd09508ecc7467f700ab0ac2872f3cfb3096666a1f0ffe82254967473faa1a91ac45348
7
+ data.tar.gz: ba17aae91cf84fa0c13f7213fdf9da756efae0d804e5420384e8b0d45b1185caf89289e37397583b351474e90bb1d8569f9d3680fa376c1ed74c8ef8afd27f90
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Release history for google-apis-binaryauthorization_v1
2
2
 
3
+ ### v0.28.0 (2023-09-10)
4
+
5
+ * Regenerated from discovery document revision 20230901
6
+
3
7
  ### v0.27.0 (2023-08-13)
4
8
 
5
9
  * Regenerated from discovery document revision 20230804
@@ -44,8 +44,8 @@ module Google
44
44
  # image, in the format `projects/*/attestors/*`. Each attestor must exist before
45
45
  # a policy can reference it. To add an attestor to a policy the principal
46
46
  # issuing the policy change request must be able to read the attestor resource.
47
- # Note: this field must be non-empty when the evaluation_mode field specifies
48
- # REQUIRE_ATTESTATION, otherwise it must be empty.
47
+ # Note: this field must be non-empty when the `evaluation_mode` field specifies `
48
+ # REQUIRE_ATTESTATION`, otherwise it must be empty.
49
49
  # Corresponds to the JSON property `requireAttestationsBy`
50
50
  # @return [Array<String>]
51
51
  attr_accessor :require_attestations_by
@@ -94,7 +94,7 @@ module Google
94
94
  class AttestationAuthenticator
95
95
  include Google::Apis::Core::Hashable
96
96
 
97
- # Optional. A user-provided name for this AttestationAuthenticator. This field
97
+ # Optional. A user-provided name for this `AttestationAuthenticator`. This field
98
98
  # has no effect on the policy evaluation behavior except to improve readability
99
99
  # of messages in evaluation results.
100
100
  # Corresponds to the JSON property `displayName`
@@ -102,8 +102,9 @@ module Google
102
102
  attr_accessor :display_name
103
103
 
104
104
  # A bundle of PKIX public keys, used to authenticate attestation signatures.
105
- # Generally, a signature is considered to be authenticated by a PkixPublicKeySet
106
- # if any of the public keys verify it (i.e. it is an "OR" of the keys).
105
+ # Generally, a signature is considered to be authenticated by a `
106
+ # PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of
107
+ # the keys).
107
108
  # Corresponds to the JSON property `pkixPublicKeySet`
108
109
  # @return [Google::Apis::BinaryauthorizationV1::PkixPublicKeySet]
109
110
  attr_accessor :pkix_public_key_set
@@ -170,8 +171,8 @@ module Google
170
171
  class AttestationSource
171
172
  include Google::Apis::Core::Hashable
172
173
 
173
- # The ids of the GCP projects storing the SLSA attestations as container
174
- # analysis Occurrences.
174
+ # The IDs of the GCP projects storing the SLSA attestations as Container
175
+ # Analysis Occurrences.
175
176
  # Corresponds to the JSON property `containerAnalysisAttestationProjects`
176
177
  # @return [Array<String>]
177
178
  attr_accessor :container_analysis_attestation_projects
@@ -242,10 +243,11 @@ module Google
242
243
 
243
244
  # ASCII-armored representation of a PGP public key, as the entire output by the
244
245
  # command `gpg --export --armor foo@example.com` (either LF or CRLF line endings)
245
- # . When using this field, `id` should be left blank. The BinAuthz API handlers
246
- # will calculate the ID and fill it in automatically. BinAuthz computes this ID
247
- # as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id`
248
- # is provided by the caller, it will be overwritten by the API-calculated ID.
246
+ # . When using this field, `id` should be left blank. The Binary Authorization
247
+ # API handlers will calculate the ID and fill it in automatically. Binary
248
+ # Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint,
249
+ # represented as upper-case hex. If `id` is provided by the caller, it will be
250
+ # overwritten by the API-calculated ID.
249
251
  # Corresponds to the JSON property `asciiArmoredPgpPublicKey`
250
252
  # @return [String]
251
253
  attr_accessor :ascii_armored_pgp_public_key
@@ -255,18 +257,18 @@ module Google
255
257
  # @return [String]
256
258
  attr_accessor :comment
257
259
 
258
- # The ID of this public key. Signatures verified by BinAuthz must include the ID
259
- # of the public key that can be used to verify them, and that ID must match the
260
- # contents of this field exactly. Additional restrictions on this field can be
261
- # imposed based on which public key type is encapsulated. See the documentation
262
- # on `public_key` cases below for details.
260
+ # The ID of this public key. Signatures verified by Binary Authorization must
261
+ # include the ID of the public key that can be used to verify them, and that ID
262
+ # must match the contents of this field exactly. Additional restrictions on this
263
+ # field can be imposed based on which public key type is encapsulated. See the
264
+ # documentation on `public_key` cases below for details.
263
265
  # Corresponds to the JSON property `id`
264
266
  # @return [String]
265
267
  attr_accessor :id
266
268
 
267
- # A public key in the PkixPublicKey format (see https://tools.ietf.org/html/
268
- # rfc5280#section-4.1.2.7 for details). Public keys of this type are typically
269
- # textually encoded using the PEM format.
269
+ # A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#
270
+ # section-4.1.2.7). Public keys of this type are typically textually encoded
271
+ # using the PEM format.
270
272
  # Corresponds to the JSON property `pkixPublicKey`
271
273
  # @return [Google::Apis::BinaryauthorizationV1::PkixPublicKey]
272
274
  attr_accessor :pkix_public_key
@@ -360,21 +362,21 @@ module Google
360
362
  end
361
363
  end
362
364
 
363
- # A single check to perform against a Pod. Checks are grouped into CheckSets,
364
- # which are defined by the top-level policy.
365
+ # A single check to perform against a Pod. Checks are grouped into `CheckSet`
366
+ # objects, which are defined by the top-level policy.
365
367
  class Check
366
368
  include Google::Apis::Core::Hashable
367
369
 
368
370
  # Optional. A special-case check that always denies. Note that this still only
369
- # applies when the scope of the CheckSet applies and the image isn't exempted by
370
- # an image allowlist. This check is primarily useful for testing, or to set the
371
- # default behavior for all unmatched scopes to "deny".
371
+ # applies when the scope of the `CheckSet` applies and the image isn't exempted
372
+ # by an image allowlist. This check is primarily useful for testing, or to set
373
+ # the default behavior for all unmatched scopes to "deny".
372
374
  # Corresponds to the JSON property `alwaysDeny`
373
375
  # @return [Boolean]
374
376
  attr_accessor :always_deny
375
377
  alias_method :always_deny?, :always_deny
376
378
 
377
- # Optional. A user-provided name for this Check. This field has no effect on the
379
+ # Optional. A user-provided name for this check. This field has no effect on the
378
380
  # policy evaluation behavior except to improve readability of messages in
379
381
  # evaluation results.
380
382
  # Corresponds to the JSON property `displayName`
@@ -434,22 +436,22 @@ module Google
434
436
  end
435
437
 
436
438
  # A conjunction of policy checks, scoped to a particular namespace or Kubernetes
437
- # service account. In order for evaluation of a CheckSet to return "allowed" for
438
- # a given image in a given Pod, one of the following conditions must be
439
+ # service account. In order for evaluation of a `CheckSet` to return "allowed"
440
+ # for a given image in a given Pod, one of the following conditions must be
439
441
  # satisfied: * The image is explicitly exempted by an entry in `image_allowlist`,
440
442
  # OR * ALL of the `checks` evaluate to "allowed".
441
443
  class CheckSet
442
444
  include Google::Apis::Core::Hashable
443
445
 
444
446
  # Optional. The checks to apply. The ultimate result of evaluating the check set
445
- # will be "allow" if and only if every check in 'checks' evaluates to "allow".
447
+ # will be "allow" if and only if every check in `checks` evaluates to "allow".
446
448
  # If `checks` is empty, the default behavior is "always allow".
447
449
  # Corresponds to the JSON property `checks`
448
450
  # @return [Array<Google::Apis::BinaryauthorizationV1::Check>]
449
451
  attr_accessor :checks
450
452
 
451
- # Optional. A user-provided name for this CheckSet. This field has no effect on
452
- # the policy evaluation behavior except to improve readability of messages in
453
+ # Optional. A user-provided name for this `CheckSet`. This field has no effect
454
+ # on the policy evaluation behavior except to improve readability of messages in
453
455
  # evaluation results.
454
456
  # Corresponds to the JSON property `displayName`
455
457
  # @return [String]
@@ -460,7 +462,7 @@ module Google
460
462
  # @return [Google::Apis::BinaryauthorizationV1::ImageAllowlist]
461
463
  attr_accessor :image_allowlist
462
464
 
463
- # A scope specifier for CheckSets.
465
+ # A scope specifier for `CheckSet` objects.
464
466
  # Corresponds to the JSON property `scope`
465
467
  # @return [Google::Apis::BinaryauthorizationV1::Scope]
466
468
  attr_accessor :scope
@@ -553,21 +555,22 @@ module Google
553
555
  class GkePolicy
554
556
  include Google::Apis::Core::Hashable
555
557
 
556
- # Optional. The CheckSets to apply, scoped by namespace or namespace and service
557
- # account. Exactly one CheckSet will be evaluated for a given Pod (unless the
558
- # list is empty, in which case the behavior is "always allow"). If multiple
559
- # CheckSets have scopes that match the namespace and service account of the Pod
560
- # being evaluated, only the CheckSet with the MOST SPECIFIC scope will match.
561
- # CheckSets must be listed in order of decreasing specificity, i.e. if a scope
562
- # matches a given service account (which must include the namespace), it must
563
- # come before a CheckSet with a scope matching just that namespace. This
564
- # property is enforced by server-side validation. The purpose of this
565
- # restriction is to ensure that if more than one CheckSet matches a given Pod,
566
- # the CheckSet that will be evaluated will always be the first in the list to
567
- # match (because if any other matches, it must be less specific). If `check_sets`
568
- # is empty, the default behavior is to allow all images. If `check_sets` is non-
569
- # empty, the last `check_sets` entry must always be a CheckSet with no scope set,
570
- # i.e. a catchall to handle any situation not caught by the preceding CheckSets.
558
+ # Optional. The `CheckSet` objects to apply, scoped by namespace or namespace
559
+ # and service account. Exactly one `CheckSet` will be evaluated for a given Pod (
560
+ # unless the list is empty, in which case the behavior is "always allow"). If
561
+ # multiple `CheckSet` objects have scopes that match the namespace and service
562
+ # account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC
563
+ # scope will match. `CheckSet` objects must be listed in order of decreasing
564
+ # specificity, i.e. if a scope matches a given service account (which must
565
+ # include the namespace), it must come before a `CheckSet` with a scope matching
566
+ # just that namespace. This property is enforced by server-side validation. The
567
+ # purpose of this restriction is to ensure that if more than one `CheckSet`
568
+ # matches a given Pod, the `CheckSet` that will be evaluated will always be the
569
+ # first in the list to match (because if any other matches, it must be less
570
+ # specific). If `check_sets` is empty, the default behavior is to allow all
571
+ # images. If `check_sets` is non-empty, the last `check_sets` entry must always
572
+ # be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not
573
+ # caught by the preceding `CheckSet` objects.
571
574
  # Corresponds to the JSON property `checkSets`
572
575
  # @return [Array<Google::Apis::BinaryauthorizationV1::CheckSet>]
573
576
  attr_accessor :check_sets
@@ -739,7 +742,7 @@ module Google
739
742
  end
740
743
  end
741
744
 
742
- # Response message for BinauthzManagementService.ListAttestors.
745
+ # Response message for BinauthzManagementServiceV1.ListAttestors.
743
746
  class ListAttestorsResponse
744
747
  include Google::Apis::Core::Hashable
745
748
 
@@ -793,9 +796,9 @@ module Google
793
796
  end
794
797
  end
795
798
 
796
- # A public key in the PkixPublicKey format (see https://tools.ietf.org/html/
797
- # rfc5280#section-4.1.2.7 for details). Public keys of this type are typically
798
- # textually encoded using the PEM format.
799
+ # A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#
800
+ # section-4.1.2.7). Public keys of this type are typically textually encoded
801
+ # using the PEM format.
799
802
  class PkixPublicKey
800
803
  include Google::Apis::Core::Hashable
801
804
 
@@ -825,8 +828,9 @@ module Google
825
828
  end
826
829
 
827
830
  # A bundle of PKIX public keys, used to authenticate attestation signatures.
828
- # Generally, a signature is considered to be authenticated by a PkixPublicKeySet
829
- # if any of the public keys verify it (i.e. it is an "OR" of the keys).
831
+ # Generally, a signature is considered to be authenticated by a `
832
+ # PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of
833
+ # the keys).
830
834
  class PkixPublicKeySet
831
835
  include Google::Apis::Core::Hashable
832
836
 
@@ -860,8 +864,8 @@ module Google
860
864
  # @return [Google::Apis::BinaryauthorizationV1::GkePolicy]
861
865
  attr_accessor :gke_policy
862
866
 
863
- # Output only. The relative resource name of the BinAuthz platform policy, in
864
- # the form of `projects/*/platforms/*/policies/*`.
867
+ # Output only. The relative resource name of the Binary Authorization platform
868
+ # policy, in the form of `projects/*/platforms/*/policies/*`.
865
869
  # Corresponds to the JSON property `name`
866
870
  # @return [String]
867
871
  attr_accessor :name
@@ -983,7 +987,7 @@ module Google
983
987
  end
984
988
  end
985
989
 
986
- # A scope specifier for CheckSets.
990
+ # A scope specifier for `CheckSet` objects.
987
991
  class Scope
988
992
  include Google::Apis::Core::Hashable
989
993
 
@@ -993,8 +997,8 @@ module Google
993
997
  # @return [String]
994
998
  attr_accessor :kubernetes_namespace
995
999
 
996
- # Optional. Matches a single Kubernetes service account, e.g. 'my-namespace:my-
997
- # service-account'. `kubernetes_service_account` scope is always more specific
1000
+ # Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-
1001
+ # service-account`. `kubernetes_service_account` scope is always more specific
998
1002
  # than `kubernetes_namespace` scope for the same namespace.
999
1003
  # Corresponds to the JSON property `kubernetesServiceAccount`
1000
1004
  # @return [String]
@@ -1216,19 +1220,20 @@ module Google
1216
1220
 
1217
1221
  # Required. List of trusted directory patterns. A pattern is in the form "
1218
1222
  # registry/path/to/directory". The registry domain part is defined as two or
1219
- # more dot-separated words, e.g., us.pkg.dev, or gcr.io. Additionally, * can be
1220
- # used in three ways as wildcards: 1. leading * to match varying prefixes in
1221
- # registry subdomain (useful for location prefixes); 2. trailing * after
1222
- # registry/ to match varying endings; 3. trailing ** after registry/ to match "/"
1223
- # as well. For example: -- gcr.io/my-project/my-repo is valid to match a single
1224
- # directory -- *-docker.pkg.dev/my-project/my-repo or *.gcr.io/my-project are
1225
- # valid to match varying prefixes -- gcr.io/my-project/* will match all direct
1226
- # directories in my-project -- gcr.io/my-project/** would match all directories
1227
- # in my-project -- gcr.i* is not allowed since the registry is not completely
1228
- # specified -- sub*domain.gcr.io/nginx is not valid because only leading * or
1229
- # trailing * are allowed. -- *pkg.dev/my-project/my-repo is not valid because
1230
- # leading * can only match subdomain -- **-docker.pkg.dev is not valid because
1231
- # one leading * is allowed, and that it cannot match "/"
1223
+ # more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*`
1224
+ # can be used in three ways as wildcards: 1. leading `*` to match varying
1225
+ # prefixes in registry subdomain (useful for location prefixes); 2. trailing `*`
1226
+ # after registry/ to match varying endings; 3. trailing `**` after registry/ to
1227
+ # match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to
1228
+ # match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/
1229
+ # my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will
1230
+ # match all direct directories in `my-project` -- `gcr.io/my-project/**` would
1231
+ # match all directories in `my-project` -- `gcr.i*` is not allowed since the
1232
+ # registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid
1233
+ # because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/
1234
+ # my-repo` is not valid because leading `*` can only match subdomain -- `**-
1235
+ # docker.pkg.dev` is not valid because one leading `*` is allowed, and that it
1236
+ # cannot match `/`
1232
1237
  # Corresponds to the JSON property `trustedDirPatterns`
1233
1238
  # @return [Array<String>]
1234
1239
  attr_accessor :trusted_dir_patterns
@@ -1249,11 +1254,11 @@ module Google
1249
1254
  include Google::Apis::Core::Hashable
1250
1255
 
1251
1256
  # Output only. This field will contain the service account email address that
1252
- # this Attestor will use as the principal when querying Container Analysis.
1257
+ # this attestor will use as the principal when querying Container Analysis.
1253
1258
  # Attestor administrators must grant this service account the IAM role needed to
1254
1259
  # read attestations from the note_reference in Container Analysis (`
1255
1260
  # containeranalysis.notes.occurrences.viewer`). This email address is fixed for
1256
- # the lifetime of the Attestor, but callers should not make any other
1261
+ # the lifetime of the attestor, but callers should not make any other
1257
1262
  # assumptions about the service account email; future versions may use an email
1258
1263
  # based on a different naming pattern.
1259
1264
  # Corresponds to the JSON property `delegationServiceAccountEmail`
@@ -1367,8 +1372,8 @@ module Google
1367
1372
  # @return [Google::Apis::BinaryauthorizationV1::AttestationSource]
1368
1373
  attr_accessor :attestation_source
1369
1374
 
1370
- # If true, require the image to be built from a top-level configuration.
1371
- # trusted_source_repo patterns specifies the repositories containing this
1375
+ # If true, require the image to be built from a top-level configuration. `
1376
+ # trusted_source_repo_patterns` specifies the repositories containing this
1372
1377
  # configuration.
1373
1378
  # Corresponds to the JSON property `configBasedBuildRequired`
1374
1379
  # @return [Boolean]
@@ -1385,19 +1390,19 @@ module Google
1385
1390
  attr_accessor :trusted_builder
1386
1391
 
1387
1392
  # List of trusted source code repository URL patterns. These patterns match the
1388
- # full repository URL without its scheme (e.g. "https://"). The patterns must
1389
- # not include schemes. For example, the pattern "source.cloud.google.com/my-
1390
- # project/my-repo-name" matches the following URLs: - "source.cloud.google.com/
1391
- # my-project/my-repo-name" - "git+ssh://source.cloud.google.com/my-project/my-
1392
- # repo-name" - "https://source.cloud.google.com/my-project/my-repo-name" A
1393
- # pattern matches a URL either exactly or with * wildcards. * can be used in
1394
- # only two ways: 1. trailing * after hosturi/ to match varying endings; 2.
1395
- # trailing ** after hosturi/ to match "/" as well. * and ** can only be used as
1396
- # wildcards and can only occur at the end of the pattern after a /. (So it's not
1397
- # possible to match a URL that contains literal *.) For example: - "github.com/
1398
- # my-project/my-repo" is valid to match a single repo - "github.com/my-project/*"
1399
- # will match all direct repos in my-project - "github.com/**" matches all repos
1400
- # in GitHub
1393
+ # full repository URL without its scheme (e.g. `https://`). The patterns must
1394
+ # not include schemes. For example, the pattern `source.cloud.google.com/my-
1395
+ # project/my-repo-name` matches the following URLs: - `source.cloud.google.com/
1396
+ # my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-
1397
+ # repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A
1398
+ # pattern matches a URL either exactly or with `*` wildcards. `*` can be used in
1399
+ # only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2.
1400
+ # trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be
1401
+ # used as wildcards and can only occur at the end of the pattern after a `/`. (
1402
+ # So it's not possible to match a URL that contains literal `*`.) For example: -
1403
+ # `github.com/my-project/my-repo` is valid to match a single repo - `github.com/
1404
+ # my-project/*` will match all direct repos in `my-project` - `github.com/**`
1405
+ # matches all repos in GitHub
1401
1406
  # Corresponds to the JSON property `trustedSourceRepoPatterns`
1402
1407
  # @return [Array<String>]
1403
1408
  attr_accessor :trusted_source_repo_patterns
@@ -1421,33 +1426,33 @@ module Google
1421
1426
  include Google::Apis::Core::Hashable
1422
1427
 
1423
1428
  # Optional. A list of specific CVEs to ignore even if the vulnerability level
1424
- # violates maximumUnfixableSeverity or maximumFixableSeverity. CVEs are listed
1425
- # in the format of Container Analysis note id. For example: - CVE-2021-20305 -
1426
- # CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.
1427
- # g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name
1428
- # of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-
1429
- # PROJECT/notes/CVE-2021-20305`.
1429
+ # violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are
1430
+ # listed in the format of Container Analysis note id. For example: - CVE-2021-
1431
+ # 20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider
1432
+ # project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a
1433
+ # note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/
1434
+ # CUSTOM-PROJECT/notes/CVE-2021-20305`.
1430
1435
  # Corresponds to the JSON property `allowedCves`
1431
1436
  # @return [Array<String>]
1432
1437
  attr_accessor :allowed_cves
1433
1438
 
1434
1439
  # Optional. A list of specific CVEs to always raise warnings about even if the
1435
- # vulnerability level meets maximumUnfixableSeverity or maximumFixableSeverity.
1436
- # CVEs are listed in the format of Container Analysis note id. For example: -
1437
- # CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note
1438
- # provider project, e.g., an entry of `CVE-2021-20305` will block
1439
- # vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-
1440
- # 20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
1440
+ # vulnerability level meets `maximumUnfixableSeverity` or `
1441
+ # maximumFixableSeverity`. CVEs are listed in the format of Container Analysis
1442
+ # note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are
1443
+ # applicable regardless of note provider project, e.g., an entry of `CVE-2021-
1444
+ # 20305` will block vulnerabilities with a note name of either `projects/goog-
1445
+ # vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
1441
1446
  # Corresponds to the JSON property `blockedCves`
1442
1447
  # @return [Array<String>]
1443
1448
  attr_accessor :blocked_cves
1444
1449
 
1445
1450
  # Optional. The projects where vulnerabilities are stored as Container Analysis
1446
1451
  # Occurrences. Each project is expressed in the resource format of `projects/[
1447
- # PROJECT_ID]`, e.g., projects/my-gcp-project. An attempt will be made for each
1448
- # project to fetch vulnerabilities, and all valid vulnerabilities will be used
1449
- # to check against the vulnerability policy. If no valid scan is found in all
1450
- # projects configured here, an error will be returned for the check.
1452
+ # PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for
1453
+ # each project to fetch vulnerabilities, and all valid vulnerabilities will be
1454
+ # used to check against the vulnerability policy. If no valid scan is found in
1455
+ # all projects configured here, an error will be returned for the check.
1451
1456
  # Corresponds to the JSON property `containerAnalysisVulnerabilityProjects`
1452
1457
  # @return [Array<String>]
1453
1458
  attr_accessor :container_analysis_vulnerability_projects
@@ -16,13 +16,13 @@ module Google
16
16
  module Apis
17
17
  module BinaryauthorizationV1
18
18
  # Version of the google-apis-binaryauthorization_v1 gem
19
- GEM_VERSION = "0.27.0"
19
+ GEM_VERSION = "0.28.0"
20
20
 
21
21
  # Version of the code generator used to generate this client
22
22
  GENERATOR_VERSION = "0.12.0"
23
23
 
24
24
  # Revision of the discovery document this client was generated from
25
- REVISION = "20230804"
25
+ REVISION = "20230901"
26
26
  end
27
27
  end
28
28
  end
@@ -88,8 +88,8 @@ module Google
88
88
 
89
89
  # Creates or updates a project's policy, and returns a copy of the new policy. A
90
90
  # policy is always updated as a whole, to avoid race conditions with concurrent
91
- # policy enforcement (or management!) requests. Returns NOT_FOUND if the project
92
- # does not exist, INVALID_ARGUMENT if the request is malformed.
91
+ # policy enforcement (or management!) requests. Returns `NOT_FOUND` if the
92
+ # project does not exist, `INVALID_ARGUMENT` if the request is malformed.
93
93
  # @param [String] name
94
94
  # Output only. The resource name, in the format `projects/*/policy`. There is at
95
95
  # most one policy per project.
@@ -123,9 +123,9 @@ module Google
123
123
  execute_or_queue_command(command, &block)
124
124
  end
125
125
 
126
- # Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND
127
- # if the project does not exist, INVALID_ARGUMENT if the request is malformed,
128
- # ALREADY_EXISTS if the attestor already exists.
126
+ # Creates an attestor, and returns a copy of the new attestor. Returns `
127
+ # NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the request is
128
+ # malformed, `ALREADY_EXISTS` if the attestor already exists.
129
129
  # @param [String] parent
130
130
  # Required. The parent of this attestor.
131
131
  # @param [Google::Apis::BinaryauthorizationV1::Attestor] attestor_object
@@ -161,7 +161,7 @@ module Google
161
161
  execute_or_queue_command(command, &block)
162
162
  end
163
163
 
164
- # Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
164
+ # Deletes an attestor. Returns `NOT_FOUND` if the attestor does not exist.
165
165
  # @param [String] name
166
166
  # Required. The name of the attestors to delete, in the format `projects/*/
167
167
  # attestors/*`.
@@ -192,7 +192,7 @@ module Google
192
192
  execute_or_queue_command(command, &block)
193
193
  end
194
194
 
195
- # Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
195
+ # Gets an attestor. Returns `NOT_FOUND` if the attestor does not exist.
196
196
  # @param [String] name
197
197
  # Required. The name of the attestor to retrieve, in the format `projects/*/
198
198
  # attestors/*`.
@@ -268,7 +268,7 @@ module Google
268
268
  execute_or_queue_command(command, &block)
269
269
  end
270
270
 
271
- # Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.
271
+ # Lists attestors. Returns `INVALID_ARGUMENT` if the project does not exist.
272
272
  # @param [String] parent
273
273
  # Required. The resource name of the project associated with the attestors, in
274
274
  # the format `projects/*`.
@@ -384,7 +384,7 @@ module Google
384
384
  execute_or_queue_command(command, &block)
385
385
  end
386
386
 
387
- # Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
387
+ # Updates an attestor. Returns `NOT_FOUND` if the attestor does not exist.
388
388
  # @param [String] name
389
389
  # Required. The resource name, in the format: `projects/*/attestors/*`. This
390
390
  # field may not be updated.
@@ -418,8 +418,8 @@ module Google
418
418
  execute_or_queue_command(command, &block)
419
419
  end
420
420
 
421
- # Returns whether the given Attestation for the given image URI was signed by
422
- # the given Attestor
421
+ # Returns whether the given `Attestation` for the given image URI was signed by
422
+ # the given `Attestor`
423
423
  # @param [String] attestor
424
424
  # Required. The resource name of the Attestor of the occurrence, in the format `
425
425
  # projects/*/attestors/*`.
@@ -453,11 +453,11 @@ module Google
453
453
  execute_or_queue_command(command, &block)
454
454
  end
455
455
 
456
- # Creates a platform policy, and returns a copy of it. Returns NOT_FOUND if the
457
- # project or platform doesn't exist, INVALID_ARGUMENT if the request is
458
- # malformed, ALREADY_EXISTS if the policy already exists, and INVALID_ARGUMENT
459
- # if the policy contains a platform-specific policy that does not match the
460
- # platform value specified in the URL.
456
+ # Creates a platform policy, and returns a copy of it. Returns `NOT_FOUND` if
457
+ # the project or platform doesn't exist, `INVALID_ARGUMENT` if the request is
458
+ # malformed, `ALREADY_EXISTS` if the policy already exists, and `
459
+ # INVALID_ARGUMENT` if the policy contains a platform-specific policy that does
460
+ # not match the platform value specified in the URL.
461
461
  # @param [String] parent
462
462
  # Required. The parent of this platform policy.
463
463
  # @param [Google::Apis::BinaryauthorizationV1::PlatformPolicy] platform_policy_object
@@ -493,7 +493,7 @@ module Google
493
493
  execute_or_queue_command(command, &block)
494
494
  end
495
495
 
496
- # Deletes a platform policy. Returns NOT_FOUND if the policy doesn't exist.
496
+ # Deletes a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.
497
497
  # @param [String] name
498
498
  # Required. The name of the platform policy to delete, in the format `projects/*/
499
499
  # platforms/*/policies/*`.
@@ -524,7 +524,7 @@ module Google
524
524
  execute_or_queue_command(command, &block)
525
525
  end
526
526
 
527
- # Gets a platform policy. Returns NOT_FOUND if the policy doesn't exist.
527
+ # Gets a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.
528
528
  # @param [String] name
529
529
  # Required. The name of the platform policy to retrieve in the format `projects/*
530
530
  # /platforms/*/policies/*`.
@@ -555,8 +555,8 @@ module Google
555
555
  execute_or_queue_command(command, &block)
556
556
  end
557
557
 
558
- # Lists platform policies owned by a project in the specified platform. Returns
559
- # INVALID_ARGUMENT if the project or the platform doesn't exist.
558
+ # Lists platform policies owned by a project in the specified platform. Returns `
559
+ # INVALID_ARGUMENT` if the project or the platform doesn't exist.
560
560
  # @param [String] parent
561
561
  # Required. The resource name of the platform associated with the platform
562
562
  # policies using the format `projects/*/platforms/*`.
@@ -596,10 +596,10 @@ module Google
596
596
  execute_or_queue_command(command, &block)
597
597
  end
598
598
 
599
- # Replaces a platform policy. Returns NOT_FOUND if the policy doesn't exist.
599
+ # Replaces a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.
600
600
  # @param [String] name
601
- # Output only. The relative resource name of the BinAuthz platform policy, in
602
- # the form of `projects/*/platforms/*/policies/*`.
601
+ # Output only. The relative resource name of the Binary Authorization platform
602
+ # policy, in the form of `projects/*/platforms/*/policies/*`.
603
603
  # @param [Google::Apis::BinaryauthorizationV1::PlatformPolicy] platform_policy_object
604
604
  # @param [String] fields
605
605
  # Selector specifying which fields to include in a partial response.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-apis-binaryauthorization_v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.27.0
4
+ version: 0.28.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-13 00:00:00.000000000 Z
11
+ date: 2023-09-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-apis-core
@@ -58,7 +58,7 @@ licenses:
58
58
  metadata:
59
59
  bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
60
60
  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1/CHANGELOG.md
61
- documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.27.0
61
+ documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.28.0
62
62
  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1
63
63
  post_install_message:
64
64
  rdoc_options: []
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
75
75
  - !ruby/object:Gem::Version
76
76
  version: '0'
77
77
  requirements: []
78
- rubygems_version: 3.4.2
78
+ rubygems_version: 3.4.19
79
79
  signing_key:
80
80
  specification_version: 4
81
81
  summary: Simple REST client for Binary Authorization API V1