google-apis-binaryauthorization_v1 0.27.0 → 0.29.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/google/apis/binaryauthorization_v1/classes.rb +124 -103
- data/lib/google/apis/binaryauthorization_v1/gem_version.rb +2 -2
- data/lib/google/apis/binaryauthorization_v1/representations.rb +1 -0
- data/lib/google/apis/binaryauthorization_v1/service.rb +23 -23
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c249395e992d074e8b7a3e14ac2882b4cc7c4b1d6d919fe36fcc36e5a8d9cfac
|
4
|
+
data.tar.gz: 8da185576f2f34a1f5ad6fb06cef1eb73786c6b84201f0d931d056ca9f45c818
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e957866e22f4eb5d3b7b8db270a7f9df9e72c01f1f1e5f1625b2de6ccbfd39e19edbb358daebc67e7cdbd05abb65ac35b22358876f42d5473b6d382a483ed4e2
|
7
|
+
data.tar.gz: ecf741f9548b58b68be8298f0c99eb631e3faf88a06d7d2c9d091b40863a4b7d7866f99beeb73c0f5d6ff696cfc884810bf1a8806d8cde0f17cad33f774ce4dd
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,13 @@
|
|
1
1
|
# Release history for google-apis-binaryauthorization_v1
|
2
2
|
|
3
|
+
### v0.29.0 (2023-10-08)
|
4
|
+
|
5
|
+
* Regenerated from discovery document revision 20230929
|
6
|
+
|
7
|
+
### v0.28.0 (2023-09-10)
|
8
|
+
|
9
|
+
* Regenerated from discovery document revision 20230901
|
10
|
+
|
3
11
|
### v0.27.0 (2023-08-13)
|
4
12
|
|
5
13
|
* Regenerated from discovery document revision 20230804
|
@@ -44,8 +44,8 @@ module Google
|
|
44
44
|
# image, in the format `projects/*/attestors/*`. Each attestor must exist before
|
45
45
|
# a policy can reference it. To add an attestor to a policy the principal
|
46
46
|
# issuing the policy change request must be able to read the attestor resource.
|
47
|
-
# Note: this field must be non-empty when the evaluation_mode field specifies
|
48
|
-
# REQUIRE_ATTESTATION
|
47
|
+
# Note: this field must be non-empty when the `evaluation_mode` field specifies `
|
48
|
+
# REQUIRE_ATTESTATION`, otherwise it must be empty.
|
49
49
|
# Corresponds to the JSON property `requireAttestationsBy`
|
50
50
|
# @return [Array<String>]
|
51
51
|
attr_accessor :require_attestations_by
|
@@ -94,7 +94,7 @@ module Google
|
|
94
94
|
class AttestationAuthenticator
|
95
95
|
include Google::Apis::Core::Hashable
|
96
96
|
|
97
|
-
# Optional. A user-provided name for this AttestationAuthenticator
|
97
|
+
# Optional. A user-provided name for this `AttestationAuthenticator`. This field
|
98
98
|
# has no effect on the policy evaluation behavior except to improve readability
|
99
99
|
# of messages in evaluation results.
|
100
100
|
# Corresponds to the JSON property `displayName`
|
@@ -102,8 +102,9 @@ module Google
|
|
102
102
|
attr_accessor :display_name
|
103
103
|
|
104
104
|
# A bundle of PKIX public keys, used to authenticate attestation signatures.
|
105
|
-
# Generally, a signature is considered to be authenticated by a
|
106
|
-
# if any of the public keys verify it (i.e. it is an "OR" of
|
105
|
+
# Generally, a signature is considered to be authenticated by a `
|
106
|
+
# PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of
|
107
|
+
# the keys).
|
107
108
|
# Corresponds to the JSON property `pkixPublicKeySet`
|
108
109
|
# @return [Google::Apis::BinaryauthorizationV1::PkixPublicKeySet]
|
109
110
|
attr_accessor :pkix_public_key_set
|
@@ -170,8 +171,8 @@ module Google
|
|
170
171
|
class AttestationSource
|
171
172
|
include Google::Apis::Core::Hashable
|
172
173
|
|
173
|
-
# The
|
174
|
-
#
|
174
|
+
# The IDs of the GCP projects storing the SLSA attestations as Container
|
175
|
+
# Analysis Occurrences.
|
175
176
|
# Corresponds to the JSON property `containerAnalysisAttestationProjects`
|
176
177
|
# @return [Array<String>]
|
177
178
|
attr_accessor :container_analysis_attestation_projects
|
@@ -242,10 +243,11 @@ module Google
|
|
242
243
|
|
243
244
|
# ASCII-armored representation of a PGP public key, as the entire output by the
|
244
245
|
# command `gpg --export --armor foo@example.com` (either LF or CRLF line endings)
|
245
|
-
# . When using this field, `id` should be left blank. The
|
246
|
-
# will calculate the ID and fill it in automatically.
|
247
|
-
# as the OpenPGP RFC4880 V4 fingerprint,
|
248
|
-
# is provided by the caller, it will be
|
246
|
+
# . When using this field, `id` should be left blank. The Binary Authorization
|
247
|
+
# API handlers will calculate the ID and fill it in automatically. Binary
|
248
|
+
# Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint,
|
249
|
+
# represented as upper-case hex. If `id` is provided by the caller, it will be
|
250
|
+
# overwritten by the API-calculated ID.
|
249
251
|
# Corresponds to the JSON property `asciiArmoredPgpPublicKey`
|
250
252
|
# @return [String]
|
251
253
|
attr_accessor :ascii_armored_pgp_public_key
|
@@ -255,18 +257,18 @@ module Google
|
|
255
257
|
# @return [String]
|
256
258
|
attr_accessor :comment
|
257
259
|
|
258
|
-
# The ID of this public key. Signatures verified by
|
259
|
-
# of the public key that can be used to verify them, and that ID
|
260
|
-
# contents of this field exactly. Additional restrictions on this
|
261
|
-
# imposed based on which public key type is encapsulated. See the
|
262
|
-
# on `public_key` cases below for details.
|
260
|
+
# The ID of this public key. Signatures verified by Binary Authorization must
|
261
|
+
# include the ID of the public key that can be used to verify them, and that ID
|
262
|
+
# must match the contents of this field exactly. Additional restrictions on this
|
263
|
+
# field can be imposed based on which public key type is encapsulated. See the
|
264
|
+
# documentation on `public_key` cases below for details.
|
263
265
|
# Corresponds to the JSON property `id`
|
264
266
|
# @return [String]
|
265
267
|
attr_accessor :id
|
266
268
|
|
267
|
-
# A public key in the PkixPublicKey format
|
268
|
-
#
|
269
|
-
#
|
269
|
+
# A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#
|
270
|
+
# section-4.1.2.7). Public keys of this type are typically textually encoded
|
271
|
+
# using the PEM format.
|
270
272
|
# Corresponds to the JSON property `pkixPublicKey`
|
271
273
|
# @return [Google::Apis::BinaryauthorizationV1::PkixPublicKey]
|
272
274
|
attr_accessor :pkix_public_key
|
@@ -360,21 +362,21 @@ module Google
|
|
360
362
|
end
|
361
363
|
end
|
362
364
|
|
363
|
-
# A single check to perform against a Pod. Checks are grouped into
|
364
|
-
# which are defined by the top-level policy.
|
365
|
+
# A single check to perform against a Pod. Checks are grouped into `CheckSet`
|
366
|
+
# objects, which are defined by the top-level policy.
|
365
367
|
class Check
|
366
368
|
include Google::Apis::Core::Hashable
|
367
369
|
|
368
370
|
# Optional. A special-case check that always denies. Note that this still only
|
369
|
-
# applies when the scope of the CheckSet applies and the image isn't exempted
|
370
|
-
# an image allowlist. This check is primarily useful for testing, or to set
|
371
|
-
# default behavior for all unmatched scopes to "deny".
|
371
|
+
# applies when the scope of the `CheckSet` applies and the image isn't exempted
|
372
|
+
# by an image allowlist. This check is primarily useful for testing, or to set
|
373
|
+
# the default behavior for all unmatched scopes to "deny".
|
372
374
|
# Corresponds to the JSON property `alwaysDeny`
|
373
375
|
# @return [Boolean]
|
374
376
|
attr_accessor :always_deny
|
375
377
|
alias_method :always_deny?, :always_deny
|
376
378
|
|
377
|
-
# Optional. A user-provided name for this
|
379
|
+
# Optional. A user-provided name for this check. This field has no effect on the
|
378
380
|
# policy evaluation behavior except to improve readability of messages in
|
379
381
|
# evaluation results.
|
380
382
|
# Corresponds to the JSON property `displayName`
|
@@ -434,22 +436,22 @@ module Google
|
|
434
436
|
end
|
435
437
|
|
436
438
|
# A conjunction of policy checks, scoped to a particular namespace or Kubernetes
|
437
|
-
# service account. In order for evaluation of a CheckSet to return "allowed"
|
438
|
-
# a given image in a given Pod, one of the following conditions must be
|
439
|
+
# service account. In order for evaluation of a `CheckSet` to return "allowed"
|
440
|
+
# for a given image in a given Pod, one of the following conditions must be
|
439
441
|
# satisfied: * The image is explicitly exempted by an entry in `image_allowlist`,
|
440
442
|
# OR * ALL of the `checks` evaluate to "allowed".
|
441
443
|
class CheckSet
|
442
444
|
include Google::Apis::Core::Hashable
|
443
445
|
|
444
446
|
# Optional. The checks to apply. The ultimate result of evaluating the check set
|
445
|
-
# will be "allow" if and only if every check in
|
447
|
+
# will be "allow" if and only if every check in `checks` evaluates to "allow".
|
446
448
|
# If `checks` is empty, the default behavior is "always allow".
|
447
449
|
# Corresponds to the JSON property `checks`
|
448
450
|
# @return [Array<Google::Apis::BinaryauthorizationV1::Check>]
|
449
451
|
attr_accessor :checks
|
450
452
|
|
451
|
-
# Optional. A user-provided name for this CheckSet
|
452
|
-
# the policy evaluation behavior except to improve readability of messages in
|
453
|
+
# Optional. A user-provided name for this `CheckSet`. This field has no effect
|
454
|
+
# on the policy evaluation behavior except to improve readability of messages in
|
453
455
|
# evaluation results.
|
454
456
|
# Corresponds to the JSON property `displayName`
|
455
457
|
# @return [String]
|
@@ -460,7 +462,7 @@ module Google
|
|
460
462
|
# @return [Google::Apis::BinaryauthorizationV1::ImageAllowlist]
|
461
463
|
attr_accessor :image_allowlist
|
462
464
|
|
463
|
-
# A scope specifier for
|
465
|
+
# A scope specifier for `CheckSet` objects.
|
464
466
|
# Corresponds to the JSON property `scope`
|
465
467
|
# @return [Google::Apis::BinaryauthorizationV1::Scope]
|
466
468
|
attr_accessor :scope
|
@@ -553,21 +555,22 @@ module Google
|
|
553
555
|
class GkePolicy
|
554
556
|
include Google::Apis::Core::Hashable
|
555
557
|
|
556
|
-
# Optional. The
|
557
|
-
# account. Exactly one CheckSet will be evaluated for a given Pod (
|
558
|
-
# list is empty, in which case the behavior is "always allow"). If
|
559
|
-
#
|
560
|
-
# being evaluated, only the CheckSet with the MOST SPECIFIC
|
561
|
-
#
|
562
|
-
# matches a given service account (which must
|
563
|
-
# come before a CheckSet with a scope matching
|
564
|
-
# property is enforced by server-side validation. The
|
565
|
-
# restriction is to ensure that if more than one CheckSet
|
566
|
-
# the CheckSet that will be evaluated will always be the
|
567
|
-
# match (because if any other matches, it must be less
|
568
|
-
# is empty, the default behavior is to allow all
|
569
|
-
# empty, the last `check_sets` entry must always
|
570
|
-
# i.e. a catchall to handle any situation not
|
558
|
+
# Optional. The `CheckSet` objects to apply, scoped by namespace or namespace
|
559
|
+
# and service account. Exactly one `CheckSet` will be evaluated for a given Pod (
|
560
|
+
# unless the list is empty, in which case the behavior is "always allow"). If
|
561
|
+
# multiple `CheckSet` objects have scopes that match the namespace and service
|
562
|
+
# account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC
|
563
|
+
# scope will match. `CheckSet` objects must be listed in order of decreasing
|
564
|
+
# specificity, i.e. if a scope matches a given service account (which must
|
565
|
+
# include the namespace), it must come before a `CheckSet` with a scope matching
|
566
|
+
# just that namespace. This property is enforced by server-side validation. The
|
567
|
+
# purpose of this restriction is to ensure that if more than one `CheckSet`
|
568
|
+
# matches a given Pod, the `CheckSet` that will be evaluated will always be the
|
569
|
+
# first in the list to match (because if any other matches, it must be less
|
570
|
+
# specific). If `check_sets` is empty, the default behavior is to allow all
|
571
|
+
# images. If `check_sets` is non-empty, the last `check_sets` entry must always
|
572
|
+
# be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not
|
573
|
+
# caught by the preceding `CheckSet` objects.
|
571
574
|
# Corresponds to the JSON property `checkSets`
|
572
575
|
# @return [Array<Google::Apis::BinaryauthorizationV1::CheckSet>]
|
573
576
|
attr_accessor :check_sets
|
@@ -739,7 +742,7 @@ module Google
|
|
739
742
|
end
|
740
743
|
end
|
741
744
|
|
742
|
-
# Response message for
|
745
|
+
# Response message for BinauthzManagementServiceV1.ListAttestors.
|
743
746
|
class ListAttestorsResponse
|
744
747
|
include Google::Apis::Core::Hashable
|
745
748
|
|
@@ -793,12 +796,27 @@ module Google
|
|
793
796
|
end
|
794
797
|
end
|
795
798
|
|
796
|
-
# A public key in the PkixPublicKey format
|
797
|
-
#
|
798
|
-
#
|
799
|
+
# A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#
|
800
|
+
# section-4.1.2.7). Public keys of this type are typically textually encoded
|
801
|
+
# using the PEM format.
|
799
802
|
class PkixPublicKey
|
800
803
|
include Google::Apis::Core::Hashable
|
801
804
|
|
805
|
+
# Optional. The ID of this public key. Signatures verified by Binary
|
806
|
+
# Authorization must include the ID of the public key that can be used to verify
|
807
|
+
# them, and that ID must match the contents of this field exactly. This may be
|
808
|
+
# explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `
|
809
|
+
# key_id` is left blank and this `PkixPublicKey` is not used in the context of a
|
810
|
+
# wrapper (see next paragraph), a default key ID will be computed based on the
|
811
|
+
# digest of the DER encoding of the public key. If this `PkixPublicKey` is used
|
812
|
+
# in the context of a wrapper that has its own notion of key ID (e.g. `
|
813
|
+
# AttestorPublicKey`), then this field can either: * Match that value exactly. *
|
814
|
+
# Or be left blank, in which case it behaves exactly as though it is equal to
|
815
|
+
# that wrapper value.
|
816
|
+
# Corresponds to the JSON property `keyId`
|
817
|
+
# @return [String]
|
818
|
+
attr_accessor :key_id
|
819
|
+
|
802
820
|
# A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#
|
803
821
|
# section-13
|
804
822
|
# Corresponds to the JSON property `publicKeyPem`
|
@@ -819,14 +837,16 @@ module Google
|
|
819
837
|
|
820
838
|
# Update properties of this object
|
821
839
|
def update!(**args)
|
840
|
+
@key_id = args[:key_id] if args.key?(:key_id)
|
822
841
|
@public_key_pem = args[:public_key_pem] if args.key?(:public_key_pem)
|
823
842
|
@signature_algorithm = args[:signature_algorithm] if args.key?(:signature_algorithm)
|
824
843
|
end
|
825
844
|
end
|
826
845
|
|
827
846
|
# A bundle of PKIX public keys, used to authenticate attestation signatures.
|
828
|
-
# Generally, a signature is considered to be authenticated by a
|
829
|
-
# if any of the public keys verify it (i.e. it is an "OR" of
|
847
|
+
# Generally, a signature is considered to be authenticated by a `
|
848
|
+
# PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of
|
849
|
+
# the keys).
|
830
850
|
class PkixPublicKeySet
|
831
851
|
include Google::Apis::Core::Hashable
|
832
852
|
|
@@ -860,8 +880,8 @@ module Google
|
|
860
880
|
# @return [Google::Apis::BinaryauthorizationV1::GkePolicy]
|
861
881
|
attr_accessor :gke_policy
|
862
882
|
|
863
|
-
# Output only. The relative resource name of the
|
864
|
-
# the form of `projects/*/platforms/*/policies/*`.
|
883
|
+
# Output only. The relative resource name of the Binary Authorization platform
|
884
|
+
# policy, in the form of `projects/*/platforms/*/policies/*`.
|
865
885
|
# Corresponds to the JSON property `name`
|
866
886
|
# @return [String]
|
867
887
|
attr_accessor :name
|
@@ -983,7 +1003,7 @@ module Google
|
|
983
1003
|
end
|
984
1004
|
end
|
985
1005
|
|
986
|
-
# A scope specifier for
|
1006
|
+
# A scope specifier for `CheckSet` objects.
|
987
1007
|
class Scope
|
988
1008
|
include Google::Apis::Core::Hashable
|
989
1009
|
|
@@ -993,8 +1013,8 @@ module Google
|
|
993
1013
|
# @return [String]
|
994
1014
|
attr_accessor :kubernetes_namespace
|
995
1015
|
|
996
|
-
# Optional. Matches a single Kubernetes service account, e.g.
|
997
|
-
# service-account
|
1016
|
+
# Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-
|
1017
|
+
# service-account`. `kubernetes_service_account` scope is always more specific
|
998
1018
|
# than `kubernetes_namespace` scope for the same namespace.
|
999
1019
|
# Corresponds to the JSON property `kubernetesServiceAccount`
|
1000
1020
|
# @return [String]
|
@@ -1216,19 +1236,20 @@ module Google
|
|
1216
1236
|
|
1217
1237
|
# Required. List of trusted directory patterns. A pattern is in the form "
|
1218
1238
|
# registry/path/to/directory". The registry domain part is defined as two or
|
1219
|
-
# more dot-separated words, e.g., us.pkg.dev
|
1220
|
-
# used in three ways as wildcards: 1. leading
|
1221
|
-
# registry subdomain (useful for location prefixes); 2. trailing
|
1222
|
-
# registry/ to match varying endings; 3. trailing
|
1223
|
-
# as well. For example: -- gcr.io/my-project/my-repo is valid to
|
1224
|
-
# directory --
|
1225
|
-
# valid to match varying prefixes -- gcr.io/my-project
|
1226
|
-
# directories in my-project -- gcr.io/my-project
|
1227
|
-
# in my-project -- gcr.i
|
1228
|
-
# specified -- sub*domain.gcr.io/nginx is not valid
|
1229
|
-
# trailing
|
1230
|
-
# leading
|
1231
|
-
# one leading
|
1239
|
+
# more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*`
|
1240
|
+
# can be used in three ways as wildcards: 1. leading `*` to match varying
|
1241
|
+
# prefixes in registry subdomain (useful for location prefixes); 2. trailing `*`
|
1242
|
+
# after registry/ to match varying endings; 3. trailing `**` after registry/ to
|
1243
|
+
# match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to
|
1244
|
+
# match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/
|
1245
|
+
# my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will
|
1246
|
+
# match all direct directories in `my-project` -- `gcr.io/my-project/**` would
|
1247
|
+
# match all directories in `my-project` -- `gcr.i*` is not allowed since the
|
1248
|
+
# registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid
|
1249
|
+
# because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/
|
1250
|
+
# my-repo` is not valid because leading `*` can only match subdomain -- `**-
|
1251
|
+
# docker.pkg.dev` is not valid because one leading `*` is allowed, and that it
|
1252
|
+
# cannot match `/`
|
1232
1253
|
# Corresponds to the JSON property `trustedDirPatterns`
|
1233
1254
|
# @return [Array<String>]
|
1234
1255
|
attr_accessor :trusted_dir_patterns
|
@@ -1249,11 +1270,11 @@ module Google
|
|
1249
1270
|
include Google::Apis::Core::Hashable
|
1250
1271
|
|
1251
1272
|
# Output only. This field will contain the service account email address that
|
1252
|
-
# this
|
1273
|
+
# this attestor will use as the principal when querying Container Analysis.
|
1253
1274
|
# Attestor administrators must grant this service account the IAM role needed to
|
1254
1275
|
# read attestations from the note_reference in Container Analysis (`
|
1255
1276
|
# containeranalysis.notes.occurrences.viewer`). This email address is fixed for
|
1256
|
-
# the lifetime of the
|
1277
|
+
# the lifetime of the attestor, but callers should not make any other
|
1257
1278
|
# assumptions about the service account email; future versions may use an email
|
1258
1279
|
# based on a different naming pattern.
|
1259
1280
|
# Corresponds to the JSON property `delegationServiceAccountEmail`
|
@@ -1367,8 +1388,8 @@ module Google
|
|
1367
1388
|
# @return [Google::Apis::BinaryauthorizationV1::AttestationSource]
|
1368
1389
|
attr_accessor :attestation_source
|
1369
1390
|
|
1370
|
-
# If true, require the image to be built from a top-level configuration.
|
1371
|
-
#
|
1391
|
+
# If true, require the image to be built from a top-level configuration. `
|
1392
|
+
# trusted_source_repo_patterns` specifies the repositories containing this
|
1372
1393
|
# configuration.
|
1373
1394
|
# Corresponds to the JSON property `configBasedBuildRequired`
|
1374
1395
|
# @return [Boolean]
|
@@ -1385,19 +1406,19 @@ module Google
|
|
1385
1406
|
attr_accessor :trusted_builder
|
1386
1407
|
|
1387
1408
|
# List of trusted source code repository URL patterns. These patterns match the
|
1388
|
-
# full repository URL without its scheme (e.g.
|
1389
|
-
# not include schemes. For example, the pattern
|
1390
|
-
# project/my-repo-name
|
1391
|
-
# my-project/my-repo-name
|
1392
|
-
# repo-name
|
1393
|
-
# pattern matches a URL either exactly or with
|
1394
|
-
# only two ways: 1. trailing
|
1395
|
-
# trailing
|
1396
|
-
# wildcards and can only occur at the end of the pattern after a
|
1397
|
-
# possible to match a URL that contains literal
|
1398
|
-
# my-project/my-repo
|
1399
|
-
# will match all direct repos in my-project -
|
1400
|
-
# in GitHub
|
1409
|
+
# full repository URL without its scheme (e.g. `https://`). The patterns must
|
1410
|
+
# not include schemes. For example, the pattern `source.cloud.google.com/my-
|
1411
|
+
# project/my-repo-name` matches the following URLs: - `source.cloud.google.com/
|
1412
|
+
# my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-
|
1413
|
+
# repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A
|
1414
|
+
# pattern matches a URL either exactly or with `*` wildcards. `*` can be used in
|
1415
|
+
# only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2.
|
1416
|
+
# trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be
|
1417
|
+
# used as wildcards and can only occur at the end of the pattern after a `/`. (
|
1418
|
+
# So it's not possible to match a URL that contains literal `*`.) For example: -
|
1419
|
+
# `github.com/my-project/my-repo` is valid to match a single repo - `github.com/
|
1420
|
+
# my-project/*` will match all direct repos in `my-project` - `github.com/**`
|
1421
|
+
# matches all repos in GitHub
|
1401
1422
|
# Corresponds to the JSON property `trustedSourceRepoPatterns`
|
1402
1423
|
# @return [Array<String>]
|
1403
1424
|
attr_accessor :trusted_source_repo_patterns
|
@@ -1421,33 +1442,33 @@ module Google
|
|
1421
1442
|
include Google::Apis::Core::Hashable
|
1422
1443
|
|
1423
1444
|
# Optional. A list of specific CVEs to ignore even if the vulnerability level
|
1424
|
-
# violates maximumUnfixableSeverity or maximumFixableSeverity
|
1425
|
-
# in the format of Container Analysis note id. For example: - CVE-2021-
|
1426
|
-
# CVE-2020-10543 The CVEs are applicable regardless of note provider
|
1427
|
-
# g., an entry of `CVE-2021-20305` will allow vulnerabilities with a
|
1428
|
-
# of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/
|
1429
|
-
# PROJECT/notes/CVE-2021-20305`.
|
1445
|
+
# violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are
|
1446
|
+
# listed in the format of Container Analysis note id. For example: - CVE-2021-
|
1447
|
+
# 20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider
|
1448
|
+
# project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a
|
1449
|
+
# note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/
|
1450
|
+
# CUSTOM-PROJECT/notes/CVE-2021-20305`.
|
1430
1451
|
# Corresponds to the JSON property `allowedCves`
|
1431
1452
|
# @return [Array<String>]
|
1432
1453
|
attr_accessor :allowed_cves
|
1433
1454
|
|
1434
1455
|
# Optional. A list of specific CVEs to always raise warnings about even if the
|
1435
|
-
# vulnerability level meets maximumUnfixableSeverity or
|
1436
|
-
# CVEs are listed in the format of Container Analysis
|
1437
|
-
# CVE-2021-20305 - CVE-2020-10543 The CVEs are
|
1438
|
-
# provider project, e.g., an entry of `CVE-2021-
|
1439
|
-
# vulnerabilities with a note name of either `projects/goog-
|
1440
|
-
# 20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
|
1456
|
+
# vulnerability level meets `maximumUnfixableSeverity` or `
|
1457
|
+
# maximumFixableSeverity`. CVEs are listed in the format of Container Analysis
|
1458
|
+
# note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are
|
1459
|
+
# applicable regardless of note provider project, e.g., an entry of `CVE-2021-
|
1460
|
+
# 20305` will block vulnerabilities with a note name of either `projects/goog-
|
1461
|
+
# vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
|
1441
1462
|
# Corresponds to the JSON property `blockedCves`
|
1442
1463
|
# @return [Array<String>]
|
1443
1464
|
attr_accessor :blocked_cves
|
1444
1465
|
|
1445
1466
|
# Optional. The projects where vulnerabilities are stored as Container Analysis
|
1446
1467
|
# Occurrences. Each project is expressed in the resource format of `projects/[
|
1447
|
-
# PROJECT_ID]`, e.g., projects/my-gcp-project
|
1448
|
-
# project to fetch vulnerabilities, and all valid vulnerabilities will be
|
1449
|
-
# to check against the vulnerability policy. If no valid scan is found in
|
1450
|
-
# projects configured here, an error will be returned for the check.
|
1468
|
+
# PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for
|
1469
|
+
# each project to fetch vulnerabilities, and all valid vulnerabilities will be
|
1470
|
+
# used to check against the vulnerability policy. If no valid scan is found in
|
1471
|
+
# all projects configured here, an error will be returned for the check.
|
1451
1472
|
# Corresponds to the JSON property `containerAnalysisVulnerabilityProjects`
|
1452
1473
|
# @return [Array<String>]
|
1453
1474
|
attr_accessor :container_analysis_vulnerability_projects
|
@@ -16,13 +16,13 @@ module Google
|
|
16
16
|
module Apis
|
17
17
|
module BinaryauthorizationV1
|
18
18
|
# Version of the google-apis-binaryauthorization_v1 gem
|
19
|
-
GEM_VERSION = "0.
|
19
|
+
GEM_VERSION = "0.29.0"
|
20
20
|
|
21
21
|
# Version of the code generator used to generate this client
|
22
22
|
GENERATOR_VERSION = "0.12.0"
|
23
23
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
25
|
-
REVISION = "
|
25
|
+
REVISION = "20230929"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
@@ -425,6 +425,7 @@ module Google
|
|
425
425
|
class PkixPublicKey
|
426
426
|
# @private
|
427
427
|
class Representation < Google::Apis::Core::JsonRepresentation
|
428
|
+
property :key_id, as: 'keyId'
|
428
429
|
property :public_key_pem, as: 'publicKeyPem'
|
429
430
|
property :signature_algorithm, as: 'signatureAlgorithm'
|
430
431
|
end
|
@@ -88,8 +88,8 @@ module Google
|
|
88
88
|
|
89
89
|
# Creates or updates a project's policy, and returns a copy of the new policy. A
|
90
90
|
# policy is always updated as a whole, to avoid race conditions with concurrent
|
91
|
-
# policy enforcement (or management!) requests. Returns NOT_FOUND if the
|
92
|
-
# does not exist, INVALID_ARGUMENT if the request is malformed.
|
91
|
+
# policy enforcement (or management!) requests. Returns `NOT_FOUND` if the
|
92
|
+
# project does not exist, `INVALID_ARGUMENT` if the request is malformed.
|
93
93
|
# @param [String] name
|
94
94
|
# Output only. The resource name, in the format `projects/*/policy`. There is at
|
95
95
|
# most one policy per project.
|
@@ -123,9 +123,9 @@ module Google
|
|
123
123
|
execute_or_queue_command(command, &block)
|
124
124
|
end
|
125
125
|
|
126
|
-
# Creates an attestor, and returns a copy of the new attestor. Returns
|
127
|
-
# if the project does not exist, INVALID_ARGUMENT if the request is
|
128
|
-
# ALREADY_EXISTS if the attestor already exists.
|
126
|
+
# Creates an attestor, and returns a copy of the new attestor. Returns `
|
127
|
+
# NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the request is
|
128
|
+
# malformed, `ALREADY_EXISTS` if the attestor already exists.
|
129
129
|
# @param [String] parent
|
130
130
|
# Required. The parent of this attestor.
|
131
131
|
# @param [Google::Apis::BinaryauthorizationV1::Attestor] attestor_object
|
@@ -161,7 +161,7 @@ module Google
|
|
161
161
|
execute_or_queue_command(command, &block)
|
162
162
|
end
|
163
163
|
|
164
|
-
# Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
|
164
|
+
# Deletes an attestor. Returns `NOT_FOUND` if the attestor does not exist.
|
165
165
|
# @param [String] name
|
166
166
|
# Required. The name of the attestors to delete, in the format `projects/*/
|
167
167
|
# attestors/*`.
|
@@ -192,7 +192,7 @@ module Google
|
|
192
192
|
execute_or_queue_command(command, &block)
|
193
193
|
end
|
194
194
|
|
195
|
-
# Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
|
195
|
+
# Gets an attestor. Returns `NOT_FOUND` if the attestor does not exist.
|
196
196
|
# @param [String] name
|
197
197
|
# Required. The name of the attestor to retrieve, in the format `projects/*/
|
198
198
|
# attestors/*`.
|
@@ -268,7 +268,7 @@ module Google
|
|
268
268
|
execute_or_queue_command(command, &block)
|
269
269
|
end
|
270
270
|
|
271
|
-
# Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.
|
271
|
+
# Lists attestors. Returns `INVALID_ARGUMENT` if the project does not exist.
|
272
272
|
# @param [String] parent
|
273
273
|
# Required. The resource name of the project associated with the attestors, in
|
274
274
|
# the format `projects/*`.
|
@@ -384,7 +384,7 @@ module Google
|
|
384
384
|
execute_or_queue_command(command, &block)
|
385
385
|
end
|
386
386
|
|
387
|
-
# Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
|
387
|
+
# Updates an attestor. Returns `NOT_FOUND` if the attestor does not exist.
|
388
388
|
# @param [String] name
|
389
389
|
# Required. The resource name, in the format: `projects/*/attestors/*`. This
|
390
390
|
# field may not be updated.
|
@@ -418,8 +418,8 @@ module Google
|
|
418
418
|
execute_or_queue_command(command, &block)
|
419
419
|
end
|
420
420
|
|
421
|
-
# Returns whether the given Attestation for the given image URI was signed by
|
422
|
-
# the given Attestor
|
421
|
+
# Returns whether the given `Attestation` for the given image URI was signed by
|
422
|
+
# the given `Attestor`
|
423
423
|
# @param [String] attestor
|
424
424
|
# Required. The resource name of the Attestor of the occurrence, in the format `
|
425
425
|
# projects/*/attestors/*`.
|
@@ -453,11 +453,11 @@ module Google
|
|
453
453
|
execute_or_queue_command(command, &block)
|
454
454
|
end
|
455
455
|
|
456
|
-
# Creates a platform policy, and returns a copy of it. Returns NOT_FOUND if
|
457
|
-
# project or platform doesn't exist, INVALID_ARGUMENT if the request is
|
458
|
-
# malformed, ALREADY_EXISTS if the policy already exists, and
|
459
|
-
# if the policy contains a platform-specific policy that does
|
460
|
-
# platform value specified in the URL.
|
456
|
+
# Creates a platform policy, and returns a copy of it. Returns `NOT_FOUND` if
|
457
|
+
# the project or platform doesn't exist, `INVALID_ARGUMENT` if the request is
|
458
|
+
# malformed, `ALREADY_EXISTS` if the policy already exists, and `
|
459
|
+
# INVALID_ARGUMENT` if the policy contains a platform-specific policy that does
|
460
|
+
# not match the platform value specified in the URL.
|
461
461
|
# @param [String] parent
|
462
462
|
# Required. The parent of this platform policy.
|
463
463
|
# @param [Google::Apis::BinaryauthorizationV1::PlatformPolicy] platform_policy_object
|
@@ -493,7 +493,7 @@ module Google
|
|
493
493
|
execute_or_queue_command(command, &block)
|
494
494
|
end
|
495
495
|
|
496
|
-
# Deletes a platform policy. Returns NOT_FOUND if the policy doesn't exist.
|
496
|
+
# Deletes a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.
|
497
497
|
# @param [String] name
|
498
498
|
# Required. The name of the platform policy to delete, in the format `projects/*/
|
499
499
|
# platforms/*/policies/*`.
|
@@ -524,7 +524,7 @@ module Google
|
|
524
524
|
execute_or_queue_command(command, &block)
|
525
525
|
end
|
526
526
|
|
527
|
-
# Gets a platform policy. Returns NOT_FOUND if the policy doesn't exist.
|
527
|
+
# Gets a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.
|
528
528
|
# @param [String] name
|
529
529
|
# Required. The name of the platform policy to retrieve in the format `projects/*
|
530
530
|
# /platforms/*/policies/*`.
|
@@ -555,8 +555,8 @@ module Google
|
|
555
555
|
execute_or_queue_command(command, &block)
|
556
556
|
end
|
557
557
|
|
558
|
-
# Lists platform policies owned by a project in the specified platform. Returns
|
559
|
-
# INVALID_ARGUMENT if the project or the platform doesn't exist.
|
558
|
+
# Lists platform policies owned by a project in the specified platform. Returns `
|
559
|
+
# INVALID_ARGUMENT` if the project or the platform doesn't exist.
|
560
560
|
# @param [String] parent
|
561
561
|
# Required. The resource name of the platform associated with the platform
|
562
562
|
# policies using the format `projects/*/platforms/*`.
|
@@ -596,10 +596,10 @@ module Google
|
|
596
596
|
execute_or_queue_command(command, &block)
|
597
597
|
end
|
598
598
|
|
599
|
-
# Replaces a platform policy. Returns NOT_FOUND if the policy doesn't exist.
|
599
|
+
# Replaces a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.
|
600
600
|
# @param [String] name
|
601
|
-
# Output only. The relative resource name of the
|
602
|
-
# the form of `projects/*/platforms/*/policies/*`.
|
601
|
+
# Output only. The relative resource name of the Binary Authorization platform
|
602
|
+
# policy, in the form of `projects/*/platforms/*/policies/*`.
|
603
603
|
# @param [Google::Apis::BinaryauthorizationV1::PlatformPolicy] platform_policy_object
|
604
604
|
# @param [String] fields
|
605
605
|
# Selector specifying which fields to include in a partial response.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-apis-binaryauthorization_v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.29.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08
|
11
|
+
date: 2023-10-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-apis-core
|
@@ -58,7 +58,7 @@ licenses:
|
|
58
58
|
metadata:
|
59
59
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
60
60
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1/CHANGELOG.md
|
61
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.
|
61
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.29.0
|
62
62
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1
|
63
63
|
post_install_message:
|
64
64
|
rdoc_options: []
|
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: '0'
|
77
77
|
requirements: []
|
78
|
-
rubygems_version: 3.4.
|
78
|
+
rubygems_version: 3.4.19
|
79
79
|
signing_key:
|
80
80
|
specification_version: 4
|
81
81
|
summary: Simple REST client for Binary Authorization API V1
|