google-apis-binaryauthorization_v1 0.32.0 → 0.34.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9eab914ac1276e01cb916e54a9881f569df020e965a249713e4ff6d66efc329
-  data.tar.gz: 28ce189392613712706387c83b72d268d1b3a073b539693f06bf9e00e950a5ac
+  metadata.gz: 1d7311ba3619e22642ab22a0af0bba4aa55fa02a29c7126d8774d695d9b9e2ff
+  data.tar.gz: fd84c69c186062b45e52989db6730c087801105a4a8a6273704333b48b37ecfb
 SHA512:
-  metadata.gz: ba550e93d7fcf2279caff6d5de1383754d4c807daf1e075eb42167f34cd65bd1b6a1bb80a94fdcb2d0f8229c0039d93465da2c62c6529780c8be0f1d1b2f2aa4
-  data.tar.gz: a592259f268cb1c8798856689bdbf11a10cb3a523a997810d1726e048933c96162532bc3358c7dc952565734a4e5f94c0a964b9aae9d4b442c03c8248ff29b8c
+  metadata.gz: 0fbeab4bb0f747e0bfdf09efaf44074587bbca7e3ad99f5942d828aa790b772ab07e259ca98076ed7816d69b7c305fb0f977238b61d19c337993720de4906926
+  data.tar.gz: 98a85cd07d8705853824f182f462689f8fcb8e6bbf08f7c29b4e65694727d3e7095db55073fd9e37ef3f5a3ddedd9946d3762c2215c7fdbd49e4134a98c4eaff

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Release history for google-apis-binaryauthorization_v1
 
+### v0.34.0 (2024-02-23)
+
+* Regenerated from discovery document revision 20240220
+
+### v0.33.0 (2024-02-18)
+
+* Regenerated from discovery document revision 20240209
+
 ### v0.32.0 (2024-01-28)
 
 * Regenerated from discovery document revision 20240119

data/OVERVIEW.md

@@ -83,9 +83,9 @@ The [product documentation](https://cloud.google.com/binary-authorization/) may
 
 ## Supported Ruby versions
 
-This library is supported on Ruby 2.5+.
+This library is supported on Ruby 2.7+.
 
-Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Currently, this means Ruby 2.5 and later. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
+Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
 
 ## License
 

data/lib/google/apis/binaryauthorization_v1/classes.rb

@@ -84,6 +84,25 @@ module Google
         end
       end
       
+      # Result of evaluating an image name allowlist.
+      class AllowlistResult
+        include Google::Apis::Core::Hashable
+      
+        # The allowlist pattern that the image matched.
+        # Corresponds to the JSON property `matchedPattern`
+        # @return [String]
+        attr_accessor :matched_pattern
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @matched_pattern = args[:matched_pattern] if args.key?(:matched_pattern)
+        end
+      end
+      
       # An attestation authenticator that will be used to verify attestations.
       # Typically this is just a set of public keys. Conceptually, an authenticator
       # can be treated as always returning either "authenticated" or "not
@@ -171,10 +190,10 @@ module Google
       class AttestationSource
         include Google::Apis::Core::Hashable
       
-        # The IDs of the GCP projects storing the SLSA attestations as Container
-        # Analysis Occurrences, in the format `projects/[PROJECT_ID]`. Maximum number of
-        # `container_analysis_attestation_projects` allowed in each `AttestationSource`
-        # is 10.
+        # The IDs of the Google Cloud projects that store the SLSA attestations as
+        # Container Analysis Occurrences, in the format `projects/[PROJECT_ID]`. Maximum
+        # number of `container_analysis_attestation_projects` allowed in each `
+        # AttestationSource` is 10.
         # Corresponds to the JSON property `containerAnalysisAttestationProjects`
         # @return [Array<String>]
         attr_accessor :container_analysis_attestation_projects
@@ -421,6 +440,12 @@ module Google
         # @return [Google::Apis::BinaryauthorizationV1::ImageFreshnessCheck]
         attr_accessor :image_freshness_check
       
+        # A Sigstore signature check, which verifies the Sigstore signature associated
+        # with an image.
+        # Corresponds to the JSON property `sigstoreSignatureCheck`
+        # @return [Google::Apis::BinaryauthorizationV1::SigstoreSignatureCheck]
+        attr_accessor :sigstore_signature_check
+      
         # Require a signed [DSSE](https://github.com/secure-systems-lab/dsse)
         # attestation with type SimpleSigning.
         # Corresponds to the JSON property `simpleSigningAttestationCheck`
@@ -455,6 +480,7 @@ module Google
           @display_name = args[:display_name] if args.key?(:display_name)
           @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
           @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
+          @sigstore_signature_check = args[:sigstore_signature_check] if args.key?(:sigstore_signature_check)
           @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
           @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
           @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
@@ -462,6 +488,74 @@ module Google
         end
       end
       
+      # Result of evaluating one check.
+      class CheckResult
+        include Google::Apis::Core::Hashable
+      
+        # Result of evaluating an image name allowlist.
+        # Corresponds to the JSON property `allowlistResult`
+        # @return [Google::Apis::BinaryauthorizationV1::AllowlistResult]
+        attr_accessor :allowlist_result
+      
+        # The name of the check.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # Result of evaluating one check.
+        # Corresponds to the JSON property `evaluationResult`
+        # @return [Google::Apis::BinaryauthorizationV1::EvaluationResult]
+        attr_accessor :evaluation_result
+      
+        # Explanation of this check result.
+        # Corresponds to the JSON property `explanation`
+        # @return [String]
+        attr_accessor :explanation
+      
+        # The index of the check.
+        # Corresponds to the JSON property `index`
+        # @return [Fixnum]
+        attr_accessor :index
+      
+        # The type of the check.
+        # Corresponds to the JSON property `type`
+        # @return [String]
+        attr_accessor :type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @allowlist_result = args[:allowlist_result] if args.key?(:allowlist_result)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @evaluation_result = args[:evaluation_result] if args.key?(:evaluation_result)
+          @explanation = args[:explanation] if args.key?(:explanation)
+          @index = args[:index] if args.key?(:index)
+          @type = args[:type] if args.key?(:type)
+        end
+      end
+      
+      # Result of evaluating one or more checks.
+      class CheckResults
+        include Google::Apis::Core::Hashable
+      
+        # Per-check details.
+        # Corresponds to the JSON property `results`
+        # @return [Array<Google::Apis::BinaryauthorizationV1::CheckResult>]
+        attr_accessor :results
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @results = args[:results] if args.key?(:results)
+        end
+      end
+      
       # A conjunction of policy checks, scoped to a particular namespace or Kubernetes
       # service account. In order for evaluation of a `CheckSet` to return "allowed"
       # for a given image in a given Pod, one of the following conditions must be
@@ -507,6 +601,56 @@ module Google
         end
       end
       
+      # Result of evaluating one check set.
+      class CheckSetResult
+        include Google::Apis::Core::Hashable
+      
+        # Result of evaluating an image name allowlist.
+        # Corresponds to the JSON property `allowlistResult`
+        # @return [Google::Apis::BinaryauthorizationV1::AllowlistResult]
+        attr_accessor :allowlist_result
+      
+        # Result of evaluating one or more checks.
+        # Corresponds to the JSON property `checkResults`
+        # @return [Google::Apis::BinaryauthorizationV1::CheckResults]
+        attr_accessor :check_results
+      
+        # The name of the check set.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # Explanation of this check set result. Only populated if no checks were
+        # evaluated.
+        # Corresponds to the JSON property `explanation`
+        # @return [String]
+        attr_accessor :explanation
+      
+        # The index of the check set.
+        # Corresponds to the JSON property `index`
+        # @return [Fixnum]
+        attr_accessor :index
+      
+        # A scope specifier for `CheckSet` objects.
+        # Corresponds to the JSON property `scope`
+        # @return [Google::Apis::BinaryauthorizationV1::Scope]
+        attr_accessor :scope
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @allowlist_result = args[:allowlist_result] if args.key?(:allowlist_result)
+          @check_results = args[:check_results] if args.key?(:check_results)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @explanation = args[:explanation] if args.key?(:explanation)
+          @index = args[:index] if args.key?(:index)
+          @scope = args[:scope] if args.key?(:scope)
+        end
+      end
+      
       # A generic empty message that you can re-use to avoid defining duplicated empty
       # messages in your APIs. A typical example is to use it as the request or the
       # response type of an API method. For instance: service Foo ` rpc Bar(google.
@@ -523,6 +667,69 @@ module Google
         end
       end
       
+      # Request message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
+      class EvaluateGkePolicyRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. JSON or YAML blob representing a Kubernetes resource.
+        # Corresponds to the JSON property `resource`
+        # @return [Hash<String,Object>]
+        attr_accessor :resource
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @resource = args[:resource] if args.key?(:resource)
+        end
+      end
+      
+      # Response message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
+      class EvaluateGkePolicyResponse
+        include Google::Apis::Core::Hashable
+      
+        # Evaluation result for each Pod contained in the request.
+        # Corresponds to the JSON property `results`
+        # @return [Array<Google::Apis::BinaryauthorizationV1::PodResult>]
+        attr_accessor :results
+      
+        # The result of evaluating all Pods in the request.
+        # Corresponds to the JSON property `verdict`
+        # @return [String]
+        attr_accessor :verdict
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @results = args[:results] if args.key?(:results)
+          @verdict = args[:verdict] if args.key?(:verdict)
+        end
+      end
+      
+      # Result of evaluating one check.
+      class EvaluationResult
+        include Google::Apis::Core::Hashable
+      
+        # The result of evaluating this check.
+        # Corresponds to the JSON property `verdict`
+        # @return [String]
+        attr_accessor :verdict
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @verdict = args[:verdict] if args.key?(:verdict)
+        end
+      end
+      
       # Represents a textual expression in the Common Expression Language (CEL) syntax.
       # CEL is a C-like expression language. The syntax and semantics of CEL are
       # documented at https://github.com/google/cel-spec. Example (Comparison): title:
@@ -748,6 +955,50 @@ module Google
         end
       end
       
+      # Result of evaluating one image.
+      class ImageResult
+        include Google::Apis::Core::Hashable
+      
+        # Result of evaluating an image name allowlist.
+        # Corresponds to the JSON property `allowlistResult`
+        # @return [Google::Apis::BinaryauthorizationV1::AllowlistResult]
+        attr_accessor :allowlist_result
+      
+        # Result of evaluating one check set.
+        # Corresponds to the JSON property `checkSetResult`
+        # @return [Google::Apis::BinaryauthorizationV1::CheckSetResult]
+        attr_accessor :check_set_result
+      
+        # Explanation of this image result. Only populated if no check sets were
+        # evaluated.
+        # Corresponds to the JSON property `explanation`
+        # @return [String]
+        attr_accessor :explanation
+      
+        # Image URI from the request.
+        # Corresponds to the JSON property `imageUri`
+        # @return [String]
+        attr_accessor :image_uri
+      
+        # The result of evaluating this image.
+        # Corresponds to the JSON property `verdict`
+        # @return [String]
+        attr_accessor :verdict
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @allowlist_result = args[:allowlist_result] if args.key?(:allowlist_result)
+          @check_set_result = args[:check_set_result] if args.key?(:check_set_result)
+          @explanation = args[:explanation] if args.key?(:explanation)
+          @image_uri = args[:image_uri] if args.key?(:image_uri)
+          @verdict = args[:verdict] if args.key?(:verdict)
+        end
+      end
+      
       # 
       class Jwt
         include Google::Apis::Core::Hashable
@@ -931,6 +1182,49 @@ module Google
         end
       end
       
+      # Result of evaluating the whole GKE policy for one Pod.
+      class PodResult
+        include Google::Apis::Core::Hashable
+      
+        # Per-image details.
+        # Corresponds to the JSON property `imageResults`
+        # @return [Array<Google::Apis::BinaryauthorizationV1::ImageResult>]
+        attr_accessor :image_results
+      
+        # The Kubernetes namespace of the Pod.
+        # Corresponds to the JSON property `kubernetesNamespace`
+        # @return [String]
+        attr_accessor :kubernetes_namespace
+      
+        # The Kubernetes service account of the Pod.
+        # Corresponds to the JSON property `kubernetesServiceAccount`
+        # @return [String]
+        attr_accessor :kubernetes_service_account
+      
+        # The name of the Pod.
+        # Corresponds to the JSON property `podName`
+        # @return [String]
+        attr_accessor :pod_name
+      
+        # The result of evaluating this Pod.
+        # Corresponds to the JSON property `verdict`
+        # @return [String]
+        attr_accessor :verdict
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @image_results = args[:image_results] if args.key?(:image_results)
+          @kubernetes_namespace = args[:kubernetes_namespace] if args.key?(:kubernetes_namespace)
+          @kubernetes_service_account = args[:kubernetes_service_account] if args.key?(:kubernetes_service_account)
+          @pod_name = args[:pod_name] if args.key?(:pod_name)
+          @verdict = args[:verdict] if args.key?(:verdict)
+        end
+      end
+      
       # A policy for container image binary authorization.
       class Policy
         include Google::Apis::Core::Hashable
@@ -1158,6 +1452,99 @@ module Google
         end
       end
       
+      # A Sigstore authority, used to verify signatures that are created by Sigstore.
+      # An authority is analogous to an attestation authenticator, verifying that a
+      # signature is valid or invalid.
+      class SigstoreAuthority
+        include Google::Apis::Core::Hashable
+      
+        # Optional. A user-provided name for this `SigstoreAuthority`. This field has no
+        # effect on the policy evaluation behavior except to improve readability of
+        # messages in evaluation results.
+        # Corresponds to the JSON property `displayName`
+        # @return [String]
+        attr_accessor :display_name
+      
+        # A bundle of Sigstore public keys, used to verify Sigstore signatures. A
+        # signature is authenticated by a `SigstorePublicKeySet` if any of the keys
+        # verify it.
+        # Corresponds to the JSON property `publicKeySet`
+        # @return [Google::Apis::BinaryauthorizationV1::SigstorePublicKeySet]
+        attr_accessor :public_key_set
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @display_name = args[:display_name] if args.key?(:display_name)
+          @public_key_set = args[:public_key_set] if args.key?(:public_key_set)
+        end
+      end
+      
+      # A Sigstore public key. `SigstorePublicKey` is the public key material used to
+      # authenticate Sigstore signatures.
+      class SigstorePublicKey
+        include Google::Apis::Core::Hashable
+      
+        # The public key material in PEM format.
+        # Corresponds to the JSON property `publicKeyPem`
+        # @return [String]
+        attr_accessor :public_key_pem
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @public_key_pem = args[:public_key_pem] if args.key?(:public_key_pem)
+        end
+      end
+      
+      # A bundle of Sigstore public keys, used to verify Sigstore signatures. A
+      # signature is authenticated by a `SigstorePublicKeySet` if any of the keys
+      # verify it.
+      class SigstorePublicKeySet
+        include Google::Apis::Core::Hashable
+      
+        # Required. `public_keys` must have at least one entry.
+        # Corresponds to the JSON property `publicKeys`
+        # @return [Array<Google::Apis::BinaryauthorizationV1::SigstorePublicKey>]
+        attr_accessor :public_keys
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @public_keys = args[:public_keys] if args.key?(:public_keys)
+        end
+      end
+      
+      # A Sigstore signature check, which verifies the Sigstore signature associated
+      # with an image.
+      class SigstoreSignatureCheck
+        include Google::Apis::Core::Hashable
+      
+        # Required. The authorities required by this check to verify the signature. A
+        # signature only needs to be verified by one authority to pass the check.
+        # Corresponds to the JSON property `sigstoreAuthorities`
+        # @return [Array<Google::Apis::BinaryauthorizationV1::SigstoreAuthority>]
+        attr_accessor :sigstore_authorities
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @sigstore_authorities = args[:sigstore_authorities] if args.key?(:sigstore_authorities)
+        end
+      end
+      
       # Require a signed [DSSE](https://github.com/secure-systems-lab/dsse)
       # attestation with type SimpleSigning.
       class SimpleSigningAttestationCheck

data/lib/google/apis/binaryauthorization_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module BinaryauthorizationV1
       # Version of the google-apis-binaryauthorization_v1 gem
-      GEM_VERSION = "0.32.0"
+      GEM_VERSION = "0.34.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.13.1"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20240119"
+      REVISION = "20240220"
     end
   end
 end

data/lib/google/apis/binaryauthorization_v1/representations.rb

@@ -34,6 +34,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class AllowlistResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class AttestationAuthenticator
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -76,18 +82,54 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class CheckResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class CheckResults
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class CheckSet
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class CheckSetResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Empty
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class EvaluateGkePolicyRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class EvaluateGkePolicyResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class EvaluationResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Expr
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -118,6 +160,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class ImageResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Jwt
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -154,6 +202,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class PodResult
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Policy
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -178,6 +232,30 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class SigstoreAuthority
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class SigstorePublicKey
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class SigstorePublicKeySet
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class SigstoreSignatureCheck
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class SimpleSigningAttestationCheck
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -254,6 +332,13 @@ module Google
         end
       end
       
+      class AllowlistResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :matched_pattern, as: 'matchedPattern'
+        end
+      end
+      
       class AttestationAuthenticator
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -323,6 +408,8 @@ module Google
       
           property :image_freshness_check, as: 'imageFreshnessCheck', class: Google::Apis::BinaryauthorizationV1::ImageFreshnessCheck, decorator: Google::Apis::BinaryauthorizationV1::ImageFreshnessCheck::Representation
       
+          property :sigstore_signature_check, as: 'sigstoreSignatureCheck', class: Google::Apis::BinaryauthorizationV1::SigstoreSignatureCheck, decorator: Google::Apis::BinaryauthorizationV1::SigstoreSignatureCheck::Representation
+      
           property :simple_signing_attestation_check, as: 'simpleSigningAttestationCheck', class: Google::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck, decorator: Google::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck::Representation
       
           property :slsa_check, as: 'slsaCheck', class: Google::Apis::BinaryauthorizationV1::SlsaCheck, decorator: Google::Apis::BinaryauthorizationV1::SlsaCheck::Representation
@@ -334,6 +421,28 @@ module Google
         end
       end
       
+      class CheckResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :allowlist_result, as: 'allowlistResult', class: Google::Apis::BinaryauthorizationV1::AllowlistResult, decorator: Google::Apis::BinaryauthorizationV1::AllowlistResult::Representation
+      
+          property :display_name, as: 'displayName'
+          property :evaluation_result, as: 'evaluationResult', class: Google::Apis::BinaryauthorizationV1::EvaluationResult, decorator: Google::Apis::BinaryauthorizationV1::EvaluationResult::Representation
+      
+          property :explanation, as: 'explanation'
+          property :index, :numeric_string => true, as: 'index'
+          property :type, as: 'type'
+        end
+      end
+      
+      class CheckResults
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :results, as: 'results', class: Google::Apis::BinaryauthorizationV1::CheckResult, decorator: Google::Apis::BinaryauthorizationV1::CheckResult::Representation
+      
+        end
+      end
+      
       class CheckSet
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -347,12 +456,50 @@ module Google
         end
       end
       
+      class CheckSetResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :allowlist_result, as: 'allowlistResult', class: Google::Apis::BinaryauthorizationV1::AllowlistResult, decorator: Google::Apis::BinaryauthorizationV1::AllowlistResult::Representation
+      
+          property :check_results, as: 'checkResults', class: Google::Apis::BinaryauthorizationV1::CheckResults, decorator: Google::Apis::BinaryauthorizationV1::CheckResults::Representation
+      
+          property :display_name, as: 'displayName'
+          property :explanation, as: 'explanation'
+          property :index, :numeric_string => true, as: 'index'
+          property :scope, as: 'scope', class: Google::Apis::BinaryauthorizationV1::Scope, decorator: Google::Apis::BinaryauthorizationV1::Scope::Representation
+      
+        end
+      end
+      
       class Empty
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
         end
       end
       
+      class EvaluateGkePolicyRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          hash :resource, as: 'resource'
+        end
+      end
+      
+      class EvaluateGkePolicyResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :results, as: 'results', class: Google::Apis::BinaryauthorizationV1::PodResult, decorator: Google::Apis::BinaryauthorizationV1::PodResult::Representation
+      
+          property :verdict, as: 'verdict'
+        end
+      end
+      
+      class EvaluationResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :verdict, as: 'verdict'
+        end
+      end
+      
       class Expr
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -397,6 +544,19 @@ module Google
         end
       end
       
+      class ImageResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :allowlist_result, as: 'allowlistResult', class: Google::Apis::BinaryauthorizationV1::AllowlistResult, decorator: Google::Apis::BinaryauthorizationV1::AllowlistResult::Representation
+      
+          property :check_set_result, as: 'checkSetResult', class: Google::Apis::BinaryauthorizationV1::CheckSetResult, decorator: Google::Apis::BinaryauthorizationV1::CheckSetResult::Representation
+      
+          property :explanation, as: 'explanation'
+          property :image_uri, as: 'imageUri'
+          property :verdict, as: 'verdict'
+        end
+      end
+      
       class Jwt
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -450,6 +610,18 @@ module Google
         end
       end
       
+      class PodResult
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :image_results, as: 'imageResults', class: Google::Apis::BinaryauthorizationV1::ImageResult, decorator: Google::Apis::BinaryauthorizationV1::ImageResult::Representation
+      
+          property :kubernetes_namespace, as: 'kubernetesNamespace'
+          property :kubernetes_service_account, as: 'kubernetesServiceAccount'
+          property :pod_name, as: 'podName'
+          property :verdict, as: 'verdict'
+        end
+      end
+      
       class Policy
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -497,6 +669,38 @@ module Google
         end
       end
       
+      class SigstoreAuthority
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :display_name, as: 'displayName'
+          property :public_key_set, as: 'publicKeySet', class: Google::Apis::BinaryauthorizationV1::SigstorePublicKeySet, decorator: Google::Apis::BinaryauthorizationV1::SigstorePublicKeySet::Representation
+      
+        end
+      end
+      
+      class SigstorePublicKey
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :public_key_pem, as: 'publicKeyPem'
+        end
+      end
+      
+      class SigstorePublicKeySet
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :public_keys, as: 'publicKeys', class: Google::Apis::BinaryauthorizationV1::SigstorePublicKey, decorator: Google::Apis::BinaryauthorizationV1::SigstorePublicKey::Representation
+      
+        end
+      end
+      
+      class SigstoreSignatureCheck
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :sigstore_authorities, as: 'sigstoreAuthorities', class: Google::Apis::BinaryauthorizationV1::SigstoreAuthority, decorator: Google::Apis::BinaryauthorizationV1::SigstoreAuthority::Representation
+      
+        end
+      end
+      
       class SimpleSigningAttestationCheck
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

data/lib/google/apis/binaryauthorization_v1/service.rb

@@ -455,6 +455,43 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Evaluates a Kubernetes object versus a GKE platform policy. Returns `NOT_FOUND`
+        # if the policy doesn't exist, `INVALID_ARGUMENT` if the policy or request is
+        # malformed and `PERMISSION_DENIED` if the client does not have sufficient
+        # permissions.
+        # @param [String] name
+        #   Required. The name of the platform policy to evaluate in the format `projects/*
+        #   /platforms/*/policies/*`.
+        # @param [Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyRequest] evaluate_gke_policy_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def evaluate_gke_policy(name, evaluate_gke_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+name}:evaluate', options)
+          command.request_representation = Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyRequest::Representation
+          command.request_object = evaluate_gke_policy_request_object
+          command.response_representation = Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse::Representation
+          command.response_class = Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse
+          command.params['name'] = name unless name.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Creates a platform policy, and returns a copy of it. Returns `NOT_FOUND` if
         # the project or platform doesn't exist, `INVALID_ARGUMENT` if the request is
         # malformed, `ALREADY_EXISTS` if the policy already exists, and `

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-binaryauthorization_v1
 version: !ruby/object:Gem::Version
-  version: 0.32.0
+  version: 0.34.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-28 00:00:00.000000000 Z
+date: 2024-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: 0.14.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: 0.14.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -58,7 +58,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.32.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.34.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1
 post_install_message: 
 rdoc_options: []
@@ -68,14 +68,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
+rubygems_version: 3.5.6
 signing_key: 
 specification_version: 4
 summary: Simple REST client for Binary Authorization API V1