google-apis-binaryauthorization_v1 0.32.0 → 0.34.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a9eab914ac1276e01cb916e54a9881f569df020e965a249713e4ff6d66efc329
4
- data.tar.gz: 28ce189392613712706387c83b72d268d1b3a073b539693f06bf9e00e950a5ac
3
+ metadata.gz: 1d7311ba3619e22642ab22a0af0bba4aa55fa02a29c7126d8774d695d9b9e2ff
4
+ data.tar.gz: fd84c69c186062b45e52989db6730c087801105a4a8a6273704333b48b37ecfb
5
5
  SHA512:
6
- metadata.gz: ba550e93d7fcf2279caff6d5de1383754d4c807daf1e075eb42167f34cd65bd1b6a1bb80a94fdcb2d0f8229c0039d93465da2c62c6529780c8be0f1d1b2f2aa4
7
- data.tar.gz: a592259f268cb1c8798856689bdbf11a10cb3a523a997810d1726e048933c96162532bc3358c7dc952565734a4e5f94c0a964b9aae9d4b442c03c8248ff29b8c
6
+ metadata.gz: 0fbeab4bb0f747e0bfdf09efaf44074587bbca7e3ad99f5942d828aa790b772ab07e259ca98076ed7816d69b7c305fb0f977238b61d19c337993720de4906926
7
+ data.tar.gz: 98a85cd07d8705853824f182f462689f8fcb8e6bbf08f7c29b4e65694727d3e7095db55073fd9e37ef3f5a3ddedd9946d3762c2215c7fdbd49e4134a98c4eaff
data/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Release history for google-apis-binaryauthorization_v1
2
2
 
3
+ ### v0.34.0 (2024-02-23)
4
+
5
+ * Regenerated from discovery document revision 20240220
6
+
7
+ ### v0.33.0 (2024-02-18)
8
+
9
+ * Regenerated from discovery document revision 20240209
10
+
3
11
  ### v0.32.0 (2024-01-28)
4
12
 
5
13
  * Regenerated from discovery document revision 20240119
data/OVERVIEW.md CHANGED
@@ -83,9 +83,9 @@ The [product documentation](https://cloud.google.com/binary-authorization/) may
83
83
 
84
84
  ## Supported Ruby versions
85
85
 
86
- This library is supported on Ruby 2.5+.
86
+ This library is supported on Ruby 2.7+.
87
87
 
88
- Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Currently, this means Ruby 2.5 and later. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
88
+ Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
89
89
 
90
90
  ## License
91
91
 
@@ -84,6 +84,25 @@ module Google
84
84
  end
85
85
  end
86
86
 
87
+ # Result of evaluating an image name allowlist.
88
+ class AllowlistResult
89
+ include Google::Apis::Core::Hashable
90
+
91
+ # The allowlist pattern that the image matched.
92
+ # Corresponds to the JSON property `matchedPattern`
93
+ # @return [String]
94
+ attr_accessor :matched_pattern
95
+
96
+ def initialize(**args)
97
+ update!(**args)
98
+ end
99
+
100
+ # Update properties of this object
101
+ def update!(**args)
102
+ @matched_pattern = args[:matched_pattern] if args.key?(:matched_pattern)
103
+ end
104
+ end
105
+
87
106
  # An attestation authenticator that will be used to verify attestations.
88
107
  # Typically this is just a set of public keys. Conceptually, an authenticator
89
108
  # can be treated as always returning either "authenticated" or "not
@@ -171,10 +190,10 @@ module Google
171
190
  class AttestationSource
172
191
  include Google::Apis::Core::Hashable
173
192
 
174
- # The IDs of the GCP projects storing the SLSA attestations as Container
175
- # Analysis Occurrences, in the format `projects/[PROJECT_ID]`. Maximum number of
176
- # `container_analysis_attestation_projects` allowed in each `AttestationSource`
177
- # is 10.
193
+ # The IDs of the Google Cloud projects that store the SLSA attestations as
194
+ # Container Analysis Occurrences, in the format `projects/[PROJECT_ID]`. Maximum
195
+ # number of `container_analysis_attestation_projects` allowed in each `
196
+ # AttestationSource` is 10.
178
197
  # Corresponds to the JSON property `containerAnalysisAttestationProjects`
179
198
  # @return [Array<String>]
180
199
  attr_accessor :container_analysis_attestation_projects
@@ -421,6 +440,12 @@ module Google
421
440
  # @return [Google::Apis::BinaryauthorizationV1::ImageFreshnessCheck]
422
441
  attr_accessor :image_freshness_check
423
442
 
443
+ # A Sigstore signature check, which verifies the Sigstore signature associated
444
+ # with an image.
445
+ # Corresponds to the JSON property `sigstoreSignatureCheck`
446
+ # @return [Google::Apis::BinaryauthorizationV1::SigstoreSignatureCheck]
447
+ attr_accessor :sigstore_signature_check
448
+
424
449
  # Require a signed [DSSE](https://github.com/secure-systems-lab/dsse)
425
450
  # attestation with type SimpleSigning.
426
451
  # Corresponds to the JSON property `simpleSigningAttestationCheck`
@@ -455,6 +480,7 @@ module Google
455
480
  @display_name = args[:display_name] if args.key?(:display_name)
456
481
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
457
482
  @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
483
+ @sigstore_signature_check = args[:sigstore_signature_check] if args.key?(:sigstore_signature_check)
458
484
  @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
459
485
  @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
460
486
  @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
@@ -462,6 +488,74 @@ module Google
462
488
  end
463
489
  end
464
490
 
491
+ # Result of evaluating one check.
492
+ class CheckResult
493
+ include Google::Apis::Core::Hashable
494
+
495
+ # Result of evaluating an image name allowlist.
496
+ # Corresponds to the JSON property `allowlistResult`
497
+ # @return [Google::Apis::BinaryauthorizationV1::AllowlistResult]
498
+ attr_accessor :allowlist_result
499
+
500
+ # The name of the check.
501
+ # Corresponds to the JSON property `displayName`
502
+ # @return [String]
503
+ attr_accessor :display_name
504
+
505
+ # Result of evaluating one check.
506
+ # Corresponds to the JSON property `evaluationResult`
507
+ # @return [Google::Apis::BinaryauthorizationV1::EvaluationResult]
508
+ attr_accessor :evaluation_result
509
+
510
+ # Explanation of this check result.
511
+ # Corresponds to the JSON property `explanation`
512
+ # @return [String]
513
+ attr_accessor :explanation
514
+
515
+ # The index of the check.
516
+ # Corresponds to the JSON property `index`
517
+ # @return [Fixnum]
518
+ attr_accessor :index
519
+
520
+ # The type of the check.
521
+ # Corresponds to the JSON property `type`
522
+ # @return [String]
523
+ attr_accessor :type
524
+
525
+ def initialize(**args)
526
+ update!(**args)
527
+ end
528
+
529
+ # Update properties of this object
530
+ def update!(**args)
531
+ @allowlist_result = args[:allowlist_result] if args.key?(:allowlist_result)
532
+ @display_name = args[:display_name] if args.key?(:display_name)
533
+ @evaluation_result = args[:evaluation_result] if args.key?(:evaluation_result)
534
+ @explanation = args[:explanation] if args.key?(:explanation)
535
+ @index = args[:index] if args.key?(:index)
536
+ @type = args[:type] if args.key?(:type)
537
+ end
538
+ end
539
+
540
+ # Result of evaluating one or more checks.
541
+ class CheckResults
542
+ include Google::Apis::Core::Hashable
543
+
544
+ # Per-check details.
545
+ # Corresponds to the JSON property `results`
546
+ # @return [Array<Google::Apis::BinaryauthorizationV1::CheckResult>]
547
+ attr_accessor :results
548
+
549
+ def initialize(**args)
550
+ update!(**args)
551
+ end
552
+
553
+ # Update properties of this object
554
+ def update!(**args)
555
+ @results = args[:results] if args.key?(:results)
556
+ end
557
+ end
558
+
465
559
  # A conjunction of policy checks, scoped to a particular namespace or Kubernetes
466
560
  # service account. In order for evaluation of a `CheckSet` to return "allowed"
467
561
  # for a given image in a given Pod, one of the following conditions must be
@@ -507,6 +601,56 @@ module Google
507
601
  end
508
602
  end
509
603
 
604
+ # Result of evaluating one check set.
605
+ class CheckSetResult
606
+ include Google::Apis::Core::Hashable
607
+
608
+ # Result of evaluating an image name allowlist.
609
+ # Corresponds to the JSON property `allowlistResult`
610
+ # @return [Google::Apis::BinaryauthorizationV1::AllowlistResult]
611
+ attr_accessor :allowlist_result
612
+
613
+ # Result of evaluating one or more checks.
614
+ # Corresponds to the JSON property `checkResults`
615
+ # @return [Google::Apis::BinaryauthorizationV1::CheckResults]
616
+ attr_accessor :check_results
617
+
618
+ # The name of the check set.
619
+ # Corresponds to the JSON property `displayName`
620
+ # @return [String]
621
+ attr_accessor :display_name
622
+
623
+ # Explanation of this check set result. Only populated if no checks were
624
+ # evaluated.
625
+ # Corresponds to the JSON property `explanation`
626
+ # @return [String]
627
+ attr_accessor :explanation
628
+
629
+ # The index of the check set.
630
+ # Corresponds to the JSON property `index`
631
+ # @return [Fixnum]
632
+ attr_accessor :index
633
+
634
+ # A scope specifier for `CheckSet` objects.
635
+ # Corresponds to the JSON property `scope`
636
+ # @return [Google::Apis::BinaryauthorizationV1::Scope]
637
+ attr_accessor :scope
638
+
639
+ def initialize(**args)
640
+ update!(**args)
641
+ end
642
+
643
+ # Update properties of this object
644
+ def update!(**args)
645
+ @allowlist_result = args[:allowlist_result] if args.key?(:allowlist_result)
646
+ @check_results = args[:check_results] if args.key?(:check_results)
647
+ @display_name = args[:display_name] if args.key?(:display_name)
648
+ @explanation = args[:explanation] if args.key?(:explanation)
649
+ @index = args[:index] if args.key?(:index)
650
+ @scope = args[:scope] if args.key?(:scope)
651
+ end
652
+ end
653
+
510
654
  # A generic empty message that you can re-use to avoid defining duplicated empty
511
655
  # messages in your APIs. A typical example is to use it as the request or the
512
656
  # response type of an API method. For instance: service Foo ` rpc Bar(google.
@@ -523,6 +667,69 @@ module Google
523
667
  end
524
668
  end
525
669
 
670
+ # Request message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
671
+ class EvaluateGkePolicyRequest
672
+ include Google::Apis::Core::Hashable
673
+
674
+ # Required. JSON or YAML blob representing a Kubernetes resource.
675
+ # Corresponds to the JSON property `resource`
676
+ # @return [Hash<String,Object>]
677
+ attr_accessor :resource
678
+
679
+ def initialize(**args)
680
+ update!(**args)
681
+ end
682
+
683
+ # Update properties of this object
684
+ def update!(**args)
685
+ @resource = args[:resource] if args.key?(:resource)
686
+ end
687
+ end
688
+
689
+ # Response message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
690
+ class EvaluateGkePolicyResponse
691
+ include Google::Apis::Core::Hashable
692
+
693
+ # Evaluation result for each Pod contained in the request.
694
+ # Corresponds to the JSON property `results`
695
+ # @return [Array<Google::Apis::BinaryauthorizationV1::PodResult>]
696
+ attr_accessor :results
697
+
698
+ # The result of evaluating all Pods in the request.
699
+ # Corresponds to the JSON property `verdict`
700
+ # @return [String]
701
+ attr_accessor :verdict
702
+
703
+ def initialize(**args)
704
+ update!(**args)
705
+ end
706
+
707
+ # Update properties of this object
708
+ def update!(**args)
709
+ @results = args[:results] if args.key?(:results)
710
+ @verdict = args[:verdict] if args.key?(:verdict)
711
+ end
712
+ end
713
+
714
+ # Result of evaluating one check.
715
+ class EvaluationResult
716
+ include Google::Apis::Core::Hashable
717
+
718
+ # The result of evaluating this check.
719
+ # Corresponds to the JSON property `verdict`
720
+ # @return [String]
721
+ attr_accessor :verdict
722
+
723
+ def initialize(**args)
724
+ update!(**args)
725
+ end
726
+
727
+ # Update properties of this object
728
+ def update!(**args)
729
+ @verdict = args[:verdict] if args.key?(:verdict)
730
+ end
731
+ end
732
+
526
733
  # Represents a textual expression in the Common Expression Language (CEL) syntax.
527
734
  # CEL is a C-like expression language. The syntax and semantics of CEL are
528
735
  # documented at https://github.com/google/cel-spec. Example (Comparison): title:
@@ -748,6 +955,50 @@ module Google
748
955
  end
749
956
  end
750
957
 
958
+ # Result of evaluating one image.
959
+ class ImageResult
960
+ include Google::Apis::Core::Hashable
961
+
962
+ # Result of evaluating an image name allowlist.
963
+ # Corresponds to the JSON property `allowlistResult`
964
+ # @return [Google::Apis::BinaryauthorizationV1::AllowlistResult]
965
+ attr_accessor :allowlist_result
966
+
967
+ # Result of evaluating one check set.
968
+ # Corresponds to the JSON property `checkSetResult`
969
+ # @return [Google::Apis::BinaryauthorizationV1::CheckSetResult]
970
+ attr_accessor :check_set_result
971
+
972
+ # Explanation of this image result. Only populated if no check sets were
973
+ # evaluated.
974
+ # Corresponds to the JSON property `explanation`
975
+ # @return [String]
976
+ attr_accessor :explanation
977
+
978
+ # Image URI from the request.
979
+ # Corresponds to the JSON property `imageUri`
980
+ # @return [String]
981
+ attr_accessor :image_uri
982
+
983
+ # The result of evaluating this image.
984
+ # Corresponds to the JSON property `verdict`
985
+ # @return [String]
986
+ attr_accessor :verdict
987
+
988
+ def initialize(**args)
989
+ update!(**args)
990
+ end
991
+
992
+ # Update properties of this object
993
+ def update!(**args)
994
+ @allowlist_result = args[:allowlist_result] if args.key?(:allowlist_result)
995
+ @check_set_result = args[:check_set_result] if args.key?(:check_set_result)
996
+ @explanation = args[:explanation] if args.key?(:explanation)
997
+ @image_uri = args[:image_uri] if args.key?(:image_uri)
998
+ @verdict = args[:verdict] if args.key?(:verdict)
999
+ end
1000
+ end
1001
+
751
1002
  #
752
1003
  class Jwt
753
1004
  include Google::Apis::Core::Hashable
@@ -931,6 +1182,49 @@ module Google
931
1182
  end
932
1183
  end
933
1184
 
1185
+ # Result of evaluating the whole GKE policy for one Pod.
1186
+ class PodResult
1187
+ include Google::Apis::Core::Hashable
1188
+
1189
+ # Per-image details.
1190
+ # Corresponds to the JSON property `imageResults`
1191
+ # @return [Array<Google::Apis::BinaryauthorizationV1::ImageResult>]
1192
+ attr_accessor :image_results
1193
+
1194
+ # The Kubernetes namespace of the Pod.
1195
+ # Corresponds to the JSON property `kubernetesNamespace`
1196
+ # @return [String]
1197
+ attr_accessor :kubernetes_namespace
1198
+
1199
+ # The Kubernetes service account of the Pod.
1200
+ # Corresponds to the JSON property `kubernetesServiceAccount`
1201
+ # @return [String]
1202
+ attr_accessor :kubernetes_service_account
1203
+
1204
+ # The name of the Pod.
1205
+ # Corresponds to the JSON property `podName`
1206
+ # @return [String]
1207
+ attr_accessor :pod_name
1208
+
1209
+ # The result of evaluating this Pod.
1210
+ # Corresponds to the JSON property `verdict`
1211
+ # @return [String]
1212
+ attr_accessor :verdict
1213
+
1214
+ def initialize(**args)
1215
+ update!(**args)
1216
+ end
1217
+
1218
+ # Update properties of this object
1219
+ def update!(**args)
1220
+ @image_results = args[:image_results] if args.key?(:image_results)
1221
+ @kubernetes_namespace = args[:kubernetes_namespace] if args.key?(:kubernetes_namespace)
1222
+ @kubernetes_service_account = args[:kubernetes_service_account] if args.key?(:kubernetes_service_account)
1223
+ @pod_name = args[:pod_name] if args.key?(:pod_name)
1224
+ @verdict = args[:verdict] if args.key?(:verdict)
1225
+ end
1226
+ end
1227
+
934
1228
  # A policy for container image binary authorization.
935
1229
  class Policy
936
1230
  include Google::Apis::Core::Hashable
@@ -1158,6 +1452,99 @@ module Google
1158
1452
  end
1159
1453
  end
1160
1454
 
1455
+ # A Sigstore authority, used to verify signatures that are created by Sigstore.
1456
+ # An authority is analogous to an attestation authenticator, verifying that a
1457
+ # signature is valid or invalid.
1458
+ class SigstoreAuthority
1459
+ include Google::Apis::Core::Hashable
1460
+
1461
+ # Optional. A user-provided name for this `SigstoreAuthority`. This field has no
1462
+ # effect on the policy evaluation behavior except to improve readability of
1463
+ # messages in evaluation results.
1464
+ # Corresponds to the JSON property `displayName`
1465
+ # @return [String]
1466
+ attr_accessor :display_name
1467
+
1468
+ # A bundle of Sigstore public keys, used to verify Sigstore signatures. A
1469
+ # signature is authenticated by a `SigstorePublicKeySet` if any of the keys
1470
+ # verify it.
1471
+ # Corresponds to the JSON property `publicKeySet`
1472
+ # @return [Google::Apis::BinaryauthorizationV1::SigstorePublicKeySet]
1473
+ attr_accessor :public_key_set
1474
+
1475
+ def initialize(**args)
1476
+ update!(**args)
1477
+ end
1478
+
1479
+ # Update properties of this object
1480
+ def update!(**args)
1481
+ @display_name = args[:display_name] if args.key?(:display_name)
1482
+ @public_key_set = args[:public_key_set] if args.key?(:public_key_set)
1483
+ end
1484
+ end
1485
+
1486
+ # A Sigstore public key. `SigstorePublicKey` is the public key material used to
1487
+ # authenticate Sigstore signatures.
1488
+ class SigstorePublicKey
1489
+ include Google::Apis::Core::Hashable
1490
+
1491
+ # The public key material in PEM format.
1492
+ # Corresponds to the JSON property `publicKeyPem`
1493
+ # @return [String]
1494
+ attr_accessor :public_key_pem
1495
+
1496
+ def initialize(**args)
1497
+ update!(**args)
1498
+ end
1499
+
1500
+ # Update properties of this object
1501
+ def update!(**args)
1502
+ @public_key_pem = args[:public_key_pem] if args.key?(:public_key_pem)
1503
+ end
1504
+ end
1505
+
1506
+ # A bundle of Sigstore public keys, used to verify Sigstore signatures. A
1507
+ # signature is authenticated by a `SigstorePublicKeySet` if any of the keys
1508
+ # verify it.
1509
+ class SigstorePublicKeySet
1510
+ include Google::Apis::Core::Hashable
1511
+
1512
+ # Required. `public_keys` must have at least one entry.
1513
+ # Corresponds to the JSON property `publicKeys`
1514
+ # @return [Array<Google::Apis::BinaryauthorizationV1::SigstorePublicKey>]
1515
+ attr_accessor :public_keys
1516
+
1517
+ def initialize(**args)
1518
+ update!(**args)
1519
+ end
1520
+
1521
+ # Update properties of this object
1522
+ def update!(**args)
1523
+ @public_keys = args[:public_keys] if args.key?(:public_keys)
1524
+ end
1525
+ end
1526
+
1527
+ # A Sigstore signature check, which verifies the Sigstore signature associated
1528
+ # with an image.
1529
+ class SigstoreSignatureCheck
1530
+ include Google::Apis::Core::Hashable
1531
+
1532
+ # Required. The authorities required by this check to verify the signature. A
1533
+ # signature only needs to be verified by one authority to pass the check.
1534
+ # Corresponds to the JSON property `sigstoreAuthorities`
1535
+ # @return [Array<Google::Apis::BinaryauthorizationV1::SigstoreAuthority>]
1536
+ attr_accessor :sigstore_authorities
1537
+
1538
+ def initialize(**args)
1539
+ update!(**args)
1540
+ end
1541
+
1542
+ # Update properties of this object
1543
+ def update!(**args)
1544
+ @sigstore_authorities = args[:sigstore_authorities] if args.key?(:sigstore_authorities)
1545
+ end
1546
+ end
1547
+
1161
1548
  # Require a signed [DSSE](https://github.com/secure-systems-lab/dsse)
1162
1549
  # attestation with type SimpleSigning.
1163
1550
  class SimpleSigningAttestationCheck
@@ -16,13 +16,13 @@ module Google
16
16
  module Apis
17
17
  module BinaryauthorizationV1
18
18
  # Version of the google-apis-binaryauthorization_v1 gem
19
- GEM_VERSION = "0.32.0"
19
+ GEM_VERSION = "0.34.0"
20
20
 
21
21
  # Version of the code generator used to generate this client
22
22
  GENERATOR_VERSION = "0.13.1"
23
23
 
24
24
  # Revision of the discovery document this client was generated from
25
- REVISION = "20240119"
25
+ REVISION = "20240220"
26
26
  end
27
27
  end
28
28
  end
@@ -34,6 +34,12 @@ module Google
34
34
  include Google::Apis::Core::JsonObjectSupport
35
35
  end
36
36
 
37
+ class AllowlistResult
38
+ class Representation < Google::Apis::Core::JsonRepresentation; end
39
+
40
+ include Google::Apis::Core::JsonObjectSupport
41
+ end
42
+
37
43
  class AttestationAuthenticator
38
44
  class Representation < Google::Apis::Core::JsonRepresentation; end
39
45
 
@@ -76,18 +82,54 @@ module Google
76
82
  include Google::Apis::Core::JsonObjectSupport
77
83
  end
78
84
 
85
+ class CheckResult
86
+ class Representation < Google::Apis::Core::JsonRepresentation; end
87
+
88
+ include Google::Apis::Core::JsonObjectSupport
89
+ end
90
+
91
+ class CheckResults
92
+ class Representation < Google::Apis::Core::JsonRepresentation; end
93
+
94
+ include Google::Apis::Core::JsonObjectSupport
95
+ end
96
+
79
97
  class CheckSet
80
98
  class Representation < Google::Apis::Core::JsonRepresentation; end
81
99
 
82
100
  include Google::Apis::Core::JsonObjectSupport
83
101
  end
84
102
 
103
+ class CheckSetResult
104
+ class Representation < Google::Apis::Core::JsonRepresentation; end
105
+
106
+ include Google::Apis::Core::JsonObjectSupport
107
+ end
108
+
85
109
  class Empty
86
110
  class Representation < Google::Apis::Core::JsonRepresentation; end
87
111
 
88
112
  include Google::Apis::Core::JsonObjectSupport
89
113
  end
90
114
 
115
+ class EvaluateGkePolicyRequest
116
+ class Representation < Google::Apis::Core::JsonRepresentation; end
117
+
118
+ include Google::Apis::Core::JsonObjectSupport
119
+ end
120
+
121
+ class EvaluateGkePolicyResponse
122
+ class Representation < Google::Apis::Core::JsonRepresentation; end
123
+
124
+ include Google::Apis::Core::JsonObjectSupport
125
+ end
126
+
127
+ class EvaluationResult
128
+ class Representation < Google::Apis::Core::JsonRepresentation; end
129
+
130
+ include Google::Apis::Core::JsonObjectSupport
131
+ end
132
+
91
133
  class Expr
92
134
  class Representation < Google::Apis::Core::JsonRepresentation; end
93
135
 
@@ -118,6 +160,12 @@ module Google
118
160
  include Google::Apis::Core::JsonObjectSupport
119
161
  end
120
162
 
163
+ class ImageResult
164
+ class Representation < Google::Apis::Core::JsonRepresentation; end
165
+
166
+ include Google::Apis::Core::JsonObjectSupport
167
+ end
168
+
121
169
  class Jwt
122
170
  class Representation < Google::Apis::Core::JsonRepresentation; end
123
171
 
@@ -154,6 +202,12 @@ module Google
154
202
  include Google::Apis::Core::JsonObjectSupport
155
203
  end
156
204
 
205
+ class PodResult
206
+ class Representation < Google::Apis::Core::JsonRepresentation; end
207
+
208
+ include Google::Apis::Core::JsonObjectSupport
209
+ end
210
+
157
211
  class Policy
158
212
  class Representation < Google::Apis::Core::JsonRepresentation; end
159
213
 
@@ -178,6 +232,30 @@ module Google
178
232
  include Google::Apis::Core::JsonObjectSupport
179
233
  end
180
234
 
235
+ class SigstoreAuthority
236
+ class Representation < Google::Apis::Core::JsonRepresentation; end
237
+
238
+ include Google::Apis::Core::JsonObjectSupport
239
+ end
240
+
241
+ class SigstorePublicKey
242
+ class Representation < Google::Apis::Core::JsonRepresentation; end
243
+
244
+ include Google::Apis::Core::JsonObjectSupport
245
+ end
246
+
247
+ class SigstorePublicKeySet
248
+ class Representation < Google::Apis::Core::JsonRepresentation; end
249
+
250
+ include Google::Apis::Core::JsonObjectSupport
251
+ end
252
+
253
+ class SigstoreSignatureCheck
254
+ class Representation < Google::Apis::Core::JsonRepresentation; end
255
+
256
+ include Google::Apis::Core::JsonObjectSupport
257
+ end
258
+
181
259
  class SimpleSigningAttestationCheck
182
260
  class Representation < Google::Apis::Core::JsonRepresentation; end
183
261
 
@@ -254,6 +332,13 @@ module Google
254
332
  end
255
333
  end
256
334
 
335
+ class AllowlistResult
336
+ # @private
337
+ class Representation < Google::Apis::Core::JsonRepresentation
338
+ property :matched_pattern, as: 'matchedPattern'
339
+ end
340
+ end
341
+
257
342
  class AttestationAuthenticator
258
343
  # @private
259
344
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -323,6 +408,8 @@ module Google
323
408
 
324
409
  property :image_freshness_check, as: 'imageFreshnessCheck', class: Google::Apis::BinaryauthorizationV1::ImageFreshnessCheck, decorator: Google::Apis::BinaryauthorizationV1::ImageFreshnessCheck::Representation
325
410
 
411
+ property :sigstore_signature_check, as: 'sigstoreSignatureCheck', class: Google::Apis::BinaryauthorizationV1::SigstoreSignatureCheck, decorator: Google::Apis::BinaryauthorizationV1::SigstoreSignatureCheck::Representation
412
+
326
413
  property :simple_signing_attestation_check, as: 'simpleSigningAttestationCheck', class: Google::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck, decorator: Google::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck::Representation
327
414
 
328
415
  property :slsa_check, as: 'slsaCheck', class: Google::Apis::BinaryauthorizationV1::SlsaCheck, decorator: Google::Apis::BinaryauthorizationV1::SlsaCheck::Representation
@@ -334,6 +421,28 @@ module Google
334
421
  end
335
422
  end
336
423
 
424
+ class CheckResult
425
+ # @private
426
+ class Representation < Google::Apis::Core::JsonRepresentation
427
+ property :allowlist_result, as: 'allowlistResult', class: Google::Apis::BinaryauthorizationV1::AllowlistResult, decorator: Google::Apis::BinaryauthorizationV1::AllowlistResult::Representation
428
+
429
+ property :display_name, as: 'displayName'
430
+ property :evaluation_result, as: 'evaluationResult', class: Google::Apis::BinaryauthorizationV1::EvaluationResult, decorator: Google::Apis::BinaryauthorizationV1::EvaluationResult::Representation
431
+
432
+ property :explanation, as: 'explanation'
433
+ property :index, :numeric_string => true, as: 'index'
434
+ property :type, as: 'type'
435
+ end
436
+ end
437
+
438
+ class CheckResults
439
+ # @private
440
+ class Representation < Google::Apis::Core::JsonRepresentation
441
+ collection :results, as: 'results', class: Google::Apis::BinaryauthorizationV1::CheckResult, decorator: Google::Apis::BinaryauthorizationV1::CheckResult::Representation
442
+
443
+ end
444
+ end
445
+
337
446
  class CheckSet
338
447
  # @private
339
448
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -347,12 +456,50 @@ module Google
347
456
  end
348
457
  end
349
458
 
459
+ class CheckSetResult
460
+ # @private
461
+ class Representation < Google::Apis::Core::JsonRepresentation
462
+ property :allowlist_result, as: 'allowlistResult', class: Google::Apis::BinaryauthorizationV1::AllowlistResult, decorator: Google::Apis::BinaryauthorizationV1::AllowlistResult::Representation
463
+
464
+ property :check_results, as: 'checkResults', class: Google::Apis::BinaryauthorizationV1::CheckResults, decorator: Google::Apis::BinaryauthorizationV1::CheckResults::Representation
465
+
466
+ property :display_name, as: 'displayName'
467
+ property :explanation, as: 'explanation'
468
+ property :index, :numeric_string => true, as: 'index'
469
+ property :scope, as: 'scope', class: Google::Apis::BinaryauthorizationV1::Scope, decorator: Google::Apis::BinaryauthorizationV1::Scope::Representation
470
+
471
+ end
472
+ end
473
+
350
474
  class Empty
351
475
  # @private
352
476
  class Representation < Google::Apis::Core::JsonRepresentation
353
477
  end
354
478
  end
355
479
 
480
+ class EvaluateGkePolicyRequest
481
+ # @private
482
+ class Representation < Google::Apis::Core::JsonRepresentation
483
+ hash :resource, as: 'resource'
484
+ end
485
+ end
486
+
487
+ class EvaluateGkePolicyResponse
488
+ # @private
489
+ class Representation < Google::Apis::Core::JsonRepresentation
490
+ collection :results, as: 'results', class: Google::Apis::BinaryauthorizationV1::PodResult, decorator: Google::Apis::BinaryauthorizationV1::PodResult::Representation
491
+
492
+ property :verdict, as: 'verdict'
493
+ end
494
+ end
495
+
496
+ class EvaluationResult
497
+ # @private
498
+ class Representation < Google::Apis::Core::JsonRepresentation
499
+ property :verdict, as: 'verdict'
500
+ end
501
+ end
502
+
356
503
  class Expr
357
504
  # @private
358
505
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -397,6 +544,19 @@ module Google
397
544
  end
398
545
  end
399
546
 
547
+ class ImageResult
548
+ # @private
549
+ class Representation < Google::Apis::Core::JsonRepresentation
550
+ property :allowlist_result, as: 'allowlistResult', class: Google::Apis::BinaryauthorizationV1::AllowlistResult, decorator: Google::Apis::BinaryauthorizationV1::AllowlistResult::Representation
551
+
552
+ property :check_set_result, as: 'checkSetResult', class: Google::Apis::BinaryauthorizationV1::CheckSetResult, decorator: Google::Apis::BinaryauthorizationV1::CheckSetResult::Representation
553
+
554
+ property :explanation, as: 'explanation'
555
+ property :image_uri, as: 'imageUri'
556
+ property :verdict, as: 'verdict'
557
+ end
558
+ end
559
+
400
560
  class Jwt
401
561
  # @private
402
562
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -450,6 +610,18 @@ module Google
450
610
  end
451
611
  end
452
612
 
613
+ class PodResult
614
+ # @private
615
+ class Representation < Google::Apis::Core::JsonRepresentation
616
+ collection :image_results, as: 'imageResults', class: Google::Apis::BinaryauthorizationV1::ImageResult, decorator: Google::Apis::BinaryauthorizationV1::ImageResult::Representation
617
+
618
+ property :kubernetes_namespace, as: 'kubernetesNamespace'
619
+ property :kubernetes_service_account, as: 'kubernetesServiceAccount'
620
+ property :pod_name, as: 'podName'
621
+ property :verdict, as: 'verdict'
622
+ end
623
+ end
624
+
453
625
  class Policy
454
626
  # @private
455
627
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -497,6 +669,38 @@ module Google
497
669
  end
498
670
  end
499
671
 
672
+ class SigstoreAuthority
673
+ # @private
674
+ class Representation < Google::Apis::Core::JsonRepresentation
675
+ property :display_name, as: 'displayName'
676
+ property :public_key_set, as: 'publicKeySet', class: Google::Apis::BinaryauthorizationV1::SigstorePublicKeySet, decorator: Google::Apis::BinaryauthorizationV1::SigstorePublicKeySet::Representation
677
+
678
+ end
679
+ end
680
+
681
+ class SigstorePublicKey
682
+ # @private
683
+ class Representation < Google::Apis::Core::JsonRepresentation
684
+ property :public_key_pem, as: 'publicKeyPem'
685
+ end
686
+ end
687
+
688
+ class SigstorePublicKeySet
689
+ # @private
690
+ class Representation < Google::Apis::Core::JsonRepresentation
691
+ collection :public_keys, as: 'publicKeys', class: Google::Apis::BinaryauthorizationV1::SigstorePublicKey, decorator: Google::Apis::BinaryauthorizationV1::SigstorePublicKey::Representation
692
+
693
+ end
694
+ end
695
+
696
+ class SigstoreSignatureCheck
697
+ # @private
698
+ class Representation < Google::Apis::Core::JsonRepresentation
699
+ collection :sigstore_authorities, as: 'sigstoreAuthorities', class: Google::Apis::BinaryauthorizationV1::SigstoreAuthority, decorator: Google::Apis::BinaryauthorizationV1::SigstoreAuthority::Representation
700
+
701
+ end
702
+ end
703
+
500
704
  class SimpleSigningAttestationCheck
501
705
  # @private
502
706
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -455,6 +455,43 @@ module Google
455
455
  execute_or_queue_command(command, &block)
456
456
  end
457
457
 
458
+ # Evaluates a Kubernetes object versus a GKE platform policy. Returns `NOT_FOUND`
459
+ # if the policy doesn't exist, `INVALID_ARGUMENT` if the policy or request is
460
+ # malformed and `PERMISSION_DENIED` if the client does not have sufficient
461
+ # permissions.
462
+ # @param [String] name
463
+ # Required. The name of the platform policy to evaluate in the format `projects/*
464
+ # /platforms/*/policies/*`.
465
+ # @param [Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyRequest] evaluate_gke_policy_request_object
466
+ # @param [String] fields
467
+ # Selector specifying which fields to include in a partial response.
468
+ # @param [String] quota_user
469
+ # Available to use for quota purposes for server-side applications. Can be any
470
+ # arbitrary string assigned to a user, but should not exceed 40 characters.
471
+ # @param [Google::Apis::RequestOptions] options
472
+ # Request-specific options
473
+ #
474
+ # @yield [result, err] Result & error if block supplied
475
+ # @yieldparam result [Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse] parsed result object
476
+ # @yieldparam err [StandardError] error object if request failed
477
+ #
478
+ # @return [Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse]
479
+ #
480
+ # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
481
+ # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
482
+ # @raise [Google::Apis::AuthorizationError] Authorization is required
483
+ def evaluate_gke_policy(name, evaluate_gke_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
484
+ command = make_simple_command(:post, 'v1/{+name}:evaluate', options)
485
+ command.request_representation = Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyRequest::Representation
486
+ command.request_object = evaluate_gke_policy_request_object
487
+ command.response_representation = Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse::Representation
488
+ command.response_class = Google::Apis::BinaryauthorizationV1::EvaluateGkePolicyResponse
489
+ command.params['name'] = name unless name.nil?
490
+ command.query['fields'] = fields unless fields.nil?
491
+ command.query['quotaUser'] = quota_user unless quota_user.nil?
492
+ execute_or_queue_command(command, &block)
493
+ end
494
+
458
495
  # Creates a platform policy, and returns a copy of it. Returns `NOT_FOUND` if
459
496
  # the project or platform doesn't exist, `INVALID_ARGUMENT` if the request is
460
497
  # malformed, `ALREADY_EXISTS` if the policy already exists, and `
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-apis-binaryauthorization_v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.32.0
4
+ version: 0.34.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-28 00:00:00.000000000 Z
11
+ date: 2024-02-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-apis-core
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.12.0
19
+ version: 0.14.0
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: 2.a
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- version: 0.12.0
29
+ version: 0.14.0
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: 2.a
@@ -58,7 +58,7 @@ licenses:
58
58
  metadata:
59
59
  bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
60
60
  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1/CHANGELOG.md
61
- documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.32.0
61
+ documentation_uri: https://googleapis.dev/ruby/google-apis-binaryauthorization_v1/v0.34.0
62
62
  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-binaryauthorization_v1
63
63
  post_install_message:
64
64
  rdoc_options: []
@@ -68,14 +68,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
68
68
  requirements:
69
69
  - - ">="
70
70
  - !ruby/object:Gem::Version
71
- version: '2.5'
71
+ version: '2.7'
72
72
  required_rubygems_version: !ruby/object:Gem::Requirement
73
73
  requirements:
74
74
  - - ">="
75
75
  - !ruby/object:Gem::Version
76
76
  version: '0'
77
77
  requirements: []
78
- rubygems_version: 3.5.3
78
+ rubygems_version: 3.5.6
79
79
  signing_key:
80
80
  specification_version: 4
81
81
  summary: Simple REST client for Binary Authorization API V1