google-apis-containeranalysis_v1alpha1 0.15.0 → 0.19.0
Sign up to get free protection for your applications and to get access to all the features.
@@ -184,7 +184,7 @@ module Google
|
|
184
184
|
end
|
185
185
|
end
|
186
186
|
|
187
|
-
# Associates `members
|
187
|
+
# Associates `members`, or principals, with a `role`.
|
188
188
|
class Binding
|
189
189
|
include Google::Apis::Core::Hashable
|
190
190
|
|
@@ -207,7 +207,7 @@ module Google
|
|
207
207
|
# @return [Google::Apis::ContaineranalysisV1alpha1::Expr]
|
208
208
|
attr_accessor :condition
|
209
209
|
|
210
|
-
# Specifies the
|
210
|
+
# Specifies the principals requesting access for a Cloud Platform resource. `
|
211
211
|
# members` can have the following values: * `allUsers`: A special identifier
|
212
212
|
# that represents anyone who is on the internet; with or without a Google
|
213
213
|
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
@@ -237,8 +237,8 @@ module Google
|
|
237
237
|
# @return [Array<String>]
|
238
238
|
attr_accessor :members
|
239
239
|
|
240
|
-
# Role that is assigned to `members
|
241
|
-
#
|
240
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
241
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`.
|
242
242
|
# Corresponds to the JSON property `role`
|
243
243
|
# @return [String]
|
244
244
|
attr_accessor :role
|
@@ -259,11 +259,19 @@ module Google
|
|
259
259
|
class BuildDetails
|
260
260
|
include Google::Apis::Core::Hashable
|
261
261
|
|
262
|
-
#
|
262
|
+
# Deprecated. See InTotoStatement for the replacement. In-toto Provenance
|
263
|
+
# representation as defined in spec.
|
263
264
|
# Corresponds to the JSON property `intotoProvenance`
|
264
265
|
# @return [Google::Apis::ContaineranalysisV1alpha1::InTotoProvenance]
|
265
266
|
attr_accessor :intoto_provenance
|
266
267
|
|
268
|
+
# Spec defined at https://github.com/in-toto/attestation/tree/main/spec#
|
269
|
+
# statement The serialized InTotoStatement will be stored as Envelope.payload.
|
270
|
+
# Envelope.payloadType is always "application/vnd.in-toto+json".
|
271
|
+
# Corresponds to the JSON property `intotoStatement`
|
272
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::InTotoStatement]
|
273
|
+
attr_accessor :intoto_statement
|
274
|
+
|
267
275
|
# Provenance of a build. Contains all information needed to verify the full
|
268
276
|
# details about the build from source to completion.
|
269
277
|
# Corresponds to the JSON property `provenance`
|
@@ -289,6 +297,7 @@ module Google
|
|
289
297
|
# Update properties of this object
|
290
298
|
def update!(**args)
|
291
299
|
@intoto_provenance = args[:intoto_provenance] if args.key?(:intoto_provenance)
|
300
|
+
@intoto_statement = args[:intoto_statement] if args.key?(:intoto_statement)
|
292
301
|
@provenance = args[:provenance] if args.key?(:provenance)
|
293
302
|
@provenance_bytes = args[:provenance_bytes] if args.key?(:provenance_bytes)
|
294
303
|
end
|
@@ -438,141 +447,6 @@ module Google
|
|
438
447
|
end
|
439
448
|
end
|
440
449
|
|
441
|
-
# A step in the build pipeline.
|
442
|
-
class BuildStep
|
443
|
-
include Google::Apis::Core::Hashable
|
444
|
-
|
445
|
-
# A list of arguments that will be presented to the step when it is started. If
|
446
|
-
# the image used to run the step's container has an entrypoint, the `args` are
|
447
|
-
# used as arguments to that entrypoint. If the image does not define an
|
448
|
-
# entrypoint, the first element in args is used as the entrypoint, and the
|
449
|
-
# remainder will be used as arguments.
|
450
|
-
# Corresponds to the JSON property `args`
|
451
|
-
# @return [Array<String>]
|
452
|
-
attr_accessor :args
|
453
|
-
|
454
|
-
# Working directory to use when running this step's container. If this value is
|
455
|
-
# a relative path, it is relative to the build's working directory. If this
|
456
|
-
# value is absolute, it may be outside the build's working directory, in which
|
457
|
-
# case the contents of the path may not be persisted across build step
|
458
|
-
# executions, unless a `volume` for that path is specified. If the build
|
459
|
-
# specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies
|
460
|
-
# an absolute path, the `RepoSource` `dir` is ignored for the step's execution.
|
461
|
-
# Corresponds to the JSON property `dir`
|
462
|
-
# @return [String]
|
463
|
-
attr_accessor :dir
|
464
|
-
|
465
|
-
# Entrypoint to be used instead of the build step image's default entrypoint. If
|
466
|
-
# unset, the image's default entrypoint is used.
|
467
|
-
# Corresponds to the JSON property `entrypoint`
|
468
|
-
# @return [String]
|
469
|
-
attr_accessor :entrypoint
|
470
|
-
|
471
|
-
# A list of environment variable definitions to be used when running a step. The
|
472
|
-
# elements are of the form "KEY=VALUE" for the environment variable "KEY" being
|
473
|
-
# given the value "VALUE".
|
474
|
-
# Corresponds to the JSON property `env`
|
475
|
-
# @return [Array<String>]
|
476
|
-
attr_accessor :env
|
477
|
-
|
478
|
-
# Unique identifier for this build step, used in `wait_for` to reference this
|
479
|
-
# build step as a dependency.
|
480
|
-
# Corresponds to the JSON property `id`
|
481
|
-
# @return [String]
|
482
|
-
attr_accessor :id
|
483
|
-
|
484
|
-
# Required. The name of the container image that will run this particular build
|
485
|
-
# step. If the image is available in the host's Docker daemon's cache, it will
|
486
|
-
# be run directly. If not, the host will attempt to pull the image first, using
|
487
|
-
# the builder service account's credentials if necessary. The Docker daemon's
|
488
|
-
# cache will already have the latest versions of all of the officially supported
|
489
|
-
# build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://
|
490
|
-
# github.com/GoogleCloudPlatform/cloud-builders)). The Docker daemon will also
|
491
|
-
# have cached many of the layers for some popular images, like "ubuntu", "debian"
|
492
|
-
# , but they will be refreshed at the time you attempt to use them. If you built
|
493
|
-
# an image in a previous build step, it will be stored in the host's Docker
|
494
|
-
# daemon's cache and is available to use as the name for a later build step.
|
495
|
-
# Corresponds to the JSON property `name`
|
496
|
-
# @return [String]
|
497
|
-
attr_accessor :name
|
498
|
-
|
499
|
-
# Start and end times for a build execution phase.
|
500
|
-
# Corresponds to the JSON property `pullTiming`
|
501
|
-
# @return [Google::Apis::ContaineranalysisV1alpha1::TimeSpan]
|
502
|
-
attr_accessor :pull_timing
|
503
|
-
|
504
|
-
# A shell script to be executed in the step. When script is provided, the user
|
505
|
-
# cannot specify the entrypoint or args.
|
506
|
-
# Corresponds to the JSON property `script`
|
507
|
-
# @return [String]
|
508
|
-
attr_accessor :script
|
509
|
-
|
510
|
-
# A list of environment variables which are encrypted using a Cloud Key
|
511
|
-
# Management Service crypto key. These values must be specified in the build's `
|
512
|
-
# Secret`.
|
513
|
-
# Corresponds to the JSON property `secretEnv`
|
514
|
-
# @return [Array<String>]
|
515
|
-
attr_accessor :secret_env
|
516
|
-
|
517
|
-
# Output only. Status of the build step. At this time, build step status is only
|
518
|
-
# updated on build completion; step status is not updated in real-time as the
|
519
|
-
# build progresses.
|
520
|
-
# Corresponds to the JSON property `status`
|
521
|
-
# @return [String]
|
522
|
-
attr_accessor :status
|
523
|
-
|
524
|
-
# Time limit for executing this build step. If not defined, the step has no time
|
525
|
-
# limit and will be allowed to continue to run until either it completes or the
|
526
|
-
# build itself times out.
|
527
|
-
# Corresponds to the JSON property `timeout`
|
528
|
-
# @return [String]
|
529
|
-
attr_accessor :timeout
|
530
|
-
|
531
|
-
# Start and end times for a build execution phase.
|
532
|
-
# Corresponds to the JSON property `timing`
|
533
|
-
# @return [Google::Apis::ContaineranalysisV1alpha1::TimeSpan]
|
534
|
-
attr_accessor :timing
|
535
|
-
|
536
|
-
# List of volumes to mount into the build step. Each volume is created as an
|
537
|
-
# empty volume prior to execution of the build step. Upon completion of the
|
538
|
-
# build, volumes and their contents are discarded. Using a named volume in only
|
539
|
-
# one step is not valid as it is indicative of a build request with an incorrect
|
540
|
-
# configuration.
|
541
|
-
# Corresponds to the JSON property `volumes`
|
542
|
-
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::Volume>]
|
543
|
-
attr_accessor :volumes
|
544
|
-
|
545
|
-
# The ID(s) of the step(s) that this build step depends on. This build step will
|
546
|
-
# not start until all the build steps in `wait_for` have completed successfully.
|
547
|
-
# If `wait_for` is empty, this build step will start when all previous build
|
548
|
-
# steps in the `Build.Steps` list have completed successfully.
|
549
|
-
# Corresponds to the JSON property `waitFor`
|
550
|
-
# @return [Array<String>]
|
551
|
-
attr_accessor :wait_for
|
552
|
-
|
553
|
-
def initialize(**args)
|
554
|
-
update!(**args)
|
555
|
-
end
|
556
|
-
|
557
|
-
# Update properties of this object
|
558
|
-
def update!(**args)
|
559
|
-
@args = args[:args] if args.key?(:args)
|
560
|
-
@dir = args[:dir] if args.key?(:dir)
|
561
|
-
@entrypoint = args[:entrypoint] if args.key?(:entrypoint)
|
562
|
-
@env = args[:env] if args.key?(:env)
|
563
|
-
@id = args[:id] if args.key?(:id)
|
564
|
-
@name = args[:name] if args.key?(:name)
|
565
|
-
@pull_timing = args[:pull_timing] if args.key?(:pull_timing)
|
566
|
-
@script = args[:script] if args.key?(:script)
|
567
|
-
@secret_env = args[:secret_env] if args.key?(:secret_env)
|
568
|
-
@status = args[:status] if args.key?(:status)
|
569
|
-
@timeout = args[:timeout] if args.key?(:timeout)
|
570
|
-
@timing = args[:timing] if args.key?(:timing)
|
571
|
-
@volumes = args[:volumes] if args.key?(:volumes)
|
572
|
-
@wait_for = args[:wait_for] if args.key?(:wait_for)
|
573
|
-
end
|
574
|
-
end
|
575
|
-
|
576
450
|
# Note holding the version of the provider's builder and the signature of the
|
577
451
|
# provenance message in linked BuildDetails.
|
578
452
|
class BuildType
|
@@ -765,12 +639,1250 @@ module Google
|
|
765
639
|
# The title that identifies this compliance check.
|
766
640
|
# Corresponds to the JSON property `title`
|
767
641
|
# @return [String]
|
768
|
-
attr_accessor :title
|
642
|
+
attr_accessor :title
|
643
|
+
|
644
|
+
# The OS and config versions the benchmark applies to.
|
645
|
+
# Corresponds to the JSON property `version`
|
646
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ComplianceVersion>]
|
647
|
+
attr_accessor :version
|
648
|
+
|
649
|
+
def initialize(**args)
|
650
|
+
update!(**args)
|
651
|
+
end
|
652
|
+
|
653
|
+
# Update properties of this object
|
654
|
+
def update!(**args)
|
655
|
+
@cis_benchmark = args[:cis_benchmark] if args.key?(:cis_benchmark)
|
656
|
+
@description = args[:description] if args.key?(:description)
|
657
|
+
@rationale = args[:rationale] if args.key?(:rationale)
|
658
|
+
@remediation = args[:remediation] if args.key?(:remediation)
|
659
|
+
@scan_instructions = args[:scan_instructions] if args.key?(:scan_instructions)
|
660
|
+
@title = args[:title] if args.key?(:title)
|
661
|
+
@version = args[:version] if args.key?(:version)
|
662
|
+
end
|
663
|
+
end
|
664
|
+
|
665
|
+
# An indication that the compliance checks in the associated ComplianceNote were
|
666
|
+
# not satisfied for particular resources or a specified reason.
|
667
|
+
class ComplianceOccurrence
|
668
|
+
include Google::Apis::Core::Hashable
|
669
|
+
|
670
|
+
# The reason for non compliance of these files.
|
671
|
+
# Corresponds to the JSON property `nonComplianceReason`
|
672
|
+
# @return [String]
|
673
|
+
attr_accessor :non_compliance_reason
|
674
|
+
|
675
|
+
# A list of files which are violating compliance checks.
|
676
|
+
# Corresponds to the JSON property `nonCompliantFiles`
|
677
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::NonCompliantFile>]
|
678
|
+
attr_accessor :non_compliant_files
|
679
|
+
|
680
|
+
def initialize(**args)
|
681
|
+
update!(**args)
|
682
|
+
end
|
683
|
+
|
684
|
+
# Update properties of this object
|
685
|
+
def update!(**args)
|
686
|
+
@non_compliance_reason = args[:non_compliance_reason] if args.key?(:non_compliance_reason)
|
687
|
+
@non_compliant_files = args[:non_compliant_files] if args.key?(:non_compliant_files)
|
688
|
+
end
|
689
|
+
end
|
690
|
+
|
691
|
+
# Describes the CIS benchmark version that is applicable to a given OS and os
|
692
|
+
# version.
|
693
|
+
class ComplianceVersion
|
694
|
+
include Google::Apis::Core::Hashable
|
695
|
+
|
696
|
+
# The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
|
697
|
+
# applicable to.
|
698
|
+
# Corresponds to the JSON property `cpeUri`
|
699
|
+
# @return [String]
|
700
|
+
attr_accessor :cpe_uri
|
701
|
+
|
702
|
+
# The version of the benchmark. This is set to the version of the OS-specific
|
703
|
+
# CIS document the benchmark is defined in.
|
704
|
+
# Corresponds to the JSON property `version`
|
705
|
+
# @return [String]
|
706
|
+
attr_accessor :version
|
707
|
+
|
708
|
+
def initialize(**args)
|
709
|
+
update!(**args)
|
710
|
+
end
|
711
|
+
|
712
|
+
# Update properties of this object
|
713
|
+
def update!(**args)
|
714
|
+
@cpe_uri = args[:cpe_uri] if args.key?(:cpe_uri)
|
715
|
+
@version = args[:version] if args.key?(:version)
|
716
|
+
end
|
717
|
+
end
|
718
|
+
|
719
|
+
# ApprovalConfig describes configuration for manual approval of a build.
|
720
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig
|
721
|
+
include Google::Apis::Core::Hashable
|
722
|
+
|
723
|
+
# Whether or not approval is needed. If this is set on a build, it will become
|
724
|
+
# pending when created, and will need to be explicitly approved to start.
|
725
|
+
# Corresponds to the JSON property `approvalRequired`
|
726
|
+
# @return [Boolean]
|
727
|
+
attr_accessor :approval_required
|
728
|
+
alias_method :approval_required?, :approval_required
|
729
|
+
|
730
|
+
def initialize(**args)
|
731
|
+
update!(**args)
|
732
|
+
end
|
733
|
+
|
734
|
+
# Update properties of this object
|
735
|
+
def update!(**args)
|
736
|
+
@approval_required = args[:approval_required] if args.key?(:approval_required)
|
737
|
+
end
|
738
|
+
end
|
739
|
+
|
740
|
+
# ApprovalResult describes the decision and associated metadata of a manual
|
741
|
+
# approval of a build.
|
742
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult
|
743
|
+
include Google::Apis::Core::Hashable
|
744
|
+
|
745
|
+
# Output only. The time when the approval decision was made.
|
746
|
+
# Corresponds to the JSON property `approvalTime`
|
747
|
+
# @return [String]
|
748
|
+
attr_accessor :approval_time
|
749
|
+
|
750
|
+
# Output only. Email of the user that called the ApproveBuild API to approve or
|
751
|
+
# reject a build at the time that the API was called.
|
752
|
+
# Corresponds to the JSON property `approverAccount`
|
753
|
+
# @return [String]
|
754
|
+
attr_accessor :approver_account
|
755
|
+
|
756
|
+
# Optional. An optional comment for this manual approval result.
|
757
|
+
# Corresponds to the JSON property `comment`
|
758
|
+
# @return [String]
|
759
|
+
attr_accessor :comment
|
760
|
+
|
761
|
+
# Required. The decision of this manual approval.
|
762
|
+
# Corresponds to the JSON property `decision`
|
763
|
+
# @return [String]
|
764
|
+
attr_accessor :decision
|
765
|
+
|
766
|
+
# Optional. An optional URL tied to this manual approval result. This field is
|
767
|
+
# essentially the same as comment, except that it will be rendered by the UI
|
768
|
+
# differently. An example use case is a link to an external job that approved
|
769
|
+
# this Build.
|
770
|
+
# Corresponds to the JSON property `url`
|
771
|
+
# @return [String]
|
772
|
+
attr_accessor :url
|
773
|
+
|
774
|
+
def initialize(**args)
|
775
|
+
update!(**args)
|
776
|
+
end
|
777
|
+
|
778
|
+
# Update properties of this object
|
779
|
+
def update!(**args)
|
780
|
+
@approval_time = args[:approval_time] if args.key?(:approval_time)
|
781
|
+
@approver_account = args[:approver_account] if args.key?(:approver_account)
|
782
|
+
@comment = args[:comment] if args.key?(:comment)
|
783
|
+
@decision = args[:decision] if args.key?(:decision)
|
784
|
+
@url = args[:url] if args.key?(:url)
|
785
|
+
end
|
786
|
+
end
|
787
|
+
|
788
|
+
# Artifacts produced by a build that should be uploaded upon successful
|
789
|
+
# completion of all build steps.
|
790
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts
|
791
|
+
include Google::Apis::Core::Hashable
|
792
|
+
|
793
|
+
# A list of images to be pushed upon the successful completion of all build
|
794
|
+
# steps. The images will be pushed using the builder service account's
|
795
|
+
# credentials. The digests of the pushed images will be stored in the Build
|
796
|
+
# resource's results field. If any of the images fail to be pushed, the build is
|
797
|
+
# marked FAILURE.
|
798
|
+
# Corresponds to the JSON property `images`
|
799
|
+
# @return [Array<String>]
|
800
|
+
attr_accessor :images
|
801
|
+
|
802
|
+
# Files in the workspace to upload to Cloud Storage upon successful completion
|
803
|
+
# of all build steps.
|
804
|
+
# Corresponds to the JSON property `objects`
|
805
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects]
|
806
|
+
attr_accessor :objects
|
807
|
+
|
808
|
+
def initialize(**args)
|
809
|
+
update!(**args)
|
810
|
+
end
|
811
|
+
|
812
|
+
# Update properties of this object
|
813
|
+
def update!(**args)
|
814
|
+
@images = args[:images] if args.key?(:images)
|
815
|
+
@objects = args[:objects] if args.key?(:objects)
|
816
|
+
end
|
817
|
+
end
|
818
|
+
|
819
|
+
# Files in the workspace to upload to Cloud Storage upon successful completion
|
820
|
+
# of all build steps.
|
821
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects
|
822
|
+
include Google::Apis::Core::Hashable
|
823
|
+
|
824
|
+
# Cloud Storage bucket and optional object path, in the form "gs://bucket/path/
|
825
|
+
# to/somewhere/". (see [Bucket Name Requirements](https://cloud.google.com/
|
826
|
+
# storage/docs/bucket-naming#requirements)). Files in the workspace matching any
|
827
|
+
# path pattern will be uploaded to Cloud Storage with this location as a prefix.
|
828
|
+
# Corresponds to the JSON property `location`
|
829
|
+
# @return [String]
|
830
|
+
attr_accessor :location
|
831
|
+
|
832
|
+
# Path globs used to match files in the build's workspace.
|
833
|
+
# Corresponds to the JSON property `paths`
|
834
|
+
# @return [Array<String>]
|
835
|
+
attr_accessor :paths
|
836
|
+
|
837
|
+
# Start and end times for a build execution phase.
|
838
|
+
# Corresponds to the JSON property `timing`
|
839
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan]
|
840
|
+
attr_accessor :timing
|
841
|
+
|
842
|
+
def initialize(**args)
|
843
|
+
update!(**args)
|
844
|
+
end
|
845
|
+
|
846
|
+
# Update properties of this object
|
847
|
+
def update!(**args)
|
848
|
+
@location = args[:location] if args.key?(:location)
|
849
|
+
@paths = args[:paths] if args.key?(:paths)
|
850
|
+
@timing = args[:timing] if args.key?(:timing)
|
851
|
+
end
|
852
|
+
end
|
853
|
+
|
854
|
+
# A build resource in the Cloud Build API. At a high level, a `Build` describes
|
855
|
+
# where to find source code, how to build it (for example, the builder image to
|
856
|
+
# run on the source), and where to store the built artifacts. Fields can include
|
857
|
+
# the following variables, which will be expanded when the build is created: - $
|
858
|
+
# PROJECT_ID: the project ID of the build. - $PROJECT_NUMBER: the project number
|
859
|
+
# of the build. - $LOCATION: the location/region of the build. - $BUILD_ID: the
|
860
|
+
# autogenerated ID of the build. - $REPO_NAME: the source repository name
|
861
|
+
# specified by RepoSource. - $BRANCH_NAME: the branch name specified by
|
862
|
+
# RepoSource. - $TAG_NAME: the tag name specified by RepoSource. - $REVISION_ID
|
863
|
+
# or $COMMIT_SHA: the commit SHA specified by RepoSource or resolved from the
|
864
|
+
# specified branch or tag. - $SHORT_SHA: first 7 characters of $REVISION_ID or $
|
865
|
+
# COMMIT_SHA.
|
866
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Build
|
867
|
+
include Google::Apis::Core::Hashable
|
868
|
+
|
869
|
+
# BuildApproval describes a build's approval configuration, state, and result.
|
870
|
+
# Corresponds to the JSON property `approval`
|
871
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval]
|
872
|
+
attr_accessor :approval
|
873
|
+
|
874
|
+
# Artifacts produced by a build that should be uploaded upon successful
|
875
|
+
# completion of all build steps.
|
876
|
+
# Corresponds to the JSON property `artifacts`
|
877
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts]
|
878
|
+
attr_accessor :artifacts
|
879
|
+
|
880
|
+
# Secrets and secret environment variables.
|
881
|
+
# Corresponds to the JSON property `availableSecrets`
|
882
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets]
|
883
|
+
attr_accessor :available_secrets
|
884
|
+
|
885
|
+
# Output only. The ID of the `BuildTrigger` that triggered this build, if it was
|
886
|
+
# triggered automatically.
|
887
|
+
# Corresponds to the JSON property `buildTriggerId`
|
888
|
+
# @return [String]
|
889
|
+
attr_accessor :build_trigger_id
|
890
|
+
|
891
|
+
# Output only. Time at which the request to create the build was received.
|
892
|
+
# Corresponds to the JSON property `createTime`
|
893
|
+
# @return [String]
|
894
|
+
attr_accessor :create_time
|
895
|
+
|
896
|
+
# A fatal problem encountered during the execution of the build.
|
897
|
+
# Corresponds to the JSON property `failureInfo`
|
898
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo]
|
899
|
+
attr_accessor :failure_info
|
900
|
+
|
901
|
+
# Output only. Time at which execution of the build was finished. The difference
|
902
|
+
# between finish_time and start_time is the duration of the build's execution.
|
903
|
+
# Corresponds to the JSON property `finishTime`
|
904
|
+
# @return [String]
|
905
|
+
attr_accessor :finish_time
|
906
|
+
|
907
|
+
# Output only. Unique identifier of the build.
|
908
|
+
# Corresponds to the JSON property `id`
|
909
|
+
# @return [String]
|
910
|
+
attr_accessor :id
|
911
|
+
|
912
|
+
# A list of images to be pushed upon the successful completion of all build
|
913
|
+
# steps. The images are pushed using the builder service account's credentials.
|
914
|
+
# The digests of the pushed images will be stored in the `Build` resource's
|
915
|
+
# results field. If any of the images fail to be pushed, the build status is
|
916
|
+
# marked `FAILURE`.
|
917
|
+
# Corresponds to the JSON property `images`
|
918
|
+
# @return [Array<String>]
|
919
|
+
attr_accessor :images
|
920
|
+
|
921
|
+
# Output only. URL to logs for this build in Google Cloud Console.
|
922
|
+
# Corresponds to the JSON property `logUrl`
|
923
|
+
# @return [String]
|
924
|
+
attr_accessor :log_url
|
925
|
+
|
926
|
+
# Google Cloud Storage bucket where logs should be written (see [Bucket Name
|
927
|
+
# Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)
|
928
|
+
# ). Logs file names will be of the format `$`logs_bucket`/log-$`build_id`.txt`.
|
929
|
+
# Corresponds to the JSON property `logsBucket`
|
930
|
+
# @return [String]
|
931
|
+
attr_accessor :logs_bucket
|
932
|
+
|
933
|
+
# Output only. The 'Build' name with format: `projects/`project`/locations/`
|
934
|
+
# location`/builds/`build``, where `build` is a unique identifier generated by
|
935
|
+
# the service.
|
936
|
+
# Corresponds to the JSON property `name`
|
937
|
+
# @return [String]
|
938
|
+
attr_accessor :name
|
939
|
+
|
940
|
+
# Optional arguments to enable specific features of builds.
|
941
|
+
# Corresponds to the JSON property `options`
|
942
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions]
|
943
|
+
attr_accessor :options
|
944
|
+
|
945
|
+
# Output only. ID of the project.
|
946
|
+
# Corresponds to the JSON property `projectId`
|
947
|
+
# @return [String]
|
948
|
+
attr_accessor :project_id
|
949
|
+
|
950
|
+
# TTL in queue for this build. If provided and the build is enqueued longer than
|
951
|
+
# this value, the build will expire and the build status will be `EXPIRED`. The
|
952
|
+
# TTL starts ticking from create_time.
|
953
|
+
# Corresponds to the JSON property `queueTtl`
|
954
|
+
# @return [String]
|
955
|
+
attr_accessor :queue_ttl
|
956
|
+
|
957
|
+
# Artifacts created by the build pipeline.
|
958
|
+
# Corresponds to the JSON property `results`
|
959
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Results]
|
960
|
+
attr_accessor :results
|
961
|
+
|
962
|
+
# Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is
|
963
|
+
# the recommended technique for managing sensitive data with Cloud Build. Use `
|
964
|
+
# available_secrets` to configure builds to access secrets from Secret Manager.
|
965
|
+
# For instructions, see: https://cloud.google.com/cloud-build/docs/securing-
|
966
|
+
# builds/use-secrets
|
967
|
+
# Corresponds to the JSON property `secrets`
|
968
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Secret>]
|
969
|
+
attr_accessor :secrets
|
970
|
+
|
971
|
+
# IAM service account whose credentials will be used at build runtime. Must be
|
972
|
+
# of the format `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. ACCOUNT can
|
973
|
+
# be email address or uniqueId of the service account.
|
974
|
+
# Corresponds to the JSON property `serviceAccount`
|
975
|
+
# @return [String]
|
976
|
+
attr_accessor :service_account
|
977
|
+
|
978
|
+
# Location of the source in a supported storage service.
|
979
|
+
# Corresponds to the JSON property `source`
|
980
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Source]
|
981
|
+
attr_accessor :source
|
982
|
+
|
983
|
+
# Provenance of the source. Ways to find the original source, or verify that
|
984
|
+
# some source was used for this build.
|
985
|
+
# Corresponds to the JSON property `sourceProvenance`
|
986
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance]
|
987
|
+
attr_accessor :source_provenance
|
988
|
+
|
989
|
+
# Output only. Time at which execution of the build was started.
|
990
|
+
# Corresponds to the JSON property `startTime`
|
991
|
+
# @return [String]
|
992
|
+
attr_accessor :start_time
|
993
|
+
|
994
|
+
# Output only. Status of the build.
|
995
|
+
# Corresponds to the JSON property `status`
|
996
|
+
# @return [String]
|
997
|
+
attr_accessor :status
|
998
|
+
|
999
|
+
# Output only. Customer-readable message about the current status.
|
1000
|
+
# Corresponds to the JSON property `statusDetail`
|
1001
|
+
# @return [String]
|
1002
|
+
attr_accessor :status_detail
|
1003
|
+
|
1004
|
+
# Required. The operations to be performed on the workspace.
|
1005
|
+
# Corresponds to the JSON property `steps`
|
1006
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep>]
|
1007
|
+
attr_accessor :steps
|
1008
|
+
|
1009
|
+
# Substitutions data for `Build` resource.
|
1010
|
+
# Corresponds to the JSON property `substitutions`
|
1011
|
+
# @return [Hash<String,String>]
|
1012
|
+
attr_accessor :substitutions
|
1013
|
+
|
1014
|
+
# Tags for annotation of a `Build`. These are not docker tags.
|
1015
|
+
# Corresponds to the JSON property `tags`
|
1016
|
+
# @return [Array<String>]
|
1017
|
+
attr_accessor :tags
|
1018
|
+
|
1019
|
+
# Amount of time that this build should be allowed to run, to second granularity.
|
1020
|
+
# If this amount of time elapses, work on the build will cease and the build
|
1021
|
+
# status will be `TIMEOUT`. `timeout` starts ticking from `startTime`. Default
|
1022
|
+
# time is ten minutes.
|
1023
|
+
# Corresponds to the JSON property `timeout`
|
1024
|
+
# @return [String]
|
1025
|
+
attr_accessor :timeout
|
1026
|
+
|
1027
|
+
# Output only. Stores timing information for phases of the build. Valid keys are:
|
1028
|
+
# * BUILD: time to execute all build steps. * PUSH: time to push all specified
|
1029
|
+
# images. * FETCHSOURCE: time to fetch source. * SETUPBUILD: time to set up
|
1030
|
+
# build. If the build does not specify source or images, these keys will not be
|
1031
|
+
# included.
|
1032
|
+
# Corresponds to the JSON property `timing`
|
1033
|
+
# @return [Hash<String,Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan>]
|
1034
|
+
attr_accessor :timing
|
1035
|
+
|
1036
|
+
# Output only. Non-fatal problems encountered during the execution of the build.
|
1037
|
+
# Corresponds to the JSON property `warnings`
|
1038
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning>]
|
1039
|
+
attr_accessor :warnings
|
1040
|
+
|
1041
|
+
def initialize(**args)
|
1042
|
+
update!(**args)
|
1043
|
+
end
|
1044
|
+
|
1045
|
+
# Update properties of this object
|
1046
|
+
def update!(**args)
|
1047
|
+
@approval = args[:approval] if args.key?(:approval)
|
1048
|
+
@artifacts = args[:artifacts] if args.key?(:artifacts)
|
1049
|
+
@available_secrets = args[:available_secrets] if args.key?(:available_secrets)
|
1050
|
+
@build_trigger_id = args[:build_trigger_id] if args.key?(:build_trigger_id)
|
1051
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1052
|
+
@failure_info = args[:failure_info] if args.key?(:failure_info)
|
1053
|
+
@finish_time = args[:finish_time] if args.key?(:finish_time)
|
1054
|
+
@id = args[:id] if args.key?(:id)
|
1055
|
+
@images = args[:images] if args.key?(:images)
|
1056
|
+
@log_url = args[:log_url] if args.key?(:log_url)
|
1057
|
+
@logs_bucket = args[:logs_bucket] if args.key?(:logs_bucket)
|
1058
|
+
@name = args[:name] if args.key?(:name)
|
1059
|
+
@options = args[:options] if args.key?(:options)
|
1060
|
+
@project_id = args[:project_id] if args.key?(:project_id)
|
1061
|
+
@queue_ttl = args[:queue_ttl] if args.key?(:queue_ttl)
|
1062
|
+
@results = args[:results] if args.key?(:results)
|
1063
|
+
@secrets = args[:secrets] if args.key?(:secrets)
|
1064
|
+
@service_account = args[:service_account] if args.key?(:service_account)
|
1065
|
+
@source = args[:source] if args.key?(:source)
|
1066
|
+
@source_provenance = args[:source_provenance] if args.key?(:source_provenance)
|
1067
|
+
@start_time = args[:start_time] if args.key?(:start_time)
|
1068
|
+
@status = args[:status] if args.key?(:status)
|
1069
|
+
@status_detail = args[:status_detail] if args.key?(:status_detail)
|
1070
|
+
@steps = args[:steps] if args.key?(:steps)
|
1071
|
+
@substitutions = args[:substitutions] if args.key?(:substitutions)
|
1072
|
+
@tags = args[:tags] if args.key?(:tags)
|
1073
|
+
@timeout = args[:timeout] if args.key?(:timeout)
|
1074
|
+
@timing = args[:timing] if args.key?(:timing)
|
1075
|
+
@warnings = args[:warnings] if args.key?(:warnings)
|
1076
|
+
end
|
1077
|
+
end
|
1078
|
+
|
1079
|
+
# BuildApproval describes a build's approval configuration, state, and result.
|
1080
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval
|
1081
|
+
include Google::Apis::Core::Hashable
|
1082
|
+
|
1083
|
+
# ApprovalConfig describes configuration for manual approval of a build.
|
1084
|
+
# Corresponds to the JSON property `config`
|
1085
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig]
|
1086
|
+
attr_accessor :config
|
1087
|
+
|
1088
|
+
# ApprovalResult describes the decision and associated metadata of a manual
|
1089
|
+
# approval of a build.
|
1090
|
+
# Corresponds to the JSON property `result`
|
1091
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult]
|
1092
|
+
attr_accessor :result
|
1093
|
+
|
1094
|
+
# Output only. The state of this build's approval.
|
1095
|
+
# Corresponds to the JSON property `state`
|
1096
|
+
# @return [String]
|
1097
|
+
attr_accessor :state
|
1098
|
+
|
1099
|
+
def initialize(**args)
|
1100
|
+
update!(**args)
|
1101
|
+
end
|
1102
|
+
|
1103
|
+
# Update properties of this object
|
1104
|
+
def update!(**args)
|
1105
|
+
@config = args[:config] if args.key?(:config)
|
1106
|
+
@result = args[:result] if args.key?(:result)
|
1107
|
+
@state = args[:state] if args.key?(:state)
|
1108
|
+
end
|
1109
|
+
end
|
1110
|
+
|
1111
|
+
# A fatal problem encountered during the execution of the build.
|
1112
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo
|
1113
|
+
include Google::Apis::Core::Hashable
|
1114
|
+
|
1115
|
+
# Explains the failure issue in more detail using hard-coded text.
|
1116
|
+
# Corresponds to the JSON property `detail`
|
1117
|
+
# @return [String]
|
1118
|
+
attr_accessor :detail
|
1119
|
+
|
1120
|
+
# The name of the failure.
|
1121
|
+
# Corresponds to the JSON property `type`
|
1122
|
+
# @return [String]
|
1123
|
+
attr_accessor :type
|
1124
|
+
|
1125
|
+
def initialize(**args)
|
1126
|
+
update!(**args)
|
1127
|
+
end
|
1128
|
+
|
1129
|
+
# Update properties of this object
|
1130
|
+
def update!(**args)
|
1131
|
+
@detail = args[:detail] if args.key?(:detail)
|
1132
|
+
@type = args[:type] if args.key?(:type)
|
1133
|
+
end
|
1134
|
+
end
|
1135
|
+
|
1136
|
+
# Optional arguments to enable specific features of builds.
|
1137
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions
|
1138
|
+
include Google::Apis::Core::Hashable
|
1139
|
+
|
1140
|
+
# Requested disk size for the VM that runs the build. Note that this is *NOT* "
|
1141
|
+
# disk free"; some of the space will be used by the operating system and build
|
1142
|
+
# utilities. Also note that this is the minimum disk size that will be allocated
|
1143
|
+
# for the build -- the build may run with a larger disk than requested. At
|
1144
|
+
# present, the maximum disk size is 1000GB; builds that request more than the
|
1145
|
+
# maximum are rejected with an error.
|
1146
|
+
# Corresponds to the JSON property `diskSizeGb`
|
1147
|
+
# @return [Fixnum]
|
1148
|
+
attr_accessor :disk_size_gb
|
1149
|
+
|
1150
|
+
# Option to specify whether or not to apply bash style string operations to the
|
1151
|
+
# substitutions. NOTE: this is always enabled for triggered builds and cannot be
|
1152
|
+
# overridden in the build configuration file.
|
1153
|
+
# Corresponds to the JSON property `dynamicSubstitutions`
|
1154
|
+
# @return [Boolean]
|
1155
|
+
attr_accessor :dynamic_substitutions
|
1156
|
+
alias_method :dynamic_substitutions?, :dynamic_substitutions
|
1157
|
+
|
1158
|
+
# A list of global environment variable definitions that will exist for all
|
1159
|
+
# build steps in this build. If a variable is defined in both globally and in a
|
1160
|
+
# build step, the variable will use the build step value. The elements are of
|
1161
|
+
# the form "KEY=VALUE" for the environment variable "KEY" being given the value "
|
1162
|
+
# VALUE".
|
1163
|
+
# Corresponds to the JSON property `env`
|
1164
|
+
# @return [Array<String>]
|
1165
|
+
attr_accessor :env
|
1166
|
+
|
1167
|
+
# Option to define build log streaming behavior to Google Cloud Storage.
|
1168
|
+
# Corresponds to the JSON property `logStreamingOption`
|
1169
|
+
# @return [String]
|
1170
|
+
attr_accessor :log_streaming_option
|
1171
|
+
|
1172
|
+
# Option to specify the logging mode, which determines if and where build logs
|
1173
|
+
# are stored.
|
1174
|
+
# Corresponds to the JSON property `logging`
|
1175
|
+
# @return [String]
|
1176
|
+
attr_accessor :logging
|
1177
|
+
|
1178
|
+
# Compute Engine machine type on which to run the build.
|
1179
|
+
# Corresponds to the JSON property `machineType`
|
1180
|
+
# @return [String]
|
1181
|
+
attr_accessor :machine_type
|
1182
|
+
|
1183
|
+
# Details about how a build should be executed on a `WorkerPool`. See [running
|
1184
|
+
# builds in a private pool](https://cloud.google.com/build/docs/private-pools/
|
1185
|
+
# run-builds-in-private-pool) for more information.
|
1186
|
+
# Corresponds to the JSON property `pool`
|
1187
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption]
|
1188
|
+
attr_accessor :pool
|
1189
|
+
|
1190
|
+
# Requested verifiability options.
|
1191
|
+
# Corresponds to the JSON property `requestedVerifyOption`
|
1192
|
+
# @return [String]
|
1193
|
+
attr_accessor :requested_verify_option
|
1194
|
+
|
1195
|
+
# A list of global environment variables, which are encrypted using a Cloud Key
|
1196
|
+
# Management Service crypto key. These values must be specified in the build's `
|
1197
|
+
# Secret`. These variables will be available to all build steps in this build.
|
1198
|
+
# Corresponds to the JSON property `secretEnv`
|
1199
|
+
# @return [Array<String>]
|
1200
|
+
attr_accessor :secret_env
|
1201
|
+
|
1202
|
+
# Requested hash for SourceProvenance.
|
1203
|
+
# Corresponds to the JSON property `sourceProvenanceHash`
|
1204
|
+
# @return [Array<String>]
|
1205
|
+
attr_accessor :source_provenance_hash
|
1206
|
+
|
1207
|
+
# Option to specify behavior when there is an error in the substitution checks.
|
1208
|
+
# NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be
|
1209
|
+
# overridden in the build configuration file.
|
1210
|
+
# Corresponds to the JSON property `substitutionOption`
|
1211
|
+
# @return [String]
|
1212
|
+
attr_accessor :substitution_option
|
1213
|
+
|
1214
|
+
# Global list of volumes to mount for ALL build steps Each volume is created as
|
1215
|
+
# an empty volume prior to starting the build process. Upon completion of the
|
1216
|
+
# build, volumes and their contents are discarded. Global volume names and paths
|
1217
|
+
# cannot conflict with the volumes defined a build step. Using a global volume
|
1218
|
+
# in a build with only one step is not valid as it is indicative of a build
|
1219
|
+
# request with an incorrect configuration.
|
1220
|
+
# Corresponds to the JSON property `volumes`
|
1221
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Volume>]
|
1222
|
+
attr_accessor :volumes
|
1223
|
+
|
1224
|
+
# This field deprecated; please use `pool.name` instead.
|
1225
|
+
# Corresponds to the JSON property `workerPool`
|
1226
|
+
# @return [String]
|
1227
|
+
attr_accessor :worker_pool
|
1228
|
+
|
1229
|
+
def initialize(**args)
|
1230
|
+
update!(**args)
|
1231
|
+
end
|
1232
|
+
|
1233
|
+
# Update properties of this object
|
1234
|
+
def update!(**args)
|
1235
|
+
@disk_size_gb = args[:disk_size_gb] if args.key?(:disk_size_gb)
|
1236
|
+
@dynamic_substitutions = args[:dynamic_substitutions] if args.key?(:dynamic_substitutions)
|
1237
|
+
@env = args[:env] if args.key?(:env)
|
1238
|
+
@log_streaming_option = args[:log_streaming_option] if args.key?(:log_streaming_option)
|
1239
|
+
@logging = args[:logging] if args.key?(:logging)
|
1240
|
+
@machine_type = args[:machine_type] if args.key?(:machine_type)
|
1241
|
+
@pool = args[:pool] if args.key?(:pool)
|
1242
|
+
@requested_verify_option = args[:requested_verify_option] if args.key?(:requested_verify_option)
|
1243
|
+
@secret_env = args[:secret_env] if args.key?(:secret_env)
|
1244
|
+
@source_provenance_hash = args[:source_provenance_hash] if args.key?(:source_provenance_hash)
|
1245
|
+
@substitution_option = args[:substitution_option] if args.key?(:substitution_option)
|
1246
|
+
@volumes = args[:volumes] if args.key?(:volumes)
|
1247
|
+
@worker_pool = args[:worker_pool] if args.key?(:worker_pool)
|
1248
|
+
end
|
1249
|
+
end
|
1250
|
+
|
1251
|
+
# Details about how a build should be executed on a `WorkerPool`. See [running
|
1252
|
+
# builds in a private pool](https://cloud.google.com/build/docs/private-pools/
|
1253
|
+
# run-builds-in-private-pool) for more information.
|
1254
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption
|
1255
|
+
include Google::Apis::Core::Hashable
|
1256
|
+
|
1257
|
+
# The `WorkerPool` resource to execute the build on. You must have `cloudbuild.
|
1258
|
+
# workerpools.use` on the project hosting the WorkerPool. Format projects/`
|
1259
|
+
# project`/locations/`location`/workerPools/`workerPoolId`
|
1260
|
+
# Corresponds to the JSON property `name`
|
1261
|
+
# @return [String]
|
1262
|
+
attr_accessor :name
|
1263
|
+
|
1264
|
+
def initialize(**args)
|
1265
|
+
update!(**args)
|
1266
|
+
end
|
1267
|
+
|
1268
|
+
# Update properties of this object
|
1269
|
+
def update!(**args)
|
1270
|
+
@name = args[:name] if args.key?(:name)
|
1271
|
+
end
|
1272
|
+
end
|
1273
|
+
|
1274
|
+
# A step in the build pipeline.
|
1275
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep
|
1276
|
+
include Google::Apis::Core::Hashable
|
1277
|
+
|
1278
|
+
# A list of arguments that will be presented to the step when it is started. If
|
1279
|
+
# the image used to run the step's container has an entrypoint, the `args` are
|
1280
|
+
# used as arguments to that entrypoint. If the image does not define an
|
1281
|
+
# entrypoint, the first element in args is used as the entrypoint, and the
|
1282
|
+
# remainder will be used as arguments.
|
1283
|
+
# Corresponds to the JSON property `args`
|
1284
|
+
# @return [Array<String>]
|
1285
|
+
attr_accessor :args
|
1286
|
+
|
1287
|
+
# Working directory to use when running this step's container. If this value is
|
1288
|
+
# a relative path, it is relative to the build's working directory. If this
|
1289
|
+
# value is absolute, it may be outside the build's working directory, in which
|
1290
|
+
# case the contents of the path may not be persisted across build step
|
1291
|
+
# executions, unless a `volume` for that path is specified. If the build
|
1292
|
+
# specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies
|
1293
|
+
# an absolute path, the `RepoSource` `dir` is ignored for the step's execution.
|
1294
|
+
# Corresponds to the JSON property `dir`
|
1295
|
+
# @return [String]
|
1296
|
+
attr_accessor :dir
|
1297
|
+
|
1298
|
+
# Entrypoint to be used instead of the build step image's default entrypoint. If
|
1299
|
+
# unset, the image's default entrypoint is used.
|
1300
|
+
# Corresponds to the JSON property `entrypoint`
|
1301
|
+
# @return [String]
|
1302
|
+
attr_accessor :entrypoint
|
1303
|
+
|
1304
|
+
# A list of environment variable definitions to be used when running a step. The
|
1305
|
+
# elements are of the form "KEY=VALUE" for the environment variable "KEY" being
|
1306
|
+
# given the value "VALUE".
|
1307
|
+
# Corresponds to the JSON property `env`
|
1308
|
+
# @return [Array<String>]
|
1309
|
+
attr_accessor :env
|
1310
|
+
|
1311
|
+
# Unique identifier for this build step, used in `wait_for` to reference this
|
1312
|
+
# build step as a dependency.
|
1313
|
+
# Corresponds to the JSON property `id`
|
1314
|
+
# @return [String]
|
1315
|
+
attr_accessor :id
|
1316
|
+
|
1317
|
+
# Required. The name of the container image that will run this particular build
|
1318
|
+
# step. If the image is available in the host's Docker daemon's cache, it will
|
1319
|
+
# be run directly. If not, the host will attempt to pull the image first, using
|
1320
|
+
# the builder service account's credentials if necessary. The Docker daemon's
|
1321
|
+
# cache will already have the latest versions of all of the officially supported
|
1322
|
+
# build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://
|
1323
|
+
# github.com/GoogleCloudPlatform/cloud-builders)). The Docker daemon will also
|
1324
|
+
# have cached many of the layers for some popular images, like "ubuntu", "debian"
|
1325
|
+
# , but they will be refreshed at the time you attempt to use them. If you built
|
1326
|
+
# an image in a previous build step, it will be stored in the host's Docker
|
1327
|
+
# daemon's cache and is available to use as the name for a later build step.
|
1328
|
+
# Corresponds to the JSON property `name`
|
1329
|
+
# @return [String]
|
1330
|
+
attr_accessor :name
|
1331
|
+
|
1332
|
+
# Start and end times for a build execution phase.
|
1333
|
+
# Corresponds to the JSON property `pullTiming`
|
1334
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan]
|
1335
|
+
attr_accessor :pull_timing
|
1336
|
+
|
1337
|
+
# A shell script to be executed in the step. When script is provided, the user
|
1338
|
+
# cannot specify the entrypoint or args.
|
1339
|
+
# Corresponds to the JSON property `script`
|
1340
|
+
# @return [String]
|
1341
|
+
attr_accessor :script
|
1342
|
+
|
1343
|
+
# A list of environment variables which are encrypted using a Cloud Key
|
1344
|
+
# Management Service crypto key. These values must be specified in the build's `
|
1345
|
+
# Secret`.
|
1346
|
+
# Corresponds to the JSON property `secretEnv`
|
1347
|
+
# @return [Array<String>]
|
1348
|
+
attr_accessor :secret_env
|
1349
|
+
|
1350
|
+
# Output only. Status of the build step. At this time, build step status is only
|
1351
|
+
# updated on build completion; step status is not updated in real-time as the
|
1352
|
+
# build progresses.
|
1353
|
+
# Corresponds to the JSON property `status`
|
1354
|
+
# @return [String]
|
1355
|
+
attr_accessor :status
|
1356
|
+
|
1357
|
+
# Time limit for executing this build step. If not defined, the step has no time
|
1358
|
+
# limit and will be allowed to continue to run until either it completes or the
|
1359
|
+
# build itself times out.
|
1360
|
+
# Corresponds to the JSON property `timeout`
|
1361
|
+
# @return [String]
|
1362
|
+
attr_accessor :timeout
|
1363
|
+
|
1364
|
+
# Start and end times for a build execution phase.
|
1365
|
+
# Corresponds to the JSON property `timing`
|
1366
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan]
|
1367
|
+
attr_accessor :timing
|
1368
|
+
|
1369
|
+
# List of volumes to mount into the build step. Each volume is created as an
|
1370
|
+
# empty volume prior to execution of the build step. Upon completion of the
|
1371
|
+
# build, volumes and their contents are discarded. Using a named volume in only
|
1372
|
+
# one step is not valid as it is indicative of a build request with an incorrect
|
1373
|
+
# configuration.
|
1374
|
+
# Corresponds to the JSON property `volumes`
|
1375
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Volume>]
|
1376
|
+
attr_accessor :volumes
|
1377
|
+
|
1378
|
+
# The ID(s) of the step(s) that this build step depends on. This build step will
|
1379
|
+
# not start until all the build steps in `wait_for` have completed successfully.
|
1380
|
+
# If `wait_for` is empty, this build step will start when all previous build
|
1381
|
+
# steps in the `Build.Steps` list have completed successfully.
|
1382
|
+
# Corresponds to the JSON property `waitFor`
|
1383
|
+
# @return [Array<String>]
|
1384
|
+
attr_accessor :wait_for
|
1385
|
+
|
1386
|
+
def initialize(**args)
|
1387
|
+
update!(**args)
|
1388
|
+
end
|
1389
|
+
|
1390
|
+
# Update properties of this object
|
1391
|
+
def update!(**args)
|
1392
|
+
@args = args[:args] if args.key?(:args)
|
1393
|
+
@dir = args[:dir] if args.key?(:dir)
|
1394
|
+
@entrypoint = args[:entrypoint] if args.key?(:entrypoint)
|
1395
|
+
@env = args[:env] if args.key?(:env)
|
1396
|
+
@id = args[:id] if args.key?(:id)
|
1397
|
+
@name = args[:name] if args.key?(:name)
|
1398
|
+
@pull_timing = args[:pull_timing] if args.key?(:pull_timing)
|
1399
|
+
@script = args[:script] if args.key?(:script)
|
1400
|
+
@secret_env = args[:secret_env] if args.key?(:secret_env)
|
1401
|
+
@status = args[:status] if args.key?(:status)
|
1402
|
+
@timeout = args[:timeout] if args.key?(:timeout)
|
1403
|
+
@timing = args[:timing] if args.key?(:timing)
|
1404
|
+
@volumes = args[:volumes] if args.key?(:volumes)
|
1405
|
+
@wait_for = args[:wait_for] if args.key?(:wait_for)
|
1406
|
+
end
|
1407
|
+
end
|
1408
|
+
|
1409
|
+
# A non-fatal problem encountered during the execution of the build.
|
1410
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning
|
1411
|
+
include Google::Apis::Core::Hashable
|
1412
|
+
|
1413
|
+
# The priority for this warning.
|
1414
|
+
# Corresponds to the JSON property `priority`
|
1415
|
+
# @return [String]
|
1416
|
+
attr_accessor :priority
|
1417
|
+
|
1418
|
+
# Explanation of the warning generated.
|
1419
|
+
# Corresponds to the JSON property `text`
|
1420
|
+
# @return [String]
|
1421
|
+
attr_accessor :text
|
1422
|
+
|
1423
|
+
def initialize(**args)
|
1424
|
+
update!(**args)
|
1425
|
+
end
|
1426
|
+
|
1427
|
+
# Update properties of this object
|
1428
|
+
def update!(**args)
|
1429
|
+
@priority = args[:priority] if args.key?(:priority)
|
1430
|
+
@text = args[:text] if args.key?(:text)
|
1431
|
+
end
|
1432
|
+
end
|
1433
|
+
|
1434
|
+
# An image built by the pipeline.
|
1435
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage
|
1436
|
+
include Google::Apis::Core::Hashable
|
1437
|
+
|
1438
|
+
# Docker Registry 2.0 digest.
|
1439
|
+
# Corresponds to the JSON property `digest`
|
1440
|
+
# @return [String]
|
1441
|
+
attr_accessor :digest
|
1442
|
+
|
1443
|
+
# Name used to push the container image to Google Container Registry, as
|
1444
|
+
# presented to `docker push`.
|
1445
|
+
# Corresponds to the JSON property `name`
|
1446
|
+
# @return [String]
|
1447
|
+
attr_accessor :name
|
1448
|
+
|
1449
|
+
# Start and end times for a build execution phase.
|
1450
|
+
# Corresponds to the JSON property `pushTiming`
|
1451
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan]
|
1452
|
+
attr_accessor :push_timing
|
1453
|
+
|
1454
|
+
def initialize(**args)
|
1455
|
+
update!(**args)
|
1456
|
+
end
|
1457
|
+
|
1458
|
+
# Update properties of this object
|
1459
|
+
def update!(**args)
|
1460
|
+
@digest = args[:digest] if args.key?(:digest)
|
1461
|
+
@name = args[:name] if args.key?(:name)
|
1462
|
+
@push_timing = args[:push_timing] if args.key?(:push_timing)
|
1463
|
+
end
|
1464
|
+
end
|
1465
|
+
|
1466
|
+
# Container message for hashes of byte content of files, used in
|
1467
|
+
# SourceProvenance messages to verify integrity of source input to the build.
|
1468
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes
|
1469
|
+
include Google::Apis::Core::Hashable
|
1470
|
+
|
1471
|
+
# Collection of file hashes.
|
1472
|
+
# Corresponds to the JSON property `fileHash`
|
1473
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1Hash>]
|
1474
|
+
attr_accessor :file_hash
|
1475
|
+
|
1476
|
+
def initialize(**args)
|
1477
|
+
update!(**args)
|
1478
|
+
end
|
1479
|
+
|
1480
|
+
# Update properties of this object
|
1481
|
+
def update!(**args)
|
1482
|
+
@file_hash = args[:file_hash] if args.key?(:file_hash)
|
1483
|
+
end
|
1484
|
+
end
|
1485
|
+
|
1486
|
+
# Container message for hash values.
|
1487
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Hash
|
1488
|
+
include Google::Apis::Core::Hashable
|
1489
|
+
|
1490
|
+
# The type of hash that was performed.
|
1491
|
+
# Corresponds to the JSON property `type`
|
1492
|
+
# @return [String]
|
1493
|
+
attr_accessor :type
|
1494
|
+
|
1495
|
+
# The hash value.
|
1496
|
+
# Corresponds to the JSON property `value`
|
1497
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
1498
|
+
# @return [String]
|
1499
|
+
attr_accessor :value
|
1500
|
+
|
1501
|
+
def initialize(**args)
|
1502
|
+
update!(**args)
|
1503
|
+
end
|
1504
|
+
|
1505
|
+
# Update properties of this object
|
1506
|
+
def update!(**args)
|
1507
|
+
@type = args[:type] if args.key?(:type)
|
1508
|
+
@value = args[:value] if args.key?(:value)
|
1509
|
+
end
|
1510
|
+
end
|
1511
|
+
|
1512
|
+
# Pairs a set of secret environment variables mapped to encrypted values with
|
1513
|
+
# the Cloud KMS key to use to decrypt the value.
|
1514
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret
|
1515
|
+
include Google::Apis::Core::Hashable
|
1516
|
+
|
1517
|
+
# Map of environment variable name to its encrypted value. Secret environment
|
1518
|
+
# variables must be unique across all of a build's secrets, and must be used by
|
1519
|
+
# at least one build step. Values can be at most 64 KB in size. There can be at
|
1520
|
+
# most 100 secret values across all of a build's secrets.
|
1521
|
+
# Corresponds to the JSON property `envMap`
|
1522
|
+
# @return [Hash<String,String>]
|
1523
|
+
attr_accessor :env_map
|
1524
|
+
|
1525
|
+
# Resource name of Cloud KMS crypto key to decrypt the encrypted value. In
|
1526
|
+
# format: projects/*/locations/*/keyRings/*/cryptoKeys/*
|
1527
|
+
# Corresponds to the JSON property `kmsKeyName`
|
1528
|
+
# @return [String]
|
1529
|
+
attr_accessor :kms_key_name
|
1530
|
+
|
1531
|
+
def initialize(**args)
|
1532
|
+
update!(**args)
|
1533
|
+
end
|
1534
|
+
|
1535
|
+
# Update properties of this object
|
1536
|
+
def update!(**args)
|
1537
|
+
@env_map = args[:env_map] if args.key?(:env_map)
|
1538
|
+
@kms_key_name = args[:kms_key_name] if args.key?(:kms_key_name)
|
1539
|
+
end
|
1540
|
+
end
|
1541
|
+
|
1542
|
+
# Location of the source in a Google Cloud Source Repository.
|
1543
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource
|
1544
|
+
include Google::Apis::Core::Hashable
|
1545
|
+
|
1546
|
+
# Regex matching branches to build. The syntax of the regular expressions
|
1547
|
+
# accepted is the syntax accepted by RE2 and described at https://github.com/
|
1548
|
+
# google/re2/wiki/Syntax
|
1549
|
+
# Corresponds to the JSON property `branchName`
|
1550
|
+
# @return [String]
|
1551
|
+
attr_accessor :branch_name
|
1552
|
+
|
1553
|
+
# Explicit commit SHA to build.
|
1554
|
+
# Corresponds to the JSON property `commitSha`
|
1555
|
+
# @return [String]
|
1556
|
+
attr_accessor :commit_sha
|
1557
|
+
|
1558
|
+
# Directory, relative to the source root, in which to run the build. This must
|
1559
|
+
# be a relative path. If a step's `dir` is specified and is an absolute path,
|
1560
|
+
# this value is ignored for that step's execution.
|
1561
|
+
# Corresponds to the JSON property `dir`
|
1562
|
+
# @return [String]
|
1563
|
+
attr_accessor :dir
|
1564
|
+
|
1565
|
+
# Only trigger a build if the revision regex does NOT match the revision regex.
|
1566
|
+
# Corresponds to the JSON property `invertRegex`
|
1567
|
+
# @return [Boolean]
|
1568
|
+
attr_accessor :invert_regex
|
1569
|
+
alias_method :invert_regex?, :invert_regex
|
1570
|
+
|
1571
|
+
# ID of the project that owns the Cloud Source Repository. If omitted, the
|
1572
|
+
# project ID requesting the build is assumed.
|
1573
|
+
# Corresponds to the JSON property `projectId`
|
1574
|
+
# @return [String]
|
1575
|
+
attr_accessor :project_id
|
1576
|
+
|
1577
|
+
# Name of the Cloud Source Repository.
|
1578
|
+
# Corresponds to the JSON property `repoName`
|
1579
|
+
# @return [String]
|
1580
|
+
attr_accessor :repo_name
|
1581
|
+
|
1582
|
+
# Substitutions to use in a triggered build. Should only be used with
|
1583
|
+
# RunBuildTrigger
|
1584
|
+
# Corresponds to the JSON property `substitutions`
|
1585
|
+
# @return [Hash<String,String>]
|
1586
|
+
attr_accessor :substitutions
|
1587
|
+
|
1588
|
+
# Regex matching tags to build. The syntax of the regular expressions accepted
|
1589
|
+
# is the syntax accepted by RE2 and described at https://github.com/google/re2/
|
1590
|
+
# wiki/Syntax
|
1591
|
+
# Corresponds to the JSON property `tagName`
|
1592
|
+
# @return [String]
|
1593
|
+
attr_accessor :tag_name
|
1594
|
+
|
1595
|
+
def initialize(**args)
|
1596
|
+
update!(**args)
|
1597
|
+
end
|
1598
|
+
|
1599
|
+
# Update properties of this object
|
1600
|
+
def update!(**args)
|
1601
|
+
@branch_name = args[:branch_name] if args.key?(:branch_name)
|
1602
|
+
@commit_sha = args[:commit_sha] if args.key?(:commit_sha)
|
1603
|
+
@dir = args[:dir] if args.key?(:dir)
|
1604
|
+
@invert_regex = args[:invert_regex] if args.key?(:invert_regex)
|
1605
|
+
@project_id = args[:project_id] if args.key?(:project_id)
|
1606
|
+
@repo_name = args[:repo_name] if args.key?(:repo_name)
|
1607
|
+
@substitutions = args[:substitutions] if args.key?(:substitutions)
|
1608
|
+
@tag_name = args[:tag_name] if args.key?(:tag_name)
|
1609
|
+
end
|
1610
|
+
end
|
1611
|
+
|
1612
|
+
# Artifacts created by the build pipeline.
|
1613
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Results
|
1614
|
+
include Google::Apis::Core::Hashable
|
1615
|
+
|
1616
|
+
# Path to the artifact manifest. Only populated when artifacts are uploaded.
|
1617
|
+
# Corresponds to the JSON property `artifactManifest`
|
1618
|
+
# @return [String]
|
1619
|
+
attr_accessor :artifact_manifest
|
1620
|
+
|
1621
|
+
# Start and end times for a build execution phase.
|
1622
|
+
# Corresponds to the JSON property `artifactTiming`
|
1623
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan]
|
1624
|
+
attr_accessor :artifact_timing
|
1625
|
+
|
1626
|
+
# List of build step digests, in the order corresponding to build step indices.
|
1627
|
+
# Corresponds to the JSON property `buildStepImages`
|
1628
|
+
# @return [Array<String>]
|
1629
|
+
attr_accessor :build_step_images
|
1630
|
+
|
1631
|
+
# List of build step outputs, produced by builder images, in the order
|
1632
|
+
# corresponding to build step indices. [Cloud Builders](https://cloud.google.com/
|
1633
|
+
# cloud-build/docs/cloud-builders) can produce this output by writing to `$
|
1634
|
+
# BUILDER_OUTPUT/output`. Only the first 4KB of data is stored.
|
1635
|
+
# Corresponds to the JSON property `buildStepOutputs`
|
1636
|
+
# @return [Array<String>]
|
1637
|
+
attr_accessor :build_step_outputs
|
1638
|
+
|
1639
|
+
# Container images that were built as a part of the build.
|
1640
|
+
# Corresponds to the JSON property `images`
|
1641
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage>]
|
1642
|
+
attr_accessor :images
|
1643
|
+
|
1644
|
+
# Number of artifacts uploaded. Only populated when artifacts are uploaded.
|
1645
|
+
# Corresponds to the JSON property `numArtifacts`
|
1646
|
+
# @return [Fixnum]
|
1647
|
+
attr_accessor :num_artifacts
|
1648
|
+
|
1649
|
+
def initialize(**args)
|
1650
|
+
update!(**args)
|
1651
|
+
end
|
1652
|
+
|
1653
|
+
# Update properties of this object
|
1654
|
+
def update!(**args)
|
1655
|
+
@artifact_manifest = args[:artifact_manifest] if args.key?(:artifact_manifest)
|
1656
|
+
@artifact_timing = args[:artifact_timing] if args.key?(:artifact_timing)
|
1657
|
+
@build_step_images = args[:build_step_images] if args.key?(:build_step_images)
|
1658
|
+
@build_step_outputs = args[:build_step_outputs] if args.key?(:build_step_outputs)
|
1659
|
+
@images = args[:images] if args.key?(:images)
|
1660
|
+
@num_artifacts = args[:num_artifacts] if args.key?(:num_artifacts)
|
1661
|
+
end
|
1662
|
+
end
|
1663
|
+
|
1664
|
+
# Pairs a set of secret environment variables containing encrypted values with
|
1665
|
+
# the Cloud KMS key to use to decrypt the value. Note: Use `kmsKeyName` with `
|
1666
|
+
# available_secrets` instead of using `kmsKeyName` with `secret`. For
|
1667
|
+
# instructions see: https://cloud.google.com/cloud-build/docs/securing-builds/
|
1668
|
+
# use-encrypted-credentials.
|
1669
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Secret
|
1670
|
+
include Google::Apis::Core::Hashable
|
1671
|
+
|
1672
|
+
# Cloud KMS key name to use to decrypt these envs.
|
1673
|
+
# Corresponds to the JSON property `kmsKeyName`
|
1674
|
+
# @return [String]
|
1675
|
+
attr_accessor :kms_key_name
|
1676
|
+
|
1677
|
+
# Map of environment variable name to its encrypted value. Secret environment
|
1678
|
+
# variables must be unique across all of a build's secrets, and must be used by
|
1679
|
+
# at least one build step. Values can be at most 64 KB in size. There can be at
|
1680
|
+
# most 100 secret values across all of a build's secrets.
|
1681
|
+
# Corresponds to the JSON property `secretEnv`
|
1682
|
+
# @return [Hash<String,String>]
|
1683
|
+
attr_accessor :secret_env
|
1684
|
+
|
1685
|
+
def initialize(**args)
|
1686
|
+
update!(**args)
|
1687
|
+
end
|
1688
|
+
|
1689
|
+
# Update properties of this object
|
1690
|
+
def update!(**args)
|
1691
|
+
@kms_key_name = args[:kms_key_name] if args.key?(:kms_key_name)
|
1692
|
+
@secret_env = args[:secret_env] if args.key?(:secret_env)
|
1693
|
+
end
|
1694
|
+
end
|
1695
|
+
|
1696
|
+
# Pairs a secret environment variable with a SecretVersion in Secret Manager.
|
1697
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret
|
1698
|
+
include Google::Apis::Core::Hashable
|
1699
|
+
|
1700
|
+
# Environment variable name to associate with the secret. Secret environment
|
1701
|
+
# variables must be unique across all of a build's secrets, and must be used by
|
1702
|
+
# at least one build step.
|
1703
|
+
# Corresponds to the JSON property `env`
|
1704
|
+
# @return [String]
|
1705
|
+
attr_accessor :env
|
1706
|
+
|
1707
|
+
# Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*
|
1708
|
+
# Corresponds to the JSON property `versionName`
|
1709
|
+
# @return [String]
|
1710
|
+
attr_accessor :version_name
|
1711
|
+
|
1712
|
+
def initialize(**args)
|
1713
|
+
update!(**args)
|
1714
|
+
end
|
1715
|
+
|
1716
|
+
# Update properties of this object
|
1717
|
+
def update!(**args)
|
1718
|
+
@env = args[:env] if args.key?(:env)
|
1719
|
+
@version_name = args[:version_name] if args.key?(:version_name)
|
1720
|
+
end
|
1721
|
+
end
|
1722
|
+
|
1723
|
+
# Secrets and secret environment variables.
|
1724
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets
|
1725
|
+
include Google::Apis::Core::Hashable
|
1726
|
+
|
1727
|
+
# Secrets encrypted with KMS key and the associated secret environment variable.
|
1728
|
+
# Corresponds to the JSON property `inline`
|
1729
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret>]
|
1730
|
+
attr_accessor :inline
|
1731
|
+
|
1732
|
+
# Secrets in Secret Manager and associated secret environment variable.
|
1733
|
+
# Corresponds to the JSON property `secretManager`
|
1734
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret>]
|
1735
|
+
attr_accessor :secret_manager
|
1736
|
+
|
1737
|
+
def initialize(**args)
|
1738
|
+
update!(**args)
|
1739
|
+
end
|
1740
|
+
|
1741
|
+
# Update properties of this object
|
1742
|
+
def update!(**args)
|
1743
|
+
@inline = args[:inline] if args.key?(:inline)
|
1744
|
+
@secret_manager = args[:secret_manager] if args.key?(:secret_manager)
|
1745
|
+
end
|
1746
|
+
end
|
1747
|
+
|
1748
|
+
# Location of the source in a supported storage service.
|
1749
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Source
|
1750
|
+
include Google::Apis::Core::Hashable
|
1751
|
+
|
1752
|
+
# Location of the source in a Google Cloud Source Repository.
|
1753
|
+
# Corresponds to the JSON property `repoSource`
|
1754
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource]
|
1755
|
+
attr_accessor :repo_source
|
1756
|
+
|
1757
|
+
# Location of the source in an archive file in Google Cloud Storage.
|
1758
|
+
# Corresponds to the JSON property `storageSource`
|
1759
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource]
|
1760
|
+
attr_accessor :storage_source
|
1761
|
+
|
1762
|
+
# Location of the source manifest in Google Cloud Storage. This feature is in
|
1763
|
+
# Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-
|
1764
|
+
# builders/tree/master/gcs-fetcher).
|
1765
|
+
# Corresponds to the JSON property `storageSourceManifest`
|
1766
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest]
|
1767
|
+
attr_accessor :storage_source_manifest
|
1768
|
+
|
1769
|
+
def initialize(**args)
|
1770
|
+
update!(**args)
|
1771
|
+
end
|
1772
|
+
|
1773
|
+
# Update properties of this object
|
1774
|
+
def update!(**args)
|
1775
|
+
@repo_source = args[:repo_source] if args.key?(:repo_source)
|
1776
|
+
@storage_source = args[:storage_source] if args.key?(:storage_source)
|
1777
|
+
@storage_source_manifest = args[:storage_source_manifest] if args.key?(:storage_source_manifest)
|
1778
|
+
end
|
1779
|
+
end
|
1780
|
+
|
1781
|
+
# Provenance of the source. Ways to find the original source, or verify that
|
1782
|
+
# some source was used for this build.
|
1783
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance
|
1784
|
+
include Google::Apis::Core::Hashable
|
1785
|
+
|
1786
|
+
# Output only. Hash(es) of the build source, which can be used to verify that
|
1787
|
+
# the original source integrity was maintained in the build. Note that `
|
1788
|
+
# FileHashes` will only be populated if `BuildOptions` has requested a `
|
1789
|
+
# SourceProvenanceHash`. The keys to this map are file paths used as build
|
1790
|
+
# source and the values contain the hash values for those files. If the build
|
1791
|
+
# source came in a single package such as a gzipped tarfile (`.tar.gz`), the `
|
1792
|
+
# FileHash` will be for the single path to that file.
|
1793
|
+
# Corresponds to the JSON property `fileHashes`
|
1794
|
+
# @return [Hash<String,Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes>]
|
1795
|
+
attr_accessor :file_hashes
|
1796
|
+
|
1797
|
+
# Location of the source in a Google Cloud Source Repository.
|
1798
|
+
# Corresponds to the JSON property `resolvedRepoSource`
|
1799
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource]
|
1800
|
+
attr_accessor :resolved_repo_source
|
1801
|
+
|
1802
|
+
# Location of the source in an archive file in Google Cloud Storage.
|
1803
|
+
# Corresponds to the JSON property `resolvedStorageSource`
|
1804
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource]
|
1805
|
+
attr_accessor :resolved_storage_source
|
1806
|
+
|
1807
|
+
# Location of the source manifest in Google Cloud Storage. This feature is in
|
1808
|
+
# Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-
|
1809
|
+
# builders/tree/master/gcs-fetcher).
|
1810
|
+
# Corresponds to the JSON property `resolvedStorageSourceManifest`
|
1811
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest]
|
1812
|
+
attr_accessor :resolved_storage_source_manifest
|
1813
|
+
|
1814
|
+
def initialize(**args)
|
1815
|
+
update!(**args)
|
1816
|
+
end
|
1817
|
+
|
1818
|
+
# Update properties of this object
|
1819
|
+
def update!(**args)
|
1820
|
+
@file_hashes = args[:file_hashes] if args.key?(:file_hashes)
|
1821
|
+
@resolved_repo_source = args[:resolved_repo_source] if args.key?(:resolved_repo_source)
|
1822
|
+
@resolved_storage_source = args[:resolved_storage_source] if args.key?(:resolved_storage_source)
|
1823
|
+
@resolved_storage_source_manifest = args[:resolved_storage_source_manifest] if args.key?(:resolved_storage_source_manifest)
|
1824
|
+
end
|
1825
|
+
end
|
1826
|
+
|
1827
|
+
# Location of the source in an archive file in Google Cloud Storage.
|
1828
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource
|
1829
|
+
include Google::Apis::Core::Hashable
|
1830
|
+
|
1831
|
+
# Google Cloud Storage bucket containing the source (see [Bucket Name
|
1832
|
+
# Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)
|
1833
|
+
# ).
|
1834
|
+
# Corresponds to the JSON property `bucket`
|
1835
|
+
# @return [String]
|
1836
|
+
attr_accessor :bucket
|
1837
|
+
|
1838
|
+
# Google Cloud Storage generation for the object. If the generation is omitted,
|
1839
|
+
# the latest generation will be used.
|
1840
|
+
# Corresponds to the JSON property `generation`
|
1841
|
+
# @return [Fixnum]
|
1842
|
+
attr_accessor :generation
|
1843
|
+
|
1844
|
+
# Google Cloud Storage object containing the source. This object must be a
|
1845
|
+
# zipped (`.zip`) or gzipped archive file (`.tar.gz`) containing source to build.
|
1846
|
+
# Corresponds to the JSON property `object`
|
1847
|
+
# @return [String]
|
1848
|
+
attr_accessor :object
|
1849
|
+
|
1850
|
+
def initialize(**args)
|
1851
|
+
update!(**args)
|
1852
|
+
end
|
1853
|
+
|
1854
|
+
# Update properties of this object
|
1855
|
+
def update!(**args)
|
1856
|
+
@bucket = args[:bucket] if args.key?(:bucket)
|
1857
|
+
@generation = args[:generation] if args.key?(:generation)
|
1858
|
+
@object = args[:object] if args.key?(:object)
|
1859
|
+
end
|
1860
|
+
end
|
1861
|
+
|
1862
|
+
# Location of the source manifest in Google Cloud Storage. This feature is in
|
1863
|
+
# Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-
|
1864
|
+
# builders/tree/master/gcs-fetcher).
|
1865
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest
|
1866
|
+
include Google::Apis::Core::Hashable
|
1867
|
+
|
1868
|
+
# Google Cloud Storage bucket containing the source manifest (see [Bucket Name
|
1869
|
+
# Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)
|
1870
|
+
# ).
|
1871
|
+
# Corresponds to the JSON property `bucket`
|
1872
|
+
# @return [String]
|
1873
|
+
attr_accessor :bucket
|
769
1874
|
|
770
|
-
#
|
771
|
-
#
|
772
|
-
#
|
773
|
-
|
1875
|
+
# Google Cloud Storage generation for the object. If the generation is omitted,
|
1876
|
+
# the latest generation will be used.
|
1877
|
+
# Corresponds to the JSON property `generation`
|
1878
|
+
# @return [Fixnum]
|
1879
|
+
attr_accessor :generation
|
1880
|
+
|
1881
|
+
# Google Cloud Storage object containing the source manifest. This object must
|
1882
|
+
# be a JSON file.
|
1883
|
+
# Corresponds to the JSON property `object`
|
1884
|
+
# @return [String]
|
1885
|
+
attr_accessor :object
|
774
1886
|
|
775
1887
|
def initialize(**args)
|
776
1888
|
update!(**args)
|
@@ -778,30 +1890,25 @@ module Google
|
|
778
1890
|
|
779
1891
|
# Update properties of this object
|
780
1892
|
def update!(**args)
|
781
|
-
@
|
782
|
-
@
|
783
|
-
@
|
784
|
-
@remediation = args[:remediation] if args.key?(:remediation)
|
785
|
-
@scan_instructions = args[:scan_instructions] if args.key?(:scan_instructions)
|
786
|
-
@title = args[:title] if args.key?(:title)
|
787
|
-
@version = args[:version] if args.key?(:version)
|
1893
|
+
@bucket = args[:bucket] if args.key?(:bucket)
|
1894
|
+
@generation = args[:generation] if args.key?(:generation)
|
1895
|
+
@object = args[:object] if args.key?(:object)
|
788
1896
|
end
|
789
1897
|
end
|
790
1898
|
|
791
|
-
#
|
792
|
-
|
793
|
-
class ComplianceOccurrence
|
1899
|
+
# Start and end times for a build execution phase.
|
1900
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan
|
794
1901
|
include Google::Apis::Core::Hashable
|
795
1902
|
|
796
|
-
#
|
797
|
-
# Corresponds to the JSON property `
|
1903
|
+
# End of time span.
|
1904
|
+
# Corresponds to the JSON property `endTime`
|
798
1905
|
# @return [String]
|
799
|
-
attr_accessor :
|
1906
|
+
attr_accessor :end_time
|
800
1907
|
|
801
|
-
#
|
802
|
-
# Corresponds to the JSON property `
|
803
|
-
# @return [
|
804
|
-
attr_accessor :
|
1908
|
+
# Start of time span.
|
1909
|
+
# Corresponds to the JSON property `startTime`
|
1910
|
+
# @return [String]
|
1911
|
+
attr_accessor :start_time
|
805
1912
|
|
806
1913
|
def initialize(**args)
|
807
1914
|
update!(**args)
|
@@ -809,27 +1916,29 @@ module Google
|
|
809
1916
|
|
810
1917
|
# Update properties of this object
|
811
1918
|
def update!(**args)
|
812
|
-
@
|
813
|
-
@
|
1919
|
+
@end_time = args[:end_time] if args.key?(:end_time)
|
1920
|
+
@start_time = args[:start_time] if args.key?(:start_time)
|
814
1921
|
end
|
815
1922
|
end
|
816
1923
|
|
817
|
-
#
|
818
|
-
#
|
819
|
-
class
|
1924
|
+
# Volume describes a Docker container volume which is mounted into build steps
|
1925
|
+
# in order to persist files across build step execution.
|
1926
|
+
class ContaineranalysisGoogleDevtoolsCloudbuildV1Volume
|
820
1927
|
include Google::Apis::Core::Hashable
|
821
1928
|
|
822
|
-
#
|
823
|
-
#
|
824
|
-
#
|
1929
|
+
# Name of the volume to mount. Volume names must be unique per build step and
|
1930
|
+
# must be valid names for Docker volumes. Each named volume must be used by at
|
1931
|
+
# least two build steps.
|
1932
|
+
# Corresponds to the JSON property `name`
|
825
1933
|
# @return [String]
|
826
|
-
attr_accessor :
|
1934
|
+
attr_accessor :name
|
827
1935
|
|
828
|
-
#
|
829
|
-
#
|
830
|
-
#
|
1936
|
+
# Path at which to mount the volume. Paths must be absolute and cannot conflict
|
1937
|
+
# with other volume paths on the same build step or with certain reserved volume
|
1938
|
+
# paths.
|
1939
|
+
# Corresponds to the JSON property `path`
|
831
1940
|
# @return [String]
|
832
|
-
attr_accessor :
|
1941
|
+
attr_accessor :path
|
833
1942
|
|
834
1943
|
def initialize(**args)
|
835
1944
|
update!(**args)
|
@@ -837,8 +1946,8 @@ module Google
|
|
837
1946
|
|
838
1947
|
# Update properties of this object
|
839
1948
|
def update!(**args)
|
840
|
-
@
|
841
|
-
@
|
1949
|
+
@name = args[:name] if args.key?(:name)
|
1950
|
+
@path = args[:path] if args.key?(:path)
|
842
1951
|
end
|
843
1952
|
end
|
844
1953
|
|
@@ -1652,18 +2761,10 @@ module Google
|
|
1652
2761
|
# @return [String]
|
1653
2762
|
attr_accessor :id
|
1654
2763
|
|
1655
|
-
#
|
1656
|
-
#
|
1657
|
-
# License for a file
|
1658
|
-
# Corresponds to the JSON property `licenseComments`
|
1659
|
-
# @return [String]
|
1660
|
-
attr_accessor :license_comments
|
1661
|
-
|
1662
|
-
# This field contains the license the SPDX file creator has concluded as
|
1663
|
-
# governing the file or alternative values if the governing license cannot be
|
1664
|
-
# determined
|
2764
|
+
# License information: https://spdx.github.io/spdx-spec/3-package-information/#
|
2765
|
+
# 315-declared-license
|
1665
2766
|
# Corresponds to the JSON property `licenseConcluded`
|
1666
|
-
# @return [
|
2767
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::License]
|
1667
2768
|
attr_accessor :license_concluded
|
1668
2769
|
|
1669
2770
|
# This field provides a place for the SPDX file creator to record license
|
@@ -1684,7 +2785,6 @@ module Google
|
|
1684
2785
|
@copyright = args[:copyright] if args.key?(:copyright)
|
1685
2786
|
@files_license_info = args[:files_license_info] if args.key?(:files_license_info)
|
1686
2787
|
@id = args[:id] if args.key?(:id)
|
1687
|
-
@license_comments = args[:license_comments] if args.key?(:license_comments)
|
1688
2788
|
@license_concluded = args[:license_concluded] if args.key?(:license_concluded)
|
1689
2789
|
@notice = args[:notice] if args.key?(:notice)
|
1690
2790
|
end
|
@@ -1747,13 +2847,16 @@ module Google
|
|
1747
2847
|
class GetPolicyOptions
|
1748
2848
|
include Google::Apis::Core::Hashable
|
1749
2849
|
|
1750
|
-
# Optional. The policy
|
1751
|
-
# 3. Requests specifying an invalid value will be
|
1752
|
-
# policies with any conditional bindings must
|
1753
|
-
#
|
1754
|
-
# field unset.
|
1755
|
-
#
|
1756
|
-
#
|
2850
|
+
# Optional. The maximum policy version that will be used to format the policy.
|
2851
|
+
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
2852
|
+
# rejected. Requests for policies with any conditional role bindings must
|
2853
|
+
# specify version 3. Policies with no conditional role bindings may specify any
|
2854
|
+
# valid value or leave the field unset. The policy in the response might use the
|
2855
|
+
# policy version that you specified, or it might use a lower policy version. For
|
2856
|
+
# example, if you specify version 3, but the policy has no conditional role
|
2857
|
+
# bindings, the response uses version 1. To learn which resources support
|
2858
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
2859
|
+
# google.com/iam/help/conditions/resource-policies).
|
1757
2860
|
# Corresponds to the JSON property `requestedPolicyVersion`
|
1758
2861
|
# @return [Fixnum]
|
1759
2862
|
attr_accessor :requested_policy_version
|
@@ -2100,36 +3203,42 @@ module Google
|
|
2100
3203
|
class InTotoStatement
|
2101
3204
|
include Google::Apis::Core::Hashable
|
2102
3205
|
|
2103
|
-
# "https://in-toto.io/
|
3206
|
+
# Always "https://in-toto.io/Statement/v0.1".
|
3207
|
+
# Corresponds to the JSON property `_type`
|
3208
|
+
# @return [String]
|
3209
|
+
attr_accessor :_type
|
3210
|
+
|
3211
|
+
# "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
|
2104
3212
|
# Corresponds to the JSON property `predicateType`
|
2105
3213
|
# @return [String]
|
2106
3214
|
attr_accessor :predicate_type
|
2107
3215
|
|
2108
|
-
#
|
3216
|
+
# provenance is a predicate of type intotoprovenance
|
2109
3217
|
# Corresponds to the JSON property `provenance`
|
2110
3218
|
# @return [Google::Apis::ContaineranalysisV1alpha1::InTotoProvenance]
|
2111
3219
|
attr_accessor :provenance
|
2112
3220
|
|
2113
|
-
#
|
3221
|
+
# SlsaProvenance is the slsa provenance as defined by the slsa spec.
|
3222
|
+
# Corresponds to the JSON property `slsaProvenance`
|
3223
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::SlsaProvenance]
|
3224
|
+
attr_accessor :slsa_provenance
|
3225
|
+
|
3226
|
+
# subject is the subjects of the intoto statement
|
2114
3227
|
# Corresponds to the JSON property `subject`
|
2115
3228
|
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::Subject>]
|
2116
3229
|
attr_accessor :subject
|
2117
3230
|
|
2118
|
-
# Always "https://in-toto.io/Statement/v0.1".
|
2119
|
-
# Corresponds to the JSON property `type`
|
2120
|
-
# @return [String]
|
2121
|
-
attr_accessor :type
|
2122
|
-
|
2123
3231
|
def initialize(**args)
|
2124
3232
|
update!(**args)
|
2125
3233
|
end
|
2126
3234
|
|
2127
3235
|
# Update properties of this object
|
2128
3236
|
def update!(**args)
|
3237
|
+
@_type = args[:_type] if args.key?(:_type)
|
2129
3238
|
@predicate_type = args[:predicate_type] if args.key?(:predicate_type)
|
2130
3239
|
@provenance = args[:provenance] if args.key?(:provenance)
|
3240
|
+
@slsa_provenance = args[:slsa_provenance] if args.key?(:slsa_provenance)
|
2131
3241
|
@subject = args[:subject] if args.key?(:subject)
|
2132
|
-
@type = args[:type] if args.key?(:type)
|
2133
3242
|
end
|
2134
3243
|
end
|
2135
3244
|
|
@@ -2184,6 +3293,33 @@ module Google
|
|
2184
3293
|
end
|
2185
3294
|
end
|
2186
3295
|
|
3296
|
+
# License information: https://spdx.github.io/spdx-spec/3-package-information/#
|
3297
|
+
# 315-declared-license
|
3298
|
+
class License
|
3299
|
+
include Google::Apis::Core::Hashable
|
3300
|
+
|
3301
|
+
# Comments
|
3302
|
+
# Corresponds to the JSON property `comments`
|
3303
|
+
# @return [String]
|
3304
|
+
attr_accessor :comments
|
3305
|
+
|
3306
|
+
# Expression: https://spdx.github.io/spdx-spec/appendix-IV-SPDX-license-
|
3307
|
+
# expressions/
|
3308
|
+
# Corresponds to the JSON property `expression`
|
3309
|
+
# @return [String]
|
3310
|
+
attr_accessor :expression
|
3311
|
+
|
3312
|
+
def initialize(**args)
|
3313
|
+
update!(**args)
|
3314
|
+
end
|
3315
|
+
|
3316
|
+
# Update properties of this object
|
3317
|
+
def update!(**args)
|
3318
|
+
@comments = args[:comments] if args.key?(:comments)
|
3319
|
+
@expression = args[:expression] if args.key?(:expression)
|
3320
|
+
end
|
3321
|
+
end
|
3322
|
+
|
2187
3323
|
# Response including listed occurrences for a note.
|
2188
3324
|
class ListNoteOccurrencesResponse
|
2189
3325
|
include Google::Apis::Core::Hashable
|
@@ -2322,6 +3458,32 @@ module Google
|
|
2322
3458
|
end
|
2323
3459
|
end
|
2324
3460
|
|
3461
|
+
# Material is a material used in the generation of the provenance
|
3462
|
+
class Material
|
3463
|
+
include Google::Apis::Core::Hashable
|
3464
|
+
|
3465
|
+
# digest is a map from a hash algorithm (e.g. sha256) to the value in the
|
3466
|
+
# material
|
3467
|
+
# Corresponds to the JSON property `digest`
|
3468
|
+
# @return [Hash<String,String>]
|
3469
|
+
attr_accessor :digest
|
3470
|
+
|
3471
|
+
# uri is the uri of the material
|
3472
|
+
# Corresponds to the JSON property `uri`
|
3473
|
+
# @return [String]
|
3474
|
+
attr_accessor :uri
|
3475
|
+
|
3476
|
+
def initialize(**args)
|
3477
|
+
update!(**args)
|
3478
|
+
end
|
3479
|
+
|
3480
|
+
# Update properties of this object
|
3481
|
+
def update!(**args)
|
3482
|
+
@digest = args[:digest] if args.key?(:digest)
|
3483
|
+
@uri = args[:uri] if args.key?(:uri)
|
3484
|
+
end
|
3485
|
+
end
|
3486
|
+
|
2325
3487
|
# Other properties of the build.
|
2326
3488
|
class Metadata
|
2327
3489
|
include Google::Apis::Core::Hashable
|
@@ -2512,10 +3674,10 @@ module Google
|
|
2512
3674
|
# @return [Google::Apis::ContaineranalysisV1alpha1::FileNote]
|
2513
3675
|
attr_accessor :spdx_file
|
2514
3676
|
|
2515
|
-
#
|
3677
|
+
# PackageInfoNote represents an SPDX Package Information section: https://spdx.
|
2516
3678
|
# github.io/spdx-spec/3-package-information/
|
2517
3679
|
# Corresponds to the JSON property `spdxPackage`
|
2518
|
-
# @return [Google::Apis::ContaineranalysisV1alpha1::
|
3680
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::PackageInfoNote]
|
2519
3681
|
attr_accessor :spdx_package
|
2520
3682
|
|
2521
3683
|
# RelationshipNote represents an SPDX Relationship section: https://spdx.github.
|
@@ -2685,10 +3847,10 @@ module Google
|
|
2685
3847
|
# @return [Google::Apis::ContaineranalysisV1alpha1::FileOccurrence]
|
2686
3848
|
attr_accessor :spdx_file
|
2687
3849
|
|
2688
|
-
#
|
2689
|
-
# github.io/spdx-spec/3-package-information/
|
3850
|
+
# PackageInfoOccurrence represents an SPDX Package Information section: https://
|
3851
|
+
# spdx.github.io/spdx-spec/3-package-information/
|
2690
3852
|
# Corresponds to the JSON property `spdxPackage`
|
2691
|
-
# @return [Google::Apis::ContaineranalysisV1alpha1::
|
3853
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::PackageInfoOccurrence]
|
2692
3854
|
attr_accessor :spdx_package
|
2693
3855
|
|
2694
3856
|
# RelationshipOccurrence represents an SPDX Relationship section: https://spdx.
|
@@ -2835,56 +3997,9 @@ module Google
|
|
2835
3997
|
end
|
2836
3998
|
end
|
2837
3999
|
|
2838
|
-
#
|
2839
|
-
# fix (if one is available).
|
2840
|
-
class PackageIssue
|
2841
|
-
include Google::Apis::Core::Hashable
|
2842
|
-
|
2843
|
-
# The location of the vulnerability
|
2844
|
-
# Corresponds to the JSON property `affectedLocation`
|
2845
|
-
# @return [Google::Apis::ContaineranalysisV1alpha1::VulnerabilityLocation]
|
2846
|
-
attr_accessor :affected_location
|
2847
|
-
|
2848
|
-
# Output only. The distro or language system assigned severity for this
|
2849
|
-
# vulnerability when that is available and note provider assigned severity when
|
2850
|
-
# distro or language system has not yet assigned a severity for this
|
2851
|
-
# vulnerability.
|
2852
|
-
# Corresponds to the JSON property `effectiveSeverity`
|
2853
|
-
# @return [String]
|
2854
|
-
attr_accessor :effective_severity
|
2855
|
-
|
2856
|
-
# The location of the vulnerability
|
2857
|
-
# Corresponds to the JSON property `fixedLocation`
|
2858
|
-
# @return [Google::Apis::ContaineranalysisV1alpha1::VulnerabilityLocation]
|
2859
|
-
attr_accessor :fixed_location
|
2860
|
-
|
2861
|
-
# The type of package (e.g. OS, MAVEN, GO).
|
2862
|
-
# Corresponds to the JSON property `packageType`
|
2863
|
-
# @return [String]
|
2864
|
-
attr_accessor :package_type
|
2865
|
-
|
2866
|
-
#
|
2867
|
-
# Corresponds to the JSON property `severityName`
|
2868
|
-
# @return [String]
|
2869
|
-
attr_accessor :severity_name
|
2870
|
-
|
2871
|
-
def initialize(**args)
|
2872
|
-
update!(**args)
|
2873
|
-
end
|
2874
|
-
|
2875
|
-
# Update properties of this object
|
2876
|
-
def update!(**args)
|
2877
|
-
@affected_location = args[:affected_location] if args.key?(:affected_location)
|
2878
|
-
@effective_severity = args[:effective_severity] if args.key?(:effective_severity)
|
2879
|
-
@fixed_location = args[:fixed_location] if args.key?(:fixed_location)
|
2880
|
-
@package_type = args[:package_type] if args.key?(:package_type)
|
2881
|
-
@severity_name = args[:severity_name] if args.key?(:severity_name)
|
2882
|
-
end
|
2883
|
-
end
|
2884
|
-
|
2885
|
-
# PackageNote represents an SPDX Package Information section: https://spdx.
|
4000
|
+
# PackageInfoNote represents an SPDX Package Information section: https://spdx.
|
2886
4001
|
# github.io/spdx-spec/3-package-information/
|
2887
|
-
class
|
4002
|
+
class PackageInfoNote
|
2888
4003
|
include Google::Apis::Core::Hashable
|
2889
4004
|
|
2890
4005
|
# Indicates whether the file content of this package has been available for or
|
@@ -2943,9 +4058,10 @@ module Google
|
|
2943
4058
|
# @return [String]
|
2944
4059
|
attr_accessor :home_page
|
2945
4060
|
|
2946
|
-
#
|
4061
|
+
# License information: https://spdx.github.io/spdx-spec/3-package-information/#
|
4062
|
+
# 315-declared-license
|
2947
4063
|
# Corresponds to the JSON property `licenseDeclared`
|
2948
|
-
# @return [
|
4064
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::License]
|
2949
4065
|
attr_accessor :license_declared
|
2950
4066
|
|
2951
4067
|
# If the package identified in the SPDX file originated from a different person
|
@@ -2955,6 +4071,11 @@ module Google
|
|
2955
4071
|
# @return [String]
|
2956
4072
|
attr_accessor :originator
|
2957
4073
|
|
4074
|
+
# The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
|
4075
|
+
# Corresponds to the JSON property `packageType`
|
4076
|
+
# @return [String]
|
4077
|
+
attr_accessor :package_type
|
4078
|
+
|
2958
4079
|
# A short description of the package
|
2959
4080
|
# Corresponds to the JSON property `summaryDescription`
|
2960
4081
|
# @return [String]
|
@@ -3001,6 +4122,7 @@ module Google
|
|
3001
4122
|
@home_page = args[:home_page] if args.key?(:home_page)
|
3002
4123
|
@license_declared = args[:license_declared] if args.key?(:license_declared)
|
3003
4124
|
@originator = args[:originator] if args.key?(:originator)
|
4125
|
+
@package_type = args[:package_type] if args.key?(:package_type)
|
3004
4126
|
@summary_description = args[:summary_description] if args.key?(:summary_description)
|
3005
4127
|
@supplier = args[:supplier] if args.key?(:supplier)
|
3006
4128
|
@title = args[:title] if args.key?(:title)
|
@@ -3009,9 +4131,9 @@ module Google
|
|
3009
4131
|
end
|
3010
4132
|
end
|
3011
4133
|
|
3012
|
-
#
|
3013
|
-
# github.io/spdx-spec/3-package-information/
|
3014
|
-
class
|
4134
|
+
# PackageInfoOccurrence represents an SPDX Package Information section: https://
|
4135
|
+
# spdx.github.io/spdx-spec/3-package-information/
|
4136
|
+
class PackageInfoOccurrence
|
3015
4137
|
include Google::Apis::Core::Hashable
|
3016
4138
|
|
3017
4139
|
# A place for the SPDX file creator to record any general comments about the
|
@@ -3026,42 +4148,114 @@ module Google
|
|
3026
4148
|
# @return [String]
|
3027
4149
|
attr_accessor :filename
|
3028
4150
|
|
4151
|
+
# Output only. Provide a place for the SPDX file creator to record a web site
|
4152
|
+
# that serves as the package's home page
|
4153
|
+
# Corresponds to the JSON property `homePage`
|
4154
|
+
# @return [String]
|
4155
|
+
attr_accessor :home_page
|
4156
|
+
|
3029
4157
|
# Uniquely identify any element in an SPDX document which may be referenced by
|
3030
4158
|
# other elements
|
3031
4159
|
# Corresponds to the JSON property `id`
|
3032
4160
|
# @return [String]
|
3033
4161
|
attr_accessor :id
|
3034
4162
|
|
3035
|
-
#
|
3036
|
-
#
|
3037
|
-
# License for a package
|
3038
|
-
# Corresponds to the JSON property `licenseComments`
|
3039
|
-
# @return [String]
|
3040
|
-
attr_accessor :license_comments
|
3041
|
-
|
3042
|
-
# package or alternative values, if the governing license cannot be determined
|
4163
|
+
# License information: https://spdx.github.io/spdx-spec/3-package-information/#
|
4164
|
+
# 315-declared-license
|
3043
4165
|
# Corresponds to the JSON property `licenseConcluded`
|
3044
|
-
# @return [
|
4166
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::License]
|
3045
4167
|
attr_accessor :license_concluded
|
3046
4168
|
|
4169
|
+
# Output only. The type of package: OS, MAVEN, GO, GO_STDLIB, etc.
|
4170
|
+
# Corresponds to the JSON property `packageType`
|
4171
|
+
# @return [String]
|
4172
|
+
attr_accessor :package_type
|
4173
|
+
|
3047
4174
|
# Provide a place for the SPDX file creator to record any relevant background
|
3048
4175
|
# information or additional comments about the origin of the package
|
3049
4176
|
# Corresponds to the JSON property `sourceInfo`
|
3050
4177
|
# @return [String]
|
3051
4178
|
attr_accessor :source_info
|
3052
4179
|
|
4180
|
+
# Output only. A short description of the package
|
4181
|
+
# Corresponds to the JSON property `summaryDescription`
|
4182
|
+
# @return [String]
|
4183
|
+
attr_accessor :summary_description
|
4184
|
+
|
4185
|
+
# Output only. Identify the full name of the package as given by the Package
|
4186
|
+
# Originator
|
4187
|
+
# Corresponds to the JSON property `title`
|
4188
|
+
# @return [String]
|
4189
|
+
attr_accessor :title
|
4190
|
+
|
4191
|
+
# Output only. Identify the version of the package
|
4192
|
+
# Corresponds to the JSON property `version`
|
4193
|
+
# @return [String]
|
4194
|
+
attr_accessor :version
|
4195
|
+
|
4196
|
+
def initialize(**args)
|
4197
|
+
update!(**args)
|
4198
|
+
end
|
4199
|
+
|
4200
|
+
# Update properties of this object
|
4201
|
+
def update!(**args)
|
4202
|
+
@comment = args[:comment] if args.key?(:comment)
|
4203
|
+
@filename = args[:filename] if args.key?(:filename)
|
4204
|
+
@home_page = args[:home_page] if args.key?(:home_page)
|
4205
|
+
@id = args[:id] if args.key?(:id)
|
4206
|
+
@license_concluded = args[:license_concluded] if args.key?(:license_concluded)
|
4207
|
+
@package_type = args[:package_type] if args.key?(:package_type)
|
4208
|
+
@source_info = args[:source_info] if args.key?(:source_info)
|
4209
|
+
@summary_description = args[:summary_description] if args.key?(:summary_description)
|
4210
|
+
@title = args[:title] if args.key?(:title)
|
4211
|
+
@version = args[:version] if args.key?(:version)
|
4212
|
+
end
|
4213
|
+
end
|
4214
|
+
|
4215
|
+
# This message wraps a location affected by a vulnerability and its associated
|
4216
|
+
# fix (if one is available).
|
4217
|
+
class PackageIssue
|
4218
|
+
include Google::Apis::Core::Hashable
|
4219
|
+
|
4220
|
+
# The location of the vulnerability
|
4221
|
+
# Corresponds to the JSON property `affectedLocation`
|
4222
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::VulnerabilityLocation]
|
4223
|
+
attr_accessor :affected_location
|
4224
|
+
|
4225
|
+
# Output only. The distro or language system assigned severity for this
|
4226
|
+
# vulnerability when that is available and note provider assigned severity when
|
4227
|
+
# distro or language system has not yet assigned a severity for this
|
4228
|
+
# vulnerability.
|
4229
|
+
# Corresponds to the JSON property `effectiveSeverity`
|
4230
|
+
# @return [String]
|
4231
|
+
attr_accessor :effective_severity
|
4232
|
+
|
4233
|
+
# The location of the vulnerability
|
4234
|
+
# Corresponds to the JSON property `fixedLocation`
|
4235
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::VulnerabilityLocation]
|
4236
|
+
attr_accessor :fixed_location
|
4237
|
+
|
4238
|
+
# The type of package (e.g. OS, MAVEN, GO).
|
4239
|
+
# Corresponds to the JSON property `packageType`
|
4240
|
+
# @return [String]
|
4241
|
+
attr_accessor :package_type
|
4242
|
+
|
4243
|
+
#
|
4244
|
+
# Corresponds to the JSON property `severityName`
|
4245
|
+
# @return [String]
|
4246
|
+
attr_accessor :severity_name
|
4247
|
+
|
3053
4248
|
def initialize(**args)
|
3054
4249
|
update!(**args)
|
3055
4250
|
end
|
3056
4251
|
|
3057
4252
|
# Update properties of this object
|
3058
4253
|
def update!(**args)
|
3059
|
-
@
|
3060
|
-
@
|
3061
|
-
@
|
3062
|
-
@
|
3063
|
-
@
|
3064
|
-
@source_info = args[:source_info] if args.key?(:source_info)
|
4254
|
+
@affected_location = args[:affected_location] if args.key?(:affected_location)
|
4255
|
+
@effective_severity = args[:effective_severity] if args.key?(:effective_severity)
|
4256
|
+
@fixed_location = args[:fixed_location] if args.key?(:fixed_location)
|
4257
|
+
@package_type = args[:package_type] if args.key?(:package_type)
|
4258
|
+
@severity_name = args[:severity_name] if args.key?(:severity_name)
|
3065
4259
|
end
|
3066
4260
|
end
|
3067
4261
|
|
@@ -3120,37 +4314,42 @@ module Google
|
|
3120
4314
|
|
3121
4315
|
# An Identity and Access Management (IAM) policy, which specifies access
|
3122
4316
|
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
3123
|
-
# A `binding` binds one or more `members
|
3124
|
-
# user accounts, service accounts, Google groups, and domains (
|
3125
|
-
# A `role` is a named list of permissions; each `role` can be
|
3126
|
-
# role or a user-created custom role. For some types of Google
|
3127
|
-
# a `binding` can also specify a `condition`, which is a
|
3128
|
-
# allows access to a resource only if the expression
|
3129
|
-
# condition can add constraints based on attributes of
|
3130
|
-
# or both. To learn which resources support
|
3131
|
-
# see the [IAM documentation](https://cloud.
|
3132
|
-
# resource-policies). **JSON example:** ` "
|
3133
|
-
# resourcemanager.organizationAdmin", "members": [
|
3134
|
-
# group:admins@example.com", "domain:google.com", "
|
3135
|
-
# appspot.gserviceaccount.com" ] `, ` "role": "
|
3136
|
-
# organizationViewer", "members": [ "user:eve@example.com"
|
3137
|
-
# title": "expirable access", "description": "Does not grant
|
3138
|
-
# 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
3139
|
-
# ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
3140
|
-
# members: - user:mike@example.com - group:admins@example.com -
|
3141
|
-
# com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
3142
|
-
# resourcemanager.organizationAdmin - members: - user:eve@example.
|
3143
|
-
# roles/resourcemanager.organizationViewer condition: title: expirable
|
3144
|
-
# description: Does not grant access after Sep 2020 expression: request.
|
3145
|
-
# timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
3146
|
-
# description of IAM and its features, see the [IAM documentation](https://
|
3147
|
-
# google.com/iam/docs/).
|
4317
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
4318
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
4319
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
4320
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
4321
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
4322
|
+
# logical expression that allows access to a resource only if the expression
|
4323
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
4324
|
+
# the request, the resource, or both. To learn which resources support
|
4325
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
4326
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
4327
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
4328
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
4329
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
4330
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
4331
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
4332
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
4333
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
4334
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
4335
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
4336
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
4337
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
4338
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
4339
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
4340
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
4341
|
+
# cloud.google.com/iam/docs/).
|
3148
4342
|
class Policy
|
3149
4343
|
include Google::Apis::Core::Hashable
|
3150
4344
|
|
3151
|
-
# Associates a list of `members
|
3152
|
-
# condition` that determines how and when the `bindings` are applied.
|
3153
|
-
# the `bindings` must contain at least one
|
4345
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
4346
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
4347
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
4348
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
4349
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
4350
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
4351
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
4352
|
+
# principals to the `bindings` in the `Policy`.
|
3154
4353
|
# Corresponds to the JSON property `bindings`
|
3155
4354
|
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::Binding>]
|
3156
4355
|
attr_accessor :bindings
|
@@ -3290,12 +4489,18 @@ module Google
|
|
3290
4489
|
class RelationshipNote
|
3291
4490
|
include Google::Apis::Core::Hashable
|
3292
4491
|
|
4492
|
+
# The type of relationship between the source and target SPDX elements
|
4493
|
+
# Corresponds to the JSON property `type`
|
4494
|
+
# @return [String]
|
4495
|
+
attr_accessor :type
|
4496
|
+
|
3293
4497
|
def initialize(**args)
|
3294
4498
|
update!(**args)
|
3295
4499
|
end
|
3296
4500
|
|
3297
4501
|
# Update properties of this object
|
3298
4502
|
def update!(**args)
|
4503
|
+
@type = args[:type] if args.key?(:type)
|
3299
4504
|
end
|
3300
4505
|
end
|
3301
4506
|
|
@@ -3324,7 +4529,8 @@ module Google
|
|
3324
4529
|
# @return [String]
|
3325
4530
|
attr_accessor :target
|
3326
4531
|
|
3327
|
-
# The type of relationship between the source and target SPDX
|
4532
|
+
# Output only. The type of relationship between the source and target SPDX
|
4533
|
+
# elements
|
3328
4534
|
# Corresponds to the JSON property `type`
|
3329
4535
|
# @return [String]
|
3330
4536
|
attr_accessor :type
|
@@ -3469,31 +4675,31 @@ module Google
|
|
3469
4675
|
|
3470
4676
|
# An Identity and Access Management (IAM) policy, which specifies access
|
3471
4677
|
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
3472
|
-
# A `binding` binds one or more `members
|
3473
|
-
# user accounts, service accounts, Google groups, and domains (
|
3474
|
-
# A `role` is a named list of permissions; each `role` can be
|
3475
|
-
# role or a user-created custom role. For some types of Google
|
3476
|
-
# a `binding` can also specify a `condition`, which is a
|
3477
|
-
# allows access to a resource only if the expression
|
3478
|
-
# condition can add constraints based on attributes of
|
3479
|
-
# or both. To learn which resources support
|
3480
|
-
# see the [IAM documentation](https://cloud.
|
3481
|
-
# resource-policies). **JSON example:** ` "
|
3482
|
-
# resourcemanager.organizationAdmin", "members": [
|
3483
|
-
# group:admins@example.com", "domain:google.com", "
|
3484
|
-
# appspot.gserviceaccount.com" ] `, ` "role": "
|
3485
|
-
# organizationViewer", "members": [ "user:eve@example.com"
|
3486
|
-
# title": "expirable access", "description": "Does not grant
|
3487
|
-
# 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
3488
|
-
# ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
3489
|
-
# members: - user:mike@example.com - group:admins@example.com -
|
3490
|
-
# com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
3491
|
-
# resourcemanager.organizationAdmin - members: - user:eve@example.
|
3492
|
-
# roles/resourcemanager.organizationViewer condition: title: expirable
|
3493
|
-
# description: Does not grant access after Sep 2020 expression: request.
|
3494
|
-
# timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
3495
|
-
# description of IAM and its features, see the [IAM documentation](https://
|
3496
|
-
# google.com/iam/docs/).
|
4678
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
4679
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
4680
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
4681
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
4682
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
4683
|
+
# logical expression that allows access to a resource only if the expression
|
4684
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
4685
|
+
# the request, the resource, or both. To learn which resources support
|
4686
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
4687
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
4688
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
4689
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
4690
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
4691
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
4692
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
4693
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
4694
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
4695
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
4696
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
4697
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
4698
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
4699
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
4700
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
4701
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
4702
|
+
# cloud.google.com/iam/docs/).
|
3497
4703
|
# Corresponds to the JSON property `policy`
|
3498
4704
|
# @return [Google::Apis::ContaineranalysisV1alpha1::Policy]
|
3499
4705
|
attr_accessor :policy
|
@@ -3533,6 +4739,210 @@ module Google
|
|
3533
4739
|
end
|
3534
4740
|
end
|
3535
4741
|
|
4742
|
+
# SlsaBuilder encapsulates the identity of the builder of this provenance.
|
4743
|
+
class SlsaBuilder
|
4744
|
+
include Google::Apis::Core::Hashable
|
4745
|
+
|
4746
|
+
# id is the id of the slsa provenance builder
|
4747
|
+
# Corresponds to the JSON property `id`
|
4748
|
+
# @return [String]
|
4749
|
+
attr_accessor :id
|
4750
|
+
|
4751
|
+
def initialize(**args)
|
4752
|
+
update!(**args)
|
4753
|
+
end
|
4754
|
+
|
4755
|
+
# Update properties of this object
|
4756
|
+
def update!(**args)
|
4757
|
+
@id = args[:id] if args.key?(:id)
|
4758
|
+
end
|
4759
|
+
end
|
4760
|
+
|
4761
|
+
# Indicates that the builder claims certain fields in this message to be
|
4762
|
+
# complete.
|
4763
|
+
class SlsaCompleteness
|
4764
|
+
include Google::Apis::Core::Hashable
|
4765
|
+
|
4766
|
+
# If true, the builder claims that recipe.arguments is complete, meaning that
|
4767
|
+
# all external inputs are properly captured in the recipe.
|
4768
|
+
# Corresponds to the JSON property `arguments`
|
4769
|
+
# @return [Boolean]
|
4770
|
+
attr_accessor :arguments
|
4771
|
+
alias_method :arguments?, :arguments
|
4772
|
+
|
4773
|
+
# If true, the builder claims that recipe.environment is claimed to be complete.
|
4774
|
+
# Corresponds to the JSON property `environment`
|
4775
|
+
# @return [Boolean]
|
4776
|
+
attr_accessor :environment
|
4777
|
+
alias_method :environment?, :environment
|
4778
|
+
|
4779
|
+
# If true, the builder claims that materials are complete, usually through some
|
4780
|
+
# controls to prevent network access. Sometimes called "hermetic".
|
4781
|
+
# Corresponds to the JSON property `materials`
|
4782
|
+
# @return [Boolean]
|
4783
|
+
attr_accessor :materials
|
4784
|
+
alias_method :materials?, :materials
|
4785
|
+
|
4786
|
+
def initialize(**args)
|
4787
|
+
update!(**args)
|
4788
|
+
end
|
4789
|
+
|
4790
|
+
# Update properties of this object
|
4791
|
+
def update!(**args)
|
4792
|
+
@arguments = args[:arguments] if args.key?(:arguments)
|
4793
|
+
@environment = args[:environment] if args.key?(:environment)
|
4794
|
+
@materials = args[:materials] if args.key?(:materials)
|
4795
|
+
end
|
4796
|
+
end
|
4797
|
+
|
4798
|
+
# Other properties of the build.
|
4799
|
+
class SlsaMetadata
|
4800
|
+
include Google::Apis::Core::Hashable
|
4801
|
+
|
4802
|
+
# The timestamp of when the build completed.
|
4803
|
+
# Corresponds to the JSON property `buildFinishedOn`
|
4804
|
+
# @return [String]
|
4805
|
+
attr_accessor :build_finished_on
|
4806
|
+
|
4807
|
+
# Identifies the particular build invocation, which can be useful for finding
|
4808
|
+
# associated logs or other ad-hoc analysis. The value SHOULD be globally unique,
|
4809
|
+
# per in-toto Provenance spec.
|
4810
|
+
# Corresponds to the JSON property `buildInvocationId`
|
4811
|
+
# @return [String]
|
4812
|
+
attr_accessor :build_invocation_id
|
4813
|
+
|
4814
|
+
# The timestamp of when the build started.
|
4815
|
+
# Corresponds to the JSON property `buildStartedOn`
|
4816
|
+
# @return [String]
|
4817
|
+
attr_accessor :build_started_on
|
4818
|
+
|
4819
|
+
# Indicates that the builder claims certain fields in this message to be
|
4820
|
+
# complete.
|
4821
|
+
# Corresponds to the JSON property `completeness`
|
4822
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::SlsaCompleteness]
|
4823
|
+
attr_accessor :completeness
|
4824
|
+
|
4825
|
+
# If true, the builder claims that running the recipe on materials will produce
|
4826
|
+
# bit-for-bit identical output.
|
4827
|
+
# Corresponds to the JSON property `reproducible`
|
4828
|
+
# @return [Boolean]
|
4829
|
+
attr_accessor :reproducible
|
4830
|
+
alias_method :reproducible?, :reproducible
|
4831
|
+
|
4832
|
+
def initialize(**args)
|
4833
|
+
update!(**args)
|
4834
|
+
end
|
4835
|
+
|
4836
|
+
# Update properties of this object
|
4837
|
+
def update!(**args)
|
4838
|
+
@build_finished_on = args[:build_finished_on] if args.key?(:build_finished_on)
|
4839
|
+
@build_invocation_id = args[:build_invocation_id] if args.key?(:build_invocation_id)
|
4840
|
+
@build_started_on = args[:build_started_on] if args.key?(:build_started_on)
|
4841
|
+
@completeness = args[:completeness] if args.key?(:completeness)
|
4842
|
+
@reproducible = args[:reproducible] if args.key?(:reproducible)
|
4843
|
+
end
|
4844
|
+
end
|
4845
|
+
|
4846
|
+
# SlsaProvenance is the slsa provenance as defined by the slsa spec.
|
4847
|
+
class SlsaProvenance
|
4848
|
+
include Google::Apis::Core::Hashable
|
4849
|
+
|
4850
|
+
# SlsaBuilder encapsulates the identity of the builder of this provenance.
|
4851
|
+
# Corresponds to the JSON property `builder`
|
4852
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::SlsaBuilder]
|
4853
|
+
attr_accessor :builder
|
4854
|
+
|
4855
|
+
# The collection of artifacts that influenced the build including sources,
|
4856
|
+
# dependencies, build tools, base images, and so on. This is considered to be
|
4857
|
+
# incomplete unless metadata.completeness.materials is true. Unset or null is
|
4858
|
+
# equivalent to empty.
|
4859
|
+
# Corresponds to the JSON property `materials`
|
4860
|
+
# @return [Array<Google::Apis::ContaineranalysisV1alpha1::Material>]
|
4861
|
+
attr_accessor :materials
|
4862
|
+
|
4863
|
+
# Other properties of the build.
|
4864
|
+
# Corresponds to the JSON property `metadata`
|
4865
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::SlsaMetadata]
|
4866
|
+
attr_accessor :metadata
|
4867
|
+
|
4868
|
+
# Steps taken to build the artifact. For a TaskRun, typically each container
|
4869
|
+
# corresponds to one step in the recipe.
|
4870
|
+
# Corresponds to the JSON property `recipe`
|
4871
|
+
# @return [Google::Apis::ContaineranalysisV1alpha1::SlsaRecipe]
|
4872
|
+
attr_accessor :recipe
|
4873
|
+
|
4874
|
+
def initialize(**args)
|
4875
|
+
update!(**args)
|
4876
|
+
end
|
4877
|
+
|
4878
|
+
# Update properties of this object
|
4879
|
+
def update!(**args)
|
4880
|
+
@builder = args[:builder] if args.key?(:builder)
|
4881
|
+
@materials = args[:materials] if args.key?(:materials)
|
4882
|
+
@metadata = args[:metadata] if args.key?(:metadata)
|
4883
|
+
@recipe = args[:recipe] if args.key?(:recipe)
|
4884
|
+
end
|
4885
|
+
end
|
4886
|
+
|
4887
|
+
# Steps taken to build the artifact. For a TaskRun, typically each container
|
4888
|
+
# corresponds to one step in the recipe.
|
4889
|
+
class SlsaRecipe
|
4890
|
+
include Google::Apis::Core::Hashable
|
4891
|
+
|
4892
|
+
# Collection of all external inputs that influenced the build on top of recipe.
|
4893
|
+
# definedInMaterial and recipe.entryPoint. For example, if the recipe type were "
|
4894
|
+
# make", then this might be the flags passed to make aside from the target,
|
4895
|
+
# which is captured in recipe.entryPoint. Depending on the recipe Type, the
|
4896
|
+
# structure may be different.
|
4897
|
+
# Corresponds to the JSON property `arguments`
|
4898
|
+
# @return [Hash<String,Object>]
|
4899
|
+
attr_accessor :arguments
|
4900
|
+
|
4901
|
+
# Index in materials containing the recipe steps that are not implied by recipe.
|
4902
|
+
# type. For example, if the recipe type were "make", then this would point to
|
4903
|
+
# the source containing the Makefile, not the make program itself. Set to -1 if
|
4904
|
+
# the recipe doesn't come from a material, as zero is default unset value for
|
4905
|
+
# int64.
|
4906
|
+
# Corresponds to the JSON property `definedInMaterial`
|
4907
|
+
# @return [Fixnum]
|
4908
|
+
attr_accessor :defined_in_material
|
4909
|
+
|
4910
|
+
# String identifying the entry point into the build. This is often a path to a
|
4911
|
+
# configuration file and/or a target label within that file. The syntax and
|
4912
|
+
# meaning are defined by recipe.type. For example, if the recipe type were "make"
|
4913
|
+
# , then this would reference the directory in which to run make as well as
|
4914
|
+
# which target to use.
|
4915
|
+
# Corresponds to the JSON property `entryPoint`
|
4916
|
+
# @return [String]
|
4917
|
+
attr_accessor :entry_point
|
4918
|
+
|
4919
|
+
# Any other builder-controlled inputs necessary for correctly evaluating the
|
4920
|
+
# recipe. Usually only needed for reproducing the build but not evaluated as
|
4921
|
+
# part of policy. Depending on the recipe Type, the structure may be different.
|
4922
|
+
# Corresponds to the JSON property `environment`
|
4923
|
+
# @return [Hash<String,Object>]
|
4924
|
+
attr_accessor :environment
|
4925
|
+
|
4926
|
+
# URI indicating what type of recipe was performed. It determines the meaning of
|
4927
|
+
# recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
|
4928
|
+
# Corresponds to the JSON property `type`
|
4929
|
+
# @return [String]
|
4930
|
+
attr_accessor :type
|
4931
|
+
|
4932
|
+
def initialize(**args)
|
4933
|
+
update!(**args)
|
4934
|
+
end
|
4935
|
+
|
4936
|
+
# Update properties of this object
|
4937
|
+
def update!(**args)
|
4938
|
+
@arguments = args[:arguments] if args.key?(:arguments)
|
4939
|
+
@defined_in_material = args[:defined_in_material] if args.key?(:defined_in_material)
|
4940
|
+
@entry_point = args[:entry_point] if args.key?(:entry_point)
|
4941
|
+
@environment = args[:environment] if args.key?(:environment)
|
4942
|
+
@type = args[:type] if args.key?(:type)
|
4943
|
+
end
|
4944
|
+
end
|
4945
|
+
|
3536
4946
|
# Source describes the location of the source used for the build.
|
3537
4947
|
class Source
|
3538
4948
|
include Google::Apis::Core::Hashable
|
@@ -3665,16 +5075,17 @@ module Google
|
|
3665
5075
|
end
|
3666
5076
|
end
|
3667
5077
|
|
3668
|
-
#
|
5078
|
+
# Subject refers to the subject of the intoto statement
|
3669
5079
|
class Subject
|
3670
5080
|
include Google::Apis::Core::Hashable
|
3671
5081
|
|
3672
|
-
# "": ""
|
5082
|
+
# "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/
|
5083
|
+
# attestation/blob/main/spec/field_types.md#DigestSet
|
3673
5084
|
# Corresponds to the JSON property `digest`
|
3674
5085
|
# @return [Hash<String,String>]
|
3675
5086
|
attr_accessor :digest
|
3676
5087
|
|
3677
|
-
#
|
5088
|
+
# name is the name of the Subject used here
|
3678
5089
|
# Corresponds to the JSON property `name`
|
3679
5090
|
# @return [String]
|
3680
5091
|
attr_accessor :name
|
@@ -3730,31 +5141,6 @@ module Google
|
|
3730
5141
|
end
|
3731
5142
|
end
|
3732
5143
|
|
3733
|
-
# Start and end times for a build execution phase.
|
3734
|
-
class TimeSpan
|
3735
|
-
include Google::Apis::Core::Hashable
|
3736
|
-
|
3737
|
-
# End of time span.
|
3738
|
-
# Corresponds to the JSON property `endTime`
|
3739
|
-
# @return [String]
|
3740
|
-
attr_accessor :end_time
|
3741
|
-
|
3742
|
-
# Start of time span.
|
3743
|
-
# Corresponds to the JSON property `startTime`
|
3744
|
-
# @return [String]
|
3745
|
-
attr_accessor :start_time
|
3746
|
-
|
3747
|
-
def initialize(**args)
|
3748
|
-
update!(**args)
|
3749
|
-
end
|
3750
|
-
|
3751
|
-
# Update properties of this object
|
3752
|
-
def update!(**args)
|
3753
|
-
@end_time = args[:end_time] if args.key?(:end_time)
|
3754
|
-
@start_time = args[:start_time] if args.key?(:start_time)
|
3755
|
-
end
|
3756
|
-
end
|
3757
|
-
|
3758
5144
|
# Request for updating an existing operation
|
3759
5145
|
class UpdateOperationRequest
|
3760
5146
|
include Google::Apis::Core::Hashable
|
@@ -3946,36 +5332,6 @@ module Google
|
|
3946
5332
|
end
|
3947
5333
|
end
|
3948
5334
|
|
3949
|
-
# Volume describes a Docker container volume which is mounted into build steps
|
3950
|
-
# in order to persist files across build step execution.
|
3951
|
-
class Volume
|
3952
|
-
include Google::Apis::Core::Hashable
|
3953
|
-
|
3954
|
-
# Name of the volume to mount. Volume names must be unique per build step and
|
3955
|
-
# must be valid names for Docker volumes. Each named volume must be used by at
|
3956
|
-
# least two build steps.
|
3957
|
-
# Corresponds to the JSON property `name`
|
3958
|
-
# @return [String]
|
3959
|
-
attr_accessor :name
|
3960
|
-
|
3961
|
-
# Path at which to mount the volume. Paths must be absolute and cannot conflict
|
3962
|
-
# with other volume paths on the same build step or with certain reserved volume
|
3963
|
-
# paths.
|
3964
|
-
# Corresponds to the JSON property `path`
|
3965
|
-
# @return [String]
|
3966
|
-
attr_accessor :path
|
3967
|
-
|
3968
|
-
def initialize(**args)
|
3969
|
-
update!(**args)
|
3970
|
-
end
|
3971
|
-
|
3972
|
-
# Update properties of this object
|
3973
|
-
def update!(**args)
|
3974
|
-
@name = args[:name] if args.key?(:name)
|
3975
|
-
@path = args[:path] if args.key?(:path)
|
3976
|
-
end
|
3977
|
-
end
|
3978
|
-
|
3979
5335
|
# Used by Occurrence to point to where the vulnerability exists and how to fix
|
3980
5336
|
# it.
|
3981
5337
|
class VulnerabilityDetails
|