google-cloud-binary_authorization-v1 0.1.0

data/lib/google/cloud/binaryauthorization/v1/resources_pb.rb

@@ -0,0 +1,111 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/binaryauthorization/v1/resources.proto
+
+require 'google/protobuf'
+
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/binaryauthorization/v1/resources.proto", :syntax => :proto3) do
+    add_message "google.cloud.binaryauthorization.v1.Policy" do
+      optional :name, :string, 1
+      optional :description, :string, 6
+      optional :global_policy_evaluation_mode, :enum, 7, "google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode"
+      repeated :admission_whitelist_patterns, :message, 2, "google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern"
+      map :cluster_admission_rules, :string, :message, 3, "google.cloud.binaryauthorization.v1.AdmissionRule"
+      map :kubernetes_namespace_admission_rules, :string, :message, 10, "google.cloud.binaryauthorization.v1.AdmissionRule"
+      map :kubernetes_service_account_admission_rules, :string, :message, 8, "google.cloud.binaryauthorization.v1.AdmissionRule"
+      map :istio_service_identity_admission_rules, :string, :message, 9, "google.cloud.binaryauthorization.v1.AdmissionRule"
+      optional :default_admission_rule, :message, 4, "google.cloud.binaryauthorization.v1.AdmissionRule"
+      optional :update_time, :message, 5, "google.protobuf.Timestamp"
+    end
+    add_enum "google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode" do
+      value :GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, 0
+      value :ENABLE, 1
+      value :DISABLE, 2
+    end
+    add_message "google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern" do
+      optional :name_pattern, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1.AdmissionRule" do
+      optional :evaluation_mode, :enum, 1, "google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode"
+      repeated :require_attestations_by, :string, 2
+      optional :enforcement_mode, :enum, 3, "google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode"
+    end
+    add_enum "google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode" do
+      value :EVALUATION_MODE_UNSPECIFIED, 0
+      value :ALWAYS_ALLOW, 1
+      value :REQUIRE_ATTESTATION, 2
+      value :ALWAYS_DENY, 3
+    end
+    add_enum "google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode" do
+      value :ENFORCEMENT_MODE_UNSPECIFIED, 0
+      value :ENFORCED_BLOCK_AND_AUDIT_LOG, 1
+      value :DRYRUN_AUDIT_LOG_ONLY, 2
+    end
+    add_message "google.cloud.binaryauthorization.v1.Attestor" do
+      optional :name, :string, 1
+      optional :description, :string, 6
+      optional :update_time, :message, 4, "google.protobuf.Timestamp"
+      oneof :attestor_type do
+        optional :user_owned_grafeas_note, :message, 3, "google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote"
+      end
+    end
+    add_message "google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote" do
+      optional :note_reference, :string, 1
+      repeated :public_keys, :message, 2, "google.cloud.binaryauthorization.v1.AttestorPublicKey"
+      optional :delegation_service_account_email, :string, 3
+    end
+    add_message "google.cloud.binaryauthorization.v1.PkixPublicKey" do
+      optional :public_key_pem, :string, 1
+      optional :signature_algorithm, :enum, 2, "google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm"
+    end
+    add_enum "google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm" do
+      value :SIGNATURE_ALGORITHM_UNSPECIFIED, 0
+      value :RSA_PSS_2048_SHA256, 1
+      value :RSA_PSS_3072_SHA256, 2
+      value :RSA_PSS_4096_SHA256, 3
+      value :RSA_PSS_4096_SHA512, 4
+      value :RSA_SIGN_PKCS1_2048_SHA256, 5
+      value :RSA_SIGN_PKCS1_3072_SHA256, 6
+      value :RSA_SIGN_PKCS1_4096_SHA256, 7
+      value :RSA_SIGN_PKCS1_4096_SHA512, 8
+      value :ECDSA_P256_SHA256, 9
+      value :EC_SIGN_P256_SHA256, 9
+      value :ECDSA_P384_SHA384, 10
+      value :EC_SIGN_P384_SHA384, 10
+      value :ECDSA_P521_SHA512, 11
+      value :EC_SIGN_P521_SHA512, 11
+    end
+    add_message "google.cloud.binaryauthorization.v1.AttestorPublicKey" do
+      optional :comment, :string, 1
+      optional :id, :string, 2
+      oneof :public_key do
+        optional :ascii_armored_pgp_public_key, :string, 3
+        optional :pkix_public_key, :message, 5, "google.cloud.binaryauthorization.v1.PkixPublicKey"
+      end
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1
+        Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.Policy").msgclass
+        Policy::GlobalPolicyEvaluationMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode").enummodule
+        AdmissionWhitelistPattern = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern").msgclass
+        AdmissionRule = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.AdmissionRule").msgclass
+        AdmissionRule::EvaluationMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode").enummodule
+        AdmissionRule::EnforcementMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode").enummodule
+        Attestor = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.Attestor").msgclass
+        UserOwnedGrafeasNote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote").msgclass
+        PkixPublicKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.PkixPublicKey").msgclass
+        PkixPublicKey::SignatureAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm").enummodule
+        AttestorPublicKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.AttestorPublicKey").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/binaryauthorization/v1/service_pb.rb

@@ -0,0 +1,84 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/binaryauthorization/v1/service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/cloud/binaryauthorization/v1/resources_pb'
+require 'google/protobuf/empty_pb'
+require 'grafeas/v1/attestation_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/binaryauthorization/v1/service.proto", :syntax => :proto3) do
+    add_message "google.cloud.binaryauthorization.v1.GetPolicyRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1.UpdatePolicyRequest" do
+      optional :policy, :message, 1, "google.cloud.binaryauthorization.v1.Policy"
+    end
+    add_message "google.cloud.binaryauthorization.v1.CreateAttestorRequest" do
+      optional :parent, :string, 1
+      optional :attestor_id, :string, 2
+      optional :attestor, :message, 3, "google.cloud.binaryauthorization.v1.Attestor"
+    end
+    add_message "google.cloud.binaryauthorization.v1.GetAttestorRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1.UpdateAttestorRequest" do
+      optional :attestor, :message, 1, "google.cloud.binaryauthorization.v1.Attestor"
+    end
+    add_message "google.cloud.binaryauthorization.v1.ListAttestorsRequest" do
+      optional :parent, :string, 1
+      optional :page_size, :int32, 2
+      optional :page_token, :string, 3
+    end
+    add_message "google.cloud.binaryauthorization.v1.ListAttestorsResponse" do
+      repeated :attestors, :message, 1, "google.cloud.binaryauthorization.v1.Attestor"
+      optional :next_page_token, :string, 2
+    end
+    add_message "google.cloud.binaryauthorization.v1.DeleteAttestorRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1.GetSystemPolicyRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest" do
+      optional :attestor, :string, 1
+      optional :attestation, :message, 2, "grafeas.v1.AttestationOccurrence"
+      optional :occurrence_note, :string, 3
+      optional :occurrence_resource_uri, :string, 4
+    end
+    add_message "google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse" do
+      optional :result, :enum, 1, "google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result"
+      optional :denial_reason, :string, 2
+    end
+    add_enum "google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result" do
+      value :RESULT_UNSPECIFIED, 0
+      value :VERIFIED, 1
+      value :ATTESTATION_NOT_VERIFIABLE, 2
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1
+        GetPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.GetPolicyRequest").msgclass
+        UpdatePolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.UpdatePolicyRequest").msgclass
+        CreateAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.CreateAttestorRequest").msgclass
+        GetAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.GetAttestorRequest").msgclass
+        UpdateAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.UpdateAttestorRequest").msgclass
+        ListAttestorsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.ListAttestorsRequest").msgclass
+        ListAttestorsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.ListAttestorsResponse").msgclass
+        DeleteAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.DeleteAttestorRequest").msgclass
+        GetSystemPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.GetSystemPolicyRequest").msgclass
+        ValidateAttestationOccurrenceRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest").msgclass
+        ValidateAttestationOccurrenceResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse").msgclass
+        ValidateAttestationOccurrenceResponse::Result = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result").enummodule
+      end
+    end
+  end
+end

data/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb

@@ -0,0 +1,115 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/cloud/binaryauthorization/v1/service.proto for package 'Google.Cloud.BinaryAuthorization.V1'
+# Original file comments:
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'grpc'
+require 'google/cloud/binaryauthorization/v1/service_pb'
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1
+        module BinauthzManagementServiceV1
+          # Customer-facing API for Cloud Binary Authorization.
+          #
+          # Google Cloud Management Service for Binary Authorization admission policies
+          # and attestation authorities.
+          #
+          # This API implements a REST model with the following objects:
+          #
+          # * [Policy][google.cloud.binaryauthorization.v1.Policy]
+          # * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1'
+
+            # A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
+            # a container image, before the project is allowed to deploy that
+            # image. There is at most one policy per project. All image admission
+            # requests are permitted if a project has no policy.
+            #
+            # Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
+            # [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+            rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy
+            # Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
+            # new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
+            # conditions with concurrent policy enforcement (or management!)
+            # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+            # if the request is malformed.
+            rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy
+            # Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
+            # [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
+            # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+            # [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+            rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor
+            # Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+            # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+            rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor
+            # Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+            # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+            rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor
+            # Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+            # Returns INVALID_ARGUMENT if the project does not exist.
+            rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse
+            # Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+            # [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+            rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1::DeleteAttestorRequest, ::Google::Protobuf::Empty
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+        module SystemPolicyV1
+          # API for working with the system policy.
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.binaryauthorization.v1.SystemPolicyV1'
+
+            # Gets the current system policy in the specified location.
+            rpc :GetSystemPolicy, ::Google::Cloud::BinaryAuthorization::V1::GetSystemPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+        module ValidationHelperV1
+          # BinAuthz Attestor verification
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.binaryauthorization.v1.ValidationHelperV1'
+
+            # Returns whether the given Attestation for the given image URI
+            # was signed by the given Attestor
+            rpc :ValidateAttestationOccurrence, ::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceRequest, ::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceResponse
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/lib/google-cloud-binary_authorization-v1.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+# This gem does not autoload during Bundler.require. To load this gem,
+# issue explicit require statements for the packages desired, e.g.:
+# require "google/cloud/binary_authorization/v1"

data/proto_docs/README.md

@@ -0,0 +1,4 @@
+# Binary Authorization V1 Protocol Buffer Documentation
+
+These files are for the YARD documentation of the generated protobuf files.
+They are not intended to be required or loaded at runtime.

data/proto_docs/google/api/field_behavior.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # An indicator of the behavior of a given field (for example, that a field
+    # is required in requests, or given as output but ignored as input).
+    # This **does not** change the behavior in protocol buffers itself; it only
+    # denotes the behavior and may affect how API tooling handles the field.
+    #
+    # Note: This enum **may** receive new values in the future.
+    module FieldBehavior
+      # Conventional default for enums. Do not use this.
+      FIELD_BEHAVIOR_UNSPECIFIED = 0
+
+      # Specifically denotes a field as optional.
+      # While all fields in protocol buffers are optional, this may be specified
+      # for emphasis if appropriate.
+      OPTIONAL = 1
+
+      # Denotes a field as required.
+      # This indicates that the field **must** be provided as part of the request,
+      # and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
+      REQUIRED = 2
+
+      # Denotes a field as output only.
+      # This indicates that the field is provided in responses, but including the
+      # field in a request does nothing (the server *must* ignore it and
+      # *must not* throw an error as a result of the field's presence).
+      OUTPUT_ONLY = 3
+
+      # Denotes a field as input only.
+      # This indicates that the field is provided in requests, and the
+      # corresponding field is not included in output.
+      INPUT_ONLY = 4
+
+      # Denotes a field as immutable.
+      # This indicates that the field may be set once in a request to create a
+      # resource, but may not be changed thereafter.
+      IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary  order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
+
+      # Denotes that this field returns a non-empty default value if not set.
+      # This indicates that if the user provides the empty value in a request,
+      # a non-empty value will be returned. The user will not be aware of what
+      # non-empty value to expect.
+      NON_EMPTY_DEFAULT = 7
+    end
+  end
+end