google-cloud-binary_authorization-v1 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.yardopts +12 -0
- data/AUTHENTICATION.md +169 -0
- data/LICENSE.md +201 -0
- data/README.md +139 -0
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb +897 -0
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/credentials.rb +51 -0
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/paths.rb +97 -0
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service.rb +55 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/client.rb +371 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/credentials.rb +51 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/paths.rb +66 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy.rb +49 -0
- data/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb +382 -0
- data/lib/google/cloud/binary_authorization/v1/validation_helper/credentials.rb +51 -0
- data/lib/google/cloud/binary_authorization/v1/validation_helper.rb +48 -0
- data/lib/google/cloud/binary_authorization/v1/version.rb +28 -0
- data/lib/google/cloud/binary_authorization/v1.rb +40 -0
- data/lib/google/cloud/binaryauthorization/v1/resources_pb.rb +111 -0
- data/lib/google/cloud/binaryauthorization/v1/service_pb.rb +84 -0
- data/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb +115 -0
- data/lib/google-cloud-binary_authorization-v1.rb +21 -0
- data/proto_docs/README.md +4 -0
- data/proto_docs/google/api/field_behavior.rb +71 -0
- data/proto_docs/google/api/resource.rb +283 -0
- data/proto_docs/google/cloud/binaryauthorization/v1/resources.rb +370 -0
- data/proto_docs/google/cloud/binaryauthorization/v1/service.rb +189 -0
- data/proto_docs/google/protobuf/empty.rb +36 -0
- data/proto_docs/google/protobuf/timestamp.rb +129 -0
- data/proto_docs/grafeas/v1/attestation.rb +77 -0
- data/proto_docs/grafeas/v1/common.rb +118 -0
- metadata +242 -0
@@ -0,0 +1,189 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module BinaryAuthorization
|
23
|
+
module V1
|
24
|
+
# Request message for [BinauthzManagementService.GetPolicy][].
|
25
|
+
# @!attribute [rw] name
|
26
|
+
# @return [::String]
|
27
|
+
# Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve,
|
28
|
+
# in the format `projects/*/policy`.
|
29
|
+
class GetPolicyRequest
|
30
|
+
include ::Google::Protobuf::MessageExts
|
31
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
32
|
+
end
|
33
|
+
|
34
|
+
# Request message for [BinauthzManagementService.UpdatePolicy][].
|
35
|
+
# @!attribute [rw] policy
|
36
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1::Policy]
|
37
|
+
# Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service will
|
38
|
+
# overwrite the {::Google::Cloud::BinaryAuthorization::V1::Policy#name policy name} field with the resource name in
|
39
|
+
# the request URL, in the format `projects/*/policy`.
|
40
|
+
class UpdatePolicyRequest
|
41
|
+
include ::Google::Protobuf::MessageExts
|
42
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
43
|
+
end
|
44
|
+
|
45
|
+
# Request message for [BinauthzManagementService.CreateAttestor][].
|
46
|
+
# @!attribute [rw] parent
|
47
|
+
# @return [::String]
|
48
|
+
# Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}.
|
49
|
+
# @!attribute [rw] attestor_id
|
50
|
+
# @return [::String]
|
51
|
+
# Required. The {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} ID.
|
52
|
+
# @!attribute [rw] attestor
|
53
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
54
|
+
# Required. The initial {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will
|
55
|
+
# overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name,
|
56
|
+
# in the format `projects/*/attestors/*`.
|
57
|
+
class CreateAttestorRequest
|
58
|
+
include ::Google::Protobuf::MessageExts
|
59
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
60
|
+
end
|
61
|
+
|
62
|
+
# Request message for [BinauthzManagementService.GetAttestor][].
|
63
|
+
# @!attribute [rw] name
|
64
|
+
# @return [::String]
|
65
|
+
# Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in the format
|
66
|
+
# `projects/*/attestors/*`.
|
67
|
+
class GetAttestorRequest
|
68
|
+
include ::Google::Protobuf::MessageExts
|
69
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
70
|
+
end
|
71
|
+
|
72
|
+
# Request message for [BinauthzManagementService.UpdateAttestor][].
|
73
|
+
# @!attribute [rw] attestor
|
74
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
75
|
+
# Required. The updated {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will
|
76
|
+
# overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name
|
77
|
+
# in the request URL, in the format `projects/*/attestors/*`.
|
78
|
+
class UpdateAttestorRequest
|
79
|
+
include ::Google::Protobuf::MessageExts
|
80
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
81
|
+
end
|
82
|
+
|
83
|
+
# Request message for [BinauthzManagementService.ListAttestors][].
|
84
|
+
# @!attribute [rw] parent
|
85
|
+
# @return [::String]
|
86
|
+
# Required. The resource name of the project associated with the
|
87
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format `projects/*`.
|
88
|
+
# @!attribute [rw] page_size
|
89
|
+
# @return [::Integer]
|
90
|
+
# Requested page size. The server may return fewer results than requested. If
|
91
|
+
# unspecified, the server will pick an appropriate default.
|
92
|
+
# @!attribute [rw] page_token
|
93
|
+
# @return [::String]
|
94
|
+
# A token identifying a page of results the server should return. Typically,
|
95
|
+
# this is the value of {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned
|
96
|
+
# from the previous call to the `ListAttestors` method.
|
97
|
+
class ListAttestorsRequest
|
98
|
+
include ::Google::Protobuf::MessageExts
|
99
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
100
|
+
end
|
101
|
+
|
102
|
+
# Response message for [BinauthzManagementService.ListAttestors][].
|
103
|
+
# @!attribute [rw] attestors
|
104
|
+
# @return [::Array<::Google::Cloud::BinaryAuthorization::V1::Attestor>]
|
105
|
+
# The list of {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}.
|
106
|
+
# @!attribute [rw] next_page_token
|
107
|
+
# @return [::String]
|
108
|
+
# A token to retrieve the next page of results. Pass this value in the
|
109
|
+
# {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the
|
110
|
+
# `ListAttestors` method to retrieve the next page of results.
|
111
|
+
class ListAttestorsResponse
|
112
|
+
include ::Google::Protobuf::MessageExts
|
113
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
114
|
+
end
|
115
|
+
|
116
|
+
# Request message for [BinauthzManagementService.DeleteAttestor][].
|
117
|
+
# @!attribute [rw] name
|
118
|
+
# @return [::String]
|
119
|
+
# Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the format
|
120
|
+
# `projects/*/attestors/*`.
|
121
|
+
class DeleteAttestorRequest
|
122
|
+
include ::Google::Protobuf::MessageExts
|
123
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
124
|
+
end
|
125
|
+
|
126
|
+
# Request to read the current system policy.
|
127
|
+
# @!attribute [rw] name
|
128
|
+
# @return [::String]
|
129
|
+
# Required. The resource name, in the format `locations/*/policy`.
|
130
|
+
# Note that the system policy is not associated with a project.
|
131
|
+
class GetSystemPolicyRequest
|
132
|
+
include ::Google::Protobuf::MessageExts
|
133
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
134
|
+
end
|
135
|
+
|
136
|
+
# Request message for
|
137
|
+
# {::Google::Cloud::BinaryAuthorization::V1::ValidationHelperV1::Client#validate_attestation_occurrence ValidationHelperV1.ValidateAttestationOccurrence}.
|
138
|
+
# @!attribute [rw] attestor
|
139
|
+
# @return [::String]
|
140
|
+
# Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the
|
141
|
+
# [occurrence][grafeas.v1.Occurrence], in the format
|
142
|
+
# `projects/*/attestors/*`.
|
143
|
+
# @!attribute [rw] attestation
|
144
|
+
# @return [::Grafeas::V1::AttestationOccurrence]
|
145
|
+
# Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to
|
146
|
+
# be checked that it can be verified by the Attestor. It does not have to be
|
147
|
+
# an existing entity in Container Analysis. It must otherwise be a valid
|
148
|
+
# AttestationOccurrence.
|
149
|
+
# @!attribute [rw] occurrence_note
|
150
|
+
# @return [::String]
|
151
|
+
# Required. The resource name of the [Note][grafeas.v1.Note] to which the
|
152
|
+
# containing [Occurrence][grafeas.v1.Occurrence] is associated.
|
153
|
+
# @!attribute [rw] occurrence_resource_uri
|
154
|
+
# @return [::String]
|
155
|
+
# Required. The URI of the artifact (e.g. container image) that is the
|
156
|
+
# subject of the containing [Occurrence][grafeas.v1.Occurrence].
|
157
|
+
class ValidateAttestationOccurrenceRequest
|
158
|
+
include ::Google::Protobuf::MessageExts
|
159
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
160
|
+
end
|
161
|
+
|
162
|
+
# Response message for
|
163
|
+
# {::Google::Cloud::BinaryAuthorization::V1::ValidationHelperV1::Client#validate_attestation_occurrence ValidationHelperV1.ValidateAttestationOccurrence}.
|
164
|
+
# @!attribute [rw] result
|
165
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceResponse::Result]
|
166
|
+
# The result of the Attestation validation.
|
167
|
+
# @!attribute [rw] denial_reason
|
168
|
+
# @return [::String]
|
169
|
+
# The reason for denial if the Attestation couldn't be validated.
|
170
|
+
class ValidateAttestationOccurrenceResponse
|
171
|
+
include ::Google::Protobuf::MessageExts
|
172
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
173
|
+
|
174
|
+
# The enum returned in the "result" field.
|
175
|
+
module Result
|
176
|
+
# Unspecified.
|
177
|
+
RESULT_UNSPECIFIED = 0
|
178
|
+
|
179
|
+
# The Attestation was able to verified by the Attestor.
|
180
|
+
VERIFIED = 1
|
181
|
+
|
182
|
+
# The Attestation was not able to verified by the Attestor.
|
183
|
+
ATTESTATION_NOT_VERIFIABLE = 2
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Protobuf
|
22
|
+
# A generic empty message that you can re-use to avoid defining duplicated
|
23
|
+
# empty messages in your APIs. A typical example is to use it as the request
|
24
|
+
# or the response type of an API method. For instance:
|
25
|
+
#
|
26
|
+
# service Foo {
|
27
|
+
# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
|
28
|
+
# }
|
29
|
+
#
|
30
|
+
# The JSON representation for `Empty` is empty JSON object `{}`.
|
31
|
+
class Empty
|
32
|
+
include ::Google::Protobuf::MessageExts
|
33
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,129 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Protobuf
|
22
|
+
# A Timestamp represents a point in time independent of any time zone or local
|
23
|
+
# calendar, encoded as a count of seconds and fractions of seconds at
|
24
|
+
# nanosecond resolution. The count is relative to an epoch at UTC midnight on
|
25
|
+
# January 1, 1970, in the proleptic Gregorian calendar which extends the
|
26
|
+
# Gregorian calendar backwards to year one.
|
27
|
+
#
|
28
|
+
# All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
|
29
|
+
# second table is needed for interpretation, using a [24-hour linear
|
30
|
+
# smear](https://developers.google.com/time/smear).
|
31
|
+
#
|
32
|
+
# The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
|
33
|
+
# restricting to that range, we ensure that we can convert to and from [RFC
|
34
|
+
# 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
|
35
|
+
#
|
36
|
+
# # Examples
|
37
|
+
#
|
38
|
+
# Example 1: Compute Timestamp from POSIX `time()`.
|
39
|
+
#
|
40
|
+
# Timestamp timestamp;
|
41
|
+
# timestamp.set_seconds(time(NULL));
|
42
|
+
# timestamp.set_nanos(0);
|
43
|
+
#
|
44
|
+
# Example 2: Compute Timestamp from POSIX `gettimeofday()`.
|
45
|
+
#
|
46
|
+
# struct timeval tv;
|
47
|
+
# gettimeofday(&tv, NULL);
|
48
|
+
#
|
49
|
+
# Timestamp timestamp;
|
50
|
+
# timestamp.set_seconds(tv.tv_sec);
|
51
|
+
# timestamp.set_nanos(tv.tv_usec * 1000);
|
52
|
+
#
|
53
|
+
# Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
|
54
|
+
#
|
55
|
+
# FILETIME ft;
|
56
|
+
# GetSystemTimeAsFileTime(&ft);
|
57
|
+
# UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
|
58
|
+
#
|
59
|
+
# // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
|
60
|
+
# // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
|
61
|
+
# Timestamp timestamp;
|
62
|
+
# timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
|
63
|
+
# timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
|
64
|
+
#
|
65
|
+
# Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
|
66
|
+
#
|
67
|
+
# long millis = System.currentTimeMillis();
|
68
|
+
#
|
69
|
+
# Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
|
70
|
+
# .setNanos((int) ((millis % 1000) * 1000000)).build();
|
71
|
+
#
|
72
|
+
#
|
73
|
+
# Example 5: Compute Timestamp from Java `Instant.now()`.
|
74
|
+
#
|
75
|
+
# Instant now = Instant.now();
|
76
|
+
#
|
77
|
+
# Timestamp timestamp =
|
78
|
+
# Timestamp.newBuilder().setSeconds(now.getEpochSecond())
|
79
|
+
# .setNanos(now.getNano()).build();
|
80
|
+
#
|
81
|
+
#
|
82
|
+
# Example 6: Compute Timestamp from current time in Python.
|
83
|
+
#
|
84
|
+
# timestamp = Timestamp()
|
85
|
+
# timestamp.GetCurrentTime()
|
86
|
+
#
|
87
|
+
# # JSON Mapping
|
88
|
+
#
|
89
|
+
# In JSON format, the Timestamp type is encoded as a string in the
|
90
|
+
# [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
|
91
|
+
# format is "\\{year}-\\{month}-\\{day}T\\{hour}:\\{min}:\\{sec}[.\\{frac_sec}]Z"
|
92
|
+
# where \\{year} is always expressed using four digits while \\{month}, \\{day},
|
93
|
+
# \\{hour}, \\{min}, and \\{sec} are zero-padded to two digits each. The fractional
|
94
|
+
# seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
|
95
|
+
# are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
|
96
|
+
# is required. A proto3 JSON serializer should always use UTC (as indicated by
|
97
|
+
# "Z") when printing the Timestamp type and a proto3 JSON parser should be
|
98
|
+
# able to accept both UTC and other timezones (as indicated by an offset).
|
99
|
+
#
|
100
|
+
# For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
|
101
|
+
# 01:30 UTC on January 15, 2017.
|
102
|
+
#
|
103
|
+
# In JavaScript, one can convert a Date object to this format using the
|
104
|
+
# standard
|
105
|
+
# [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
|
106
|
+
# method. In Python, a standard `datetime.datetime` object can be converted
|
107
|
+
# to this format using
|
108
|
+
# [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
|
109
|
+
# the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
|
110
|
+
# the Joda Time's [`ISODateTimeFormat.dateTime()`](
|
111
|
+
# http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
|
112
|
+
# ) to obtain a formatter capable of generating timestamps in this format.
|
113
|
+
# @!attribute [rw] seconds
|
114
|
+
# @return [::Integer]
|
115
|
+
# Represents seconds of UTC time since Unix epoch
|
116
|
+
# 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
|
117
|
+
# 9999-12-31T23:59:59Z inclusive.
|
118
|
+
# @!attribute [rw] nanos
|
119
|
+
# @return [::Integer]
|
120
|
+
# Non-negative fractions of a second at nanosecond resolution. Negative
|
121
|
+
# second values with fractions must still have non-negative nanos values
|
122
|
+
# that count forward in time. Must be from 0 to 999,999,999
|
123
|
+
# inclusive.
|
124
|
+
class Timestamp
|
125
|
+
include ::Google::Protobuf::MessageExts
|
126
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Note kind that represents a logical attestation "role" or "authority". For
|
23
|
+
# example, an organization might have one `Authority` for "QA" and one for
|
24
|
+
# "build". This note is intended to act strictly as a grouping mechanism for
|
25
|
+
# the attached occurrences (Attestations). This grouping mechanism also
|
26
|
+
# provides a security boundary, since IAM ACLs gate the ability for a principle
|
27
|
+
# to attach an occurrence to a given note. It also provides a single point of
|
28
|
+
# lookup to find all attached attestation occurrences, even if they don't all
|
29
|
+
# live in the same project.
|
30
|
+
# @!attribute [rw] hint
|
31
|
+
# @return [::Grafeas::V1::AttestationNote::Hint]
|
32
|
+
# Hint hints at the purpose of the attestation authority.
|
33
|
+
class AttestationNote
|
34
|
+
include ::Google::Protobuf::MessageExts
|
35
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
36
|
+
|
37
|
+
# This submessage provides human-readable hints about the purpose of the
|
38
|
+
# authority. Because the name of a note acts as its resource reference, it is
|
39
|
+
# important to disambiguate the canonical name of the Note (which might be a
|
40
|
+
# UUID for security purposes) from "readable" names more suitable for debug
|
41
|
+
# output. Note that these hints should not be used to look up authorities in
|
42
|
+
# security sensitive contexts, such as when looking up attestations to
|
43
|
+
# verify.
|
44
|
+
# @!attribute [rw] human_readable_name
|
45
|
+
# @return [::String]
|
46
|
+
# Required. The human readable name of this attestation authority, for
|
47
|
+
# example "qa".
|
48
|
+
class Hint
|
49
|
+
include ::Google::Protobuf::MessageExts
|
50
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
# Occurrence that represents a single "attestation". The authenticity of an
|
55
|
+
# attestation can be verified using the attached signature. If the verifier
|
56
|
+
# trusts the public key of the signer, then verifying the signature is
|
57
|
+
# sufficient to establish trust. In this circumstance, the authority to which
|
58
|
+
# this attestation is attached is primarily useful for lookup (how to find
|
59
|
+
# this attestation if you already know the authority and artifact to be
|
60
|
+
# verified) and intent (for which authority this attestation was intended to
|
61
|
+
# sign.
|
62
|
+
# @!attribute [rw] serialized_payload
|
63
|
+
# @return [::String]
|
64
|
+
# Required. The serialized payload that is verified by one or more
|
65
|
+
# `signatures`.
|
66
|
+
# @!attribute [rw] signatures
|
67
|
+
# @return [::Array<::Grafeas::V1::Signature>]
|
68
|
+
# One or more signatures over `serialized_payload`. Verifier implementations
|
69
|
+
# should consider this attestation message verified if at least one
|
70
|
+
# `signature` verifies `serialized_payload`. See `Signature` in common.proto
|
71
|
+
# for more details on signature structure and verification.
|
72
|
+
class AttestationOccurrence
|
73
|
+
include ::Google::Protobuf::MessageExts
|
74
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,118 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# Metadata for any related URL information.
|
23
|
+
# @!attribute [rw] url
|
24
|
+
# @return [::String]
|
25
|
+
# Specific URL associated with the resource.
|
26
|
+
# @!attribute [rw] label
|
27
|
+
# @return [::String]
|
28
|
+
# Label to describe usage of the URL.
|
29
|
+
class RelatedUrl
|
30
|
+
include ::Google::Protobuf::MessageExts
|
31
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
32
|
+
end
|
33
|
+
|
34
|
+
# Verifiers (e.g. Kritis implementations) MUST verify signatures
|
35
|
+
# with respect to the trust anchors defined in policy (e.g. a Kritis policy).
|
36
|
+
# Typically this means that the verifier has been configured with a map from
|
37
|
+
# `public_key_id` to public key material (and any required parameters, e.g.
|
38
|
+
# signing algorithm).
|
39
|
+
#
|
40
|
+
# In particular, verification implementations MUST NOT treat the signature
|
41
|
+
# `public_key_id` as anything more than a key lookup hint. The `public_key_id`
|
42
|
+
# DOES NOT validate or authenticate a public key; it only provides a mechanism
|
43
|
+
# for quickly selecting a public key ALREADY CONFIGURED on the verifier through
|
44
|
+
# a trusted channel. Verification implementations MUST reject signatures in any
|
45
|
+
# of the following circumstances:
|
46
|
+
# * The `public_key_id` is not recognized by the verifier.
|
47
|
+
# * The public key that `public_key_id` refers to does not verify the
|
48
|
+
# signature with respect to the payload.
|
49
|
+
#
|
50
|
+
# The `signature` contents SHOULD NOT be "attached" (where the payload is
|
51
|
+
# included with the serialized `signature` bytes). Verifiers MUST ignore any
|
52
|
+
# "attached" payload and only verify signatures with respect to explicitly
|
53
|
+
# provided payload (e.g. a `payload` field on the proto message that holds
|
54
|
+
# this Signature, or the canonical serialization of the proto message that
|
55
|
+
# holds this signature).
|
56
|
+
# @!attribute [rw] signature
|
57
|
+
# @return [::String]
|
58
|
+
# The content of the signature, an opaque bytestring.
|
59
|
+
# The payload that this signature verifies MUST be unambiguously provided
|
60
|
+
# with the Signature during verification. A wrapper message might provide
|
61
|
+
# the payload explicitly. Alternatively, a message might have a canonical
|
62
|
+
# serialization that can always be unambiguously computed to derive the
|
63
|
+
# payload.
|
64
|
+
# @!attribute [rw] public_key_id
|
65
|
+
# @return [::String]
|
66
|
+
# The identifier for the public key that verifies this signature.
|
67
|
+
# * The `public_key_id` is required.
|
68
|
+
# * The `public_key_id` MUST be an RFC3986 conformant URI.
|
69
|
+
# * When possible, the `public_key_id` SHOULD be an immutable reference,
|
70
|
+
# such as a cryptographic digest.
|
71
|
+
#
|
72
|
+
# Examples of valid `public_key_id`s:
|
73
|
+
#
|
74
|
+
# OpenPGP V4 public key fingerprint:
|
75
|
+
# * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
|
76
|
+
# See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
|
77
|
+
# details on this scheme.
|
78
|
+
#
|
79
|
+
# RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
|
80
|
+
# serialization):
|
81
|
+
# * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
|
82
|
+
# * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
|
83
|
+
class Signature
|
84
|
+
include ::Google::Protobuf::MessageExts
|
85
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
86
|
+
end
|
87
|
+
|
88
|
+
# Kind represents the kinds of notes supported.
|
89
|
+
module NoteKind
|
90
|
+
# Unknown.
|
91
|
+
NOTE_KIND_UNSPECIFIED = 0
|
92
|
+
|
93
|
+
# The note and occurrence represent a package vulnerability.
|
94
|
+
VULNERABILITY = 1
|
95
|
+
|
96
|
+
# The note and occurrence assert build provenance.
|
97
|
+
BUILD = 2
|
98
|
+
|
99
|
+
# This represents an image basis relationship.
|
100
|
+
IMAGE = 3
|
101
|
+
|
102
|
+
# This represents a package installed via a package manager.
|
103
|
+
PACKAGE = 4
|
104
|
+
|
105
|
+
# The note and occurrence track deployment events.
|
106
|
+
DEPLOYMENT = 5
|
107
|
+
|
108
|
+
# The note and occurrence track the initial discovery status of a resource.
|
109
|
+
DISCOVERY = 6
|
110
|
+
|
111
|
+
# This represents a logical "role" that can attest to artifacts.
|
112
|
+
ATTESTATION = 7
|
113
|
+
|
114
|
+
# This represents an available package upgrade.
|
115
|
+
UPGRADE = 8
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|