google-cloud-binary_authorization-v1 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb +74 -37
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb +82 -37
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/bindings_override.rb +110 -0
- data/lib/google/cloud/binary_authorization/v1/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/client.rb +16 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb +24 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb +23 -6
- data/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb +31 -6
- data/lib/google/cloud/binary_authorization/v1/validation_helper/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1/resources_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1/service_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb +29 -20
- data/proto_docs/google/cloud/binaryauthorization/v1/resources.rb +106 -52
- data/proto_docs/google/cloud/binaryauthorization/v1/service.rb +56 -34
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/type/expr.rb +75 -0
- metadata +21 -4
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
|
|
19
19
|
require "google/cloud/errors"
|
|
20
20
|
require "google/cloud/binaryauthorization/v1/service_pb"
|
|
21
|
+
require "google/iam/v1"
|
|
21
22
|
|
|
22
23
|
module Google
|
|
23
24
|
module Cloud
|
|
@@ -170,8 +171,23 @@ module Google
|
|
|
170
171
|
entry.set "defaultTimeout", @config.timeout if @config.timeout
|
|
171
172
|
entry.set "quotaProject", @quota_project_id if @quota_project_id
|
|
172
173
|
end
|
|
174
|
+
|
|
175
|
+
@iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
|
|
176
|
+
config.credentials = credentials
|
|
177
|
+
config.quota_project = @quota_project_id
|
|
178
|
+
config.endpoint = @system_policy_stub.endpoint
|
|
179
|
+
config.universe_domain = @system_policy_stub.universe_domain
|
|
180
|
+
config.logger = @system_policy_stub.logger if config.respond_to? :logger=
|
|
181
|
+
end
|
|
173
182
|
end
|
|
174
183
|
|
|
184
|
+
##
|
|
185
|
+
# Get the associated client for mix-in of the IAMPolicy.
|
|
186
|
+
#
|
|
187
|
+
# @return [Google::Iam::V1::IAMPolicy::Client]
|
|
188
|
+
#
|
|
189
|
+
attr_reader :iam_policy_client
|
|
190
|
+
|
|
175
191
|
##
|
|
176
192
|
# The logger used for request/response debug logging.
|
|
177
193
|
#
|
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
require "google/cloud/errors"
|
|
20
20
|
require "google/cloud/binaryauthorization/v1/service_pb"
|
|
21
21
|
require "google/cloud/binary_authorization/v1/system_policy/rest/service_stub"
|
|
22
|
+
require "google/iam/v1/rest"
|
|
22
23
|
|
|
23
24
|
module Google
|
|
24
25
|
module Cloud
|
|
@@ -163,8 +164,24 @@ module Google
|
|
|
163
164
|
entry.set "defaultTimeout", @config.timeout if @config.timeout
|
|
164
165
|
entry.set "quotaProject", @quota_project_id if @quota_project_id
|
|
165
166
|
end
|
|
167
|
+
|
|
168
|
+
@iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config|
|
|
169
|
+
config.credentials = credentials
|
|
170
|
+
config.quota_project = @quota_project_id
|
|
171
|
+
config.endpoint = @system_policy_stub.endpoint
|
|
172
|
+
config.universe_domain = @system_policy_stub.universe_domain
|
|
173
|
+
config.bindings_override = @config.bindings_override
|
|
174
|
+
config.logger = @system_policy_stub.logger if config.respond_to? :logger=
|
|
175
|
+
end
|
|
166
176
|
end
|
|
167
177
|
|
|
178
|
+
##
|
|
179
|
+
# Get the associated client for mix-in of the IAMPolicy.
|
|
180
|
+
#
|
|
181
|
+
# @return [Google::Iam::V1::IAMPolicy::Rest::Client]
|
|
182
|
+
#
|
|
183
|
+
attr_reader :iam_policy_client
|
|
184
|
+
|
|
168
185
|
##
|
|
169
186
|
# The logger used for request/response debug logging.
|
|
170
187
|
#
|
|
@@ -363,6 +380,13 @@ module Google
|
|
|
363
380
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
364
381
|
config_attr :quota_project, nil, ::String, nil
|
|
365
382
|
config_attr :universe_domain, nil, ::String, nil
|
|
383
|
+
|
|
384
|
+
# @private
|
|
385
|
+
# Overrides for http bindings for the RPCs of this service
|
|
386
|
+
# are only used when this service is used as mixin, and only
|
|
387
|
+
# by the host service.
|
|
388
|
+
# @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
|
|
389
|
+
config_attr :bindings_override, {}, ::Hash, nil
|
|
366
390
|
config_attr :logger, :default, ::Logger, nil, :default
|
|
367
391
|
|
|
368
392
|
# @private
|
|
@@ -21,6 +21,7 @@ require "gapic/config"
|
|
|
21
21
|
require "gapic/config/method"
|
|
22
22
|
|
|
23
23
|
require "google/cloud/binary_authorization/v1/version"
|
|
24
|
+
require "google/cloud/binary_authorization/v1/bindings_override"
|
|
24
25
|
|
|
25
26
|
require "google/cloud/binary_authorization/v1/system_policy/credentials"
|
|
26
27
|
require "google/cloud/binary_authorization/v1/system_policy/paths"
|
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
|
|
19
19
|
require "google/cloud/errors"
|
|
20
20
|
require "google/cloud/binaryauthorization/v1/service_pb"
|
|
21
|
+
require "google/iam/v1"
|
|
21
22
|
|
|
22
23
|
module Google
|
|
23
24
|
module Cloud
|
|
@@ -168,8 +169,23 @@ module Google
|
|
|
168
169
|
entry.set "defaultTimeout", @config.timeout if @config.timeout
|
|
169
170
|
entry.set "quotaProject", @quota_project_id if @quota_project_id
|
|
170
171
|
end
|
|
172
|
+
|
|
173
|
+
@iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
|
|
174
|
+
config.credentials = credentials
|
|
175
|
+
config.quota_project = @quota_project_id
|
|
176
|
+
config.endpoint = @validation_helper_stub.endpoint
|
|
177
|
+
config.universe_domain = @validation_helper_stub.universe_domain
|
|
178
|
+
config.logger = @validation_helper_stub.logger if config.respond_to? :logger=
|
|
179
|
+
end
|
|
171
180
|
end
|
|
172
181
|
|
|
182
|
+
##
|
|
183
|
+
# Get the associated client for mix-in of the IAMPolicy.
|
|
184
|
+
#
|
|
185
|
+
# @return [Google::Iam::V1::IAMPolicy::Client]
|
|
186
|
+
#
|
|
187
|
+
attr_reader :iam_policy_client
|
|
188
|
+
|
|
173
189
|
##
|
|
174
190
|
# The logger used for request/response debug logging.
|
|
175
191
|
#
|
|
@@ -182,8 +198,8 @@ module Google
|
|
|
182
198
|
# Service calls
|
|
183
199
|
|
|
184
200
|
##
|
|
185
|
-
# Returns whether the given Attestation for the given image URI
|
|
186
|
-
# was signed by the given Attestor
|
|
201
|
+
# Returns whether the given `Attestation` for the given image URI
|
|
202
|
+
# was signed by the given `Attestor`
|
|
187
203
|
#
|
|
188
204
|
# @overload validate_attestation_occurrence(request, options = nil)
|
|
189
205
|
# Pass arguments to `validate_attestation_occurrence` via a request object, either of type
|
|
@@ -201,14 +217,15 @@ module Google
|
|
|
201
217
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
202
218
|
#
|
|
203
219
|
# @param attestor [::String]
|
|
204
|
-
# Required. The resource name of the
|
|
220
|
+
# Required. The resource name of the
|
|
221
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the
|
|
205
222
|
# [occurrence][grafeas.v1.Occurrence], in the format
|
|
206
223
|
# `projects/*/attestors/*`.
|
|
207
224
|
# @param attestation [::Grafeas::V1::AttestationOccurrence, ::Hash]
|
|
208
225
|
# Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to
|
|
209
|
-
# be checked that it can be verified by the Attestor
|
|
210
|
-
# an existing entity in Container Analysis. It must otherwise be a valid
|
|
211
|
-
# AttestationOccurrence
|
|
226
|
+
# be checked that it can be verified by the `Attestor`. It does not have to
|
|
227
|
+
# be an existing entity in Container Analysis. It must otherwise be a valid
|
|
228
|
+
# `AttestationOccurrence`.
|
|
212
229
|
# @param occurrence_note [::String]
|
|
213
230
|
# Required. The resource name of the [Note][grafeas.v1.Note] to which the
|
|
214
231
|
# containing [Occurrence][grafeas.v1.Occurrence] is associated.
|
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
require "google/cloud/errors"
|
|
20
20
|
require "google/cloud/binaryauthorization/v1/service_pb"
|
|
21
21
|
require "google/cloud/binary_authorization/v1/validation_helper/rest/service_stub"
|
|
22
|
+
require "google/iam/v1/rest"
|
|
22
23
|
|
|
23
24
|
module Google
|
|
24
25
|
module Cloud
|
|
@@ -161,8 +162,24 @@ module Google
|
|
|
161
162
|
entry.set "defaultTimeout", @config.timeout if @config.timeout
|
|
162
163
|
entry.set "quotaProject", @quota_project_id if @quota_project_id
|
|
163
164
|
end
|
|
165
|
+
|
|
166
|
+
@iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config|
|
|
167
|
+
config.credentials = credentials
|
|
168
|
+
config.quota_project = @quota_project_id
|
|
169
|
+
config.endpoint = @validation_helper_stub.endpoint
|
|
170
|
+
config.universe_domain = @validation_helper_stub.universe_domain
|
|
171
|
+
config.bindings_override = @config.bindings_override
|
|
172
|
+
config.logger = @validation_helper_stub.logger if config.respond_to? :logger=
|
|
173
|
+
end
|
|
164
174
|
end
|
|
165
175
|
|
|
176
|
+
##
|
|
177
|
+
# Get the associated client for mix-in of the IAMPolicy.
|
|
178
|
+
#
|
|
179
|
+
# @return [Google::Iam::V1::IAMPolicy::Rest::Client]
|
|
180
|
+
#
|
|
181
|
+
attr_reader :iam_policy_client
|
|
182
|
+
|
|
166
183
|
##
|
|
167
184
|
# The logger used for request/response debug logging.
|
|
168
185
|
#
|
|
@@ -175,8 +192,8 @@ module Google
|
|
|
175
192
|
# Service calls
|
|
176
193
|
|
|
177
194
|
##
|
|
178
|
-
# Returns whether the given Attestation for the given image URI
|
|
179
|
-
# was signed by the given Attestor
|
|
195
|
+
# Returns whether the given `Attestation` for the given image URI
|
|
196
|
+
# was signed by the given `Attestor`
|
|
180
197
|
#
|
|
181
198
|
# @overload validate_attestation_occurrence(request, options = nil)
|
|
182
199
|
# Pass arguments to `validate_attestation_occurrence` via a request object, either of type
|
|
@@ -194,14 +211,15 @@ module Google
|
|
|
194
211
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
195
212
|
#
|
|
196
213
|
# @param attestor [::String]
|
|
197
|
-
# Required. The resource name of the
|
|
214
|
+
# Required. The resource name of the
|
|
215
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the
|
|
198
216
|
# [occurrence][grafeas.v1.Occurrence], in the format
|
|
199
217
|
# `projects/*/attestors/*`.
|
|
200
218
|
# @param attestation [::Grafeas::V1::AttestationOccurrence, ::Hash]
|
|
201
219
|
# Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to
|
|
202
|
-
# be checked that it can be verified by the Attestor
|
|
203
|
-
# an existing entity in Container Analysis. It must otherwise be a valid
|
|
204
|
-
# AttestationOccurrence
|
|
220
|
+
# be checked that it can be verified by the `Attestor`. It does not have to
|
|
221
|
+
# be an existing entity in Container Analysis. It must otherwise be a valid
|
|
222
|
+
# `AttestationOccurrence`.
|
|
205
223
|
# @param occurrence_note [::String]
|
|
206
224
|
# Required. The resource name of the [Note][grafeas.v1.Note] to which the
|
|
207
225
|
# containing [Occurrence][grafeas.v1.Occurrence] is associated.
|
|
@@ -374,6 +392,13 @@ module Google
|
|
|
374
392
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
375
393
|
config_attr :quota_project, nil, ::String, nil
|
|
376
394
|
config_attr :universe_domain, nil, ::String, nil
|
|
395
|
+
|
|
396
|
+
# @private
|
|
397
|
+
# Overrides for http bindings for the RPCs of this service
|
|
398
|
+
# are only used when this service is used as mixin, and only
|
|
399
|
+
# by the host service.
|
|
400
|
+
# @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
|
|
401
|
+
config_attr :bindings_override, {}, ::Hash, nil
|
|
377
402
|
config_attr :logger, :default, ::Logger, nil, :default
|
|
378
403
|
|
|
379
404
|
# @private
|
|
@@ -21,6 +21,7 @@ require "gapic/config"
|
|
|
21
21
|
require "gapic/config/method"
|
|
22
22
|
|
|
23
23
|
require "google/cloud/binary_authorization/v1/version"
|
|
24
|
+
require "google/cloud/binary_authorization/v1/bindings_override"
|
|
24
25
|
|
|
25
26
|
require "google/cloud/binary_authorization/v1/validation_helper/credentials"
|
|
26
27
|
require "google/cloud/binary_authorization/v1/validation_helper/rest/client"
|
|
@@ -9,7 +9,7 @@ require 'google/api/resource_pb'
|
|
|
9
9
|
require 'google/protobuf/timestamp_pb'
|
|
10
10
|
|
|
11
11
|
|
|
12
|
-
descriptor_data = "\n3google/cloud/binaryauthorization/v1/resources.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\
|
|
12
|
+
descriptor_data = "\n3google/cloud/binaryauthorization/v1/resources.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\x8b\r\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12r\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12i\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32>.google.cloud.binaryauthorization.v1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12l\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32\x46.google.cloud.binaryauthorization.v1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x85\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32R.google.cloud.binaryauthorization.v1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x90\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32W.google.cloud.binaryauthorization.v1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x88\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32S.google.cloud.binaryauthorization.v1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12W\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x0b \x01(\tB\x03\xe0\x41\x01\x1ap\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a|\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a}\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xda\x03\n\rAdmissionRule\x12_\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x41.google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x61\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32\x42.google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xca\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\\\n\x17user_owned_grafeas_note\x18\x03 \x01(\x0b\x32\x39.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x07 \x01(\tB\x03\xe0\x41\x01:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb4\x01\n\x14UserOwnedGrafeasNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12P\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32\x36.google.cloud.binaryauthorization.v1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xdb\x05\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12\x62\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32\x45.google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm\x12\x13\n\x06key_id\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\xb8\x04\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x1c\n\x18RSA_SIGN_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x1c\n\x18RSA_SIGN_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x12\r\n\tML_DSA_65\x10\r\x1a\x02\x10\x01\"\xba\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12M\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\x89\x02\n5com.google.protos.google.cloud.binaryauthorization.v1P\x00ZYcloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02#Google.Cloud.BinaryAuthorization.V1\xca\x02#Google\\Cloud\\BinaryAuthorization\\V1\xea\x02&Google::Cloud::BinaryAuthorization::V1b\x06proto3"
|
|
13
13
|
|
|
14
14
|
pool = ::Google::Protobuf::DescriptorPool.generated_pool
|
|
15
15
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -13,7 +13,7 @@ require 'google/protobuf/empty_pb'
|
|
|
13
13
|
require 'grafeas/v1/attestation_pb'
|
|
14
14
|
|
|
15
15
|
|
|
16
|
-
descriptor_data = "\n1google/cloud/binaryauthorization/v1/service.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x33google/cloud/binaryauthorization/v1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1cgrafeas/v1/attestation.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"W\n\x13UpdatePolicyRequest\x12@\n\x06policy\x18\x01 \x01(\x0b\x32+.google.cloud.binaryauthorization.v1.PolicyB\x03\xe0\x41\x02\"\xbc\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x44\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"]\n\x15UpdateAttestorRequest\x12\x44\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"r\n\x15ListAttestorsResponse\x12@\n\tattestors\x18\x01 \x03(\x0b\x32-.google.cloud.binaryauthorization.v1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\xbe\x01\n$ValidateAttestationOccurrenceRequest\x12\x15\n\x08\x61ttestor\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12;\n\x0b\x61ttestation\x18\x02 \x01(\x0b\x32!.grafeas.v1.AttestationOccurrenceB\x03\xe0\x41\x02\x12\x1c\n\x0foccurrence_note\x18\x03 \x01(\tB\x03\xe0\x41\x02\x12$\n\x17occurrence_resource_uri\x18\x04 \x01(\tB\x03\xe0\x41\x02\"\xf1\x01\n%ValidateAttestationOccurrenceResponse\x12\x61\n\x06result\x18\x01 \x01(\x0e\x32Q.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result\x12\x15\n\rdenial_reason\x18\x02 \x01(\t\"N\n\x06Result\x12\x16\n\x12RESULT_UNSPECIFIED\x10\x00\x12\x0c\n\x08VERIFIED\x10\x01\x12\x1e\n\x1a\x41TTESTATION_NOT_VERIFIABLE\x10\x02\x32\xe2\n\n\x1b\x42inauthzManagementServiceV1\x12\x9c\x01\n\tGetPolicy\x12\x35.google.cloud.binaryauthorization.v1.GetPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"+\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1e\x12\x1c/v1/{name=projects/*/policy}\x12\xb3\x01\n\x0cUpdatePolicy\x12\x38.google.cloud.binaryauthorization.v1.UpdatePolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"<\xda\x41\x06policy\x82\xd3\xe4\x93\x02-\x1a#/v1/{policy.name=projects/*/policy}:\x06policy\x12\xce\x01\n\x0e\x43reateAttestor\x12:.google.cloud.binaryauthorization.v1.CreateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"Q\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02-\"!/v1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xa7\x01\n\x0bGetAttestor\x12\x37.google.cloud.binaryauthorization.v1.GetAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1/{name=projects/*/attestors/*}\x12\xc4\x01\n\x0eUpdateAttestor\x12:.google.cloud.binaryauthorization.v1.UpdateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"G\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02\x36\x1a*/v1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xba\x01\n\rListAttestors\x12\x39.google.cloud.binaryauthorization.v1.ListAttestorsRequest\x1a:.google.cloud.binaryauthorization.v1.ListAttestorsResponse\"2\xda\x41\x06parent\x82\xd3\xe4\x93\x02#\x12!/v1/{parent=projects/*}/attestors\x12\x96\x01\n\x0e\x44\x65leteAttestor\x12:.google.cloud.binaryauthorization.v1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#*!/v1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\x94\x02\n\x0eSystemPolicyV1\x12\xa9\x01\n\x0fGetSystemPolicy\x12;.google.cloud.binaryauthorization.v1.GetSystemPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\",\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1f\x12\x1d/v1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xf5\x02\n\x12ValidationHelperV1\x12\x86\x02\n\x1dValidateAttestationOccurrence\x12I.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest\x1aJ.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse\"N\x82\xd3\xe4\x93\x02H\"C/v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence:\x01*\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\
|
|
16
|
+
descriptor_data = "\n1google/cloud/binaryauthorization/v1/service.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x33google/cloud/binaryauthorization/v1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1cgrafeas/v1/attestation.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"W\n\x13UpdatePolicyRequest\x12@\n\x06policy\x18\x01 \x01(\x0b\x32+.google.cloud.binaryauthorization.v1.PolicyB\x03\xe0\x41\x02\"\xbc\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x44\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"]\n\x15UpdateAttestorRequest\x12\x44\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"r\n\x15ListAttestorsResponse\x12@\n\tattestors\x18\x01 \x03(\x0b\x32-.google.cloud.binaryauthorization.v1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\xbe\x01\n$ValidateAttestationOccurrenceRequest\x12\x15\n\x08\x61ttestor\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12;\n\x0b\x61ttestation\x18\x02 \x01(\x0b\x32!.grafeas.v1.AttestationOccurrenceB\x03\xe0\x41\x02\x12\x1c\n\x0foccurrence_note\x18\x03 \x01(\tB\x03\xe0\x41\x02\x12$\n\x17occurrence_resource_uri\x18\x04 \x01(\tB\x03\xe0\x41\x02\"\xf1\x01\n%ValidateAttestationOccurrenceResponse\x12\x61\n\x06result\x18\x01 \x01(\x0e\x32Q.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result\x12\x15\n\rdenial_reason\x18\x02 \x01(\t\"N\n\x06Result\x12\x16\n\x12RESULT_UNSPECIFIED\x10\x00\x12\x0c\n\x08VERIFIED\x10\x01\x12\x1e\n\x1a\x41TTESTATION_NOT_VERIFIABLE\x10\x02\x32\xe2\n\n\x1b\x42inauthzManagementServiceV1\x12\x9c\x01\n\tGetPolicy\x12\x35.google.cloud.binaryauthorization.v1.GetPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"+\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1e\x12\x1c/v1/{name=projects/*/policy}\x12\xb3\x01\n\x0cUpdatePolicy\x12\x38.google.cloud.binaryauthorization.v1.UpdatePolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"<\xda\x41\x06policy\x82\xd3\xe4\x93\x02-\x1a#/v1/{policy.name=projects/*/policy}:\x06policy\x12\xce\x01\n\x0e\x43reateAttestor\x12:.google.cloud.binaryauthorization.v1.CreateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"Q\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02-\"!/v1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xa7\x01\n\x0bGetAttestor\x12\x37.google.cloud.binaryauthorization.v1.GetAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1/{name=projects/*/attestors/*}\x12\xc4\x01\n\x0eUpdateAttestor\x12:.google.cloud.binaryauthorization.v1.UpdateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"G\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02\x36\x1a*/v1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xba\x01\n\rListAttestors\x12\x39.google.cloud.binaryauthorization.v1.ListAttestorsRequest\x1a:.google.cloud.binaryauthorization.v1.ListAttestorsResponse\"2\xda\x41\x06parent\x82\xd3\xe4\x93\x02#\x12!/v1/{parent=projects/*}/attestors\x12\x96\x01\n\x0e\x44\x65leteAttestor\x12:.google.cloud.binaryauthorization.v1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#*!/v1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\x94\x02\n\x0eSystemPolicyV1\x12\xa9\x01\n\x0fGetSystemPolicy\x12;.google.cloud.binaryauthorization.v1.GetSystemPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\",\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1f\x12\x1d/v1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xf5\x02\n\x12ValidationHelperV1\x12\x86\x02\n\x1dValidateAttestationOccurrence\x12I.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest\x1aJ.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse\"N\x82\xd3\xe4\x93\x02H\"C/v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence:\x01*\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x89\x02\n5com.google.protos.google.cloud.binaryauthorization.v1P\x00ZYcloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02#Google.Cloud.BinaryAuthorization.V1\xca\x02#Google\\Cloud\\BinaryAuthorization\\V1\xea\x02&Google::Cloud::BinaryAuthorization::V1b\x06proto3"
|
|
17
17
|
|
|
18
18
|
pool = ::Google::Protobuf::DescriptorPool.generated_pool
|
|
19
19
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -41,35 +41,44 @@ module Google
|
|
|
41
41
|
self.unmarshal_class_method = :decode
|
|
42
42
|
self.service_name = 'google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1'
|
|
43
43
|
|
|
44
|
-
# A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
|
|
45
|
-
#
|
|
46
|
-
# image
|
|
47
|
-
#
|
|
44
|
+
# A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
|
|
45
|
+
# [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest
|
|
46
|
+
# to a container image, before the project is allowed to deploy that image.
|
|
47
|
+
# There is at most one policy per project. All image admission requests are
|
|
48
|
+
# permitted if a project has no policy.
|
|
48
49
|
#
|
|
49
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this
|
|
50
|
-
#
|
|
50
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this
|
|
51
|
+
# project. Returns a default
|
|
52
|
+
# [policy][google.cloud.binaryauthorization.v1.Policy] if the project does
|
|
53
|
+
# not have one.
|
|
51
54
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy
|
|
52
|
-
# Creates or updates a project's
|
|
53
|
-
#
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
# if the
|
|
55
|
+
# Creates or updates a project's
|
|
56
|
+
# [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of
|
|
57
|
+
# the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is
|
|
58
|
+
# always updated as a whole, to avoid race conditions with concurrent policy
|
|
59
|
+
# enforcement (or management!) requests. Returns `NOT_FOUND` if the project
|
|
60
|
+
# does not exist, `INVALID_ARGUMENT` if the request is malformed.
|
|
57
61
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy
|
|
58
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and
|
|
59
|
-
#
|
|
60
|
-
#
|
|
62
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and
|
|
63
|
+
# returns a copy of the new
|
|
64
|
+
# [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns
|
|
65
|
+
# `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the
|
|
66
|
+
# request is malformed, `ALREADY_EXISTS` if the
|
|
61
67
|
# [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
|
|
62
68
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor
|
|
63
69
|
# Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
|
|
64
|
-
# Returns NOT_FOUND if the
|
|
70
|
+
# Returns `NOT_FOUND` if the
|
|
71
|
+
# [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
|
|
65
72
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor
|
|
66
73
|
# Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
|
|
67
|
-
# Returns NOT_FOUND if the
|
|
74
|
+
# Returns `NOT_FOUND` if the
|
|
75
|
+
# [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
|
|
68
76
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor
|
|
69
77
|
# Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
|
|
70
|
-
# Returns INVALID_ARGUMENT if the project does not exist.
|
|
78
|
+
# Returns `INVALID_ARGUMENT` if the project does not exist.
|
|
71
79
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse
|
|
72
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor].
|
|
80
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor].
|
|
81
|
+
# Returns `NOT_FOUND` if the
|
|
73
82
|
# [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
|
|
74
83
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
|
75
84
|
end
|
|
@@ -102,8 +111,8 @@ module Google
|
|
|
102
111
|
self.unmarshal_class_method = :decode
|
|
103
112
|
self.service_name = 'google.cloud.binaryauthorization.v1.ValidationHelperV1'
|
|
104
113
|
|
|
105
|
-
# Returns whether the given Attestation for the given image URI
|
|
106
|
-
# was signed by the given Attestor
|
|
114
|
+
# Returns whether the given `Attestation` for the given image URI
|
|
115
|
+
# was signed by the given `Attestor`
|
|
107
116
|
rpc :ValidateAttestationOccurrence, ::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceRequest, ::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceResponse
|
|
108
117
|
end
|
|
109
118
|
|