google-cloud-binary_authorization-v1 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -21,7 +21,8 @@ module Google
21
21
  module Cloud
22
22
  module BinaryAuthorization
23
23
  module V1
24
- # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for container image binary authorization.
24
+ # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for container image
25
+ # binary authorization.
25
26
  # @!attribute [r] name
26
27
  # @return [::String]
27
28
  # Output only. The resource name, in the format `projects/*/policy`. There is
@@ -42,7 +43,12 @@ module Google
42
43
  # third-party infrastructure images from Binary Authorization policies.
43
44
  # @!attribute [rw] cluster_admission_rules
44
45
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
45
- # Optional. Per-cluster admission rules. Cluster spec format:
46
+ # Optional. A valid policy has only one of the following rule maps non-empty,
47
+ # i.e. only one of `cluster_admission_rules`,
48
+ # `kubernetes_namespace_admission_rules`,
49
+ # `kubernetes_service_account_admission_rules`,
50
+ # or `istio_service_identity_admission_rules` can be non-empty.
51
+ # Per-cluster admission rules. Cluster spec format:
46
52
  # `location.clusterId`. There can be at most one admission rule per cluster
47
53
  # spec.
48
54
  # A `location` is either a compute zone (e.g. us-central1-a) or a region
@@ -51,19 +57,20 @@ module Google
51
57
  # https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
52
58
  # @!attribute [rw] kubernetes_namespace_admission_rules
53
59
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
54
- # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
55
- # [a-z.-]+, e.g. 'some-namespace'
60
+ # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
61
+ # format:
62
+ # `[a-z.-]+`, e.g. `some-namespace`
56
63
  # @!attribute [rw] kubernetes_service_account_admission_rules
57
64
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
58
65
  # Optional. Per-kubernetes-service-account admission rules. Service account
59
- # spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
66
+ # spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
60
67
  # @!attribute [rw] istio_service_identity_admission_rules
61
68
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
62
69
  # Optional. Per-istio-service-identity admission rules. Istio service
63
70
  # identity spec format:
64
- # spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
65
- # <domain>/ns/<namespace>/sa/<serviceaccount>
66
- # e.g. spiffe://example.com/ns/test-ns/sa/default
71
+ # `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
72
+ # `<domain>/ns/<namespace>/sa/<serviceaccount>`
73
+ # e.g. `spiffe://example.com/ns/test-ns/sa/default`
67
74
  # @!attribute [rw] default_admission_rule
68
75
  # @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
69
76
  # Required. Default admission rule for a cluster without a per-cluster, per-
@@ -71,6 +78,11 @@ module Google
71
78
  # @!attribute [r] update_time
72
79
  # @return [::Google::Protobuf::Timestamp]
73
80
  # Output only. Time when the policy was last updated.
81
+ # @!attribute [rw] etag
82
+ # @return [::String]
83
+ # Optional. A checksum, returned by the server, that can be sent on update
84
+ # requests to ensure the policy has an up-to-date value before attempting to
85
+ # update it. See https://google.aip.dev/154.
74
86
  class Policy
75
87
  include ::Google::Protobuf::MessageExts
76
88
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -112,7 +124,7 @@ module Google
112
124
  end
113
125
 
114
126
  module GlobalPolicyEvaluationMode
115
- # Not specified: DISABLE is assumed.
127
+ # Not specified: `DISABLE` is assumed.
116
128
  GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
117
129
 
118
130
  # Enables system policy evaluation.
@@ -123,8 +135,10 @@ module Google
123
135
  end
124
136
  end
125
137
 
126
- # An {::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern admission allowlist pattern} exempts images
127
- # from checks by {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rules}.
138
+ # An [admission allowlist
139
+ # pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
140
+ # exempts images from checks by [admission
141
+ # rules][google.cloud.binaryauthorization.v1.AdmissionRule].
128
142
  # @!attribute [rw] name_pattern
129
143
  # @return [::String]
130
144
  # An image name pattern to allowlist, in the form `registry/path/to/image`.
@@ -136,13 +150,15 @@ module Google
136
150
  extend ::Google::Protobuf::MessageExts::ClassMethods
137
151
  end
138
152
 
139
- # An {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rule} specifies either that all container images
140
- # used in a pod creation request must be attested to by one or more
141
- # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, that all pod creations will be allowed, or that all
142
- # pod creations will be denied.
153
+ # An {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rule}
154
+ # specifies either that all container images used in a pod creation request
155
+ # must be attested to by one or more
156
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, that all pod
157
+ # creations will be allowed, or that all pod creations will be denied.
143
158
  #
144
- # Images matching an {::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern admission allowlist pattern}
145
- # are exempted from admission rules and will never block a pod creation.
159
+ # Images matching an [admission allowlist
160
+ # pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are
161
+ # exempted from admission rules and will never block a pod creation.
146
162
  # @!attribute [rw] evaluation_mode
147
163
  # @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule::EvaluationMode]
148
164
  # Required. How this admission rule will be evaluated.
@@ -154,8 +170,8 @@ module Google
154
170
  # to a policy the principal issuing the policy change request must be able
155
171
  # to read the attestor resource.
156
172
  #
157
- # Note: this field must be non-empty when the evaluation_mode field specifies
158
- # REQUIRE_ATTESTATION, otherwise it must be empty.
173
+ # Note: this field must be non-empty when the `evaluation_mode` field
174
+ # specifies `REQUIRE_ATTESTATION`, otherwise it must be empty.
159
175
  # @!attribute [rw] enforcement_mode
160
176
  # @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule::EnforcementMode]
161
177
  # Required. The action when a pod creation is denied by the admission rule.
@@ -167,11 +183,11 @@ module Google
167
183
  # Do not use.
168
184
  EVALUATION_MODE_UNSPECIFIED = 0
169
185
 
170
- # This rule allows all all pod creations.
186
+ # This rule allows all pod creations.
171
187
  ALWAYS_ALLOW = 1
172
188
 
173
189
  # This rule allows a pod creation if all the attestors listed in
174
- # 'require_attestations_by' have valid attestations for all of the
190
+ # `require_attestations_by` have valid attestations for all of the
175
191
  # images in the pod spec.
176
192
  REQUIRE_ATTESTATION = 2
177
193
 
@@ -194,9 +210,9 @@ module Google
194
210
  end
195
211
  end
196
212
 
197
- # An {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} that attests to container image
198
- # artifacts. An existing attestor cannot be modified except where
199
- # indicated.
213
+ # An {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} that attests to
214
+ # container image artifacts. An existing attestor cannot be modified except
215
+ # where indicated.
200
216
  # @!attribute [rw] name
201
217
  # @return [::String]
202
218
  # Required. The resource name, in the format:
@@ -212,18 +228,24 @@ module Google
212
228
  # @!attribute [r] update_time
213
229
  # @return [::Google::Protobuf::Timestamp]
214
230
  # Output only. Time when the attestor was last updated.
231
+ # @!attribute [rw] etag
232
+ # @return [::String]
233
+ # Optional. A checksum, returned by the server, that can be sent on update
234
+ # requests to ensure the attestor has an up-to-date value before attempting
235
+ # to update it. See https://google.aip.dev/154.
215
236
  class Attestor
216
237
  include ::Google::Protobuf::MessageExts
217
238
  extend ::Google::Protobuf::MessageExts::ClassMethods
218
239
  end
219
240
 
220
- # An {::Google::Cloud::BinaryAuthorization::V1::UserOwnedGrafeasNote user owned Grafeas note} references a Grafeas
221
- # Attestation.Authority Note created by the user.
241
+ # An [user owned Grafeas
242
+ # note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a
243
+ # Grafeas Attestation.Authority Note created by the user.
222
244
  # @!attribute [rw] note_reference
223
245
  # @return [::String]
224
246
  # Required. The Grafeas resource name of a Attestation.Authority Note,
225
- # created by the user, in the format: `projects/*/notes/*`. This field may
226
- # not be updated.
247
+ # created by the user, in the format: `projects/[PROJECT_ID]/notes/*`. This
248
+ # field may not be updated. A project ID must be used, not a project number.
227
249
  #
228
250
  # An attestation by this attestor is stored as a Grafeas
229
251
  # Attestation.Authority Occurrence that names a container image and that
@@ -242,12 +264,13 @@ module Google
242
264
  # @!attribute [r] delegation_service_account_email
243
265
  # @return [::String]
244
266
  # Output only. This field will contain the service account email address
245
- # that this Attestor will use as the principal when querying Container
267
+ # that this attestor will use as the principal when querying Container
246
268
  # Analysis. Attestor administrators must grant this service account the
247
- # IAM role needed to read attestations from the [note_reference][Note] in
248
- # Container Analysis (`containeranalysis.notes.occurrences.viewer`).
269
+ # IAM role needed to read attestations from the
270
+ # {::Google::Cloud::BinaryAuthorization::V1::UserOwnedGrafeasNote#note_reference note_reference}
271
+ # in Container Analysis (`containeranalysis.notes.occurrences.viewer`).
249
272
  #
250
- # This email address is fixed for the lifetime of the Attestor, but callers
273
+ # This email address is fixed for the lifetime of the attestor, but callers
251
274
  # should not make any other assumptions about the service account email;
252
275
  # future versions may use an email based on a different naming pattern.
253
276
  class UserOwnedGrafeasNote
@@ -255,10 +278,9 @@ module Google
255
278
  extend ::Google::Protobuf::MessageExts::ClassMethods
256
279
  end
257
280
 
258
- # A public key in the PkixPublicKey format (see
259
- # https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
260
- # Public keys of this type are typically textually encoded using the PEM
261
- # format.
281
+ # A public key in the PkixPublicKey
282
+ # [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of
283
+ # this type are typically textually encoded using the PEM format.
262
284
  # @!attribute [rw] public_key_pem
263
285
  # @return [::String]
264
286
  # A PEM-encoded public key, as described in
@@ -270,6 +292,22 @@ module Google
270
292
  # These signature algorithm must match the structure and any object
271
293
  # identifiers encoded in `public_key_pem` (i.e. this algorithm must match
272
294
  # that of the public key).
295
+ # @!attribute [rw] key_id
296
+ # @return [::String]
297
+ # Optional. The ID of this public key.
298
+ # Signatures verified by Binary Authorization must include the ID of the
299
+ # public key that can be used to verify them. The ID must match exactly
300
+ # contents of the `key_id` field exactly.
301
+ #
302
+ # The ID may be explicitly provided by the caller, but it MUST be a valid
303
+ # RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used
304
+ # in the context of a wrapper (see next paragraph), a default key ID will be
305
+ # computed based on the digest of the DER encoding of the public key.
306
+ #
307
+ # If this `PkixPublicKey` is used in the context of a wrapper that has its
308
+ # own notion of key ID (e.g. `AttestorPublicKey`), then this field can
309
+ # either match that value exactly, or be left blank, in which case it behaves
310
+ # exactly as though it is equal to that wrapper value.
273
311
  class PkixPublicKey
274
312
  include ::Google::Protobuf::MessageExts
275
313
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -277,9 +315,10 @@ module Google
277
315
  # Represents a signature algorithm and other information necessary to verify
278
316
  # signatures with a given public key.
279
317
  # This is based primarily on the public key types supported by Tink's
280
- # PemKeyType, which is in turn based on KMS's supported signing algorithms.
281
- # See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz
282
- # might support additional public key types independently of Tink and/or KMS.
318
+ # PemKeyType, which is in turn based on KMS's supported signing
319
+ # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future,
320
+ # Binary Authorization might support additional public key types
321
+ # independently of Tink and/or KMS.
283
322
  module SignatureAlgorithm
284
323
  # Not specified.
285
324
  SIGNATURE_ALGORITHM_UNSPECIFIED = 0
@@ -287,15 +326,27 @@ module Google
287
326
  # RSASSA-PSS 2048 bit key with a SHA256 digest.
288
327
  RSA_PSS_2048_SHA256 = 1
289
328
 
329
+ # RSASSA-PSS 2048 bit key with a SHA256 digest.
330
+ RSA_SIGN_PSS_2048_SHA256 = 1
331
+
290
332
  # RSASSA-PSS 3072 bit key with a SHA256 digest.
291
333
  RSA_PSS_3072_SHA256 = 2
292
334
 
335
+ # RSASSA-PSS 3072 bit key with a SHA256 digest.
336
+ RSA_SIGN_PSS_3072_SHA256 = 2
337
+
293
338
  # RSASSA-PSS 4096 bit key with a SHA256 digest.
294
339
  RSA_PSS_4096_SHA256 = 3
295
340
 
341
+ # RSASSA-PSS 4096 bit key with a SHA256 digest.
342
+ RSA_SIGN_PSS_4096_SHA256 = 3
343
+
296
344
  # RSASSA-PSS 4096 bit key with a SHA512 digest.
297
345
  RSA_PSS_4096_SHA512 = 4
298
346
 
347
+ # RSASSA-PSS 4096 bit key with a SHA512 digest.
348
+ RSA_SIGN_PSS_4096_SHA512 = 4
349
+
299
350
  # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
300
351
  RSA_SIGN_PKCS1_2048_SHA256 = 5
301
352
 
@@ -325,33 +376,36 @@ module Google
325
376
 
326
377
  # ECDSA on the NIST P-521 curve with a SHA512 digest.
327
378
  EC_SIGN_P521_SHA512 = 11
379
+
380
+ # ML-DSA-65 Post-Quantum Cryptography signature algorithm.
381
+ ML_DSA_65 = 13
328
382
  end
329
383
  end
330
384
 
331
- # An {::Google::Cloud::BinaryAuthorization::V1::AttestorPublicKey attestor public key} that will be used to verify
332
- # attestations signed by this attestor.
385
+ # An [attestor public
386
+ # key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used
387
+ # to verify attestations signed by this attestor.
333
388
  # @!attribute [rw] comment
334
389
  # @return [::String]
335
390
  # Optional. A descriptive comment. This field may be updated.
336
391
  # @!attribute [rw] id
337
392
  # @return [::String]
338
393
  # The ID of this public key.
339
- # Signatures verified by BinAuthz must include the ID of the public key that
340
- # can be used to verify them, and that ID must match the contents of this
341
- # field exactly.
342
- # Additional restrictions on this field can be imposed based on which public
343
- # key type is encapsulated. See the documentation on `public_key` cases below
344
- # for details.
394
+ # Signatures verified by Binary Authorization must include the ID of the
395
+ # public key that can be used to verify them, and that ID must match the
396
+ # contents of this field exactly. Additional restrictions on this field can
397
+ # be imposed based on which public key type is encapsulated. See the
398
+ # documentation on `public_key` cases below for details.
345
399
  # @!attribute [rw] ascii_armored_pgp_public_key
346
400
  # @return [::String]
347
401
  # ASCII-armored representation of a PGP public key, as the entire output by
348
402
  # the command `gpg --export --armor foo@example.com` (either LF or CRLF
349
403
  # line endings).
350
- # When using this field, `id` should be left blank. The BinAuthz API
351
- # handlers will calculate the ID and fill it in automatically. BinAuthz
352
- # computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
353
- # upper-case hex. If `id` is provided by the caller, it will be
354
- # overwritten by the API-calculated ID.
404
+ # When using this field, `id` should be left blank. The Binary
405
+ # Authorization API handlers will calculate the ID and fill it in
406
+ # automatically. Binary Authorization computes this ID as the OpenPGP
407
+ # RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is
408
+ # provided by the caller, it will be overwritten by the API-calculated ID.
355
409
  #
356
410
  # Note: The following fields are mutually exclusive: `ascii_armored_pgp_public_key`, `pkix_public_key`. If a field in that set is populated, all other fields in the set will automatically be cleared.
357
411
  # @!attribute [rw] pkix_public_key
@@ -21,70 +21,86 @@ module Google
21
21
  module Cloud
22
22
  module BinaryAuthorization
23
23
  module V1
24
- # Request message for [BinauthzManagementService.GetPolicy][].
24
+ # Request message for
25
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#get_policy BinauthzManagementServiceV1.GetPolicy}.
25
26
  # @!attribute [rw] name
26
27
  # @return [::String]
27
- # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve,
28
- # in the format `projects/*/policy`.
28
+ # Required. The resource name of the
29
+ # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, in the
30
+ # format `projects/*/policy`.
29
31
  class GetPolicyRequest
30
32
  include ::Google::Protobuf::MessageExts
31
33
  extend ::Google::Protobuf::MessageExts::ClassMethods
32
34
  end
33
35
 
34
- # Request message for [BinauthzManagementService.UpdatePolicy][].
36
+ # Request message for
37
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#update_policy BinauthzManagementServiceV1.UpdatePolicy}.
35
38
  # @!attribute [rw] policy
36
39
  # @return [::Google::Cloud::BinaryAuthorization::V1::Policy]
37
- # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service will
38
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Policy#name policy name} field with the resource name in
39
- # the request URL, in the format `projects/*/policy`.
40
+ # Required. A new or updated
41
+ # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service
42
+ # will overwrite the [policy
43
+ # name][google.cloud.binaryauthorization.v1.Policy.name] field with the
44
+ # resource name in the request URL, in the format `projects/*/policy`.
40
45
  class UpdatePolicyRequest
41
46
  include ::Google::Protobuf::MessageExts
42
47
  extend ::Google::Protobuf::MessageExts::ClassMethods
43
48
  end
44
49
 
45
- # Request message for [BinauthzManagementService.CreateAttestor][].
50
+ # Request message for
51
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#create_attestor BinauthzManagementServiceV1.CreateAttestor}.
46
52
  # @!attribute [rw] parent
47
53
  # @return [::String]
48
- # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}.
54
+ # Required. The parent of this
55
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}.
49
56
  # @!attribute [rw] attestor_id
50
57
  # @return [::String]
51
58
  # Required. The {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} ID.
52
59
  # @!attribute [rw] attestor
53
60
  # @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
54
- # Required. The initial {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will
55
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name,
56
- # in the format `projects/*/attestors/*`.
61
+ # Required. The initial
62
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service
63
+ # will overwrite the [attestor
64
+ # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the
65
+ # resource name, in the format `projects/*/attestors/*`.
57
66
  class CreateAttestorRequest
58
67
  include ::Google::Protobuf::MessageExts
59
68
  extend ::Google::Protobuf::MessageExts::ClassMethods
60
69
  end
61
70
 
62
- # Request message for [BinauthzManagementService.GetAttestor][].
71
+ # Request message for
72
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#get_attestor BinauthzManagementServiceV1.GetAttestor}.
63
73
  # @!attribute [rw] name
64
74
  # @return [::String]
65
- # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in the format
66
- # `projects/*/attestors/*`.
75
+ # Required. The name of the
76
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in
77
+ # the format `projects/*/attestors/*`.
67
78
  class GetAttestorRequest
68
79
  include ::Google::Protobuf::MessageExts
69
80
  extend ::Google::Protobuf::MessageExts::ClassMethods
70
81
  end
71
82
 
72
- # Request message for [BinauthzManagementService.UpdateAttestor][].
83
+ # Request message for
84
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#update_attestor BinauthzManagementServiceV1.UpdateAttestor}.
73
85
  # @!attribute [rw] attestor
74
86
  # @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
75
- # Required. The updated {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will
76
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name
77
- # in the request URL, in the format `projects/*/attestors/*`.
87
+ # Required. The updated
88
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service
89
+ # will overwrite the [attestor
90
+ # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the
91
+ # resource name in the request URL, in the format `projects/*/attestors/*`.
78
92
  class UpdateAttestorRequest
79
93
  include ::Google::Protobuf::MessageExts
80
94
  extend ::Google::Protobuf::MessageExts::ClassMethods
81
95
  end
82
96
 
83
- # Request message for [BinauthzManagementService.ListAttestors][].
97
+ # Request message for
98
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#list_attestors BinauthzManagementServiceV1.ListAttestors}.
84
99
  # @!attribute [rw] parent
85
100
  # @return [::String]
86
101
  # Required. The resource name of the project associated with the
87
- # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format `projects/*`.
102
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format
103
+ # `projects/*`.
88
104
  # @!attribute [rw] page_size
89
105
  # @return [::Integer]
90
106
  # Requested page size. The server may return fewer results than requested. If
@@ -92,32 +108,37 @@ module Google
92
108
  # @!attribute [rw] page_token
93
109
  # @return [::String]
94
110
  # A token identifying a page of results the server should return. Typically,
95
- # this is the value of {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned
96
- # from the previous call to the `ListAttestors` method.
111
+ # this is the value of
112
+ # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
113
+ # returned from the previous call to the `ListAttestors` method.
97
114
  class ListAttestorsRequest
98
115
  include ::Google::Protobuf::MessageExts
99
116
  extend ::Google::Protobuf::MessageExts::ClassMethods
100
117
  end
101
118
 
102
- # Response message for [BinauthzManagementService.ListAttestors][].
119
+ # Response message for
120
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#list_attestors BinauthzManagementServiceV1.ListAttestors}.
103
121
  # @!attribute [rw] attestors
104
122
  # @return [::Array<::Google::Cloud::BinaryAuthorization::V1::Attestor>]
105
123
  # The list of {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}.
106
124
  # @!attribute [rw] next_page_token
107
125
  # @return [::String]
108
126
  # A token to retrieve the next page of results. Pass this value in the
109
- # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the
110
- # `ListAttestors` method to retrieve the next page of results.
127
+ # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
128
+ # field in the subsequent call to the `ListAttestors` method to retrieve the
129
+ # next page of results.
111
130
  class ListAttestorsResponse
112
131
  include ::Google::Protobuf::MessageExts
113
132
  extend ::Google::Protobuf::MessageExts::ClassMethods
114
133
  end
115
134
 
116
- # Request message for [BinauthzManagementService.DeleteAttestor][].
135
+ # Request message for
136
+ # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#delete_attestor BinauthzManagementServiceV1.DeleteAttestor}.
117
137
  # @!attribute [rw] name
118
138
  # @return [::String]
119
- # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the format
120
- # `projects/*/attestors/*`.
139
+ # Required. The name of the
140
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the
141
+ # format `projects/*/attestors/*`.
121
142
  class DeleteAttestorRequest
122
143
  include ::Google::Protobuf::MessageExts
123
144
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -137,15 +158,16 @@ module Google
137
158
  # {::Google::Cloud::BinaryAuthorization::V1::ValidationHelper::Client#validate_attestation_occurrence ValidationHelperV1.ValidateAttestationOccurrence}.
138
159
  # @!attribute [rw] attestor
139
160
  # @return [::String]
140
- # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the
161
+ # Required. The resource name of the
162
+ # {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the
141
163
  # [occurrence][grafeas.v1.Occurrence], in the format
142
164
  # `projects/*/attestors/*`.
143
165
  # @!attribute [rw] attestation
144
166
  # @return [::Grafeas::V1::AttestationOccurrence]
145
167
  # Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to
146
- # be checked that it can be verified by the Attestor. It does not have to be
147
- # an existing entity in Container Analysis. It must otherwise be a valid
148
- # AttestationOccurrence.
168
+ # be checked that it can be verified by the `Attestor`. It does not have to
169
+ # be an existing entity in Container Analysis. It must otherwise be a valid
170
+ # `AttestationOccurrence`.
149
171
  # @!attribute [rw] occurrence_note
150
172
  # @return [::String]
151
173
  # Required. The resource name of the [Note][grafeas.v1.Note] to which the
@@ -171,7 +193,7 @@ module Google
171
193
  include ::Google::Protobuf::MessageExts
172
194
  extend ::Google::Protobuf::MessageExts::ClassMethods
173
195
 
174
- # The enum returned in the "result" field.
196
+ # The enum returned in the `result` field.
175
197
  module Result
176
198
  # Unspecified.
177
199
  RESULT_UNSPECIFIED = 0