google-cloud-binary_authorization-v1 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb +74 -37
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb +82 -37
- data/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/bindings_override.rb +110 -0
- data/lib/google/cloud/binary_authorization/v1/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/client.rb +16 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb +24 -0
- data/lib/google/cloud/binary_authorization/v1/system_policy/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb +23 -6
- data/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb +31 -6
- data/lib/google/cloud/binary_authorization/v1/validation_helper/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1/resources_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1/service_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb +29 -20
- data/proto_docs/google/cloud/binaryauthorization/v1/resources.rb +106 -52
- data/proto_docs/google/cloud/binaryauthorization/v1/service.rb +56 -34
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/type/expr.rb +75 -0
- metadata +21 -4
|
@@ -21,7 +21,8 @@ module Google
|
|
|
21
21
|
module Cloud
|
|
22
22
|
module BinaryAuthorization
|
|
23
23
|
module V1
|
|
24
|
-
# A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for container image
|
|
24
|
+
# A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for container image
|
|
25
|
+
# binary authorization.
|
|
25
26
|
# @!attribute [r] name
|
|
26
27
|
# @return [::String]
|
|
27
28
|
# Output only. The resource name, in the format `projects/*/policy`. There is
|
|
@@ -42,7 +43,12 @@ module Google
|
|
|
42
43
|
# third-party infrastructure images from Binary Authorization policies.
|
|
43
44
|
# @!attribute [rw] cluster_admission_rules
|
|
44
45
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
|
|
45
|
-
# Optional.
|
|
46
|
+
# Optional. A valid policy has only one of the following rule maps non-empty,
|
|
47
|
+
# i.e. only one of `cluster_admission_rules`,
|
|
48
|
+
# `kubernetes_namespace_admission_rules`,
|
|
49
|
+
# `kubernetes_service_account_admission_rules`,
|
|
50
|
+
# or `istio_service_identity_admission_rules` can be non-empty.
|
|
51
|
+
# Per-cluster admission rules. Cluster spec format:
|
|
46
52
|
# `location.clusterId`. There can be at most one admission rule per cluster
|
|
47
53
|
# spec.
|
|
48
54
|
# A `location` is either a compute zone (e.g. us-central1-a) or a region
|
|
@@ -51,19 +57,20 @@ module Google
|
|
|
51
57
|
# https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
|
|
52
58
|
# @!attribute [rw] kubernetes_namespace_admission_rules
|
|
53
59
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
|
|
54
|
-
# Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
|
|
55
|
-
#
|
|
60
|
+
# Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
|
|
61
|
+
# format:
|
|
62
|
+
# `[a-z.-]+`, e.g. `some-namespace`
|
|
56
63
|
# @!attribute [rw] kubernetes_service_account_admission_rules
|
|
57
64
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
|
|
58
65
|
# Optional. Per-kubernetes-service-account admission rules. Service account
|
|
59
|
-
# spec format: `namespace:serviceaccount`. e.g.
|
|
66
|
+
# spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
|
|
60
67
|
# @!attribute [rw] istio_service_identity_admission_rules
|
|
61
68
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}]
|
|
62
69
|
# Optional. Per-istio-service-identity admission rules. Istio service
|
|
63
70
|
# identity spec format:
|
|
64
|
-
# spiffe://<domain>/ns/<namespace>/sa/<serviceaccount
|
|
65
|
-
#
|
|
66
|
-
# e.g. spiffe://example.com/ns/test-ns/sa/default
|
|
71
|
+
# `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
|
|
72
|
+
# `<domain>/ns/<namespace>/sa/<serviceaccount>`
|
|
73
|
+
# e.g. `spiffe://example.com/ns/test-ns/sa/default`
|
|
67
74
|
# @!attribute [rw] default_admission_rule
|
|
68
75
|
# @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
|
|
69
76
|
# Required. Default admission rule for a cluster without a per-cluster, per-
|
|
@@ -71,6 +78,11 @@ module Google
|
|
|
71
78
|
# @!attribute [r] update_time
|
|
72
79
|
# @return [::Google::Protobuf::Timestamp]
|
|
73
80
|
# Output only. Time when the policy was last updated.
|
|
81
|
+
# @!attribute [rw] etag
|
|
82
|
+
# @return [::String]
|
|
83
|
+
# Optional. A checksum, returned by the server, that can be sent on update
|
|
84
|
+
# requests to ensure the policy has an up-to-date value before attempting to
|
|
85
|
+
# update it. See https://google.aip.dev/154.
|
|
74
86
|
class Policy
|
|
75
87
|
include ::Google::Protobuf::MessageExts
|
|
76
88
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -112,7 +124,7 @@ module Google
|
|
|
112
124
|
end
|
|
113
125
|
|
|
114
126
|
module GlobalPolicyEvaluationMode
|
|
115
|
-
# Not specified: DISABLE is assumed.
|
|
127
|
+
# Not specified: `DISABLE` is assumed.
|
|
116
128
|
GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
|
|
117
129
|
|
|
118
130
|
# Enables system policy evaluation.
|
|
@@ -123,8 +135,10 @@ module Google
|
|
|
123
135
|
end
|
|
124
136
|
end
|
|
125
137
|
|
|
126
|
-
# An
|
|
127
|
-
#
|
|
138
|
+
# An [admission allowlist
|
|
139
|
+
# pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
|
|
140
|
+
# exempts images from checks by [admission
|
|
141
|
+
# rules][google.cloud.binaryauthorization.v1.AdmissionRule].
|
|
128
142
|
# @!attribute [rw] name_pattern
|
|
129
143
|
# @return [::String]
|
|
130
144
|
# An image name pattern to allowlist, in the form `registry/path/to/image`.
|
|
@@ -136,13 +150,15 @@ module Google
|
|
|
136
150
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
137
151
|
end
|
|
138
152
|
|
|
139
|
-
# An {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rule}
|
|
140
|
-
# used in a pod creation request
|
|
141
|
-
#
|
|
142
|
-
#
|
|
153
|
+
# An {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rule}
|
|
154
|
+
# specifies either that all container images used in a pod creation request
|
|
155
|
+
# must be attested to by one or more
|
|
156
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, that all pod
|
|
157
|
+
# creations will be allowed, or that all pod creations will be denied.
|
|
143
158
|
#
|
|
144
|
-
# Images matching an
|
|
145
|
-
# are
|
|
159
|
+
# Images matching an [admission allowlist
|
|
160
|
+
# pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are
|
|
161
|
+
# exempted from admission rules and will never block a pod creation.
|
|
146
162
|
# @!attribute [rw] evaluation_mode
|
|
147
163
|
# @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule::EvaluationMode]
|
|
148
164
|
# Required. How this admission rule will be evaluated.
|
|
@@ -154,8 +170,8 @@ module Google
|
|
|
154
170
|
# to a policy the principal issuing the policy change request must be able
|
|
155
171
|
# to read the attestor resource.
|
|
156
172
|
#
|
|
157
|
-
# Note: this field must be non-empty when the evaluation_mode field
|
|
158
|
-
# REQUIRE_ATTESTATION
|
|
173
|
+
# Note: this field must be non-empty when the `evaluation_mode` field
|
|
174
|
+
# specifies `REQUIRE_ATTESTATION`, otherwise it must be empty.
|
|
159
175
|
# @!attribute [rw] enforcement_mode
|
|
160
176
|
# @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule::EnforcementMode]
|
|
161
177
|
# Required. The action when a pod creation is denied by the admission rule.
|
|
@@ -167,11 +183,11 @@ module Google
|
|
|
167
183
|
# Do not use.
|
|
168
184
|
EVALUATION_MODE_UNSPECIFIED = 0
|
|
169
185
|
|
|
170
|
-
# This rule allows all
|
|
186
|
+
# This rule allows all pod creations.
|
|
171
187
|
ALWAYS_ALLOW = 1
|
|
172
188
|
|
|
173
189
|
# This rule allows a pod creation if all the attestors listed in
|
|
174
|
-
#
|
|
190
|
+
# `require_attestations_by` have valid attestations for all of the
|
|
175
191
|
# images in the pod spec.
|
|
176
192
|
REQUIRE_ATTESTATION = 2
|
|
177
193
|
|
|
@@ -194,9 +210,9 @@ module Google
|
|
|
194
210
|
end
|
|
195
211
|
end
|
|
196
212
|
|
|
197
|
-
# An {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} that attests to
|
|
198
|
-
# artifacts. An existing attestor cannot be modified except
|
|
199
|
-
# indicated.
|
|
213
|
+
# An {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} that attests to
|
|
214
|
+
# container image artifacts. An existing attestor cannot be modified except
|
|
215
|
+
# where indicated.
|
|
200
216
|
# @!attribute [rw] name
|
|
201
217
|
# @return [::String]
|
|
202
218
|
# Required. The resource name, in the format:
|
|
@@ -212,18 +228,24 @@ module Google
|
|
|
212
228
|
# @!attribute [r] update_time
|
|
213
229
|
# @return [::Google::Protobuf::Timestamp]
|
|
214
230
|
# Output only. Time when the attestor was last updated.
|
|
231
|
+
# @!attribute [rw] etag
|
|
232
|
+
# @return [::String]
|
|
233
|
+
# Optional. A checksum, returned by the server, that can be sent on update
|
|
234
|
+
# requests to ensure the attestor has an up-to-date value before attempting
|
|
235
|
+
# to update it. See https://google.aip.dev/154.
|
|
215
236
|
class Attestor
|
|
216
237
|
include ::Google::Protobuf::MessageExts
|
|
217
238
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
218
239
|
end
|
|
219
240
|
|
|
220
|
-
# An
|
|
221
|
-
#
|
|
241
|
+
# An [user owned Grafeas
|
|
242
|
+
# note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a
|
|
243
|
+
# Grafeas Attestation.Authority Note created by the user.
|
|
222
244
|
# @!attribute [rw] note_reference
|
|
223
245
|
# @return [::String]
|
|
224
246
|
# Required. The Grafeas resource name of a Attestation.Authority Note,
|
|
225
|
-
# created by the user, in the format: `projects
|
|
226
|
-
# not be updated.
|
|
247
|
+
# created by the user, in the format: `projects/[PROJECT_ID]/notes/*`. This
|
|
248
|
+
# field may not be updated. A project ID must be used, not a project number.
|
|
227
249
|
#
|
|
228
250
|
# An attestation by this attestor is stored as a Grafeas
|
|
229
251
|
# Attestation.Authority Occurrence that names a container image and that
|
|
@@ -242,12 +264,13 @@ module Google
|
|
|
242
264
|
# @!attribute [r] delegation_service_account_email
|
|
243
265
|
# @return [::String]
|
|
244
266
|
# Output only. This field will contain the service account email address
|
|
245
|
-
# that this
|
|
267
|
+
# that this attestor will use as the principal when querying Container
|
|
246
268
|
# Analysis. Attestor administrators must grant this service account the
|
|
247
|
-
# IAM role needed to read attestations from the
|
|
248
|
-
#
|
|
269
|
+
# IAM role needed to read attestations from the
|
|
270
|
+
# {::Google::Cloud::BinaryAuthorization::V1::UserOwnedGrafeasNote#note_reference note_reference}
|
|
271
|
+
# in Container Analysis (`containeranalysis.notes.occurrences.viewer`).
|
|
249
272
|
#
|
|
250
|
-
# This email address is fixed for the lifetime of the
|
|
273
|
+
# This email address is fixed for the lifetime of the attestor, but callers
|
|
251
274
|
# should not make any other assumptions about the service account email;
|
|
252
275
|
# future versions may use an email based on a different naming pattern.
|
|
253
276
|
class UserOwnedGrafeasNote
|
|
@@ -255,10 +278,9 @@ module Google
|
|
|
255
278
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
256
279
|
end
|
|
257
280
|
|
|
258
|
-
# A public key in the PkixPublicKey
|
|
259
|
-
# https://tools.ietf.org/html/rfc5280#section-4.1.2.7
|
|
260
|
-
#
|
|
261
|
-
# format.
|
|
281
|
+
# A public key in the PkixPublicKey
|
|
282
|
+
# [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of
|
|
283
|
+
# this type are typically textually encoded using the PEM format.
|
|
262
284
|
# @!attribute [rw] public_key_pem
|
|
263
285
|
# @return [::String]
|
|
264
286
|
# A PEM-encoded public key, as described in
|
|
@@ -270,6 +292,22 @@ module Google
|
|
|
270
292
|
# These signature algorithm must match the structure and any object
|
|
271
293
|
# identifiers encoded in `public_key_pem` (i.e. this algorithm must match
|
|
272
294
|
# that of the public key).
|
|
295
|
+
# @!attribute [rw] key_id
|
|
296
|
+
# @return [::String]
|
|
297
|
+
# Optional. The ID of this public key.
|
|
298
|
+
# Signatures verified by Binary Authorization must include the ID of the
|
|
299
|
+
# public key that can be used to verify them. The ID must match exactly
|
|
300
|
+
# contents of the `key_id` field exactly.
|
|
301
|
+
#
|
|
302
|
+
# The ID may be explicitly provided by the caller, but it MUST be a valid
|
|
303
|
+
# RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used
|
|
304
|
+
# in the context of a wrapper (see next paragraph), a default key ID will be
|
|
305
|
+
# computed based on the digest of the DER encoding of the public key.
|
|
306
|
+
#
|
|
307
|
+
# If this `PkixPublicKey` is used in the context of a wrapper that has its
|
|
308
|
+
# own notion of key ID (e.g. `AttestorPublicKey`), then this field can
|
|
309
|
+
# either match that value exactly, or be left blank, in which case it behaves
|
|
310
|
+
# exactly as though it is equal to that wrapper value.
|
|
273
311
|
class PkixPublicKey
|
|
274
312
|
include ::Google::Protobuf::MessageExts
|
|
275
313
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -277,9 +315,10 @@ module Google
|
|
|
277
315
|
# Represents a signature algorithm and other information necessary to verify
|
|
278
316
|
# signatures with a given public key.
|
|
279
317
|
# This is based primarily on the public key types supported by Tink's
|
|
280
|
-
# PemKeyType, which is in turn based on KMS's supported signing
|
|
281
|
-
#
|
|
282
|
-
# might support additional public key types
|
|
318
|
+
# PemKeyType, which is in turn based on KMS's supported signing
|
|
319
|
+
# [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future,
|
|
320
|
+
# Binary Authorization might support additional public key types
|
|
321
|
+
# independently of Tink and/or KMS.
|
|
283
322
|
module SignatureAlgorithm
|
|
284
323
|
# Not specified.
|
|
285
324
|
SIGNATURE_ALGORITHM_UNSPECIFIED = 0
|
|
@@ -287,15 +326,27 @@ module Google
|
|
|
287
326
|
# RSASSA-PSS 2048 bit key with a SHA256 digest.
|
|
288
327
|
RSA_PSS_2048_SHA256 = 1
|
|
289
328
|
|
|
329
|
+
# RSASSA-PSS 2048 bit key with a SHA256 digest.
|
|
330
|
+
RSA_SIGN_PSS_2048_SHA256 = 1
|
|
331
|
+
|
|
290
332
|
# RSASSA-PSS 3072 bit key with a SHA256 digest.
|
|
291
333
|
RSA_PSS_3072_SHA256 = 2
|
|
292
334
|
|
|
335
|
+
# RSASSA-PSS 3072 bit key with a SHA256 digest.
|
|
336
|
+
RSA_SIGN_PSS_3072_SHA256 = 2
|
|
337
|
+
|
|
293
338
|
# RSASSA-PSS 4096 bit key with a SHA256 digest.
|
|
294
339
|
RSA_PSS_4096_SHA256 = 3
|
|
295
340
|
|
|
341
|
+
# RSASSA-PSS 4096 bit key with a SHA256 digest.
|
|
342
|
+
RSA_SIGN_PSS_4096_SHA256 = 3
|
|
343
|
+
|
|
296
344
|
# RSASSA-PSS 4096 bit key with a SHA512 digest.
|
|
297
345
|
RSA_PSS_4096_SHA512 = 4
|
|
298
346
|
|
|
347
|
+
# RSASSA-PSS 4096 bit key with a SHA512 digest.
|
|
348
|
+
RSA_SIGN_PSS_4096_SHA512 = 4
|
|
349
|
+
|
|
299
350
|
# RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
|
|
300
351
|
RSA_SIGN_PKCS1_2048_SHA256 = 5
|
|
301
352
|
|
|
@@ -325,33 +376,36 @@ module Google
|
|
|
325
376
|
|
|
326
377
|
# ECDSA on the NIST P-521 curve with a SHA512 digest.
|
|
327
378
|
EC_SIGN_P521_SHA512 = 11
|
|
379
|
+
|
|
380
|
+
# ML-DSA-65 Post-Quantum Cryptography signature algorithm.
|
|
381
|
+
ML_DSA_65 = 13
|
|
328
382
|
end
|
|
329
383
|
end
|
|
330
384
|
|
|
331
|
-
# An
|
|
332
|
-
#
|
|
385
|
+
# An [attestor public
|
|
386
|
+
# key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used
|
|
387
|
+
# to verify attestations signed by this attestor.
|
|
333
388
|
# @!attribute [rw] comment
|
|
334
389
|
# @return [::String]
|
|
335
390
|
# Optional. A descriptive comment. This field may be updated.
|
|
336
391
|
# @!attribute [rw] id
|
|
337
392
|
# @return [::String]
|
|
338
393
|
# The ID of this public key.
|
|
339
|
-
# Signatures verified by
|
|
340
|
-
# can be used to verify them, and that ID must match the
|
|
341
|
-
# field exactly.
|
|
342
|
-
#
|
|
343
|
-
#
|
|
344
|
-
# for details.
|
|
394
|
+
# Signatures verified by Binary Authorization must include the ID of the
|
|
395
|
+
# public key that can be used to verify them, and that ID must match the
|
|
396
|
+
# contents of this field exactly. Additional restrictions on this field can
|
|
397
|
+
# be imposed based on which public key type is encapsulated. See the
|
|
398
|
+
# documentation on `public_key` cases below for details.
|
|
345
399
|
# @!attribute [rw] ascii_armored_pgp_public_key
|
|
346
400
|
# @return [::String]
|
|
347
401
|
# ASCII-armored representation of a PGP public key, as the entire output by
|
|
348
402
|
# the command `gpg --export --armor foo@example.com` (either LF or CRLF
|
|
349
403
|
# line endings).
|
|
350
|
-
# When using this field, `id` should be left blank. The
|
|
351
|
-
# handlers will calculate the ID and fill it in
|
|
352
|
-
# computes this ID as the OpenPGP
|
|
353
|
-
# upper-case hex. If `id` is
|
|
354
|
-
# overwritten by the API-calculated ID.
|
|
404
|
+
# When using this field, `id` should be left blank. The Binary
|
|
405
|
+
# Authorization API handlers will calculate the ID and fill it in
|
|
406
|
+
# automatically. Binary Authorization computes this ID as the OpenPGP
|
|
407
|
+
# RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is
|
|
408
|
+
# provided by the caller, it will be overwritten by the API-calculated ID.
|
|
355
409
|
#
|
|
356
410
|
# Note: The following fields are mutually exclusive: `ascii_armored_pgp_public_key`, `pkix_public_key`. If a field in that set is populated, all other fields in the set will automatically be cleared.
|
|
357
411
|
# @!attribute [rw] pkix_public_key
|
|
@@ -21,70 +21,86 @@ module Google
|
|
|
21
21
|
module Cloud
|
|
22
22
|
module BinaryAuthorization
|
|
23
23
|
module V1
|
|
24
|
-
# Request message for
|
|
24
|
+
# Request message for
|
|
25
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#get_policy BinauthzManagementServiceV1.GetPolicy}.
|
|
25
26
|
# @!attribute [rw] name
|
|
26
27
|
# @return [::String]
|
|
27
|
-
# Required. The resource name of the
|
|
28
|
-
# in the
|
|
28
|
+
# Required. The resource name of the
|
|
29
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, in the
|
|
30
|
+
# format `projects/*/policy`.
|
|
29
31
|
class GetPolicyRequest
|
|
30
32
|
include ::Google::Protobuf::MessageExts
|
|
31
33
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
32
34
|
end
|
|
33
35
|
|
|
34
|
-
# Request message for
|
|
36
|
+
# Request message for
|
|
37
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#update_policy BinauthzManagementServiceV1.UpdatePolicy}.
|
|
35
38
|
# @!attribute [rw] policy
|
|
36
39
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Policy]
|
|
37
|
-
# Required. A new or updated
|
|
38
|
-
#
|
|
39
|
-
#
|
|
40
|
+
# Required. A new or updated
|
|
41
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service
|
|
42
|
+
# will overwrite the [policy
|
|
43
|
+
# name][google.cloud.binaryauthorization.v1.Policy.name] field with the
|
|
44
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
40
45
|
class UpdatePolicyRequest
|
|
41
46
|
include ::Google::Protobuf::MessageExts
|
|
42
47
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
43
48
|
end
|
|
44
49
|
|
|
45
|
-
# Request message for
|
|
50
|
+
# Request message for
|
|
51
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#create_attestor BinauthzManagementServiceV1.CreateAttestor}.
|
|
46
52
|
# @!attribute [rw] parent
|
|
47
53
|
# @return [::String]
|
|
48
|
-
# Required. The parent of this
|
|
54
|
+
# Required. The parent of this
|
|
55
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}.
|
|
49
56
|
# @!attribute [rw] attestor_id
|
|
50
57
|
# @return [::String]
|
|
51
58
|
# Required. The {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} ID.
|
|
52
59
|
# @!attribute [rw] attestor
|
|
53
60
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
|
54
|
-
# Required. The initial
|
|
55
|
-
#
|
|
56
|
-
#
|
|
61
|
+
# Required. The initial
|
|
62
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service
|
|
63
|
+
# will overwrite the [attestor
|
|
64
|
+
# name][google.cloud.binaryauthorization.v1.Attestor.name] field with the
|
|
65
|
+
# resource name, in the format `projects/*/attestors/*`.
|
|
57
66
|
class CreateAttestorRequest
|
|
58
67
|
include ::Google::Protobuf::MessageExts
|
|
59
68
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
60
69
|
end
|
|
61
70
|
|
|
62
|
-
# Request message for
|
|
71
|
+
# Request message for
|
|
72
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#get_attestor BinauthzManagementServiceV1.GetAttestor}.
|
|
63
73
|
# @!attribute [rw] name
|
|
64
74
|
# @return [::String]
|
|
65
|
-
# Required. The name of the
|
|
66
|
-
#
|
|
75
|
+
# Required. The name of the
|
|
76
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in
|
|
77
|
+
# the format `projects/*/attestors/*`.
|
|
67
78
|
class GetAttestorRequest
|
|
68
79
|
include ::Google::Protobuf::MessageExts
|
|
69
80
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
70
81
|
end
|
|
71
82
|
|
|
72
|
-
# Request message for
|
|
83
|
+
# Request message for
|
|
84
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#update_attestor BinauthzManagementServiceV1.UpdateAttestor}.
|
|
73
85
|
# @!attribute [rw] attestor
|
|
74
86
|
# @return [::Google::Cloud::BinaryAuthorization::V1::Attestor]
|
|
75
|
-
# Required. The updated
|
|
76
|
-
#
|
|
77
|
-
#
|
|
87
|
+
# Required. The updated
|
|
88
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service
|
|
89
|
+
# will overwrite the [attestor
|
|
90
|
+
# name][google.cloud.binaryauthorization.v1.Attestor.name] field with the
|
|
91
|
+
# resource name in the request URL, in the format `projects/*/attestors/*`.
|
|
78
92
|
class UpdateAttestorRequest
|
|
79
93
|
include ::Google::Protobuf::MessageExts
|
|
80
94
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
81
95
|
end
|
|
82
96
|
|
|
83
|
-
# Request message for
|
|
97
|
+
# Request message for
|
|
98
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#list_attestors BinauthzManagementServiceV1.ListAttestors}.
|
|
84
99
|
# @!attribute [rw] parent
|
|
85
100
|
# @return [::String]
|
|
86
101
|
# Required. The resource name of the project associated with the
|
|
87
|
-
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format
|
|
102
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format
|
|
103
|
+
# `projects/*`.
|
|
88
104
|
# @!attribute [rw] page_size
|
|
89
105
|
# @return [::Integer]
|
|
90
106
|
# Requested page size. The server may return fewer results than requested. If
|
|
@@ -92,32 +108,37 @@ module Google
|
|
|
92
108
|
# @!attribute [rw] page_token
|
|
93
109
|
# @return [::String]
|
|
94
110
|
# A token identifying a page of results the server should return. Typically,
|
|
95
|
-
# this is the value of
|
|
96
|
-
#
|
|
111
|
+
# this is the value of
|
|
112
|
+
# {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
113
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
97
114
|
class ListAttestorsRequest
|
|
98
115
|
include ::Google::Protobuf::MessageExts
|
|
99
116
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
100
117
|
end
|
|
101
118
|
|
|
102
|
-
# Response message for
|
|
119
|
+
# Response message for
|
|
120
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#list_attestors BinauthzManagementServiceV1.ListAttestors}.
|
|
103
121
|
# @!attribute [rw] attestors
|
|
104
122
|
# @return [::Array<::Google::Cloud::BinaryAuthorization::V1::Attestor>]
|
|
105
123
|
# The list of {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}.
|
|
106
124
|
# @!attribute [rw] next_page_token
|
|
107
125
|
# @return [::String]
|
|
108
126
|
# A token to retrieve the next page of results. Pass this value in the
|
|
109
|
-
# {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
110
|
-
# `ListAttestors` method to retrieve the
|
|
127
|
+
# {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
128
|
+
# field in the subsequent call to the `ListAttestors` method to retrieve the
|
|
129
|
+
# next page of results.
|
|
111
130
|
class ListAttestorsResponse
|
|
112
131
|
include ::Google::Protobuf::MessageExts
|
|
113
132
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
114
133
|
end
|
|
115
134
|
|
|
116
|
-
# Request message for
|
|
135
|
+
# Request message for
|
|
136
|
+
# {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#delete_attestor BinauthzManagementServiceV1.DeleteAttestor}.
|
|
117
137
|
# @!attribute [rw] name
|
|
118
138
|
# @return [::String]
|
|
119
|
-
# Required. The name of the
|
|
120
|
-
#
|
|
139
|
+
# Required. The name of the
|
|
140
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the
|
|
141
|
+
# format `projects/*/attestors/*`.
|
|
121
142
|
class DeleteAttestorRequest
|
|
122
143
|
include ::Google::Protobuf::MessageExts
|
|
123
144
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -137,15 +158,16 @@ module Google
|
|
|
137
158
|
# {::Google::Cloud::BinaryAuthorization::V1::ValidationHelper::Client#validate_attestation_occurrence ValidationHelperV1.ValidateAttestationOccurrence}.
|
|
138
159
|
# @!attribute [rw] attestor
|
|
139
160
|
# @return [::String]
|
|
140
|
-
# Required. The resource name of the
|
|
161
|
+
# Required. The resource name of the
|
|
162
|
+
# {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the
|
|
141
163
|
# [occurrence][grafeas.v1.Occurrence], in the format
|
|
142
164
|
# `projects/*/attestors/*`.
|
|
143
165
|
# @!attribute [rw] attestation
|
|
144
166
|
# @return [::Grafeas::V1::AttestationOccurrence]
|
|
145
167
|
# Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to
|
|
146
|
-
# be checked that it can be verified by the Attestor
|
|
147
|
-
# an existing entity in Container Analysis. It must otherwise be a valid
|
|
148
|
-
# AttestationOccurrence
|
|
168
|
+
# be checked that it can be verified by the `Attestor`. It does not have to
|
|
169
|
+
# be an existing entity in Container Analysis. It must otherwise be a valid
|
|
170
|
+
# `AttestationOccurrence`.
|
|
149
171
|
# @!attribute [rw] occurrence_note
|
|
150
172
|
# @return [::String]
|
|
151
173
|
# Required. The resource name of the [Note][grafeas.v1.Note] to which the
|
|
@@ -171,7 +193,7 @@ module Google
|
|
|
171
193
|
include ::Google::Protobuf::MessageExts
|
|
172
194
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
173
195
|
|
|
174
|
-
# The enum returned in the
|
|
196
|
+
# The enum returned in the `result` field.
|
|
175
197
|
module Result
|
|
176
198
|
# Unspecified.
|
|
177
199
|
RESULT_UNSPECIFIED = 0
|