google-cloud-binary_authorization-v1beta1 0.1.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.md +188 -190
- data/README.md +66 -2
- data/lib/google/cloud/binary_authorization/v1beta1.rb +3 -0
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +101 -67
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb +55 -0
- data/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +32 -18
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb +104 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +24 -17
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +22 -11
|
@@ -66,7 +66,7 @@ module Google
|
|
|
66
66
|
parent_config = while namespace.any?
|
|
67
67
|
parent_name = namespace.join "::"
|
|
68
68
|
parent_const = const_get parent_name
|
|
69
|
-
break parent_const.configure if parent_const
|
|
69
|
+
break parent_const.configure if parent_const.respond_to? :configure
|
|
70
70
|
namespace.pop
|
|
71
71
|
end
|
|
72
72
|
default_config = Client::Configuration.new parent_config
|
|
@@ -74,17 +74,17 @@ module Google
|
|
|
74
74
|
default_config.rpcs.get_policy.timeout = 600.0
|
|
75
75
|
default_config.rpcs.get_policy.retry_policy = {
|
|
76
76
|
initial_delay: 0.1,
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
77
|
+
max_delay: 60.0,
|
|
78
|
+
multiplier: 1.3,
|
|
79
|
+
retry_codes: [4, 14]
|
|
80
80
|
}
|
|
81
81
|
|
|
82
82
|
default_config.rpcs.update_policy.timeout = 600.0
|
|
83
83
|
default_config.rpcs.update_policy.retry_policy = {
|
|
84
84
|
initial_delay: 0.1,
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
85
|
+
max_delay: 60.0,
|
|
86
|
+
multiplier: 1.3,
|
|
87
|
+
retry_codes: [4, 14]
|
|
88
88
|
}
|
|
89
89
|
|
|
90
90
|
default_config.rpcs.create_attestor.timeout = 600.0
|
|
@@ -92,33 +92,33 @@ module Google
|
|
|
92
92
|
default_config.rpcs.get_attestor.timeout = 600.0
|
|
93
93
|
default_config.rpcs.get_attestor.retry_policy = {
|
|
94
94
|
initial_delay: 0.1,
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
95
|
+
max_delay: 60.0,
|
|
96
|
+
multiplier: 1.3,
|
|
97
|
+
retry_codes: [4, 14]
|
|
98
98
|
}
|
|
99
99
|
|
|
100
100
|
default_config.rpcs.update_attestor.timeout = 600.0
|
|
101
101
|
default_config.rpcs.update_attestor.retry_policy = {
|
|
102
102
|
initial_delay: 0.1,
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
103
|
+
max_delay: 60.0,
|
|
104
|
+
multiplier: 1.3,
|
|
105
|
+
retry_codes: [4, 14]
|
|
106
106
|
}
|
|
107
107
|
|
|
108
108
|
default_config.rpcs.list_attestors.timeout = 600.0
|
|
109
109
|
default_config.rpcs.list_attestors.retry_policy = {
|
|
110
110
|
initial_delay: 0.1,
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
111
|
+
max_delay: 60.0,
|
|
112
|
+
multiplier: 1.3,
|
|
113
|
+
retry_codes: [4, 14]
|
|
114
114
|
}
|
|
115
115
|
|
|
116
116
|
default_config.rpcs.delete_attestor.timeout = 600.0
|
|
117
117
|
default_config.rpcs.delete_attestor.retry_policy = {
|
|
118
118
|
initial_delay: 0.1,
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
119
|
+
max_delay: 60.0,
|
|
120
|
+
multiplier: 1.3,
|
|
121
|
+
retry_codes: [4, 14]
|
|
122
122
|
}
|
|
123
123
|
|
|
124
124
|
default_config
|
|
@@ -182,7 +182,13 @@ module Google
|
|
|
182
182
|
|
|
183
183
|
# Create credentials
|
|
184
184
|
credentials = @config.credentials
|
|
185
|
-
|
|
185
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
|
186
|
+
# but only if the default endpoint does not have a region prefix.
|
|
187
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
|
188
|
+
@config.endpoint == Client.configure.endpoint &&
|
|
189
|
+
!@config.endpoint.split(".").first.include?("-")
|
|
190
|
+
credentials ||= Credentials.default scope: @config.scope,
|
|
191
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
|
186
192
|
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
|
187
193
|
credentials = Credentials.new credentials, scope: @config.scope
|
|
188
194
|
end
|
|
@@ -201,13 +207,16 @@ module Google
|
|
|
201
207
|
# Service calls
|
|
202
208
|
|
|
203
209
|
##
|
|
204
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
205
|
-
#
|
|
210
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
211
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must
|
|
212
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
206
213
|
# image. There is at most one policy per project. All image admission
|
|
207
214
|
# requests are permitted if a project has no policy.
|
|
208
215
|
#
|
|
209
|
-
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
210
|
-
#
|
|
216
|
+
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
217
|
+
# project. Returns a default
|
|
218
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project
|
|
219
|
+
# does not have one.
|
|
211
220
|
#
|
|
212
221
|
# @overload get_policy(request, options = nil)
|
|
213
222
|
# Pass arguments to `get_policy` via a request object, either of type
|
|
@@ -225,8 +234,9 @@ module Google
|
|
|
225
234
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
226
235
|
#
|
|
227
236
|
# @param name [::String]
|
|
228
|
-
# Required. The resource name of the
|
|
229
|
-
#
|
|
237
|
+
# Required. The resource name of the
|
|
238
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
239
|
+
# the format `projects/*/policy`.
|
|
230
240
|
#
|
|
231
241
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
232
242
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -274,11 +284,13 @@ module Google
|
|
|
274
284
|
end
|
|
275
285
|
|
|
276
286
|
##
|
|
277
|
-
# Creates or updates a project's
|
|
278
|
-
#
|
|
279
|
-
#
|
|
280
|
-
#
|
|
281
|
-
#
|
|
287
|
+
# Creates or updates a project's
|
|
288
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a
|
|
289
|
+
# copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}.
|
|
290
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
291
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
292
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
293
|
+
# malformed.
|
|
282
294
|
#
|
|
283
295
|
# @overload update_policy(request, options = nil)
|
|
284
296
|
# Pass arguments to `update_policy` via a request object, either of type
|
|
@@ -296,9 +308,11 @@ module Google
|
|
|
296
308
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
297
309
|
#
|
|
298
310
|
# @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash]
|
|
299
|
-
# Required. A new or updated
|
|
300
|
-
#
|
|
301
|
-
#
|
|
311
|
+
# Required. A new or updated
|
|
312
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
313
|
+
# service will overwrite the [policy
|
|
314
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
315
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
302
316
|
#
|
|
303
317
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
304
318
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -346,10 +360,13 @@ module Google
|
|
|
346
360
|
end
|
|
347
361
|
|
|
348
362
|
##
|
|
349
|
-
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
350
|
-
#
|
|
351
|
-
#
|
|
352
|
-
#
|
|
363
|
+
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
364
|
+
# and returns a copy of the new
|
|
365
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns
|
|
366
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
367
|
+
# malformed, ALREADY_EXISTS if the
|
|
368
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already
|
|
369
|
+
# exists.
|
|
353
370
|
#
|
|
354
371
|
# @overload create_attestor(request, options = nil)
|
|
355
372
|
# Pass arguments to `create_attestor` via a request object, either of type
|
|
@@ -367,13 +384,17 @@ module Google
|
|
|
367
384
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
368
385
|
#
|
|
369
386
|
# @param parent [::String]
|
|
370
|
-
# Required. The parent of this
|
|
387
|
+
# Required. The parent of this
|
|
388
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
371
389
|
# @param attestor_id [::String]
|
|
372
|
-
# Required. The
|
|
390
|
+
# Required. The
|
|
391
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
373
392
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
374
|
-
# Required. The initial
|
|
375
|
-
#
|
|
376
|
-
#
|
|
393
|
+
# Required. The initial
|
|
394
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
395
|
+
# service will overwrite the [attestor
|
|
396
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
397
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
377
398
|
#
|
|
378
399
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
379
400
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -422,7 +443,9 @@ module Google
|
|
|
422
443
|
|
|
423
444
|
##
|
|
424
445
|
# Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
425
|
-
# Returns NOT_FOUND if the
|
|
446
|
+
# Returns NOT_FOUND if the
|
|
447
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
448
|
+
# exist.
|
|
426
449
|
#
|
|
427
450
|
# @overload get_attestor(request, options = nil)
|
|
428
451
|
# Pass arguments to `get_attestor` via a request object, either of type
|
|
@@ -440,8 +463,9 @@ module Google
|
|
|
440
463
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
441
464
|
#
|
|
442
465
|
# @param name [::String]
|
|
443
|
-
# Required. The name of the
|
|
444
|
-
#
|
|
466
|
+
# Required. The name of the
|
|
467
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
468
|
+
# in the format `projects/*/attestors/*`.
|
|
445
469
|
#
|
|
446
470
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
447
471
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -490,7 +514,9 @@ module Google
|
|
|
490
514
|
|
|
491
515
|
##
|
|
492
516
|
# Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
493
|
-
# Returns NOT_FOUND if the
|
|
517
|
+
# Returns NOT_FOUND if the
|
|
518
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
519
|
+
# exist.
|
|
494
520
|
#
|
|
495
521
|
# @overload update_attestor(request, options = nil)
|
|
496
522
|
# Pass arguments to `update_attestor` via a request object, either of type
|
|
@@ -508,9 +534,12 @@ module Google
|
|
|
508
534
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
509
535
|
#
|
|
510
536
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
511
|
-
# Required. The updated
|
|
512
|
-
#
|
|
513
|
-
#
|
|
537
|
+
# Required. The updated
|
|
538
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
539
|
+
# service will overwrite the [attestor
|
|
540
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
541
|
+
# the resource name in the request URL, in the format
|
|
542
|
+
# `projects/*/attestors/*`.
|
|
514
543
|
#
|
|
515
544
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
516
545
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -578,14 +607,16 @@ module Google
|
|
|
578
607
|
#
|
|
579
608
|
# @param parent [::String]
|
|
580
609
|
# Required. The resource name of the project associated with the
|
|
581
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
610
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
611
|
+
# format `projects/*`.
|
|
582
612
|
# @param page_size [::Integer]
|
|
583
613
|
# Requested page size. The server may return fewer results than requested. If
|
|
584
614
|
# unspecified, the server will pick an appropriate default.
|
|
585
615
|
# @param page_token [::String]
|
|
586
616
|
# A token identifying a page of results the server should return. Typically,
|
|
587
|
-
# this is the value of
|
|
588
|
-
#
|
|
617
|
+
# this is the value of
|
|
618
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
619
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
589
620
|
#
|
|
590
621
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
591
622
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>]
|
|
@@ -634,8 +665,10 @@ module Google
|
|
|
634
665
|
end
|
|
635
666
|
|
|
636
667
|
##
|
|
637
|
-
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
638
|
-
#
|
|
668
|
+
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
669
|
+
# Returns NOT_FOUND if the
|
|
670
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
671
|
+
# exist.
|
|
639
672
|
#
|
|
640
673
|
# @overload delete_attestor(request, options = nil)
|
|
641
674
|
# Pass arguments to `delete_attestor` via a request object, either of type
|
|
@@ -653,8 +686,9 @@ module Google
|
|
|
653
686
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
654
687
|
#
|
|
655
688
|
# @param name [::String]
|
|
656
|
-
# Required. The name of the
|
|
657
|
-
#
|
|
689
|
+
# Required. The name of the
|
|
690
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
691
|
+
# in the format `projects/*/attestors/*`.
|
|
658
692
|
#
|
|
659
693
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
660
694
|
# @yieldparam response [::Google::Protobuf::Empty]
|
|
@@ -793,7 +827,7 @@ module Google
|
|
|
793
827
|
config_attr :scope, nil, ::String, ::Array, nil
|
|
794
828
|
config_attr :lib_name, nil, ::String, nil
|
|
795
829
|
config_attr :lib_version, nil, ::String, nil
|
|
796
|
-
config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
|
|
830
|
+
config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
|
|
797
831
|
config_attr :interceptors, nil, ::Array, nil
|
|
798
832
|
config_attr :timeout, nil, ::Numeric, nil
|
|
799
833
|
config_attr :metadata, nil, ::Hash, nil
|
|
@@ -814,7 +848,7 @@ module Google
|
|
|
814
848
|
def rpcs
|
|
815
849
|
@rpcs ||= begin
|
|
816
850
|
parent_rpcs = nil
|
|
817
|
-
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config
|
|
851
|
+
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
|
|
818
852
|
Rpcs.new parent_rpcs
|
|
819
853
|
end
|
|
820
854
|
end
|
|
@@ -826,7 +860,7 @@ module Google
|
|
|
826
860
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
|
827
861
|
# the following configuration fields:
|
|
828
862
|
#
|
|
829
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
|
863
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
|
830
864
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
|
831
865
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
|
832
866
|
# include the following keys:
|
|
@@ -875,19 +909,19 @@ module Google
|
|
|
875
909
|
|
|
876
910
|
# @private
|
|
877
911
|
def initialize parent_rpcs = nil
|
|
878
|
-
get_policy_config = parent_rpcs
|
|
912
|
+
get_policy_config = parent_rpcs.get_policy if parent_rpcs.respond_to? :get_policy
|
|
879
913
|
@get_policy = ::Gapic::Config::Method.new get_policy_config
|
|
880
|
-
update_policy_config = parent_rpcs
|
|
914
|
+
update_policy_config = parent_rpcs.update_policy if parent_rpcs.respond_to? :update_policy
|
|
881
915
|
@update_policy = ::Gapic::Config::Method.new update_policy_config
|
|
882
|
-
create_attestor_config = parent_rpcs
|
|
916
|
+
create_attestor_config = parent_rpcs.create_attestor if parent_rpcs.respond_to? :create_attestor
|
|
883
917
|
@create_attestor = ::Gapic::Config::Method.new create_attestor_config
|
|
884
|
-
get_attestor_config = parent_rpcs
|
|
918
|
+
get_attestor_config = parent_rpcs.get_attestor if parent_rpcs.respond_to? :get_attestor
|
|
885
919
|
@get_attestor = ::Gapic::Config::Method.new get_attestor_config
|
|
886
|
-
update_attestor_config = parent_rpcs
|
|
920
|
+
update_attestor_config = parent_rpcs.update_attestor if parent_rpcs.respond_to? :update_attestor
|
|
887
921
|
@update_attestor = ::Gapic::Config::Method.new update_attestor_config
|
|
888
|
-
list_attestors_config = parent_rpcs
|
|
922
|
+
list_attestors_config = parent_rpcs.list_attestors if parent_rpcs.respond_to? :list_attestors
|
|
889
923
|
@list_attestors = ::Gapic::Config::Method.new list_attestors_config
|
|
890
|
-
delete_attestor_config = parent_rpcs
|
|
924
|
+
delete_attestor_config = parent_rpcs.delete_attestor if parent_rpcs.respond_to? :delete_attestor
|
|
891
925
|
@delete_attestor = ::Gapic::Config::Method.new delete_attestor_config
|
|
892
926
|
|
|
893
927
|
yield self if block_given?
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
|
|
3
|
+
|
|
4
|
+
require 'google/protobuf'
|
|
5
|
+
|
|
6
|
+
require 'google/protobuf/timestamp_pb'
|
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
8
|
+
add_file("google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto", :syntax => :proto3) do
|
|
9
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent" do
|
|
10
|
+
oneof :event_type do
|
|
11
|
+
optional :pod_event, :message, 1, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent"
|
|
12
|
+
optional :unsupported_policy_event, :message, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent"
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent" do
|
|
16
|
+
optional :pod, :string, 1
|
|
17
|
+
optional :deploy_time, :message, 2, "google.protobuf.Timestamp"
|
|
18
|
+
optional :end_time, :message, 3, "google.protobuf.Timestamp"
|
|
19
|
+
optional :verdict, :enum, 4, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict"
|
|
20
|
+
repeated :images, :message, 5, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails"
|
|
21
|
+
end
|
|
22
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails" do
|
|
23
|
+
optional :image, :string, 1
|
|
24
|
+
optional :result, :enum, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult"
|
|
25
|
+
optional :description, :string, 3
|
|
26
|
+
end
|
|
27
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult" do
|
|
28
|
+
value :AUDIT_RESULT_UNSPECIFIED, 0
|
|
29
|
+
value :ALLOW, 1
|
|
30
|
+
value :DENY, 2
|
|
31
|
+
end
|
|
32
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict" do
|
|
33
|
+
value :POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, 0
|
|
34
|
+
value :VIOLATES_POLICY, 1
|
|
35
|
+
end
|
|
36
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent" do
|
|
37
|
+
optional :description, :string, 1
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
module Google
|
|
43
|
+
module Cloud
|
|
44
|
+
module BinaryAuthorization
|
|
45
|
+
module V1beta1
|
|
46
|
+
ContinuousValidationEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent").msgclass
|
|
47
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent").msgclass
|
|
48
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails").msgclass
|
|
49
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult").enummodule
|
|
50
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict").enummodule
|
|
51
|
+
ContinuousValidationEvent::UnsupportedPolicyEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent").msgclass
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
|
|
4
4
|
require 'google/protobuf'
|
|
5
5
|
|
|
6
|
+
require 'google/api/annotations_pb'
|
|
6
7
|
require 'google/api/field_behavior_pb'
|
|
7
8
|
require 'google/api/resource_pb'
|
|
8
9
|
require 'google/protobuf/timestamp_pb'
|
|
9
|
-
require 'google/api/annotations_pb'
|
|
10
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
11
11
|
add_file("google/cloud/binaryauthorization/v1beta1/resources.proto", :syntax => :proto3) do
|
|
12
12
|
add_message "google.cloud.binaryauthorization.v1beta1.Policy" do
|
|
@@ -36,42 +36,56 @@ module Google
|
|
|
36
36
|
# * [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor]
|
|
37
37
|
class Service
|
|
38
38
|
|
|
39
|
-
include GRPC::GenericService
|
|
39
|
+
include ::GRPC::GenericService
|
|
40
40
|
|
|
41
41
|
self.marshal_class_method = :encode
|
|
42
42
|
self.unmarshal_class_method = :decode
|
|
43
43
|
self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
|
|
44
44
|
|
|
45
|
-
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
-
#
|
|
45
|
+
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
+
# [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
|
|
47
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
47
48
|
# image. There is at most one policy per project. All image admission
|
|
48
49
|
# requests are permitted if a project has no policy.
|
|
49
50
|
#
|
|
50
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
51
|
-
#
|
|
51
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
52
|
+
# project. Returns a default
|
|
53
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
|
|
54
|
+
# does not have one.
|
|
52
55
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
53
|
-
# Creates or updates a project's
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
#
|
|
57
|
-
#
|
|
56
|
+
# Creates or updates a project's
|
|
57
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
|
|
58
|
+
# copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
|
|
59
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
60
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
61
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
62
|
+
# malformed.
|
|
58
63
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
59
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
60
|
-
#
|
|
61
|
-
#
|
|
62
|
-
#
|
|
64
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
65
|
+
# and returns a copy of the new
|
|
66
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
|
|
67
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
68
|
+
# malformed, ALREADY_EXISTS if the
|
|
69
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
|
|
70
|
+
# exists.
|
|
63
71
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
64
72
|
# Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
65
|
-
# Returns NOT_FOUND if the
|
|
73
|
+
# Returns NOT_FOUND if the
|
|
74
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
75
|
+
# exist.
|
|
66
76
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
67
77
|
# Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
68
|
-
# Returns NOT_FOUND if the
|
|
78
|
+
# Returns NOT_FOUND if the
|
|
79
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
80
|
+
# exist.
|
|
69
81
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
70
82
|
# Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
71
83
|
# Returns INVALID_ARGUMENT if the project does not exist.
|
|
72
84
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
|
|
73
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
74
|
-
#
|
|
85
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
86
|
+
# Returns NOT_FOUND if the
|
|
87
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
88
|
+
# exist.
|
|
75
89
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
|
76
90
|
end
|
|
77
91
|
|