google-cloud-binary_authorization-v1beta1 0.1.0

data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/credentials.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "googleauth"
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        module BinauthzManagementService
+          # Credentials for the BinauthzManagementService API.
+          class Credentials < ::Google::Auth::Credentials
+            self.scope = [
+              "https://www.googleapis.com/auth/cloud-platform"
+            ]
+            self.env_vars = [
+              "BINARY_AUTHORIZATION_CREDENTIALS",
+              "BINARY_AUTHORIZATION_KEYFILE",
+              "GOOGLE_CLOUD_CREDENTIALS",
+              "GOOGLE_CLOUD_KEYFILE",
+              "GCLOUD_KEYFILE",
+              "BINARY_AUTHORIZATION_CREDENTIALS_JSON",
+              "BINARY_AUTHORIZATION_KEYFILE_JSON",
+              "GOOGLE_CLOUD_CREDENTIALS_JSON",
+              "GOOGLE_CLOUD_KEYFILE_JSON",
+              "GCLOUD_KEYFILE_JSON"
+            ]
+            self.paths = [
+              "~/.config/google_cloud/application_default_credentials.json"
+            ]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/paths.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        module BinauthzManagementService
+          # Path helper methods for the BinauthzManagementService API.
+          module Paths
+            ##
+            # Create a fully-qualified Attestor resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}/attestors/{attestor}`
+            #
+            # @param project [String]
+            # @param attestor [String]
+            #
+            # @return [::String]
+            def attestor_path project:, attestor:
+              raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
+
+              "projects/#{project}/attestors/#{attestor}"
+            end
+
+            ##
+            # Create a fully-qualified Policy resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}/policy`
+            #
+            # @param project [String]
+            #
+            # @return [::String]
+            def policy_path project:
+              "projects/#{project}/policy"
+            end
+
+            ##
+            # Create a fully-qualified Project resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}`
+            #
+            # @param project [String]
+            #
+            # @return [::String]
+            def project_path project:
+              "projects/#{project}"
+            end
+
+            extend self
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/binary_authorization/v1beta1/version.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        VERSION = "0.1.0"
+      end
+    end
+  end
+end

data/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb

@@ -0,0 +1,105 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/binaryauthorization/v1beta1/resources.proto
+
+require 'google/protobuf'
+
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/binaryauthorization/v1beta1/resources.proto", :syntax => :proto3) do
+    add_message "google.cloud.binaryauthorization.v1beta1.Policy" do
+      optional :name, :string, 1
+      optional :description, :string, 6
+      optional :global_policy_evaluation_mode, :enum, 7, "google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode"
+      repeated :admission_whitelist_patterns, :message, 2, "google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern"
+      map :cluster_admission_rules, :string, :message, 3, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
+      optional :default_admission_rule, :message, 4, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
+      optional :update_time, :message, 5, "google.protobuf.Timestamp"
+    end
+    add_enum "google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode" do
+      value :GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, 0
+      value :ENABLE, 1
+      value :DISABLE, 2
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern" do
+      optional :name_pattern, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.AdmissionRule" do
+      optional :evaluation_mode, :enum, 1, "google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode"
+      repeated :require_attestations_by, :string, 2
+      optional :enforcement_mode, :enum, 3, "google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode"
+    end
+    add_enum "google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode" do
+      value :EVALUATION_MODE_UNSPECIFIED, 0
+      value :ALWAYS_ALLOW, 1
+      value :REQUIRE_ATTESTATION, 2
+      value :ALWAYS_DENY, 3
+    end
+    add_enum "google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode" do
+      value :ENFORCEMENT_MODE_UNSPECIFIED, 0
+      value :ENFORCED_BLOCK_AND_AUDIT_LOG, 1
+      value :DRYRUN_AUDIT_LOG_ONLY, 2
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.Attestor" do
+      optional :name, :string, 1
+      optional :description, :string, 6
+      optional :update_time, :message, 4, "google.protobuf.Timestamp"
+      oneof :attestor_type do
+        optional :user_owned_drydock_note, :message, 3, "google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote"
+      end
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote" do
+      optional :note_reference, :string, 1
+      repeated :public_keys, :message, 2, "google.cloud.binaryauthorization.v1beta1.AttestorPublicKey"
+      optional :delegation_service_account_email, :string, 3
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.PkixPublicKey" do
+      optional :public_key_pem, :string, 1
+      optional :signature_algorithm, :enum, 2, "google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm"
+    end
+    add_enum "google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm" do
+      value :SIGNATURE_ALGORITHM_UNSPECIFIED, 0
+      value :RSA_PSS_2048_SHA256, 1
+      value :RSA_PSS_3072_SHA256, 2
+      value :RSA_PSS_4096_SHA256, 3
+      value :RSA_PSS_4096_SHA512, 4
+      value :RSA_SIGN_PKCS1_2048_SHA256, 5
+      value :RSA_SIGN_PKCS1_3072_SHA256, 6
+      value :RSA_SIGN_PKCS1_4096_SHA256, 7
+      value :RSA_SIGN_PKCS1_4096_SHA512, 8
+      value :ECDSA_P256_SHA256, 9
+      value :ECDSA_P384_SHA384, 10
+      value :ECDSA_P521_SHA512, 11
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.AttestorPublicKey" do
+      optional :comment, :string, 1
+      optional :id, :string, 2
+      oneof :public_key do
+        optional :ascii_armored_pgp_public_key, :string, 3
+        optional :pkix_public_key, :message, 5, "google.cloud.binaryauthorization.v1beta1.PkixPublicKey"
+      end
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.Policy").msgclass
+        Policy::GlobalPolicyEvaluationMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode").enummodule
+        AdmissionWhitelistPattern = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern").msgclass
+        AdmissionRule = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.AdmissionRule").msgclass
+        AdmissionRule::EvaluationMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode").enummodule
+        AdmissionRule::EnforcementMode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode").enummodule
+        Attestor = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.Attestor").msgclass
+        UserOwnedDrydockNote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote").msgclass
+        PkixPublicKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.PkixPublicKey").msgclass
+        PkixPublicKey::SignatureAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm").enummodule
+        AttestorPublicKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.AttestorPublicKey").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb

@@ -0,0 +1,61 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/cloud/binaryauthorization/v1beta1/service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/cloud/binaryauthorization/v1beta1/resources_pb'
+require 'google/protobuf/empty_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/cloud/binaryauthorization/v1beta1/service.proto", :syntax => :proto3) do
+    add_message "google.cloud.binaryauthorization.v1beta1.GetPolicyRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest" do
+      optional :policy, :message, 1, "google.cloud.binaryauthorization.v1beta1.Policy"
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest" do
+      optional :parent, :string, 1
+      optional :attestor_id, :string, 2
+      optional :attestor, :message, 3, "google.cloud.binaryauthorization.v1beta1.Attestor"
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.GetAttestorRequest" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest" do
+      optional :attestor, :message, 1, "google.cloud.binaryauthorization.v1beta1.Attestor"
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest" do
+      optional :parent, :string, 1
+      optional :page_size, :int32, 2
+      optional :page_token, :string, 3
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse" do
+      repeated :attestors, :message, 1, "google.cloud.binaryauthorization.v1beta1.Attestor"
+      optional :next_page_token, :string, 2
+    end
+    add_message "google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest" do
+      optional :name, :string, 1
+    end
+  end
+end
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        GetPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.GetPolicyRequest").msgclass
+        UpdatePolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest").msgclass
+        CreateAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest").msgclass
+        GetAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.GetAttestorRequest").msgclass
+        UpdateAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest").msgclass
+        ListAttestorsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest").msgclass
+        ListAttestorsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse").msgclass
+        DeleteAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest").msgclass
+      end
+    end
+  end
+end

data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb

@@ -0,0 +1,83 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/cloud/binaryauthorization/v1beta1/service.proto for package 'Google.Cloud.BinaryAuthorization.V1beta1'
+# Original file comments:
+# Copyright 2019 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+require 'grpc'
+require 'google/cloud/binaryauthorization/v1beta1/service_pb'
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        module BinauthzManagementServiceV1Beta1
+          # Customer-facing API for Cloud Binary Authorization.
+          #
+          # Google Cloud Management Service for Binary Authorization admission policies
+          # and attestation authorities.
+          #
+          # This API implements a REST model with the following objects:
+          #
+          # * [Policy][google.cloud.binaryauthorization.v1beta1.Policy]
+          # * [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor]
+          class Service
+
+            include GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
+
+            # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
+            # a container image, before the project is allowed to deploy that
+            # image. There is at most one policy per project. All image admission
+            # requests are permitted if a project has no policy.
+            #
+            # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
+            # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
+            rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
+            # Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
+            # new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
+            # conditions with concurrent policy enforcement (or management!)
+            # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+            # if the request is malformed.
+            rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
+            # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
+            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
+            # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
+            rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
+            # Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
+            # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
+            rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
+            # Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
+            # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
+            rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
+            # Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
+            # Returns INVALID_ARGUMENT if the project does not exist.
+            rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
+            # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
+            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
+            rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/proto_docs/README.md

@@ -0,0 +1,4 @@
+# Binary Authorization V1beta1 Protocol Buffer Documentation
+
+These files are for the YARD documentation of the generated protobuf files.
+They are not intended to be required or loaded at runtime.

data/proto_docs/google/api/field_behavior.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # An indicator of the behavior of a given field (for example, that a field
+    # is required in requests, or given as output but ignored as input).
+    # This **does not** change the behavior in protocol buffers itself; it only
+    # denotes the behavior and may affect how API tooling handles the field.
+    #
+    # Note: This enum **may** receive new values in the future.
+    module FieldBehavior
+      # Conventional default for enums. Do not use this.
+      FIELD_BEHAVIOR_UNSPECIFIED = 0
+
+      # Specifically denotes a field as optional.
+      # While all fields in protocol buffers are optional, this may be specified
+      # for emphasis if appropriate.
+      OPTIONAL = 1
+
+      # Denotes a field as required.
+      # This indicates that the field **must** be provided as part of the request,
+      # and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
+      REQUIRED = 2
+
+      # Denotes a field as output only.
+      # This indicates that the field is provided in responses, but including the
+      # field in a request does nothing (the server *must* ignore it and
+      # *must not* throw an error as a result of the field's presence).
+      OUTPUT_ONLY = 3
+
+      # Denotes a field as input only.
+      # This indicates that the field is provided in requests, and the
+      # corresponding field is not included in output.
+      INPUT_ONLY = 4
+
+      # Denotes a field as immutable.
+      # This indicates that the field may be set once in a request to create a
+      # resource, but may not be changed thereafter.
+      IMMUTABLE = 5
+    end
+  end
+end