google-cloud-binary_authorization-v1beta1 0.1.1 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +8 -8
- data/LICENSE.md +188 -190
- data/README.md +67 -3
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +89 -73
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb +55 -0
- data/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +31 -17
- data/proto_docs/google/api/field_behavior.rb +12 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb +104 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +24 -17
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +22 -11
|
@@ -66,59 +66,41 @@ module Google
|
|
|
66
66
|
parent_config = while namespace.any?
|
|
67
67
|
parent_name = namespace.join "::"
|
|
68
68
|
parent_const = const_get parent_name
|
|
69
|
-
break parent_const.configure if parent_const
|
|
69
|
+
break parent_const.configure if parent_const.respond_to? :configure
|
|
70
70
|
namespace.pop
|
|
71
71
|
end
|
|
72
72
|
default_config = Client::Configuration.new parent_config
|
|
73
73
|
|
|
74
74
|
default_config.rpcs.get_policy.timeout = 600.0
|
|
75
75
|
default_config.rpcs.get_policy.retry_policy = {
|
|
76
|
-
initial_delay: 0.1,
|
|
77
|
-
max_delay: 60.0,
|
|
78
|
-
multiplier: 1.3,
|
|
79
|
-
retry_codes: [4, 14]
|
|
76
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
80
77
|
}
|
|
81
78
|
|
|
82
79
|
default_config.rpcs.update_policy.timeout = 600.0
|
|
83
80
|
default_config.rpcs.update_policy.retry_policy = {
|
|
84
|
-
initial_delay: 0.1,
|
|
85
|
-
max_delay: 60.0,
|
|
86
|
-
multiplier: 1.3,
|
|
87
|
-
retry_codes: [4, 14]
|
|
81
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
88
82
|
}
|
|
89
83
|
|
|
90
84
|
default_config.rpcs.create_attestor.timeout = 600.0
|
|
91
85
|
|
|
92
86
|
default_config.rpcs.get_attestor.timeout = 600.0
|
|
93
87
|
default_config.rpcs.get_attestor.retry_policy = {
|
|
94
|
-
initial_delay: 0.1,
|
|
95
|
-
max_delay: 60.0,
|
|
96
|
-
multiplier: 1.3,
|
|
97
|
-
retry_codes: [4, 14]
|
|
88
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
98
89
|
}
|
|
99
90
|
|
|
100
91
|
default_config.rpcs.update_attestor.timeout = 600.0
|
|
101
92
|
default_config.rpcs.update_attestor.retry_policy = {
|
|
102
|
-
initial_delay: 0.1,
|
|
103
|
-
max_delay: 60.0,
|
|
104
|
-
multiplier: 1.3,
|
|
105
|
-
retry_codes: [4, 14]
|
|
93
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
106
94
|
}
|
|
107
95
|
|
|
108
96
|
default_config.rpcs.list_attestors.timeout = 600.0
|
|
109
97
|
default_config.rpcs.list_attestors.retry_policy = {
|
|
110
|
-
initial_delay: 0.1,
|
|
111
|
-
max_delay: 60.0,
|
|
112
|
-
multiplier: 1.3,
|
|
113
|
-
retry_codes: [4, 14]
|
|
98
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
114
99
|
}
|
|
115
100
|
|
|
116
101
|
default_config.rpcs.delete_attestor.timeout = 600.0
|
|
117
102
|
default_config.rpcs.delete_attestor.retry_policy = {
|
|
118
|
-
initial_delay: 0.1,
|
|
119
|
-
max_delay: 60.0,
|
|
120
|
-
multiplier: 1.3,
|
|
121
|
-
retry_codes: [4, 14]
|
|
103
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
122
104
|
}
|
|
123
105
|
|
|
124
106
|
default_config
|
|
@@ -182,8 +164,14 @@ module Google
|
|
|
182
164
|
|
|
183
165
|
# Create credentials
|
|
184
166
|
credentials = @config.credentials
|
|
185
|
-
|
|
186
|
-
if
|
|
167
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
|
168
|
+
# but only if the default endpoint does not have a region prefix.
|
|
169
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
|
170
|
+
@config.endpoint == Client.configure.endpoint &&
|
|
171
|
+
!@config.endpoint.split(".").first.include?("-")
|
|
172
|
+
credentials ||= Credentials.default scope: @config.scope,
|
|
173
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
|
174
|
+
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
187
175
|
credentials = Credentials.new credentials, scope: @config.scope
|
|
188
176
|
end
|
|
189
177
|
@quota_project_id = @config.quota_project
|
|
@@ -201,13 +189,16 @@ module Google
|
|
|
201
189
|
# Service calls
|
|
202
190
|
|
|
203
191
|
##
|
|
204
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
205
|
-
#
|
|
192
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
193
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must
|
|
194
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
206
195
|
# image. There is at most one policy per project. All image admission
|
|
207
196
|
# requests are permitted if a project has no policy.
|
|
208
197
|
#
|
|
209
|
-
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
210
|
-
#
|
|
198
|
+
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
199
|
+
# project. Returns a default
|
|
200
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project
|
|
201
|
+
# does not have one.
|
|
211
202
|
#
|
|
212
203
|
# @overload get_policy(request, options = nil)
|
|
213
204
|
# Pass arguments to `get_policy` via a request object, either of type
|
|
@@ -225,8 +216,9 @@ module Google
|
|
|
225
216
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
226
217
|
#
|
|
227
218
|
# @param name [::String]
|
|
228
|
-
# Required. The resource name of the
|
|
229
|
-
#
|
|
219
|
+
# Required. The resource name of the
|
|
220
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
221
|
+
# the format `projects/*/policy`.
|
|
230
222
|
#
|
|
231
223
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
232
224
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -274,11 +266,13 @@ module Google
|
|
|
274
266
|
end
|
|
275
267
|
|
|
276
268
|
##
|
|
277
|
-
# Creates or updates a project's
|
|
278
|
-
#
|
|
279
|
-
#
|
|
280
|
-
#
|
|
281
|
-
#
|
|
269
|
+
# Creates or updates a project's
|
|
270
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a
|
|
271
|
+
# copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}.
|
|
272
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
273
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
274
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
275
|
+
# malformed.
|
|
282
276
|
#
|
|
283
277
|
# @overload update_policy(request, options = nil)
|
|
284
278
|
# Pass arguments to `update_policy` via a request object, either of type
|
|
@@ -296,9 +290,11 @@ module Google
|
|
|
296
290
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
297
291
|
#
|
|
298
292
|
# @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash]
|
|
299
|
-
# Required. A new or updated
|
|
300
|
-
#
|
|
301
|
-
#
|
|
293
|
+
# Required. A new or updated
|
|
294
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
295
|
+
# service will overwrite the [policy
|
|
296
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
297
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
302
298
|
#
|
|
303
299
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
304
300
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -346,10 +342,13 @@ module Google
|
|
|
346
342
|
end
|
|
347
343
|
|
|
348
344
|
##
|
|
349
|
-
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
350
|
-
#
|
|
351
|
-
#
|
|
352
|
-
#
|
|
345
|
+
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
346
|
+
# and returns a copy of the new
|
|
347
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns
|
|
348
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
349
|
+
# malformed, ALREADY_EXISTS if the
|
|
350
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already
|
|
351
|
+
# exists.
|
|
353
352
|
#
|
|
354
353
|
# @overload create_attestor(request, options = nil)
|
|
355
354
|
# Pass arguments to `create_attestor` via a request object, either of type
|
|
@@ -367,13 +366,17 @@ module Google
|
|
|
367
366
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
368
367
|
#
|
|
369
368
|
# @param parent [::String]
|
|
370
|
-
# Required. The parent of this
|
|
369
|
+
# Required. The parent of this
|
|
370
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
371
371
|
# @param attestor_id [::String]
|
|
372
|
-
# Required. The
|
|
372
|
+
# Required. The
|
|
373
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
373
374
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
374
|
-
# Required. The initial
|
|
375
|
-
#
|
|
376
|
-
#
|
|
375
|
+
# Required. The initial
|
|
376
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
377
|
+
# service will overwrite the [attestor
|
|
378
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
379
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
377
380
|
#
|
|
378
381
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
379
382
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -422,7 +425,9 @@ module Google
|
|
|
422
425
|
|
|
423
426
|
##
|
|
424
427
|
# Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
425
|
-
# Returns NOT_FOUND if the
|
|
428
|
+
# Returns NOT_FOUND if the
|
|
429
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
430
|
+
# exist.
|
|
426
431
|
#
|
|
427
432
|
# @overload get_attestor(request, options = nil)
|
|
428
433
|
# Pass arguments to `get_attestor` via a request object, either of type
|
|
@@ -440,8 +445,9 @@ module Google
|
|
|
440
445
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
441
446
|
#
|
|
442
447
|
# @param name [::String]
|
|
443
|
-
# Required. The name of the
|
|
444
|
-
#
|
|
448
|
+
# Required. The name of the
|
|
449
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
450
|
+
# in the format `projects/*/attestors/*`.
|
|
445
451
|
#
|
|
446
452
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
447
453
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -490,7 +496,9 @@ module Google
|
|
|
490
496
|
|
|
491
497
|
##
|
|
492
498
|
# Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
493
|
-
# Returns NOT_FOUND if the
|
|
499
|
+
# Returns NOT_FOUND if the
|
|
500
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
501
|
+
# exist.
|
|
494
502
|
#
|
|
495
503
|
# @overload update_attestor(request, options = nil)
|
|
496
504
|
# Pass arguments to `update_attestor` via a request object, either of type
|
|
@@ -508,9 +516,12 @@ module Google
|
|
|
508
516
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
509
517
|
#
|
|
510
518
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
511
|
-
# Required. The updated
|
|
512
|
-
#
|
|
513
|
-
#
|
|
519
|
+
# Required. The updated
|
|
520
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
521
|
+
# service will overwrite the [attestor
|
|
522
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
523
|
+
# the resource name in the request URL, in the format
|
|
524
|
+
# `projects/*/attestors/*`.
|
|
514
525
|
#
|
|
515
526
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
516
527
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -578,14 +589,16 @@ module Google
|
|
|
578
589
|
#
|
|
579
590
|
# @param parent [::String]
|
|
580
591
|
# Required. The resource name of the project associated with the
|
|
581
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
592
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
593
|
+
# format `projects/*`.
|
|
582
594
|
# @param page_size [::Integer]
|
|
583
595
|
# Requested page size. The server may return fewer results than requested. If
|
|
584
596
|
# unspecified, the server will pick an appropriate default.
|
|
585
597
|
# @param page_token [::String]
|
|
586
598
|
# A token identifying a page of results the server should return. Typically,
|
|
587
|
-
# this is the value of
|
|
588
|
-
#
|
|
599
|
+
# this is the value of
|
|
600
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
601
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
589
602
|
#
|
|
590
603
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
591
604
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>]
|
|
@@ -634,8 +647,10 @@ module Google
|
|
|
634
647
|
end
|
|
635
648
|
|
|
636
649
|
##
|
|
637
|
-
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
638
|
-
#
|
|
650
|
+
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
651
|
+
# Returns NOT_FOUND if the
|
|
652
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
653
|
+
# exist.
|
|
639
654
|
#
|
|
640
655
|
# @overload delete_attestor(request, options = nil)
|
|
641
656
|
# Pass arguments to `delete_attestor` via a request object, either of type
|
|
@@ -653,8 +668,9 @@ module Google
|
|
|
653
668
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
654
669
|
#
|
|
655
670
|
# @param name [::String]
|
|
656
|
-
# Required. The name of the
|
|
657
|
-
#
|
|
671
|
+
# Required. The name of the
|
|
672
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
673
|
+
# in the format `projects/*/attestors/*`.
|
|
658
674
|
#
|
|
659
675
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
660
676
|
# @yieldparam response [::Google::Protobuf::Empty]
|
|
@@ -793,7 +809,7 @@ module Google
|
|
|
793
809
|
config_attr :scope, nil, ::String, ::Array, nil
|
|
794
810
|
config_attr :lib_name, nil, ::String, nil
|
|
795
811
|
config_attr :lib_version, nil, ::String, nil
|
|
796
|
-
config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
|
|
812
|
+
config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
|
|
797
813
|
config_attr :interceptors, nil, ::Array, nil
|
|
798
814
|
config_attr :timeout, nil, ::Numeric, nil
|
|
799
815
|
config_attr :metadata, nil, ::Hash, nil
|
|
@@ -814,7 +830,7 @@ module Google
|
|
|
814
830
|
def rpcs
|
|
815
831
|
@rpcs ||= begin
|
|
816
832
|
parent_rpcs = nil
|
|
817
|
-
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config
|
|
833
|
+
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
|
|
818
834
|
Rpcs.new parent_rpcs
|
|
819
835
|
end
|
|
820
836
|
end
|
|
@@ -875,19 +891,19 @@ module Google
|
|
|
875
891
|
|
|
876
892
|
# @private
|
|
877
893
|
def initialize parent_rpcs = nil
|
|
878
|
-
get_policy_config = parent_rpcs
|
|
894
|
+
get_policy_config = parent_rpcs.get_policy if parent_rpcs.respond_to? :get_policy
|
|
879
895
|
@get_policy = ::Gapic::Config::Method.new get_policy_config
|
|
880
|
-
update_policy_config = parent_rpcs
|
|
896
|
+
update_policy_config = parent_rpcs.update_policy if parent_rpcs.respond_to? :update_policy
|
|
881
897
|
@update_policy = ::Gapic::Config::Method.new update_policy_config
|
|
882
|
-
create_attestor_config = parent_rpcs
|
|
898
|
+
create_attestor_config = parent_rpcs.create_attestor if parent_rpcs.respond_to? :create_attestor
|
|
883
899
|
@create_attestor = ::Gapic::Config::Method.new create_attestor_config
|
|
884
|
-
get_attestor_config = parent_rpcs
|
|
900
|
+
get_attestor_config = parent_rpcs.get_attestor if parent_rpcs.respond_to? :get_attestor
|
|
885
901
|
@get_attestor = ::Gapic::Config::Method.new get_attestor_config
|
|
886
|
-
update_attestor_config = parent_rpcs
|
|
902
|
+
update_attestor_config = parent_rpcs.update_attestor if parent_rpcs.respond_to? :update_attestor
|
|
887
903
|
@update_attestor = ::Gapic::Config::Method.new update_attestor_config
|
|
888
|
-
list_attestors_config = parent_rpcs
|
|
904
|
+
list_attestors_config = parent_rpcs.list_attestors if parent_rpcs.respond_to? :list_attestors
|
|
889
905
|
@list_attestors = ::Gapic::Config::Method.new list_attestors_config
|
|
890
|
-
delete_attestor_config = parent_rpcs
|
|
906
|
+
delete_attestor_config = parent_rpcs.delete_attestor if parent_rpcs.respond_to? :delete_attestor
|
|
891
907
|
@delete_attestor = ::Gapic::Config::Method.new delete_attestor_config
|
|
892
908
|
|
|
893
909
|
yield self if block_given?
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
|
|
3
|
+
|
|
4
|
+
require 'google/protobuf'
|
|
5
|
+
|
|
6
|
+
require 'google/protobuf/timestamp_pb'
|
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
8
|
+
add_file("google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto", :syntax => :proto3) do
|
|
9
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent" do
|
|
10
|
+
oneof :event_type do
|
|
11
|
+
optional :pod_event, :message, 1, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent"
|
|
12
|
+
optional :unsupported_policy_event, :message, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent"
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent" do
|
|
16
|
+
optional :pod, :string, 1
|
|
17
|
+
optional :deploy_time, :message, 2, "google.protobuf.Timestamp"
|
|
18
|
+
optional :end_time, :message, 3, "google.protobuf.Timestamp"
|
|
19
|
+
optional :verdict, :enum, 4, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict"
|
|
20
|
+
repeated :images, :message, 5, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails"
|
|
21
|
+
end
|
|
22
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails" do
|
|
23
|
+
optional :image, :string, 1
|
|
24
|
+
optional :result, :enum, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult"
|
|
25
|
+
optional :description, :string, 3
|
|
26
|
+
end
|
|
27
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult" do
|
|
28
|
+
value :AUDIT_RESULT_UNSPECIFIED, 0
|
|
29
|
+
value :ALLOW, 1
|
|
30
|
+
value :DENY, 2
|
|
31
|
+
end
|
|
32
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict" do
|
|
33
|
+
value :POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, 0
|
|
34
|
+
value :VIOLATES_POLICY, 1
|
|
35
|
+
end
|
|
36
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent" do
|
|
37
|
+
optional :description, :string, 1
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
module Google
|
|
43
|
+
module Cloud
|
|
44
|
+
module BinaryAuthorization
|
|
45
|
+
module V1beta1
|
|
46
|
+
ContinuousValidationEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent").msgclass
|
|
47
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent").msgclass
|
|
48
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails").msgclass
|
|
49
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult").enummodule
|
|
50
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict").enummodule
|
|
51
|
+
ContinuousValidationEvent::UnsupportedPolicyEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent").msgclass
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
|
|
4
4
|
require 'google/protobuf'
|
|
5
5
|
|
|
6
|
+
require 'google/api/annotations_pb'
|
|
6
7
|
require 'google/api/field_behavior_pb'
|
|
7
8
|
require 'google/api/resource_pb'
|
|
8
9
|
require 'google/protobuf/timestamp_pb'
|
|
9
|
-
require 'google/api/annotations_pb'
|
|
10
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
11
11
|
add_file("google/cloud/binaryauthorization/v1beta1/resources.proto", :syntax => :proto3) do
|
|
12
12
|
add_message "google.cloud.binaryauthorization.v1beta1.Policy" do
|
|
@@ -42,36 +42,50 @@ module Google
|
|
|
42
42
|
self.unmarshal_class_method = :decode
|
|
43
43
|
self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
|
|
44
44
|
|
|
45
|
-
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
-
#
|
|
45
|
+
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
+
# [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
|
|
47
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
47
48
|
# image. There is at most one policy per project. All image admission
|
|
48
49
|
# requests are permitted if a project has no policy.
|
|
49
50
|
#
|
|
50
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
51
|
-
#
|
|
51
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
52
|
+
# project. Returns a default
|
|
53
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
|
|
54
|
+
# does not have one.
|
|
52
55
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
53
|
-
# Creates or updates a project's
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
#
|
|
57
|
-
#
|
|
56
|
+
# Creates or updates a project's
|
|
57
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
|
|
58
|
+
# copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
|
|
59
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
60
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
61
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
62
|
+
# malformed.
|
|
58
63
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
59
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
60
|
-
#
|
|
61
|
-
#
|
|
62
|
-
#
|
|
64
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
65
|
+
# and returns a copy of the new
|
|
66
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
|
|
67
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
68
|
+
# malformed, ALREADY_EXISTS if the
|
|
69
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
|
|
70
|
+
# exists.
|
|
63
71
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
64
72
|
# Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
65
|
-
# Returns NOT_FOUND if the
|
|
73
|
+
# Returns NOT_FOUND if the
|
|
74
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
75
|
+
# exist.
|
|
66
76
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
67
77
|
# Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
68
|
-
# Returns NOT_FOUND if the
|
|
78
|
+
# Returns NOT_FOUND if the
|
|
79
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
80
|
+
# exist.
|
|
69
81
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
70
82
|
# Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
71
83
|
# Returns INVALID_ARGUMENT if the project does not exist.
|
|
72
84
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
|
|
73
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
74
|
-
#
|
|
85
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
86
|
+
# Returns NOT_FOUND if the
|
|
87
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
88
|
+
# exist.
|
|
75
89
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
|
76
90
|
end
|
|
77
91
|
|