google-cloud-binary_authorization-v1beta1 0.1.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +8 -8
- data/LICENSE.md +188 -190
- data/README.md +67 -3
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +89 -73
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb +55 -0
- data/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +31 -17
- data/proto_docs/google/api/field_behavior.rb +12 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb +104 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +24 -17
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +22 -11
@@ -66,59 +66,41 @@ module Google
|
|
66
66
|
parent_config = while namespace.any?
|
67
67
|
parent_name = namespace.join "::"
|
68
68
|
parent_const = const_get parent_name
|
69
|
-
break parent_const.configure if parent_const
|
69
|
+
break parent_const.configure if parent_const.respond_to? :configure
|
70
70
|
namespace.pop
|
71
71
|
end
|
72
72
|
default_config = Client::Configuration.new parent_config
|
73
73
|
|
74
74
|
default_config.rpcs.get_policy.timeout = 600.0
|
75
75
|
default_config.rpcs.get_policy.retry_policy = {
|
76
|
-
initial_delay: 0.1,
|
77
|
-
max_delay: 60.0,
|
78
|
-
multiplier: 1.3,
|
79
|
-
retry_codes: [4, 14]
|
76
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
80
77
|
}
|
81
78
|
|
82
79
|
default_config.rpcs.update_policy.timeout = 600.0
|
83
80
|
default_config.rpcs.update_policy.retry_policy = {
|
84
|
-
initial_delay: 0.1,
|
85
|
-
max_delay: 60.0,
|
86
|
-
multiplier: 1.3,
|
87
|
-
retry_codes: [4, 14]
|
81
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
88
82
|
}
|
89
83
|
|
90
84
|
default_config.rpcs.create_attestor.timeout = 600.0
|
91
85
|
|
92
86
|
default_config.rpcs.get_attestor.timeout = 600.0
|
93
87
|
default_config.rpcs.get_attestor.retry_policy = {
|
94
|
-
initial_delay: 0.1,
|
95
|
-
max_delay: 60.0,
|
96
|
-
multiplier: 1.3,
|
97
|
-
retry_codes: [4, 14]
|
88
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
98
89
|
}
|
99
90
|
|
100
91
|
default_config.rpcs.update_attestor.timeout = 600.0
|
101
92
|
default_config.rpcs.update_attestor.retry_policy = {
|
102
|
-
initial_delay: 0.1,
|
103
|
-
max_delay: 60.0,
|
104
|
-
multiplier: 1.3,
|
105
|
-
retry_codes: [4, 14]
|
93
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
106
94
|
}
|
107
95
|
|
108
96
|
default_config.rpcs.list_attestors.timeout = 600.0
|
109
97
|
default_config.rpcs.list_attestors.retry_policy = {
|
110
|
-
initial_delay: 0.1,
|
111
|
-
max_delay: 60.0,
|
112
|
-
multiplier: 1.3,
|
113
|
-
retry_codes: [4, 14]
|
98
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
114
99
|
}
|
115
100
|
|
116
101
|
default_config.rpcs.delete_attestor.timeout = 600.0
|
117
102
|
default_config.rpcs.delete_attestor.retry_policy = {
|
118
|
-
initial_delay: 0.1,
|
119
|
-
max_delay: 60.0,
|
120
|
-
multiplier: 1.3,
|
121
|
-
retry_codes: [4, 14]
|
103
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
122
104
|
}
|
123
105
|
|
124
106
|
default_config
|
@@ -182,8 +164,14 @@ module Google
|
|
182
164
|
|
183
165
|
# Create credentials
|
184
166
|
credentials = @config.credentials
|
185
|
-
|
186
|
-
if
|
167
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
168
|
+
# but only if the default endpoint does not have a region prefix.
|
169
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
170
|
+
@config.endpoint == Client.configure.endpoint &&
|
171
|
+
!@config.endpoint.split(".").first.include?("-")
|
172
|
+
credentials ||= Credentials.default scope: @config.scope,
|
173
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
174
|
+
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
187
175
|
credentials = Credentials.new credentials, scope: @config.scope
|
188
176
|
end
|
189
177
|
@quota_project_id = @config.quota_project
|
@@ -201,13 +189,16 @@ module Google
|
|
201
189
|
# Service calls
|
202
190
|
|
203
191
|
##
|
204
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
205
|
-
#
|
192
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
193
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must
|
194
|
+
# attest to a container image, before the project is allowed to deploy that
|
206
195
|
# image. There is at most one policy per project. All image admission
|
207
196
|
# requests are permitted if a project has no policy.
|
208
197
|
#
|
209
|
-
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
210
|
-
#
|
198
|
+
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
199
|
+
# project. Returns a default
|
200
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project
|
201
|
+
# does not have one.
|
211
202
|
#
|
212
203
|
# @overload get_policy(request, options = nil)
|
213
204
|
# Pass arguments to `get_policy` via a request object, either of type
|
@@ -225,8 +216,9 @@ module Google
|
|
225
216
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
226
217
|
#
|
227
218
|
# @param name [::String]
|
228
|
-
# Required. The resource name of the
|
229
|
-
#
|
219
|
+
# Required. The resource name of the
|
220
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
221
|
+
# the format `projects/*/policy`.
|
230
222
|
#
|
231
223
|
# @yield [response, operation] Access the result along with the RPC operation
|
232
224
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
@@ -274,11 +266,13 @@ module Google
|
|
274
266
|
end
|
275
267
|
|
276
268
|
##
|
277
|
-
# Creates or updates a project's
|
278
|
-
#
|
279
|
-
#
|
280
|
-
#
|
281
|
-
#
|
269
|
+
# Creates or updates a project's
|
270
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a
|
271
|
+
# copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}.
|
272
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
273
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
274
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
275
|
+
# malformed.
|
282
276
|
#
|
283
277
|
# @overload update_policy(request, options = nil)
|
284
278
|
# Pass arguments to `update_policy` via a request object, either of type
|
@@ -296,9 +290,11 @@ module Google
|
|
296
290
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
297
291
|
#
|
298
292
|
# @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash]
|
299
|
-
# Required. A new or updated
|
300
|
-
#
|
301
|
-
#
|
293
|
+
# Required. A new or updated
|
294
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
295
|
+
# service will overwrite the [policy
|
296
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
297
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
302
298
|
#
|
303
299
|
# @yield [response, operation] Access the result along with the RPC operation
|
304
300
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
@@ -346,10 +342,13 @@ module Google
|
|
346
342
|
end
|
347
343
|
|
348
344
|
##
|
349
|
-
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
350
|
-
#
|
351
|
-
#
|
352
|
-
#
|
345
|
+
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
346
|
+
# and returns a copy of the new
|
347
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns
|
348
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
349
|
+
# malformed, ALREADY_EXISTS if the
|
350
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already
|
351
|
+
# exists.
|
353
352
|
#
|
354
353
|
# @overload create_attestor(request, options = nil)
|
355
354
|
# Pass arguments to `create_attestor` via a request object, either of type
|
@@ -367,13 +366,17 @@ module Google
|
|
367
366
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
368
367
|
#
|
369
368
|
# @param parent [::String]
|
370
|
-
# Required. The parent of this
|
369
|
+
# Required. The parent of this
|
370
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
371
371
|
# @param attestor_id [::String]
|
372
|
-
# Required. The
|
372
|
+
# Required. The
|
373
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
373
374
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
374
|
-
# Required. The initial
|
375
|
-
#
|
376
|
-
#
|
375
|
+
# Required. The initial
|
376
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
377
|
+
# service will overwrite the [attestor
|
378
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
379
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
377
380
|
#
|
378
381
|
# @yield [response, operation] Access the result along with the RPC operation
|
379
382
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
@@ -422,7 +425,9 @@ module Google
|
|
422
425
|
|
423
426
|
##
|
424
427
|
# Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
425
|
-
# Returns NOT_FOUND if the
|
428
|
+
# Returns NOT_FOUND if the
|
429
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
430
|
+
# exist.
|
426
431
|
#
|
427
432
|
# @overload get_attestor(request, options = nil)
|
428
433
|
# Pass arguments to `get_attestor` via a request object, either of type
|
@@ -440,8 +445,9 @@ module Google
|
|
440
445
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
441
446
|
#
|
442
447
|
# @param name [::String]
|
443
|
-
# Required. The name of the
|
444
|
-
#
|
448
|
+
# Required. The name of the
|
449
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
450
|
+
# in the format `projects/*/attestors/*`.
|
445
451
|
#
|
446
452
|
# @yield [response, operation] Access the result along with the RPC operation
|
447
453
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
@@ -490,7 +496,9 @@ module Google
|
|
490
496
|
|
491
497
|
##
|
492
498
|
# Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
493
|
-
# Returns NOT_FOUND if the
|
499
|
+
# Returns NOT_FOUND if the
|
500
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
501
|
+
# exist.
|
494
502
|
#
|
495
503
|
# @overload update_attestor(request, options = nil)
|
496
504
|
# Pass arguments to `update_attestor` via a request object, either of type
|
@@ -508,9 +516,12 @@ module Google
|
|
508
516
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
509
517
|
#
|
510
518
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
511
|
-
# Required. The updated
|
512
|
-
#
|
513
|
-
#
|
519
|
+
# Required. The updated
|
520
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
521
|
+
# service will overwrite the [attestor
|
522
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
523
|
+
# the resource name in the request URL, in the format
|
524
|
+
# `projects/*/attestors/*`.
|
514
525
|
#
|
515
526
|
# @yield [response, operation] Access the result along with the RPC operation
|
516
527
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
@@ -578,14 +589,16 @@ module Google
|
|
578
589
|
#
|
579
590
|
# @param parent [::String]
|
580
591
|
# Required. The resource name of the project associated with the
|
581
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
592
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
593
|
+
# format `projects/*`.
|
582
594
|
# @param page_size [::Integer]
|
583
595
|
# Requested page size. The server may return fewer results than requested. If
|
584
596
|
# unspecified, the server will pick an appropriate default.
|
585
597
|
# @param page_token [::String]
|
586
598
|
# A token identifying a page of results the server should return. Typically,
|
587
|
-
# this is the value of
|
588
|
-
#
|
599
|
+
# this is the value of
|
600
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
601
|
+
# returned from the previous call to the `ListAttestors` method.
|
589
602
|
#
|
590
603
|
# @yield [response, operation] Access the result along with the RPC operation
|
591
604
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>]
|
@@ -634,8 +647,10 @@ module Google
|
|
634
647
|
end
|
635
648
|
|
636
649
|
##
|
637
|
-
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
638
|
-
#
|
650
|
+
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
651
|
+
# Returns NOT_FOUND if the
|
652
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
653
|
+
# exist.
|
639
654
|
#
|
640
655
|
# @overload delete_attestor(request, options = nil)
|
641
656
|
# Pass arguments to `delete_attestor` via a request object, either of type
|
@@ -653,8 +668,9 @@ module Google
|
|
653
668
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
654
669
|
#
|
655
670
|
# @param name [::String]
|
656
|
-
# Required. The name of the
|
657
|
-
#
|
671
|
+
# Required. The name of the
|
672
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
673
|
+
# in the format `projects/*/attestors/*`.
|
658
674
|
#
|
659
675
|
# @yield [response, operation] Access the result along with the RPC operation
|
660
676
|
# @yieldparam response [::Google::Protobuf::Empty]
|
@@ -793,7 +809,7 @@ module Google
|
|
793
809
|
config_attr :scope, nil, ::String, ::Array, nil
|
794
810
|
config_attr :lib_name, nil, ::String, nil
|
795
811
|
config_attr :lib_version, nil, ::String, nil
|
796
|
-
config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
|
812
|
+
config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
|
797
813
|
config_attr :interceptors, nil, ::Array, nil
|
798
814
|
config_attr :timeout, nil, ::Numeric, nil
|
799
815
|
config_attr :metadata, nil, ::Hash, nil
|
@@ -814,7 +830,7 @@ module Google
|
|
814
830
|
def rpcs
|
815
831
|
@rpcs ||= begin
|
816
832
|
parent_rpcs = nil
|
817
|
-
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config
|
833
|
+
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
|
818
834
|
Rpcs.new parent_rpcs
|
819
835
|
end
|
820
836
|
end
|
@@ -875,19 +891,19 @@ module Google
|
|
875
891
|
|
876
892
|
# @private
|
877
893
|
def initialize parent_rpcs = nil
|
878
|
-
get_policy_config = parent_rpcs
|
894
|
+
get_policy_config = parent_rpcs.get_policy if parent_rpcs.respond_to? :get_policy
|
879
895
|
@get_policy = ::Gapic::Config::Method.new get_policy_config
|
880
|
-
update_policy_config = parent_rpcs
|
896
|
+
update_policy_config = parent_rpcs.update_policy if parent_rpcs.respond_to? :update_policy
|
881
897
|
@update_policy = ::Gapic::Config::Method.new update_policy_config
|
882
|
-
create_attestor_config = parent_rpcs
|
898
|
+
create_attestor_config = parent_rpcs.create_attestor if parent_rpcs.respond_to? :create_attestor
|
883
899
|
@create_attestor = ::Gapic::Config::Method.new create_attestor_config
|
884
|
-
get_attestor_config = parent_rpcs
|
900
|
+
get_attestor_config = parent_rpcs.get_attestor if parent_rpcs.respond_to? :get_attestor
|
885
901
|
@get_attestor = ::Gapic::Config::Method.new get_attestor_config
|
886
|
-
update_attestor_config = parent_rpcs
|
902
|
+
update_attestor_config = parent_rpcs.update_attestor if parent_rpcs.respond_to? :update_attestor
|
887
903
|
@update_attestor = ::Gapic::Config::Method.new update_attestor_config
|
888
|
-
list_attestors_config = parent_rpcs
|
904
|
+
list_attestors_config = parent_rpcs.list_attestors if parent_rpcs.respond_to? :list_attestors
|
889
905
|
@list_attestors = ::Gapic::Config::Method.new list_attestors_config
|
890
|
-
delete_attestor_config = parent_rpcs
|
906
|
+
delete_attestor_config = parent_rpcs.delete_attestor if parent_rpcs.respond_to? :delete_attestor
|
891
907
|
@delete_attestor = ::Gapic::Config::Method.new delete_attestor_config
|
892
908
|
|
893
909
|
yield self if block_given?
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/protobuf/timestamp_pb'
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
|
+
add_file("google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto", :syntax => :proto3) do
|
9
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent" do
|
10
|
+
oneof :event_type do
|
11
|
+
optional :pod_event, :message, 1, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent"
|
12
|
+
optional :unsupported_policy_event, :message, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent" do
|
16
|
+
optional :pod, :string, 1
|
17
|
+
optional :deploy_time, :message, 2, "google.protobuf.Timestamp"
|
18
|
+
optional :end_time, :message, 3, "google.protobuf.Timestamp"
|
19
|
+
optional :verdict, :enum, 4, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict"
|
20
|
+
repeated :images, :message, 5, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails"
|
21
|
+
end
|
22
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails" do
|
23
|
+
optional :image, :string, 1
|
24
|
+
optional :result, :enum, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult"
|
25
|
+
optional :description, :string, 3
|
26
|
+
end
|
27
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult" do
|
28
|
+
value :AUDIT_RESULT_UNSPECIFIED, 0
|
29
|
+
value :ALLOW, 1
|
30
|
+
value :DENY, 2
|
31
|
+
end
|
32
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict" do
|
33
|
+
value :POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, 0
|
34
|
+
value :VIOLATES_POLICY, 1
|
35
|
+
end
|
36
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent" do
|
37
|
+
optional :description, :string, 1
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
module Google
|
43
|
+
module Cloud
|
44
|
+
module BinaryAuthorization
|
45
|
+
module V1beta1
|
46
|
+
ContinuousValidationEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent").msgclass
|
47
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent").msgclass
|
48
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails").msgclass
|
49
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult").enummodule
|
50
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict").enummodule
|
51
|
+
ContinuousValidationEvent::UnsupportedPolicyEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent").msgclass
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -3,10 +3,10 @@
|
|
3
3
|
|
4
4
|
require 'google/protobuf'
|
5
5
|
|
6
|
+
require 'google/api/annotations_pb'
|
6
7
|
require 'google/api/field_behavior_pb'
|
7
8
|
require 'google/api/resource_pb'
|
8
9
|
require 'google/protobuf/timestamp_pb'
|
9
|
-
require 'google/api/annotations_pb'
|
10
10
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
11
|
add_file("google/cloud/binaryauthorization/v1beta1/resources.proto", :syntax => :proto3) do
|
12
12
|
add_message "google.cloud.binaryauthorization.v1beta1.Policy" do
|
@@ -42,36 +42,50 @@ module Google
|
|
42
42
|
self.unmarshal_class_method = :decode
|
43
43
|
self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
|
44
44
|
|
45
|
-
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
46
|
-
#
|
45
|
+
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
46
|
+
# [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
|
47
|
+
# attest to a container image, before the project is allowed to deploy that
|
47
48
|
# image. There is at most one policy per project. All image admission
|
48
49
|
# requests are permitted if a project has no policy.
|
49
50
|
#
|
50
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
51
|
-
#
|
51
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
52
|
+
# project. Returns a default
|
53
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
|
54
|
+
# does not have one.
|
52
55
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
53
|
-
# Creates or updates a project's
|
54
|
-
#
|
55
|
-
#
|
56
|
-
#
|
57
|
-
#
|
56
|
+
# Creates or updates a project's
|
57
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
|
58
|
+
# copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
|
59
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
60
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
61
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
62
|
+
# malformed.
|
58
63
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
59
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
60
|
-
#
|
61
|
-
#
|
62
|
-
#
|
64
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
65
|
+
# and returns a copy of the new
|
66
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
|
67
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
68
|
+
# malformed, ALREADY_EXISTS if the
|
69
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
|
70
|
+
# exists.
|
63
71
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
64
72
|
# Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
65
|
-
# Returns NOT_FOUND if the
|
73
|
+
# Returns NOT_FOUND if the
|
74
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
75
|
+
# exist.
|
66
76
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
67
77
|
# Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
68
|
-
# Returns NOT_FOUND if the
|
78
|
+
# Returns NOT_FOUND if the
|
79
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
80
|
+
# exist.
|
69
81
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
70
82
|
# Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
|
71
83
|
# Returns INVALID_ARGUMENT if the project does not exist.
|
72
84
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
|
73
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
74
|
-
#
|
85
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
86
|
+
# Returns NOT_FOUND if the
|
87
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
88
|
+
# exist.
|
75
89
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
76
90
|
end
|
77
91
|
|