google-cloud-binary_authorization-v1beta1 0.18.0 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +83 -37
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb +91 -37
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb +110 -0
- data/lib/google/cloud/binary_authorization/v1beta1/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb +18 -0
- data/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest/client.rb +26 -0
- data/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest.rb +1 -0
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +31 -17
- data/proto_docs/google/api/client.rb +149 -29
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +51 -24
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- data/proto_docs/google/protobuf/field_mask.rb +229 -0
- data/proto_docs/google/type/expr.rb +75 -0
- metadata +23 -6
|
@@ -21,7 +21,8 @@ module Google
|
|
|
21
21
|
module Cloud
|
|
22
22
|
module BinaryAuthorization
|
|
23
23
|
module V1beta1
|
|
24
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary
|
|
24
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary
|
|
25
|
+
# Authorization.
|
|
25
26
|
# @!attribute [r] name
|
|
26
27
|
# @return [::String]
|
|
27
28
|
# Output only. The resource name, in the format `projects/*/policy`. There is
|
|
@@ -51,7 +52,8 @@ module Google
|
|
|
51
52
|
# https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
|
|
52
53
|
# @!attribute [rw] kubernetes_namespace_admission_rules
|
|
53
54
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
|
|
54
|
-
# Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
|
|
55
|
+
# Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
|
|
56
|
+
# format:
|
|
55
57
|
# `[a-z.-]+`, e.g. `some-namespace`
|
|
56
58
|
# @!attribute [rw] kubernetes_service_account_admission_rules
|
|
57
59
|
# @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
|
|
@@ -71,6 +73,11 @@ module Google
|
|
|
71
73
|
# @!attribute [r] update_time
|
|
72
74
|
# @return [::Google::Protobuf::Timestamp]
|
|
73
75
|
# Output only. Time when the policy was last updated.
|
|
76
|
+
# @!attribute [rw] etag
|
|
77
|
+
# @return [::String]
|
|
78
|
+
# Optional. A checksum, returned by the server, that can be sent on update
|
|
79
|
+
# requests to ensure the policy has an up-to-date value before attempting to
|
|
80
|
+
# update it. See https://google.aip.dev/154.
|
|
74
81
|
class Policy
|
|
75
82
|
include ::Google::Protobuf::MessageExts
|
|
76
83
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -123,8 +130,10 @@ module Google
|
|
|
123
130
|
end
|
|
124
131
|
end
|
|
125
132
|
|
|
126
|
-
# An
|
|
127
|
-
#
|
|
133
|
+
# An [admission allowlist
|
|
134
|
+
# pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
|
|
135
|
+
# exempts images from checks by [admission
|
|
136
|
+
# rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
|
|
128
137
|
# @!attribute [rw] name_pattern
|
|
129
138
|
# @return [::String]
|
|
130
139
|
# An image name pattern to allowlist, in the form `registry/path/to/image`.
|
|
@@ -139,26 +148,20 @@ module Google
|
|
|
139
148
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
140
149
|
end
|
|
141
150
|
|
|
142
|
-
# An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule}
|
|
143
|
-
# used in a pod creation request
|
|
144
|
-
#
|
|
145
|
-
#
|
|
151
|
+
# An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule}
|
|
152
|
+
# specifies either that all container images used in a pod creation request
|
|
153
|
+
# must be attested to by one or more
|
|
154
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod
|
|
155
|
+
# creations will be allowed, or that all pod creations will be denied.
|
|
146
156
|
#
|
|
147
|
-
# Images matching an
|
|
157
|
+
# Images matching an [admission allowlist
|
|
158
|
+
# pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
|
|
148
159
|
# are exempted from admission rules and will never block a pod creation.
|
|
149
160
|
# @!attribute [rw] evaluation_mode
|
|
150
161
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EvaluationMode]
|
|
151
162
|
# Required. How this admission rule will be evaluated.
|
|
152
163
|
# @!attribute [rw] require_attestations_by
|
|
153
164
|
# @return [::Array<::String>]
|
|
154
|
-
# Optional. The resource names of the attestors that must attest to
|
|
155
|
-
# a container image, in the format `projects/*/attestors/*`. Each
|
|
156
|
-
# attestor must exist before a policy can reference it. To add an attestor
|
|
157
|
-
# to a policy the principal issuing the policy change request must be able
|
|
158
|
-
# to read the attestor resource.
|
|
159
|
-
#
|
|
160
|
-
# Note: this field must be non-empty when the evaluation_mode field specifies
|
|
161
|
-
# REQUIRE_ATTESTATION, otherwise it must be empty.
|
|
162
165
|
# @!attribute [rw] enforcement_mode
|
|
163
166
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EnforcementMode]
|
|
164
167
|
# Required. The action when a pod creation is denied by the admission rule.
|
|
@@ -182,6 +185,8 @@ module Google
|
|
|
182
185
|
ALWAYS_DENY = 3
|
|
183
186
|
end
|
|
184
187
|
|
|
188
|
+
# TODO(wietse) re-word this text to 'per-image' instead of 'per-pod' and to
|
|
189
|
+
# allow for three-way evaluation (allow, deny, delegate).
|
|
185
190
|
# Defines the possible actions when a pod creation is denied by an admission
|
|
186
191
|
# rule.
|
|
187
192
|
module EnforcementMode
|
|
@@ -197,9 +202,9 @@ module Google
|
|
|
197
202
|
end
|
|
198
203
|
end
|
|
199
204
|
|
|
200
|
-
# An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests
|
|
201
|
-
# artifacts. An existing attestor cannot be modified except
|
|
202
|
-
# indicated.
|
|
205
|
+
# An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests
|
|
206
|
+
# to container image artifacts. An existing attestor cannot be modified except
|
|
207
|
+
# where indicated.
|
|
203
208
|
# @!attribute [rw] name
|
|
204
209
|
# @return [::String]
|
|
205
210
|
# Required. The resource name, in the format:
|
|
@@ -214,13 +219,19 @@ module Google
|
|
|
214
219
|
# @!attribute [r] update_time
|
|
215
220
|
# @return [::Google::Protobuf::Timestamp]
|
|
216
221
|
# Output only. Time when the attestor was last updated.
|
|
222
|
+
# @!attribute [rw] etag
|
|
223
|
+
# @return [::String]
|
|
224
|
+
# Optional. A checksum, returned by the server, that can be sent on update
|
|
225
|
+
# requests to ensure the attestor has an up-to-date value before attempting
|
|
226
|
+
# to update it. See https://google.aip.dev/154.
|
|
217
227
|
class Attestor
|
|
218
228
|
include ::Google::Protobuf::MessageExts
|
|
219
229
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
220
230
|
end
|
|
221
231
|
|
|
222
|
-
# An
|
|
223
|
-
#
|
|
232
|
+
# An [user owned drydock
|
|
233
|
+
# note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote]
|
|
234
|
+
# references a Drydock ATTESTATION_AUTHORITY Note created by the user.
|
|
224
235
|
# @!attribute [rw] note_reference
|
|
225
236
|
# @return [::String]
|
|
226
237
|
# Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
|
|
@@ -289,15 +300,27 @@ module Google
|
|
|
289
300
|
# RSASSA-PSS 2048 bit key with a SHA256 digest.
|
|
290
301
|
RSA_PSS_2048_SHA256 = 1
|
|
291
302
|
|
|
303
|
+
# RSASSA-PSS 2048 bit key with a SHA256 digest.
|
|
304
|
+
RSA_SIGN_PSS_2048_SHA256 = 1
|
|
305
|
+
|
|
292
306
|
# RSASSA-PSS 3072 bit key with a SHA256 digest.
|
|
293
307
|
RSA_PSS_3072_SHA256 = 2
|
|
294
308
|
|
|
309
|
+
# RSASSA-PSS 3072 bit key with a SHA256 digest.
|
|
310
|
+
RSA_SIGN_PSS_3072_SHA256 = 2
|
|
311
|
+
|
|
295
312
|
# RSASSA-PSS 4096 bit key with a SHA256 digest.
|
|
296
313
|
RSA_PSS_4096_SHA256 = 3
|
|
297
314
|
|
|
315
|
+
# RSASSA-PSS 4096 bit key with a SHA256 digest.
|
|
316
|
+
RSA_SIGN_PSS_4096_SHA256 = 3
|
|
317
|
+
|
|
298
318
|
# RSASSA-PSS 4096 bit key with a SHA512 digest.
|
|
299
319
|
RSA_PSS_4096_SHA512 = 4
|
|
300
320
|
|
|
321
|
+
# RSASSA-PSS 4096 bit key with a SHA512 digest.
|
|
322
|
+
RSA_SIGN_PSS_4096_SHA512 = 4
|
|
323
|
+
|
|
301
324
|
# RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
|
|
302
325
|
RSA_SIGN_PKCS1_2048_SHA256 = 5
|
|
303
326
|
|
|
@@ -327,11 +350,15 @@ module Google
|
|
|
327
350
|
|
|
328
351
|
# ECDSA on the NIST P-521 curve with a SHA512 digest.
|
|
329
352
|
EC_SIGN_P521_SHA512 = 11
|
|
353
|
+
|
|
354
|
+
# ML-DSA-65 Post-Quantum Cryptography signature algorithm.
|
|
355
|
+
ML_DSA_65 = 13
|
|
330
356
|
end
|
|
331
357
|
end
|
|
332
358
|
|
|
333
|
-
# An
|
|
334
|
-
#
|
|
359
|
+
# An [attestor public
|
|
360
|
+
# key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be
|
|
361
|
+
# used to verify attestations signed by this attestor.
|
|
335
362
|
# @!attribute [rw] comment
|
|
336
363
|
# @return [::String]
|
|
337
364
|
# Optional. A descriptive comment. This field may be updated.
|
|
@@ -24,8 +24,9 @@ module Google
|
|
|
24
24
|
# Request message for [BinauthzManagementService.GetPolicy][].
|
|
25
25
|
# @!attribute [rw] name
|
|
26
26
|
# @return [::String]
|
|
27
|
-
# Required. The resource name of the
|
|
28
|
-
#
|
|
27
|
+
# Required. The resource name of the
|
|
28
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
29
|
+
# the format `projects/*/policy`.
|
|
29
30
|
class GetPolicyRequest
|
|
30
31
|
include ::Google::Protobuf::MessageExts
|
|
31
32
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -34,9 +35,11 @@ module Google
|
|
|
34
35
|
# Request message for [BinauthzManagementService.UpdatePolicy][].
|
|
35
36
|
# @!attribute [rw] policy
|
|
36
37
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
37
|
-
# Required. A new or updated
|
|
38
|
-
#
|
|
39
|
-
#
|
|
38
|
+
# Required. A new or updated
|
|
39
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
40
|
+
# service will overwrite the [policy
|
|
41
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
42
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
40
43
|
class UpdatePolicyRequest
|
|
41
44
|
include ::Google::Protobuf::MessageExts
|
|
42
45
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -45,15 +48,19 @@ module Google
|
|
|
45
48
|
# Request message for [BinauthzManagementService.CreateAttestor][].
|
|
46
49
|
# @!attribute [rw] parent
|
|
47
50
|
# @return [::String]
|
|
48
|
-
# Required. The parent of this
|
|
51
|
+
# Required. The parent of this
|
|
52
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
49
53
|
# @!attribute [rw] attestor_id
|
|
50
54
|
# @return [::String]
|
|
51
|
-
# Required. The
|
|
55
|
+
# Required. The
|
|
56
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
52
57
|
# @!attribute [rw] attestor
|
|
53
58
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
54
|
-
# Required. The initial
|
|
55
|
-
#
|
|
56
|
-
#
|
|
59
|
+
# Required. The initial
|
|
60
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
61
|
+
# service will overwrite the [attestor
|
|
62
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
63
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
57
64
|
class CreateAttestorRequest
|
|
58
65
|
include ::Google::Protobuf::MessageExts
|
|
59
66
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -62,8 +69,9 @@ module Google
|
|
|
62
69
|
# Request message for [BinauthzManagementService.GetAttestor][].
|
|
63
70
|
# @!attribute [rw] name
|
|
64
71
|
# @return [::String]
|
|
65
|
-
# Required. The name of the
|
|
66
|
-
#
|
|
72
|
+
# Required. The name of the
|
|
73
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
74
|
+
# in the format `projects/*/attestors/*`.
|
|
67
75
|
class GetAttestorRequest
|
|
68
76
|
include ::Google::Protobuf::MessageExts
|
|
69
77
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -72,9 +80,12 @@ module Google
|
|
|
72
80
|
# Request message for [BinauthzManagementService.UpdateAttestor][].
|
|
73
81
|
# @!attribute [rw] attestor
|
|
74
82
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
75
|
-
# Required. The updated
|
|
76
|
-
#
|
|
77
|
-
#
|
|
83
|
+
# Required. The updated
|
|
84
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
85
|
+
# service will overwrite the [attestor
|
|
86
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
87
|
+
# the resource name in the request URL, in the format
|
|
88
|
+
# `projects/*/attestors/*`.
|
|
78
89
|
class UpdateAttestorRequest
|
|
79
90
|
include ::Google::Protobuf::MessageExts
|
|
80
91
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -84,7 +95,8 @@ module Google
|
|
|
84
95
|
# @!attribute [rw] parent
|
|
85
96
|
# @return [::String]
|
|
86
97
|
# Required. The resource name of the project associated with the
|
|
87
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
98
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
99
|
+
# format `projects/*`.
|
|
88
100
|
# @!attribute [rw] page_size
|
|
89
101
|
# @return [::Integer]
|
|
90
102
|
# Requested page size. The server may return fewer results than requested. If
|
|
@@ -92,8 +104,9 @@ module Google
|
|
|
92
104
|
# @!attribute [rw] page_token
|
|
93
105
|
# @return [::String]
|
|
94
106
|
# A token identifying a page of results the server should return. Typically,
|
|
95
|
-
# this is the value of
|
|
96
|
-
#
|
|
107
|
+
# this is the value of
|
|
108
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
109
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
97
110
|
class ListAttestorsRequest
|
|
98
111
|
include ::Google::Protobuf::MessageExts
|
|
99
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -106,8 +119,9 @@ module Google
|
|
|
106
119
|
# @!attribute [rw] next_page_token
|
|
107
120
|
# @return [::String]
|
|
108
121
|
# A token to retrieve the next page of results. Pass this value in the
|
|
109
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
110
|
-
# `ListAttestors` method to retrieve the
|
|
122
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
123
|
+
# field in the subsequent call to the `ListAttestors` method to retrieve the
|
|
124
|
+
# next page of results.
|
|
111
125
|
class ListAttestorsResponse
|
|
112
126
|
include ::Google::Protobuf::MessageExts
|
|
113
127
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -116,8 +130,9 @@ module Google
|
|
|
116
130
|
# Request message for [BinauthzManagementService.DeleteAttestor][].
|
|
117
131
|
# @!attribute [rw] name
|
|
118
132
|
# @return [::String]
|
|
119
|
-
# Required. The name of the
|
|
120
|
-
#
|
|
133
|
+
# Required. The name of the
|
|
134
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
135
|
+
# in the format `projects/*/attestors/*`.
|
|
121
136
|
class DeleteAttestorRequest
|
|
122
137
|
include ::Google::Protobuf::MessageExts
|
|
123
138
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -0,0 +1,229 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# Copyright 2026 Google LLC
|
|
4
|
+
#
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
#
|
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
#
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
module Google
|
|
21
|
+
module Protobuf
|
|
22
|
+
# `FieldMask` represents a set of symbolic field paths, for example:
|
|
23
|
+
#
|
|
24
|
+
# paths: "f.a"
|
|
25
|
+
# paths: "f.b.d"
|
|
26
|
+
#
|
|
27
|
+
# Here `f` represents a field in some root message, `a` and `b`
|
|
28
|
+
# fields in the message found in `f`, and `d` a field found in the
|
|
29
|
+
# message in `f.b`.
|
|
30
|
+
#
|
|
31
|
+
# Field masks are used to specify a subset of fields that should be
|
|
32
|
+
# returned by a get operation or modified by an update operation.
|
|
33
|
+
# Field masks also have a custom JSON encoding (see below).
|
|
34
|
+
#
|
|
35
|
+
# # Field Masks in Projections
|
|
36
|
+
#
|
|
37
|
+
# When used in the context of a projection, a response message or
|
|
38
|
+
# sub-message is filtered by the API to only contain those fields as
|
|
39
|
+
# specified in the mask. For example, if the mask in the previous
|
|
40
|
+
# example is applied to a response message as follows:
|
|
41
|
+
#
|
|
42
|
+
# f {
|
|
43
|
+
# a : 22
|
|
44
|
+
# b {
|
|
45
|
+
# d : 1
|
|
46
|
+
# x : 2
|
|
47
|
+
# }
|
|
48
|
+
# y : 13
|
|
49
|
+
# }
|
|
50
|
+
# z: 8
|
|
51
|
+
#
|
|
52
|
+
# The result will not contain specific values for fields x,y and z
|
|
53
|
+
# (their value will be set to the default, and omitted in proto text
|
|
54
|
+
# output):
|
|
55
|
+
#
|
|
56
|
+
#
|
|
57
|
+
# f {
|
|
58
|
+
# a : 22
|
|
59
|
+
# b {
|
|
60
|
+
# d : 1
|
|
61
|
+
# }
|
|
62
|
+
# }
|
|
63
|
+
#
|
|
64
|
+
# A repeated field is not allowed except at the last position of a
|
|
65
|
+
# paths string.
|
|
66
|
+
#
|
|
67
|
+
# If a FieldMask object is not present in a get operation, the
|
|
68
|
+
# operation applies to all fields (as if a FieldMask of all fields
|
|
69
|
+
# had been specified).
|
|
70
|
+
#
|
|
71
|
+
# Note that a field mask does not necessarily apply to the
|
|
72
|
+
# top-level response message. In case of a REST get operation, the
|
|
73
|
+
# field mask applies directly to the response, but in case of a REST
|
|
74
|
+
# list operation, the mask instead applies to each individual message
|
|
75
|
+
# in the returned resource list. In case of a REST custom method,
|
|
76
|
+
# other definitions may be used. Where the mask applies will be
|
|
77
|
+
# clearly documented together with its declaration in the API. In
|
|
78
|
+
# any case, the effect on the returned resource/resources is required
|
|
79
|
+
# behavior for APIs.
|
|
80
|
+
#
|
|
81
|
+
# # Field Masks in Update Operations
|
|
82
|
+
#
|
|
83
|
+
# A field mask in update operations specifies which fields of the
|
|
84
|
+
# targeted resource are going to be updated. The API is required
|
|
85
|
+
# to only change the values of the fields as specified in the mask
|
|
86
|
+
# and leave the others untouched. If a resource is passed in to
|
|
87
|
+
# describe the updated values, the API ignores the values of all
|
|
88
|
+
# fields not covered by the mask.
|
|
89
|
+
#
|
|
90
|
+
# If a repeated field is specified for an update operation, new values will
|
|
91
|
+
# be appended to the existing repeated field in the target resource. Note that
|
|
92
|
+
# a repeated field is only allowed in the last position of a `paths` string.
|
|
93
|
+
#
|
|
94
|
+
# If a sub-message is specified in the last position of the field mask for an
|
|
95
|
+
# update operation, then new value will be merged into the existing sub-message
|
|
96
|
+
# in the target resource.
|
|
97
|
+
#
|
|
98
|
+
# For example, given the target message:
|
|
99
|
+
#
|
|
100
|
+
# f {
|
|
101
|
+
# b {
|
|
102
|
+
# d: 1
|
|
103
|
+
# x: 2
|
|
104
|
+
# }
|
|
105
|
+
# c: [1]
|
|
106
|
+
# }
|
|
107
|
+
#
|
|
108
|
+
# And an update message:
|
|
109
|
+
#
|
|
110
|
+
# f {
|
|
111
|
+
# b {
|
|
112
|
+
# d: 10
|
|
113
|
+
# }
|
|
114
|
+
# c: [2]
|
|
115
|
+
# }
|
|
116
|
+
#
|
|
117
|
+
# then if the field mask is:
|
|
118
|
+
#
|
|
119
|
+
# paths: ["f.b", "f.c"]
|
|
120
|
+
#
|
|
121
|
+
# then the result will be:
|
|
122
|
+
#
|
|
123
|
+
# f {
|
|
124
|
+
# b {
|
|
125
|
+
# d: 10
|
|
126
|
+
# x: 2
|
|
127
|
+
# }
|
|
128
|
+
# c: [1, 2]
|
|
129
|
+
# }
|
|
130
|
+
#
|
|
131
|
+
# An implementation may provide options to override this default behavior for
|
|
132
|
+
# repeated and message fields.
|
|
133
|
+
#
|
|
134
|
+
# In order to reset a field's value to the default, the field must
|
|
135
|
+
# be in the mask and set to the default value in the provided resource.
|
|
136
|
+
# Hence, in order to reset all fields of a resource, provide a default
|
|
137
|
+
# instance of the resource and set all fields in the mask, or do
|
|
138
|
+
# not provide a mask as described below.
|
|
139
|
+
#
|
|
140
|
+
# If a field mask is not present on update, the operation applies to
|
|
141
|
+
# all fields (as if a field mask of all fields has been specified).
|
|
142
|
+
# Note that in the presence of schema evolution, this may mean that
|
|
143
|
+
# fields the client does not know and has therefore not filled into
|
|
144
|
+
# the request will be reset to their default. If this is unwanted
|
|
145
|
+
# behavior, a specific service may require a client to always specify
|
|
146
|
+
# a field mask, producing an error if not.
|
|
147
|
+
#
|
|
148
|
+
# As with get operations, the location of the resource which
|
|
149
|
+
# describes the updated values in the request message depends on the
|
|
150
|
+
# operation kind. In any case, the effect of the field mask is
|
|
151
|
+
# required to be honored by the API.
|
|
152
|
+
#
|
|
153
|
+
# ## Considerations for HTTP REST
|
|
154
|
+
#
|
|
155
|
+
# The HTTP kind of an update operation which uses a field mask must
|
|
156
|
+
# be set to PATCH instead of PUT in order to satisfy HTTP semantics
|
|
157
|
+
# (PUT must only be used for full updates).
|
|
158
|
+
#
|
|
159
|
+
# # JSON Encoding of Field Masks
|
|
160
|
+
#
|
|
161
|
+
# In JSON, a field mask is encoded as a single string where paths are
|
|
162
|
+
# separated by a comma. Fields name in each path are converted
|
|
163
|
+
# to/from lower-camel naming conventions.
|
|
164
|
+
#
|
|
165
|
+
# As an example, consider the following message declarations:
|
|
166
|
+
#
|
|
167
|
+
# message Profile {
|
|
168
|
+
# User user = 1;
|
|
169
|
+
# Photo photo = 2;
|
|
170
|
+
# }
|
|
171
|
+
# message User {
|
|
172
|
+
# string display_name = 1;
|
|
173
|
+
# string address = 2;
|
|
174
|
+
# }
|
|
175
|
+
#
|
|
176
|
+
# In proto a field mask for `Profile` may look as such:
|
|
177
|
+
#
|
|
178
|
+
# mask {
|
|
179
|
+
# paths: "user.display_name"
|
|
180
|
+
# paths: "photo"
|
|
181
|
+
# }
|
|
182
|
+
#
|
|
183
|
+
# In JSON, the same mask is represented as below:
|
|
184
|
+
#
|
|
185
|
+
# {
|
|
186
|
+
# mask: "user.displayName,photo"
|
|
187
|
+
# }
|
|
188
|
+
#
|
|
189
|
+
# # Field Masks and Oneof Fields
|
|
190
|
+
#
|
|
191
|
+
# Field masks treat fields in oneofs just as regular fields. Consider the
|
|
192
|
+
# following message:
|
|
193
|
+
#
|
|
194
|
+
# message SampleMessage {
|
|
195
|
+
# oneof test_oneof {
|
|
196
|
+
# string name = 4;
|
|
197
|
+
# SubMessage sub_message = 9;
|
|
198
|
+
# }
|
|
199
|
+
# }
|
|
200
|
+
#
|
|
201
|
+
# The field mask can be:
|
|
202
|
+
#
|
|
203
|
+
# mask {
|
|
204
|
+
# paths: "name"
|
|
205
|
+
# }
|
|
206
|
+
#
|
|
207
|
+
# Or:
|
|
208
|
+
#
|
|
209
|
+
# mask {
|
|
210
|
+
# paths: "sub_message"
|
|
211
|
+
# }
|
|
212
|
+
#
|
|
213
|
+
# Note that oneof type names ("test_oneof" in this case) cannot be used in
|
|
214
|
+
# paths.
|
|
215
|
+
#
|
|
216
|
+
# ## Field Mask Verification
|
|
217
|
+
#
|
|
218
|
+
# The implementation of any API method which has a FieldMask type field in the
|
|
219
|
+
# request should verify the included field paths, and return an
|
|
220
|
+
# `INVALID_ARGUMENT` error if any path is unmappable.
|
|
221
|
+
# @!attribute [rw] paths
|
|
222
|
+
# @return [::Array<::String>]
|
|
223
|
+
# The set of field mask paths.
|
|
224
|
+
class FieldMask
|
|
225
|
+
include ::Google::Protobuf::MessageExts
|
|
226
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
227
|
+
end
|
|
228
|
+
end
|
|
229
|
+
end
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# Copyright 2026 Google LLC
|
|
4
|
+
#
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
#
|
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
#
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
module Google
|
|
21
|
+
module Type
|
|
22
|
+
# Represents a textual expression in the Common Expression Language (CEL)
|
|
23
|
+
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
|
|
24
|
+
# are documented at https://github.com/google/cel-spec.
|
|
25
|
+
#
|
|
26
|
+
# Example (Comparison):
|
|
27
|
+
#
|
|
28
|
+
# title: "Summary size limit"
|
|
29
|
+
# description: "Determines if a summary is less than 100 chars"
|
|
30
|
+
# expression: "document.summary.size() < 100"
|
|
31
|
+
#
|
|
32
|
+
# Example (Equality):
|
|
33
|
+
#
|
|
34
|
+
# title: "Requestor is owner"
|
|
35
|
+
# description: "Determines if requestor is the document owner"
|
|
36
|
+
# expression: "document.owner == request.auth.claims.email"
|
|
37
|
+
#
|
|
38
|
+
# Example (Logic):
|
|
39
|
+
#
|
|
40
|
+
# title: "Public documents"
|
|
41
|
+
# description: "Determine whether the document should be publicly visible"
|
|
42
|
+
# expression: "document.type != 'private' && document.type != 'internal'"
|
|
43
|
+
#
|
|
44
|
+
# Example (Data Manipulation):
|
|
45
|
+
#
|
|
46
|
+
# title: "Notification string"
|
|
47
|
+
# description: "Create a notification string with a timestamp."
|
|
48
|
+
# expression: "'New message received at ' + string(document.create_time)"
|
|
49
|
+
#
|
|
50
|
+
# The exact variables and functions that may be referenced within an expression
|
|
51
|
+
# are determined by the service that evaluates it. See the service
|
|
52
|
+
# documentation for additional information.
|
|
53
|
+
# @!attribute [rw] expression
|
|
54
|
+
# @return [::String]
|
|
55
|
+
# Textual representation of an expression in Common Expression Language
|
|
56
|
+
# syntax.
|
|
57
|
+
# @!attribute [rw] title
|
|
58
|
+
# @return [::String]
|
|
59
|
+
# Optional. Title for the expression, i.e. a short string describing
|
|
60
|
+
# its purpose. This can be used e.g. in UIs which allow to enter the
|
|
61
|
+
# expression.
|
|
62
|
+
# @!attribute [rw] description
|
|
63
|
+
# @return [::String]
|
|
64
|
+
# Optional. Description of the expression. This is a longer text which
|
|
65
|
+
# describes the expression, e.g. when hovered over it in a UI.
|
|
66
|
+
# @!attribute [rw] location
|
|
67
|
+
# @return [::String]
|
|
68
|
+
# Optional. String indicating the location of the expression for error
|
|
69
|
+
# reporting, e.g. a file name and a position in the file.
|
|
70
|
+
class Expr
|
|
71
|
+
include ::Google::Protobuf::MessageExts
|
|
72
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-binary_authorization-v1beta1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.20.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - "~>"
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: '1.
|
|
18
|
+
version: '1.3'
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - "~>"
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: '1.
|
|
25
|
+
version: '1.3'
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: google-cloud-errors
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -37,6 +37,20 @@ dependencies:
|
|
|
37
37
|
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
39
|
version: '1.0'
|
|
40
|
+
- !ruby/object:Gem::Dependency
|
|
41
|
+
name: google-iam-v1
|
|
42
|
+
requirement: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - "~>"
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '1.3'
|
|
47
|
+
type: :runtime
|
|
48
|
+
prerelease: false
|
|
49
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - "~>"
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '1.3'
|
|
40
54
|
description: Binary Authorization is a service on Google Cloud that provides centralized
|
|
41
55
|
software supply-chain security for applications that run on Google Kubernetes Engine
|
|
42
56
|
(GKE) and GKE on-prem. Note that google-cloud-binary_authorization-v1beta1 is a
|
|
@@ -61,6 +75,7 @@ files:
|
|
|
61
75
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb
|
|
62
76
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb
|
|
63
77
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/service_stub.rb
|
|
78
|
+
- lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb
|
|
64
79
|
- lib/google/cloud/binary_authorization/v1beta1/rest.rb
|
|
65
80
|
- lib/google/cloud/binary_authorization/v1beta1/system_policy.rb
|
|
66
81
|
- lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb
|
|
@@ -84,7 +99,9 @@ files:
|
|
|
84
99
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb
|
|
85
100
|
- proto_docs/google/protobuf/duration.rb
|
|
86
101
|
- proto_docs/google/protobuf/empty.rb
|
|
102
|
+
- proto_docs/google/protobuf/field_mask.rb
|
|
87
103
|
- proto_docs/google/protobuf/timestamp.rb
|
|
104
|
+
- proto_docs/google/type/expr.rb
|
|
88
105
|
homepage: https://github.com/googleapis/google-cloud-ruby
|
|
89
106
|
licenses:
|
|
90
107
|
- Apache-2.0
|
|
@@ -105,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
122
|
requirements: []
|
|
106
123
|
rubygems_version: 3.6.9
|
|
107
124
|
specification_version: 4
|
|
108
|
-
summary: The management interface for Binary Authorization, a
|
|
109
|
-
control for images deployed to Kubernetes
|
|
110
|
-
and Cloud Run.
|
|
125
|
+
summary: The management interface for Binary Authorization, a service that provides
|
|
126
|
+
policy-based deployment validation and control for images deployed to Google Kubernetes
|
|
127
|
+
Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run.
|
|
111
128
|
test_files: []
|