google-cloud-binary_authorization-v1beta1 0.18.0 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -21,7 +21,8 @@ module Google
21
21
  module Cloud
22
22
  module BinaryAuthorization
23
23
  module V1beta1
24
- # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary Authorization.
24
+ # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary
25
+ # Authorization.
25
26
  # @!attribute [r] name
26
27
  # @return [::String]
27
28
  # Output only. The resource name, in the format `projects/*/policy`. There is
@@ -51,7 +52,8 @@ module Google
51
52
  # https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
52
53
  # @!attribute [rw] kubernetes_namespace_admission_rules
53
54
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
54
- # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
55
+ # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
56
+ # format:
55
57
  # `[a-z.-]+`, e.g. `some-namespace`
56
58
  # @!attribute [rw] kubernetes_service_account_admission_rules
57
59
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
@@ -71,6 +73,11 @@ module Google
71
73
  # @!attribute [r] update_time
72
74
  # @return [::Google::Protobuf::Timestamp]
73
75
  # Output only. Time when the policy was last updated.
76
+ # @!attribute [rw] etag
77
+ # @return [::String]
78
+ # Optional. A checksum, returned by the server, that can be sent on update
79
+ # requests to ensure the policy has an up-to-date value before attempting to
80
+ # update it. See https://google.aip.dev/154.
74
81
  class Policy
75
82
  include ::Google::Protobuf::MessageExts
76
83
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -123,8 +130,10 @@ module Google
123
130
  end
124
131
  end
125
132
 
126
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern} exempts images
127
- # from checks by {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rules}.
133
+ # An [admission allowlist
134
+ # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
135
+ # exempts images from checks by [admission
136
+ # rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
128
137
  # @!attribute [rw] name_pattern
129
138
  # @return [::String]
130
139
  # An image name pattern to allowlist, in the form `registry/path/to/image`.
@@ -139,26 +148,20 @@ module Google
139
148
  extend ::Google::Protobuf::MessageExts::ClassMethods
140
149
  end
141
150
 
142
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule} specifies either that all container images
143
- # used in a pod creation request must be attested to by one or more
144
- # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod creations will be allowed, or that all
145
- # pod creations will be denied.
151
+ # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule}
152
+ # specifies either that all container images used in a pod creation request
153
+ # must be attested to by one or more
154
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod
155
+ # creations will be allowed, or that all pod creations will be denied.
146
156
  #
147
- # Images matching an {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern}
157
+ # Images matching an [admission allowlist
158
+ # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
148
159
  # are exempted from admission rules and will never block a pod creation.
149
160
  # @!attribute [rw] evaluation_mode
150
161
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EvaluationMode]
151
162
  # Required. How this admission rule will be evaluated.
152
163
  # @!attribute [rw] require_attestations_by
153
164
  # @return [::Array<::String>]
154
- # Optional. The resource names of the attestors that must attest to
155
- # a container image, in the format `projects/*/attestors/*`. Each
156
- # attestor must exist before a policy can reference it. To add an attestor
157
- # to a policy the principal issuing the policy change request must be able
158
- # to read the attestor resource.
159
- #
160
- # Note: this field must be non-empty when the evaluation_mode field specifies
161
- # REQUIRE_ATTESTATION, otherwise it must be empty.
162
165
  # @!attribute [rw] enforcement_mode
163
166
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EnforcementMode]
164
167
  # Required. The action when a pod creation is denied by the admission rule.
@@ -182,6 +185,8 @@ module Google
182
185
  ALWAYS_DENY = 3
183
186
  end
184
187
 
188
+ # TODO(wietse) re-word this text to 'per-image' instead of 'per-pod' and to
189
+ # allow for three-way evaluation (allow, deny, delegate).
185
190
  # Defines the possible actions when a pod creation is denied by an admission
186
191
  # rule.
187
192
  module EnforcementMode
@@ -197,9 +202,9 @@ module Google
197
202
  end
198
203
  end
199
204
 
200
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests to container image
201
- # artifacts. An existing attestor cannot be modified except where
202
- # indicated.
205
+ # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests
206
+ # to container image artifacts. An existing attestor cannot be modified except
207
+ # where indicated.
203
208
  # @!attribute [rw] name
204
209
  # @return [::String]
205
210
  # Required. The resource name, in the format:
@@ -214,13 +219,19 @@ module Google
214
219
  # @!attribute [r] update_time
215
220
  # @return [::Google::Protobuf::Timestamp]
216
221
  # Output only. Time when the attestor was last updated.
222
+ # @!attribute [rw] etag
223
+ # @return [::String]
224
+ # Optional. A checksum, returned by the server, that can be sent on update
225
+ # requests to ensure the attestor has an up-to-date value before attempting
226
+ # to update it. See https://google.aip.dev/154.
217
227
  class Attestor
218
228
  include ::Google::Protobuf::MessageExts
219
229
  extend ::Google::Protobuf::MessageExts::ClassMethods
220
230
  end
221
231
 
222
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::UserOwnedDrydockNote user owned drydock note} references a Drydock
223
- # ATTESTATION_AUTHORITY Note created by the user.
232
+ # An [user owned drydock
233
+ # note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote]
234
+ # references a Drydock ATTESTATION_AUTHORITY Note created by the user.
224
235
  # @!attribute [rw] note_reference
225
236
  # @return [::String]
226
237
  # Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
@@ -289,15 +300,27 @@ module Google
289
300
  # RSASSA-PSS 2048 bit key with a SHA256 digest.
290
301
  RSA_PSS_2048_SHA256 = 1
291
302
 
303
+ # RSASSA-PSS 2048 bit key with a SHA256 digest.
304
+ RSA_SIGN_PSS_2048_SHA256 = 1
305
+
292
306
  # RSASSA-PSS 3072 bit key with a SHA256 digest.
293
307
  RSA_PSS_3072_SHA256 = 2
294
308
 
309
+ # RSASSA-PSS 3072 bit key with a SHA256 digest.
310
+ RSA_SIGN_PSS_3072_SHA256 = 2
311
+
295
312
  # RSASSA-PSS 4096 bit key with a SHA256 digest.
296
313
  RSA_PSS_4096_SHA256 = 3
297
314
 
315
+ # RSASSA-PSS 4096 bit key with a SHA256 digest.
316
+ RSA_SIGN_PSS_4096_SHA256 = 3
317
+
298
318
  # RSASSA-PSS 4096 bit key with a SHA512 digest.
299
319
  RSA_PSS_4096_SHA512 = 4
300
320
 
321
+ # RSASSA-PSS 4096 bit key with a SHA512 digest.
322
+ RSA_SIGN_PSS_4096_SHA512 = 4
323
+
301
324
  # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
302
325
  RSA_SIGN_PKCS1_2048_SHA256 = 5
303
326
 
@@ -327,11 +350,15 @@ module Google
327
350
 
328
351
  # ECDSA on the NIST P-521 curve with a SHA512 digest.
329
352
  EC_SIGN_P521_SHA512 = 11
353
+
354
+ # ML-DSA-65 Post-Quantum Cryptography signature algorithm.
355
+ ML_DSA_65 = 13
330
356
  end
331
357
  end
332
358
 
333
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::AttestorPublicKey attestor public key} that will be used to verify
334
- # attestations signed by this attestor.
359
+ # An [attestor public
360
+ # key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be
361
+ # used to verify attestations signed by this attestor.
335
362
  # @!attribute [rw] comment
336
363
  # @return [::String]
337
364
  # Optional. A descriptive comment. This field may be updated.
@@ -24,8 +24,9 @@ module Google
24
24
  # Request message for [BinauthzManagementService.GetPolicy][].
25
25
  # @!attribute [rw] name
26
26
  # @return [::String]
27
- # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve,
28
- # in the format `projects/*/policy`.
27
+ # Required. The resource name of the
28
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
29
+ # the format `projects/*/policy`.
29
30
  class GetPolicyRequest
30
31
  include ::Google::Protobuf::MessageExts
31
32
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -34,9 +35,11 @@ module Google
34
35
  # Request message for [BinauthzManagementService.UpdatePolicy][].
35
36
  # @!attribute [rw] policy
36
37
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
37
- # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The service will
38
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy#name policy name} field with the resource name in
39
- # the request URL, in the format `projects/*/policy`.
38
+ # Required. A new or updated
39
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
40
+ # service will overwrite the [policy
41
+ # name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
42
+ # resource name in the request URL, in the format `projects/*/policy`.
40
43
  class UpdatePolicyRequest
41
44
  include ::Google::Protobuf::MessageExts
42
45
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -45,15 +48,19 @@ module Google
45
48
  # Request message for [BinauthzManagementService.CreateAttestor][].
46
49
  # @!attribute [rw] parent
47
50
  # @return [::String]
48
- # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
51
+ # Required. The parent of this
52
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
49
53
  # @!attribute [rw] attestor_id
50
54
  # @return [::String]
51
- # Required. The {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
55
+ # Required. The
56
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
52
57
  # @!attribute [rw] attestor
53
58
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
54
- # Required. The initial {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will
55
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name,
56
- # in the format `projects/*/attestors/*`.
59
+ # Required. The initial
60
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
61
+ # service will overwrite the [attestor
62
+ # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
63
+ # the resource name, in the format `projects/*/attestors/*`.
57
64
  class CreateAttestorRequest
58
65
  include ::Google::Protobuf::MessageExts
59
66
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -62,8 +69,9 @@ module Google
62
69
  # Request message for [BinauthzManagementService.GetAttestor][].
63
70
  # @!attribute [rw] name
64
71
  # @return [::String]
65
- # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, in the format
66
- # `projects/*/attestors/*`.
72
+ # Required. The name of the
73
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
74
+ # in the format `projects/*/attestors/*`.
67
75
  class GetAttestorRequest
68
76
  include ::Google::Protobuf::MessageExts
69
77
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -72,9 +80,12 @@ module Google
72
80
  # Request message for [BinauthzManagementService.UpdateAttestor][].
73
81
  # @!attribute [rw] attestor
74
82
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
75
- # Required. The updated {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will
76
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name
77
- # in the request URL, in the format `projects/*/attestors/*`.
83
+ # Required. The updated
84
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
85
+ # service will overwrite the [attestor
86
+ # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
87
+ # the resource name in the request URL, in the format
88
+ # `projects/*/attestors/*`.
78
89
  class UpdateAttestorRequest
79
90
  include ::Google::Protobuf::MessageExts
80
91
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -84,7 +95,8 @@ module Google
84
95
  # @!attribute [rw] parent
85
96
  # @return [::String]
86
97
  # Required. The resource name of the project associated with the
87
- # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the format `projects/*`.
98
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
99
+ # format `projects/*`.
88
100
  # @!attribute [rw] page_size
89
101
  # @return [::Integer]
90
102
  # Requested page size. The server may return fewer results than requested. If
@@ -92,8 +104,9 @@ module Google
92
104
  # @!attribute [rw] page_token
93
105
  # @return [::String]
94
106
  # A token identifying a page of results the server should return. Typically,
95
- # this is the value of {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned
96
- # from the previous call to the `ListAttestors` method.
107
+ # this is the value of
108
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
109
+ # returned from the previous call to the `ListAttestors` method.
97
110
  class ListAttestorsRequest
98
111
  include ::Google::Protobuf::MessageExts
99
112
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -106,8 +119,9 @@ module Google
106
119
  # @!attribute [rw] next_page_token
107
120
  # @return [::String]
108
121
  # A token to retrieve the next page of results. Pass this value in the
109
- # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the
110
- # `ListAttestors` method to retrieve the next page of results.
122
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
123
+ # field in the subsequent call to the `ListAttestors` method to retrieve the
124
+ # next page of results.
111
125
  class ListAttestorsResponse
112
126
  include ::Google::Protobuf::MessageExts
113
127
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -116,8 +130,9 @@ module Google
116
130
  # Request message for [BinauthzManagementService.DeleteAttestor][].
117
131
  # @!attribute [rw] name
118
132
  # @return [::String]
119
- # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, in the format
120
- # `projects/*/attestors/*`.
133
+ # Required. The name of the
134
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
135
+ # in the format `projects/*/attestors/*`.
121
136
  class DeleteAttestorRequest
122
137
  include ::Google::Protobuf::MessageExts
123
138
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -0,0 +1,229 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2026 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Protobuf
22
+ # `FieldMask` represents a set of symbolic field paths, for example:
23
+ #
24
+ # paths: "f.a"
25
+ # paths: "f.b.d"
26
+ #
27
+ # Here `f` represents a field in some root message, `a` and `b`
28
+ # fields in the message found in `f`, and `d` a field found in the
29
+ # message in `f.b`.
30
+ #
31
+ # Field masks are used to specify a subset of fields that should be
32
+ # returned by a get operation or modified by an update operation.
33
+ # Field masks also have a custom JSON encoding (see below).
34
+ #
35
+ # # Field Masks in Projections
36
+ #
37
+ # When used in the context of a projection, a response message or
38
+ # sub-message is filtered by the API to only contain those fields as
39
+ # specified in the mask. For example, if the mask in the previous
40
+ # example is applied to a response message as follows:
41
+ #
42
+ # f {
43
+ # a : 22
44
+ # b {
45
+ # d : 1
46
+ # x : 2
47
+ # }
48
+ # y : 13
49
+ # }
50
+ # z: 8
51
+ #
52
+ # The result will not contain specific values for fields x,y and z
53
+ # (their value will be set to the default, and omitted in proto text
54
+ # output):
55
+ #
56
+ #
57
+ # f {
58
+ # a : 22
59
+ # b {
60
+ # d : 1
61
+ # }
62
+ # }
63
+ #
64
+ # A repeated field is not allowed except at the last position of a
65
+ # paths string.
66
+ #
67
+ # If a FieldMask object is not present in a get operation, the
68
+ # operation applies to all fields (as if a FieldMask of all fields
69
+ # had been specified).
70
+ #
71
+ # Note that a field mask does not necessarily apply to the
72
+ # top-level response message. In case of a REST get operation, the
73
+ # field mask applies directly to the response, but in case of a REST
74
+ # list operation, the mask instead applies to each individual message
75
+ # in the returned resource list. In case of a REST custom method,
76
+ # other definitions may be used. Where the mask applies will be
77
+ # clearly documented together with its declaration in the API. In
78
+ # any case, the effect on the returned resource/resources is required
79
+ # behavior for APIs.
80
+ #
81
+ # # Field Masks in Update Operations
82
+ #
83
+ # A field mask in update operations specifies which fields of the
84
+ # targeted resource are going to be updated. The API is required
85
+ # to only change the values of the fields as specified in the mask
86
+ # and leave the others untouched. If a resource is passed in to
87
+ # describe the updated values, the API ignores the values of all
88
+ # fields not covered by the mask.
89
+ #
90
+ # If a repeated field is specified for an update operation, new values will
91
+ # be appended to the existing repeated field in the target resource. Note that
92
+ # a repeated field is only allowed in the last position of a `paths` string.
93
+ #
94
+ # If a sub-message is specified in the last position of the field mask for an
95
+ # update operation, then new value will be merged into the existing sub-message
96
+ # in the target resource.
97
+ #
98
+ # For example, given the target message:
99
+ #
100
+ # f {
101
+ # b {
102
+ # d: 1
103
+ # x: 2
104
+ # }
105
+ # c: [1]
106
+ # }
107
+ #
108
+ # And an update message:
109
+ #
110
+ # f {
111
+ # b {
112
+ # d: 10
113
+ # }
114
+ # c: [2]
115
+ # }
116
+ #
117
+ # then if the field mask is:
118
+ #
119
+ # paths: ["f.b", "f.c"]
120
+ #
121
+ # then the result will be:
122
+ #
123
+ # f {
124
+ # b {
125
+ # d: 10
126
+ # x: 2
127
+ # }
128
+ # c: [1, 2]
129
+ # }
130
+ #
131
+ # An implementation may provide options to override this default behavior for
132
+ # repeated and message fields.
133
+ #
134
+ # In order to reset a field's value to the default, the field must
135
+ # be in the mask and set to the default value in the provided resource.
136
+ # Hence, in order to reset all fields of a resource, provide a default
137
+ # instance of the resource and set all fields in the mask, or do
138
+ # not provide a mask as described below.
139
+ #
140
+ # If a field mask is not present on update, the operation applies to
141
+ # all fields (as if a field mask of all fields has been specified).
142
+ # Note that in the presence of schema evolution, this may mean that
143
+ # fields the client does not know and has therefore not filled into
144
+ # the request will be reset to their default. If this is unwanted
145
+ # behavior, a specific service may require a client to always specify
146
+ # a field mask, producing an error if not.
147
+ #
148
+ # As with get operations, the location of the resource which
149
+ # describes the updated values in the request message depends on the
150
+ # operation kind. In any case, the effect of the field mask is
151
+ # required to be honored by the API.
152
+ #
153
+ # ## Considerations for HTTP REST
154
+ #
155
+ # The HTTP kind of an update operation which uses a field mask must
156
+ # be set to PATCH instead of PUT in order to satisfy HTTP semantics
157
+ # (PUT must only be used for full updates).
158
+ #
159
+ # # JSON Encoding of Field Masks
160
+ #
161
+ # In JSON, a field mask is encoded as a single string where paths are
162
+ # separated by a comma. Fields name in each path are converted
163
+ # to/from lower-camel naming conventions.
164
+ #
165
+ # As an example, consider the following message declarations:
166
+ #
167
+ # message Profile {
168
+ # User user = 1;
169
+ # Photo photo = 2;
170
+ # }
171
+ # message User {
172
+ # string display_name = 1;
173
+ # string address = 2;
174
+ # }
175
+ #
176
+ # In proto a field mask for `Profile` may look as such:
177
+ #
178
+ # mask {
179
+ # paths: "user.display_name"
180
+ # paths: "photo"
181
+ # }
182
+ #
183
+ # In JSON, the same mask is represented as below:
184
+ #
185
+ # {
186
+ # mask: "user.displayName,photo"
187
+ # }
188
+ #
189
+ # # Field Masks and Oneof Fields
190
+ #
191
+ # Field masks treat fields in oneofs just as regular fields. Consider the
192
+ # following message:
193
+ #
194
+ # message SampleMessage {
195
+ # oneof test_oneof {
196
+ # string name = 4;
197
+ # SubMessage sub_message = 9;
198
+ # }
199
+ # }
200
+ #
201
+ # The field mask can be:
202
+ #
203
+ # mask {
204
+ # paths: "name"
205
+ # }
206
+ #
207
+ # Or:
208
+ #
209
+ # mask {
210
+ # paths: "sub_message"
211
+ # }
212
+ #
213
+ # Note that oneof type names ("test_oneof" in this case) cannot be used in
214
+ # paths.
215
+ #
216
+ # ## Field Mask Verification
217
+ #
218
+ # The implementation of any API method which has a FieldMask type field in the
219
+ # request should verify the included field paths, and return an
220
+ # `INVALID_ARGUMENT` error if any path is unmappable.
221
+ # @!attribute [rw] paths
222
+ # @return [::Array<::String>]
223
+ # The set of field mask paths.
224
+ class FieldMask
225
+ include ::Google::Protobuf::MessageExts
226
+ extend ::Google::Protobuf::MessageExts::ClassMethods
227
+ end
228
+ end
229
+ end
@@ -0,0 +1,75 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2026 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Type
22
+ # Represents a textual expression in the Common Expression Language (CEL)
23
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
24
+ # are documented at https://github.com/google/cel-spec.
25
+ #
26
+ # Example (Comparison):
27
+ #
28
+ # title: "Summary size limit"
29
+ # description: "Determines if a summary is less than 100 chars"
30
+ # expression: "document.summary.size() < 100"
31
+ #
32
+ # Example (Equality):
33
+ #
34
+ # title: "Requestor is owner"
35
+ # description: "Determines if requestor is the document owner"
36
+ # expression: "document.owner == request.auth.claims.email"
37
+ #
38
+ # Example (Logic):
39
+ #
40
+ # title: "Public documents"
41
+ # description: "Determine whether the document should be publicly visible"
42
+ # expression: "document.type != 'private' && document.type != 'internal'"
43
+ #
44
+ # Example (Data Manipulation):
45
+ #
46
+ # title: "Notification string"
47
+ # description: "Create a notification string with a timestamp."
48
+ # expression: "'New message received at ' + string(document.create_time)"
49
+ #
50
+ # The exact variables and functions that may be referenced within an expression
51
+ # are determined by the service that evaluates it. See the service
52
+ # documentation for additional information.
53
+ # @!attribute [rw] expression
54
+ # @return [::String]
55
+ # Textual representation of an expression in Common Expression Language
56
+ # syntax.
57
+ # @!attribute [rw] title
58
+ # @return [::String]
59
+ # Optional. Title for the expression, i.e. a short string describing
60
+ # its purpose. This can be used e.g. in UIs which allow to enter the
61
+ # expression.
62
+ # @!attribute [rw] description
63
+ # @return [::String]
64
+ # Optional. Description of the expression. This is a longer text which
65
+ # describes the expression, e.g. when hovered over it in a UI.
66
+ # @!attribute [rw] location
67
+ # @return [::String]
68
+ # Optional. String indicating the location of the expression for error
69
+ # reporting, e.g. a file name and a position in the file.
70
+ class Expr
71
+ include ::Google::Protobuf::MessageExts
72
+ extend ::Google::Protobuf::MessageExts::ClassMethods
73
+ end
74
+ end
75
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-binary_authorization-v1beta1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.18.0
4
+ version: 0.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - "~>"
17
17
  - !ruby/object:Gem::Version
18
- version: '1.2'
18
+ version: '1.3'
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - "~>"
24
24
  - !ruby/object:Gem::Version
25
- version: '1.2'
25
+ version: '1.3'
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: google-cloud-errors
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -37,6 +37,20 @@ dependencies:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
39
  version: '1.0'
40
+ - !ruby/object:Gem::Dependency
41
+ name: google-iam-v1
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - "~>"
45
+ - !ruby/object:Gem::Version
46
+ version: '1.3'
47
+ type: :runtime
48
+ prerelease: false
49
+ version_requirements: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '1.3'
40
54
  description: Binary Authorization is a service on Google Cloud that provides centralized
41
55
  software supply-chain security for applications that run on Google Kubernetes Engine
42
56
  (GKE) and GKE on-prem. Note that google-cloud-binary_authorization-v1beta1 is a
@@ -61,6 +75,7 @@ files:
61
75
  - lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb
62
76
  - lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb
63
77
  - lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/service_stub.rb
78
+ - lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb
64
79
  - lib/google/cloud/binary_authorization/v1beta1/rest.rb
65
80
  - lib/google/cloud/binary_authorization/v1beta1/system_policy.rb
66
81
  - lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb
@@ -84,7 +99,9 @@ files:
84
99
  - proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb
85
100
  - proto_docs/google/protobuf/duration.rb
86
101
  - proto_docs/google/protobuf/empty.rb
102
+ - proto_docs/google/protobuf/field_mask.rb
87
103
  - proto_docs/google/protobuf/timestamp.rb
104
+ - proto_docs/google/type/expr.rb
88
105
  homepage: https://github.com/googleapis/google-cloud-ruby
89
106
  licenses:
90
107
  - Apache-2.0
@@ -105,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
105
122
  requirements: []
106
123
  rubygems_version: 3.6.9
107
124
  specification_version: 4
108
- summary: The management interface for Binary Authorization, a system providing policy
109
- control for images deployed to Kubernetes Engine clusters, Anthos clusters on VMware,
110
- and Cloud Run.
125
+ summary: The management interface for Binary Authorization, a service that provides
126
+ policy-based deployment validation and control for images deployed to Google Kubernetes
127
+ Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run.
111
128
  test_files: []