google-cloud-binary_authorization-v1beta1 0.19.0 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -18,6 +18,7 @@
18
18
 
19
19
  require "google/cloud/errors"
20
20
  require "google/cloud/binaryauthorization/v1beta1/service_pb"
21
+ require "google/iam/v1"
21
22
 
22
23
  module Google
23
24
  module Cloud
@@ -170,8 +171,23 @@ module Google
170
171
  entry.set "defaultTimeout", @config.timeout if @config.timeout
171
172
  entry.set "quotaProject", @quota_project_id if @quota_project_id
172
173
  end
174
+
175
+ @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
176
+ config.credentials = credentials
177
+ config.quota_project = @quota_project_id
178
+ config.endpoint = @system_policy_stub.endpoint
179
+ config.universe_domain = @system_policy_stub.universe_domain
180
+ config.logger = @system_policy_stub.logger if config.respond_to? :logger=
181
+ end
173
182
  end
174
183
 
184
+ ##
185
+ # Get the associated client for mix-in of the IAMPolicy.
186
+ #
187
+ # @return [Google::Iam::V1::IAMPolicy::Client]
188
+ #
189
+ attr_reader :iam_policy_client
190
+
175
191
  ##
176
192
  # The logger used for request/response debug logging.
177
193
  #
@@ -19,6 +19,7 @@
19
19
  require "google/cloud/errors"
20
20
  require "google/cloud/binaryauthorization/v1beta1/service_pb"
21
21
  require "google/cloud/binary_authorization/v1beta1/system_policy/rest/service_stub"
22
+ require "google/iam/v1/rest"
22
23
 
23
24
  module Google
24
25
  module Cloud
@@ -163,8 +164,24 @@ module Google
163
164
  entry.set "defaultTimeout", @config.timeout if @config.timeout
164
165
  entry.set "quotaProject", @quota_project_id if @quota_project_id
165
166
  end
167
+
168
+ @iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config|
169
+ config.credentials = credentials
170
+ config.quota_project = @quota_project_id
171
+ config.endpoint = @system_policy_stub.endpoint
172
+ config.universe_domain = @system_policy_stub.universe_domain
173
+ config.bindings_override = @config.bindings_override
174
+ config.logger = @system_policy_stub.logger if config.respond_to? :logger=
175
+ end
166
176
  end
167
177
 
178
+ ##
179
+ # Get the associated client for mix-in of the IAMPolicy.
180
+ #
181
+ # @return [Google::Iam::V1::IAMPolicy::Rest::Client]
182
+ #
183
+ attr_reader :iam_policy_client
184
+
168
185
  ##
169
186
  # The logger used for request/response debug logging.
170
187
  #
@@ -363,6 +380,13 @@ module Google
363
380
  config_attr :retry_policy, nil, ::Hash, ::Proc, nil
364
381
  config_attr :quota_project, nil, ::String, nil
365
382
  config_attr :universe_domain, nil, ::String, nil
383
+
384
+ # @private
385
+ # Overrides for http bindings for the RPCs of this service
386
+ # are only used when this service is used as mixin, and only
387
+ # by the host service.
388
+ # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
389
+ config_attr :bindings_override, {}, ::Hash, nil
366
390
  config_attr :logger, :default, ::Logger, nil, :default
367
391
 
368
392
  # @private
@@ -21,6 +21,7 @@ require "gapic/config"
21
21
  require "gapic/config/method"
22
22
 
23
23
  require "google/cloud/binary_authorization/v1beta1/version"
24
+ require "google/cloud/binary_authorization/v1beta1/bindings_override"
24
25
 
25
26
  require "google/cloud/binary_authorization/v1beta1/system_policy/credentials"
26
27
  require "google/cloud/binary_authorization/v1beta1/system_policy/paths"
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module BinaryAuthorization
23
23
  module V1beta1
24
- VERSION = "0.19.0"
24
+ VERSION = "0.20.0"
25
25
  end
26
26
  end
27
27
  end
@@ -9,7 +9,7 @@ require 'google/api/resource_pb'
9
9
  require 'google/protobuf/timestamp_pb'
10
10
 
11
11
 
12
- descriptor_data = "\n8google/cloud/binaryauthorization/v1beta1/resources.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xb1\r\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12w\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32K.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12n\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32\x43.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12q\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32K.google.cloud.binaryauthorization.v1beta1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8a\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32W.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x95\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32\\.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8d\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32X.google.cloud.binaryauthorization.v1beta1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12\\\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1au\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x86\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x82\x01\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xe4\x03\n\rAdmissionRule\x12\x64\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x66\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32G.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xbc\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\x61\n\x17user_owned_drydock_note\x18\x03 \x01(\x0b\x32>.google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb9\x01\n\x14UserOwnedDrydockNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12U\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32;.google.cloud.binaryauthorization.v1beta1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xc4\x04\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12g\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32J.google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm\"\xb1\x03\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x1a\x02\x10\x01\"\xbf\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12R\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\xba\x02\n,com.google.cloud.binaryauthorization.v1beta1B!BinaryAuthorizationResourcesProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xf8\x01\x01\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3"
12
+ descriptor_data = "\n8google/cloud/binaryauthorization/v1beta1/resources.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xc4\r\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12w\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32K.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12n\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32\x43.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12q\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32K.google.cloud.binaryauthorization.v1beta1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8a\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32W.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x95\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32\\.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8d\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32X.google.cloud.binaryauthorization.v1beta1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12\\\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x0b \x01(\tB\x03\xe0\x41\x01\x1au\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x86\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x82\x01\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xe4\x03\n\rAdmissionRule\x12\x64\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x66\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32G.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xcf\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\x61\n\x17user_owned_drydock_note\x18\x03 \x01(\x0b\x32>.google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x07 \x01(\tB\x03\xe0\x41\x01:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb9\x01\n\x14UserOwnedDrydockNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12U\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32;.google.cloud.binaryauthorization.v1beta1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xcb\x05\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12g\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32J.google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm\"\xb8\x04\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x1c\n\x18RSA_SIGN_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x1c\n\x18RSA_SIGN_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x12\r\n\tML_DSA_65\x10\r\x1a\x02\x10\x01\"\xbf\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12R\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\xb7\x02\n,com.google.cloud.binaryauthorization.v1beta1B!BinaryAuthorizationResourcesProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3"
13
13
 
14
14
  pool = ::Google::Protobuf::DescriptorPool.generated_pool
15
15
  pool.add_serialized_file(descriptor_data)
@@ -12,7 +12,7 @@ require 'google/cloud/binaryauthorization/v1beta1/resources_pb'
12
12
  require 'google/protobuf/empty_pb'
13
13
 
14
14
 
15
- descriptor_data = "\n6google/cloud/binaryauthorization/v1beta1/service.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x38google/cloud/binaryauthorization/v1beta1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\\\n\x13UpdatePolicyRequest\x12\x45\n\x06policy\x18\x01 \x01(\x0b\x32\x30.google.cloud.binaryauthorization.v1beta1.PolicyB\x03\xe0\x41\x02\"\xc1\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12I\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"b\n\x15UpdateAttestorRequest\x12I\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"w\n\x15ListAttestorsResponse\x12\x45\n\tattestors\x18\x01 \x03(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy2\xcb\x0b\n BinauthzManagementServiceV1Beta1\x12\xab\x01\n\tGetPolicy\x12:.google.cloud.binaryauthorization.v1beta1.GetPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1beta1/{name=projects/*/policy}\x12\xc2\x01\n\x0cUpdatePolicy\x12=.google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"A\xda\x41\x06policy\x82\xd3\xe4\x93\x02\x32\x1a(/v1beta1/{policy.name=projects/*/policy}:\x06policy\x12\xdd\x01\n\x0e\x43reateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"V\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02\x32\"&/v1beta1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xb6\x01\n\x0bGetAttestor\x12<.google.cloud.binaryauthorization.v1beta1.GetAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{name=projects/*/attestors/*}\x12\xd3\x01\n\x0eUpdateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"L\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02;\x1a//v1beta1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xc9\x01\n\rListAttestors\x12>.google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest\x1a?.google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse\"7\xda\x41\x06parent\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{parent=projects/*}/attestors\x12\xa0\x01\n\x0e\x44\x65leteAttestor\x12?.google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(*&/v1beta1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xa8\x02\n\x13SystemPolicyV1Beta1\x12\xb8\x01\n\x0fGetSystemPolicy\x12@.google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"1\xda\x41\x04name\x82\xd3\xe4\x93\x02$\x12\"/v1beta1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xb8\x02\n,com.google.cloud.binaryauthorization.v1beta1B\x1f\x42inaryAuthorizationServiceProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xf8\x01\x01\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3"
15
+ descriptor_data = "\n6google/cloud/binaryauthorization/v1beta1/service.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x38google/cloud/binaryauthorization/v1beta1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\\\n\x13UpdatePolicyRequest\x12\x45\n\x06policy\x18\x01 \x01(\x0b\x32\x30.google.cloud.binaryauthorization.v1beta1.PolicyB\x03\xe0\x41\x02\"\xc1\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12I\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"b\n\x15UpdateAttestorRequest\x12I\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"w\n\x15ListAttestorsResponse\x12\x45\n\tattestors\x18\x01 \x03(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy2\xcb\x0b\n BinauthzManagementServiceV1Beta1\x12\xab\x01\n\tGetPolicy\x12:.google.cloud.binaryauthorization.v1beta1.GetPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1beta1/{name=projects/*/policy}\x12\xc2\x01\n\x0cUpdatePolicy\x12=.google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"A\xda\x41\x06policy\x82\xd3\xe4\x93\x02\x32\x1a(/v1beta1/{policy.name=projects/*/policy}:\x06policy\x12\xdd\x01\n\x0e\x43reateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"V\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02\x32\"&/v1beta1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xb6\x01\n\x0bGetAttestor\x12<.google.cloud.binaryauthorization.v1beta1.GetAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{name=projects/*/attestors/*}\x12\xd3\x01\n\x0eUpdateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"L\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02;\x1a//v1beta1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xc9\x01\n\rListAttestors\x12>.google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest\x1a?.google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse\"7\xda\x41\x06parent\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{parent=projects/*}/attestors\x12\xa0\x01\n\x0e\x44\x65leteAttestor\x12?.google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(*&/v1beta1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xa8\x02\n\x13SystemPolicyV1Beta1\x12\xb8\x01\n\x0fGetSystemPolicy\x12@.google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"1\xda\x41\x04name\x82\xd3\xe4\x93\x02$\x12\"/v1beta1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xb5\x02\n,com.google.cloud.binaryauthorization.v1beta1B\x1f\x42inaryAuthorizationServiceProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3"
16
16
 
17
17
  pool = ::Google::Protobuf::DescriptorPool.generated_pool
18
18
  pool.add_serialized_file(descriptor_data)
@@ -41,36 +41,50 @@ module Google
41
41
  self.unmarshal_class_method = :decode
42
42
  self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
43
43
 
44
- # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
45
- # a container image, before the project is allowed to deploy that
44
+ # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
45
+ # [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
46
+ # attest to a container image, before the project is allowed to deploy that
46
47
  # image. There is at most one policy per project. All image admission
47
48
  # requests are permitted if a project has no policy.
48
49
  #
49
- # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
50
- # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
50
+ # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
51
+ # project. Returns a default
52
+ # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
53
+ # does not have one.
51
54
  rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
52
- # Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
53
- # new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
54
- # conditions with concurrent policy enforcement (or management!)
55
- # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
56
- # if the request is malformed.
55
+ # Creates or updates a project's
56
+ # [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
57
+ # copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
58
+ # A policy is always updated as a whole, to avoid race conditions with
59
+ # concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
60
+ # if the project does not exist, INVALID_ARGUMENT if the request is
61
+ # malformed.
57
62
  rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
58
- # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
59
- # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
60
- # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
61
- # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
63
+ # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
64
+ # and returns a copy of the new
65
+ # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
66
+ # NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
67
+ # malformed, ALREADY_EXISTS if the
68
+ # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
69
+ # exists.
62
70
  rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
63
71
  # Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
64
- # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
72
+ # Returns NOT_FOUND if the
73
+ # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
74
+ # exist.
65
75
  rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
66
76
  # Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
67
- # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
77
+ # Returns NOT_FOUND if the
78
+ # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
79
+ # exist.
68
80
  rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
69
81
  # Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
70
82
  # Returns INVALID_ARGUMENT if the project does not exist.
71
83
  rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
72
- # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
73
- # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
84
+ # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
85
+ # Returns NOT_FOUND if the
86
+ # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
87
+ # exist.
74
88
  rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
75
89
  end
76
90
 
@@ -21,7 +21,8 @@ module Google
21
21
  module Cloud
22
22
  module BinaryAuthorization
23
23
  module V1beta1
24
- # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary Authorization.
24
+ # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary
25
+ # Authorization.
25
26
  # @!attribute [r] name
26
27
  # @return [::String]
27
28
  # Output only. The resource name, in the format `projects/*/policy`. There is
@@ -51,7 +52,8 @@ module Google
51
52
  # https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
52
53
  # @!attribute [rw] kubernetes_namespace_admission_rules
53
54
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
54
- # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
55
+ # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec
56
+ # format:
55
57
  # `[a-z.-]+`, e.g. `some-namespace`
56
58
  # @!attribute [rw] kubernetes_service_account_admission_rules
57
59
  # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
@@ -71,6 +73,11 @@ module Google
71
73
  # @!attribute [r] update_time
72
74
  # @return [::Google::Protobuf::Timestamp]
73
75
  # Output only. Time when the policy was last updated.
76
+ # @!attribute [rw] etag
77
+ # @return [::String]
78
+ # Optional. A checksum, returned by the server, that can be sent on update
79
+ # requests to ensure the policy has an up-to-date value before attempting to
80
+ # update it. See https://google.aip.dev/154.
74
81
  class Policy
75
82
  include ::Google::Protobuf::MessageExts
76
83
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -123,8 +130,10 @@ module Google
123
130
  end
124
131
  end
125
132
 
126
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern} exempts images
127
- # from checks by {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rules}.
133
+ # An [admission allowlist
134
+ # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
135
+ # exempts images from checks by [admission
136
+ # rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
128
137
  # @!attribute [rw] name_pattern
129
138
  # @return [::String]
130
139
  # An image name pattern to allowlist, in the form `registry/path/to/image`.
@@ -139,26 +148,20 @@ module Google
139
148
  extend ::Google::Protobuf::MessageExts::ClassMethods
140
149
  end
141
150
 
142
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule} specifies either that all container images
143
- # used in a pod creation request must be attested to by one or more
144
- # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod creations will be allowed, or that all
145
- # pod creations will be denied.
151
+ # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule}
152
+ # specifies either that all container images used in a pod creation request
153
+ # must be attested to by one or more
154
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod
155
+ # creations will be allowed, or that all pod creations will be denied.
146
156
  #
147
- # Images matching an {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern}
157
+ # Images matching an [admission allowlist
158
+ # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
148
159
  # are exempted from admission rules and will never block a pod creation.
149
160
  # @!attribute [rw] evaluation_mode
150
161
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EvaluationMode]
151
162
  # Required. How this admission rule will be evaluated.
152
163
  # @!attribute [rw] require_attestations_by
153
164
  # @return [::Array<::String>]
154
- # Optional. The resource names of the attestors that must attest to
155
- # a container image, in the format `projects/*/attestors/*`. Each
156
- # attestor must exist before a policy can reference it. To add an attestor
157
- # to a policy the principal issuing the policy change request must be able
158
- # to read the attestor resource.
159
- #
160
- # Note: this field must be non-empty when the evaluation_mode field specifies
161
- # REQUIRE_ATTESTATION, otherwise it must be empty.
162
165
  # @!attribute [rw] enforcement_mode
163
166
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EnforcementMode]
164
167
  # Required. The action when a pod creation is denied by the admission rule.
@@ -182,6 +185,8 @@ module Google
182
185
  ALWAYS_DENY = 3
183
186
  end
184
187
 
188
+ # TODO(wietse) re-word this text to 'per-image' instead of 'per-pod' and to
189
+ # allow for three-way evaluation (allow, deny, delegate).
185
190
  # Defines the possible actions when a pod creation is denied by an admission
186
191
  # rule.
187
192
  module EnforcementMode
@@ -197,9 +202,9 @@ module Google
197
202
  end
198
203
  end
199
204
 
200
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests to container image
201
- # artifacts. An existing attestor cannot be modified except where
202
- # indicated.
205
+ # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests
206
+ # to container image artifacts. An existing attestor cannot be modified except
207
+ # where indicated.
203
208
  # @!attribute [rw] name
204
209
  # @return [::String]
205
210
  # Required. The resource name, in the format:
@@ -214,13 +219,19 @@ module Google
214
219
  # @!attribute [r] update_time
215
220
  # @return [::Google::Protobuf::Timestamp]
216
221
  # Output only. Time when the attestor was last updated.
222
+ # @!attribute [rw] etag
223
+ # @return [::String]
224
+ # Optional. A checksum, returned by the server, that can be sent on update
225
+ # requests to ensure the attestor has an up-to-date value before attempting
226
+ # to update it. See https://google.aip.dev/154.
217
227
  class Attestor
218
228
  include ::Google::Protobuf::MessageExts
219
229
  extend ::Google::Protobuf::MessageExts::ClassMethods
220
230
  end
221
231
 
222
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::UserOwnedDrydockNote user owned drydock note} references a Drydock
223
- # ATTESTATION_AUTHORITY Note created by the user.
232
+ # An [user owned drydock
233
+ # note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote]
234
+ # references a Drydock ATTESTATION_AUTHORITY Note created by the user.
224
235
  # @!attribute [rw] note_reference
225
236
  # @return [::String]
226
237
  # Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
@@ -289,15 +300,27 @@ module Google
289
300
  # RSASSA-PSS 2048 bit key with a SHA256 digest.
290
301
  RSA_PSS_2048_SHA256 = 1
291
302
 
303
+ # RSASSA-PSS 2048 bit key with a SHA256 digest.
304
+ RSA_SIGN_PSS_2048_SHA256 = 1
305
+
292
306
  # RSASSA-PSS 3072 bit key with a SHA256 digest.
293
307
  RSA_PSS_3072_SHA256 = 2
294
308
 
309
+ # RSASSA-PSS 3072 bit key with a SHA256 digest.
310
+ RSA_SIGN_PSS_3072_SHA256 = 2
311
+
295
312
  # RSASSA-PSS 4096 bit key with a SHA256 digest.
296
313
  RSA_PSS_4096_SHA256 = 3
297
314
 
315
+ # RSASSA-PSS 4096 bit key with a SHA256 digest.
316
+ RSA_SIGN_PSS_4096_SHA256 = 3
317
+
298
318
  # RSASSA-PSS 4096 bit key with a SHA512 digest.
299
319
  RSA_PSS_4096_SHA512 = 4
300
320
 
321
+ # RSASSA-PSS 4096 bit key with a SHA512 digest.
322
+ RSA_SIGN_PSS_4096_SHA512 = 4
323
+
301
324
  # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
302
325
  RSA_SIGN_PKCS1_2048_SHA256 = 5
303
326
 
@@ -327,11 +350,15 @@ module Google
327
350
 
328
351
  # ECDSA on the NIST P-521 curve with a SHA512 digest.
329
352
  EC_SIGN_P521_SHA512 = 11
353
+
354
+ # ML-DSA-65 Post-Quantum Cryptography signature algorithm.
355
+ ML_DSA_65 = 13
330
356
  end
331
357
  end
332
358
 
333
- # An {::Google::Cloud::BinaryAuthorization::V1beta1::AttestorPublicKey attestor public key} that will be used to verify
334
- # attestations signed by this attestor.
359
+ # An [attestor public
360
+ # key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be
361
+ # used to verify attestations signed by this attestor.
335
362
  # @!attribute [rw] comment
336
363
  # @return [::String]
337
364
  # Optional. A descriptive comment. This field may be updated.
@@ -24,8 +24,9 @@ module Google
24
24
  # Request message for [BinauthzManagementService.GetPolicy][].
25
25
  # @!attribute [rw] name
26
26
  # @return [::String]
27
- # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve,
28
- # in the format `projects/*/policy`.
27
+ # Required. The resource name of the
28
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
29
+ # the format `projects/*/policy`.
29
30
  class GetPolicyRequest
30
31
  include ::Google::Protobuf::MessageExts
31
32
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -34,9 +35,11 @@ module Google
34
35
  # Request message for [BinauthzManagementService.UpdatePolicy][].
35
36
  # @!attribute [rw] policy
36
37
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
37
- # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The service will
38
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy#name policy name} field with the resource name in
39
- # the request URL, in the format `projects/*/policy`.
38
+ # Required. A new or updated
39
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
40
+ # service will overwrite the [policy
41
+ # name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
42
+ # resource name in the request URL, in the format `projects/*/policy`.
40
43
  class UpdatePolicyRequest
41
44
  include ::Google::Protobuf::MessageExts
42
45
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -45,15 +48,19 @@ module Google
45
48
  # Request message for [BinauthzManagementService.CreateAttestor][].
46
49
  # @!attribute [rw] parent
47
50
  # @return [::String]
48
- # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
51
+ # Required. The parent of this
52
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
49
53
  # @!attribute [rw] attestor_id
50
54
  # @return [::String]
51
- # Required. The {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
55
+ # Required. The
56
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
52
57
  # @!attribute [rw] attestor
53
58
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
54
- # Required. The initial {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will
55
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name,
56
- # in the format `projects/*/attestors/*`.
59
+ # Required. The initial
60
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
61
+ # service will overwrite the [attestor
62
+ # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
63
+ # the resource name, in the format `projects/*/attestors/*`.
57
64
  class CreateAttestorRequest
58
65
  include ::Google::Protobuf::MessageExts
59
66
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -62,8 +69,9 @@ module Google
62
69
  # Request message for [BinauthzManagementService.GetAttestor][].
63
70
  # @!attribute [rw] name
64
71
  # @return [::String]
65
- # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, in the format
66
- # `projects/*/attestors/*`.
72
+ # Required. The name of the
73
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
74
+ # in the format `projects/*/attestors/*`.
67
75
  class GetAttestorRequest
68
76
  include ::Google::Protobuf::MessageExts
69
77
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -72,9 +80,12 @@ module Google
72
80
  # Request message for [BinauthzManagementService.UpdateAttestor][].
73
81
  # @!attribute [rw] attestor
74
82
  # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
75
- # Required. The updated {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will
76
- # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name
77
- # in the request URL, in the format `projects/*/attestors/*`.
83
+ # Required. The updated
84
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
85
+ # service will overwrite the [attestor
86
+ # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
87
+ # the resource name in the request URL, in the format
88
+ # `projects/*/attestors/*`.
78
89
  class UpdateAttestorRequest
79
90
  include ::Google::Protobuf::MessageExts
80
91
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -84,7 +95,8 @@ module Google
84
95
  # @!attribute [rw] parent
85
96
  # @return [::String]
86
97
  # Required. The resource name of the project associated with the
87
- # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the format `projects/*`.
98
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
99
+ # format `projects/*`.
88
100
  # @!attribute [rw] page_size
89
101
  # @return [::Integer]
90
102
  # Requested page size. The server may return fewer results than requested. If
@@ -92,8 +104,9 @@ module Google
92
104
  # @!attribute [rw] page_token
93
105
  # @return [::String]
94
106
  # A token identifying a page of results the server should return. Typically,
95
- # this is the value of {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned
96
- # from the previous call to the `ListAttestors` method.
107
+ # this is the value of
108
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
109
+ # returned from the previous call to the `ListAttestors` method.
97
110
  class ListAttestorsRequest
98
111
  include ::Google::Protobuf::MessageExts
99
112
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -106,8 +119,9 @@ module Google
106
119
  # @!attribute [rw] next_page_token
107
120
  # @return [::String]
108
121
  # A token to retrieve the next page of results. Pass this value in the
109
- # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the
110
- # `ListAttestors` method to retrieve the next page of results.
122
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
123
+ # field in the subsequent call to the `ListAttestors` method to retrieve the
124
+ # next page of results.
111
125
  class ListAttestorsResponse
112
126
  include ::Google::Protobuf::MessageExts
113
127
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -116,8 +130,9 @@ module Google
116
130
  # Request message for [BinauthzManagementService.DeleteAttestor][].
117
131
  # @!attribute [rw] name
118
132
  # @return [::String]
119
- # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, in the format
120
- # `projects/*/attestors/*`.
133
+ # Required. The name of the
134
+ # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
135
+ # in the format `projects/*/attestors/*`.
121
136
  class DeleteAttestorRequest
122
137
  include ::Google::Protobuf::MessageExts
123
138
  extend ::Google::Protobuf::MessageExts::ClassMethods