google-cloud-binary_authorization-v1beta1 0.3.0 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +8 -8
- data/README.md +1 -1
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +122 -105
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb +55 -0
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +31 -17
- data/proto_docs/google/api/field_behavior.rb +7 -1
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb +104 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +2 -2
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- metadata +15 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0b2409e68ea2a91e67465a81c38b4f7d8da7cc0880180287e2e3f50f62a030c6
|
|
4
|
+
data.tar.gz: 8c0093f6dda1fee6797b5a0d5e62475abbcaebfb4193b25aff7c81421a20a2db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 43b6ba3464e0b63b7ef496a35aee3406a00ea7aa9aa9d22037fae12434b51a8a4e218b7c6fef00f301109fd174ac3f0ae63e5f9239e0fdb9dbe03e5ae7206458
|
|
7
|
+
data.tar.gz: 9e0d97ec9a80a0818257f6dddc208b377bf44702795171027a6e98b511968f0b0c864aa1df74a31558ef8bd3c875b6f9777e82a197820ec05d64fa8fd1f09d18
|
data/AUTHENTICATION.md
CHANGED
|
@@ -66,11 +66,11 @@ The environment variables that google-cloud-binary_authorization-v1beta1
|
|
|
66
66
|
checks for credentials are configured on the service Credentials class (such as
|
|
67
67
|
{::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Credentials}):
|
|
68
68
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
69
|
+
* `BINARY_AUTHORIZATION_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
70
|
+
* `BINARY_AUTHORIZATION_KEYFILE` - Path to JSON file, or JSON contents
|
|
71
|
+
* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
72
|
+
* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
|
|
73
|
+
* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
|
|
74
74
|
|
|
75
75
|
```ruby
|
|
76
76
|
require "google/cloud/binary_authorization/v1beta1"
|
|
@@ -82,8 +82,8 @@ client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementServic
|
|
|
82
82
|
|
|
83
83
|
### Configuration
|
|
84
84
|
|
|
85
|
-
The **Credentials JSON** can be configured instead of
|
|
86
|
-
environment
|
|
85
|
+
The path to the **Credentials JSON** file can be configured instead of storing
|
|
86
|
+
it in an environment variable. Either on an individual client initialization:
|
|
87
87
|
|
|
88
88
|
```ruby
|
|
89
89
|
require "google/cloud/binary_authorization/v1beta1"
|
|
@@ -93,7 +93,7 @@ client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementServic
|
|
|
93
93
|
end
|
|
94
94
|
```
|
|
95
95
|
|
|
96
|
-
Or
|
|
96
|
+
Or globally for all clients:
|
|
97
97
|
|
|
98
98
|
```ruby
|
|
99
99
|
require "google/cloud/binary_authorization/v1beta1"
|
data/README.md
CHANGED
|
@@ -33,7 +33,7 @@ In order to use this library, you first need to go through the following steps:
|
|
|
33
33
|
require "google/cloud/binary_authorization/v1beta1"
|
|
34
34
|
|
|
35
35
|
client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new
|
|
36
|
-
request =
|
|
36
|
+
request = ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest.new # (request fields as keyword arguments...)
|
|
37
37
|
response = client.get_policy request
|
|
38
38
|
```
|
|
39
39
|
|
|
@@ -47,13 +47,12 @@ module Google
|
|
|
47
47
|
# See {::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client::Configuration}
|
|
48
48
|
# for a description of the configuration fields.
|
|
49
49
|
#
|
|
50
|
-
#
|
|
50
|
+
# @example
|
|
51
51
|
#
|
|
52
|
-
#
|
|
53
|
-
#
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
# end
|
|
52
|
+
# # Modify the configuration for all BinauthzManagementService clients
|
|
53
|
+
# ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.configure do |config|
|
|
54
|
+
# config.timeout = 10.0
|
|
55
|
+
# end
|
|
57
56
|
#
|
|
58
57
|
# @yield [config] Configure the Client client.
|
|
59
58
|
# @yieldparam config [Client::Configuration]
|
|
@@ -73,52 +72,34 @@ module Google
|
|
|
73
72
|
|
|
74
73
|
default_config.rpcs.get_policy.timeout = 600.0
|
|
75
74
|
default_config.rpcs.get_policy.retry_policy = {
|
|
76
|
-
initial_delay: 0.1,
|
|
77
|
-
max_delay: 60.0,
|
|
78
|
-
multiplier: 1.3,
|
|
79
|
-
retry_codes: [4, 14]
|
|
75
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
80
76
|
}
|
|
81
77
|
|
|
82
78
|
default_config.rpcs.update_policy.timeout = 600.0
|
|
83
79
|
default_config.rpcs.update_policy.retry_policy = {
|
|
84
|
-
initial_delay: 0.1,
|
|
85
|
-
max_delay: 60.0,
|
|
86
|
-
multiplier: 1.3,
|
|
87
|
-
retry_codes: [4, 14]
|
|
80
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
88
81
|
}
|
|
89
82
|
|
|
90
83
|
default_config.rpcs.create_attestor.timeout = 600.0
|
|
91
84
|
|
|
92
85
|
default_config.rpcs.get_attestor.timeout = 600.0
|
|
93
86
|
default_config.rpcs.get_attestor.retry_policy = {
|
|
94
|
-
initial_delay: 0.1,
|
|
95
|
-
max_delay: 60.0,
|
|
96
|
-
multiplier: 1.3,
|
|
97
|
-
retry_codes: [4, 14]
|
|
87
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
98
88
|
}
|
|
99
89
|
|
|
100
90
|
default_config.rpcs.update_attestor.timeout = 600.0
|
|
101
91
|
default_config.rpcs.update_attestor.retry_policy = {
|
|
102
|
-
initial_delay: 0.1,
|
|
103
|
-
max_delay: 60.0,
|
|
104
|
-
multiplier: 1.3,
|
|
105
|
-
retry_codes: [4, 14]
|
|
92
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
106
93
|
}
|
|
107
94
|
|
|
108
95
|
default_config.rpcs.list_attestors.timeout = 600.0
|
|
109
96
|
default_config.rpcs.list_attestors.retry_policy = {
|
|
110
|
-
initial_delay: 0.1,
|
|
111
|
-
max_delay: 60.0,
|
|
112
|
-
multiplier: 1.3,
|
|
113
|
-
retry_codes: [4, 14]
|
|
97
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
114
98
|
}
|
|
115
99
|
|
|
116
100
|
default_config.rpcs.delete_attestor.timeout = 600.0
|
|
117
101
|
default_config.rpcs.delete_attestor.retry_policy = {
|
|
118
|
-
initial_delay: 0.1,
|
|
119
|
-
max_delay: 60.0,
|
|
120
|
-
multiplier: 1.3,
|
|
121
|
-
retry_codes: [4, 14]
|
|
102
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
122
103
|
}
|
|
123
104
|
|
|
124
105
|
default_config
|
|
@@ -150,19 +131,15 @@ module Google
|
|
|
150
131
|
##
|
|
151
132
|
# Create a new BinauthzManagementService client object.
|
|
152
133
|
#
|
|
153
|
-
#
|
|
154
|
-
#
|
|
155
|
-
# To create a new BinauthzManagementService client with the default
|
|
156
|
-
# configuration:
|
|
157
|
-
#
|
|
158
|
-
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new
|
|
134
|
+
# @example
|
|
159
135
|
#
|
|
160
|
-
#
|
|
161
|
-
#
|
|
136
|
+
# # Create a client using the default configuration
|
|
137
|
+
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new
|
|
162
138
|
#
|
|
163
|
-
#
|
|
164
|
-
#
|
|
165
|
-
#
|
|
139
|
+
# # Create a client using a custom configuration
|
|
140
|
+
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new do |config|
|
|
141
|
+
# config.timeout = 10.0
|
|
142
|
+
# end
|
|
166
143
|
#
|
|
167
144
|
# @yield [config] Configure the BinauthzManagementService client.
|
|
168
145
|
# @yieldparam config [Client::Configuration]
|
|
@@ -182,14 +159,13 @@ module Google
|
|
|
182
159
|
|
|
183
160
|
# Create credentials
|
|
184
161
|
credentials = @config.credentials
|
|
185
|
-
# Use self-signed JWT if the
|
|
162
|
+
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
186
163
|
# but only if the default endpoint does not have a region prefix.
|
|
187
|
-
enable_self_signed_jwt = @config.
|
|
188
|
-
@config.endpoint == Client.configure.endpoint &&
|
|
164
|
+
enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
|
|
189
165
|
!@config.endpoint.split(".").first.include?("-")
|
|
190
166
|
credentials ||= Credentials.default scope: @config.scope,
|
|
191
167
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
192
|
-
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
|
168
|
+
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
193
169
|
credentials = Credentials.new credentials, scope: @config.scope
|
|
194
170
|
end
|
|
195
171
|
@quota_project_id = @config.quota_project
|
|
@@ -207,13 +183,16 @@ module Google
|
|
|
207
183
|
# Service calls
|
|
208
184
|
|
|
209
185
|
##
|
|
210
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
211
|
-
#
|
|
186
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
187
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must
|
|
188
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
212
189
|
# image. There is at most one policy per project. All image admission
|
|
213
190
|
# requests are permitted if a project has no policy.
|
|
214
191
|
#
|
|
215
|
-
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
216
|
-
#
|
|
192
|
+
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
193
|
+
# project. Returns a default
|
|
194
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project
|
|
195
|
+
# does not have one.
|
|
217
196
|
#
|
|
218
197
|
# @overload get_policy(request, options = nil)
|
|
219
198
|
# Pass arguments to `get_policy` via a request object, either of type
|
|
@@ -231,8 +210,9 @@ module Google
|
|
|
231
210
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
232
211
|
#
|
|
233
212
|
# @param name [::String]
|
|
234
|
-
# Required. The resource name of the
|
|
235
|
-
#
|
|
213
|
+
# Required. The resource name of the
|
|
214
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
215
|
+
# the format `projects/*/policy`.
|
|
236
216
|
#
|
|
237
217
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
238
218
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -268,7 +248,9 @@ module Google
|
|
|
268
248
|
options.apply_defaults timeout: @config.rpcs.get_policy.timeout,
|
|
269
249
|
metadata: metadata,
|
|
270
250
|
retry_policy: @config.rpcs.get_policy.retry_policy
|
|
271
|
-
|
|
251
|
+
|
|
252
|
+
options.apply_defaults timeout: @config.timeout,
|
|
253
|
+
metadata: @config.metadata,
|
|
272
254
|
retry_policy: @config.retry_policy
|
|
273
255
|
|
|
274
256
|
@binauthz_management_service_stub.call_rpc :get_policy, request, options: options do |response, operation|
|
|
@@ -280,11 +262,13 @@ module Google
|
|
|
280
262
|
end
|
|
281
263
|
|
|
282
264
|
##
|
|
283
|
-
# Creates or updates a project's
|
|
284
|
-
#
|
|
285
|
-
#
|
|
286
|
-
#
|
|
287
|
-
#
|
|
265
|
+
# Creates or updates a project's
|
|
266
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a
|
|
267
|
+
# copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}.
|
|
268
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
269
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
270
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
271
|
+
# malformed.
|
|
288
272
|
#
|
|
289
273
|
# @overload update_policy(request, options = nil)
|
|
290
274
|
# Pass arguments to `update_policy` via a request object, either of type
|
|
@@ -302,9 +286,11 @@ module Google
|
|
|
302
286
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
303
287
|
#
|
|
304
288
|
# @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash]
|
|
305
|
-
# Required. A new or updated
|
|
306
|
-
#
|
|
307
|
-
#
|
|
289
|
+
# Required. A new or updated
|
|
290
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
291
|
+
# service will overwrite the [policy
|
|
292
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
293
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
308
294
|
#
|
|
309
295
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
310
296
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -340,7 +326,9 @@ module Google
|
|
|
340
326
|
options.apply_defaults timeout: @config.rpcs.update_policy.timeout,
|
|
341
327
|
metadata: metadata,
|
|
342
328
|
retry_policy: @config.rpcs.update_policy.retry_policy
|
|
343
|
-
|
|
329
|
+
|
|
330
|
+
options.apply_defaults timeout: @config.timeout,
|
|
331
|
+
metadata: @config.metadata,
|
|
344
332
|
retry_policy: @config.retry_policy
|
|
345
333
|
|
|
346
334
|
@binauthz_management_service_stub.call_rpc :update_policy, request, options: options do |response, operation|
|
|
@@ -352,10 +340,13 @@ module Google
|
|
|
352
340
|
end
|
|
353
341
|
|
|
354
342
|
##
|
|
355
|
-
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
356
|
-
#
|
|
357
|
-
#
|
|
358
|
-
#
|
|
343
|
+
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
344
|
+
# and returns a copy of the new
|
|
345
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns
|
|
346
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
347
|
+
# malformed, ALREADY_EXISTS if the
|
|
348
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already
|
|
349
|
+
# exists.
|
|
359
350
|
#
|
|
360
351
|
# @overload create_attestor(request, options = nil)
|
|
361
352
|
# Pass arguments to `create_attestor` via a request object, either of type
|
|
@@ -373,13 +364,17 @@ module Google
|
|
|
373
364
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
374
365
|
#
|
|
375
366
|
# @param parent [::String]
|
|
376
|
-
# Required. The parent of this
|
|
367
|
+
# Required. The parent of this
|
|
368
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
377
369
|
# @param attestor_id [::String]
|
|
378
|
-
# Required. The
|
|
370
|
+
# Required. The
|
|
371
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
379
372
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
380
|
-
# Required. The initial
|
|
381
|
-
#
|
|
382
|
-
#
|
|
373
|
+
# Required. The initial
|
|
374
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
375
|
+
# service will overwrite the [attestor
|
|
376
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
377
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
383
378
|
#
|
|
384
379
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
385
380
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -415,7 +410,9 @@ module Google
|
|
|
415
410
|
options.apply_defaults timeout: @config.rpcs.create_attestor.timeout,
|
|
416
411
|
metadata: metadata,
|
|
417
412
|
retry_policy: @config.rpcs.create_attestor.retry_policy
|
|
418
|
-
|
|
413
|
+
|
|
414
|
+
options.apply_defaults timeout: @config.timeout,
|
|
415
|
+
metadata: @config.metadata,
|
|
419
416
|
retry_policy: @config.retry_policy
|
|
420
417
|
|
|
421
418
|
@binauthz_management_service_stub.call_rpc :create_attestor, request, options: options do |response, operation|
|
|
@@ -428,7 +425,9 @@ module Google
|
|
|
428
425
|
|
|
429
426
|
##
|
|
430
427
|
# Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
431
|
-
# Returns NOT_FOUND if the
|
|
428
|
+
# Returns NOT_FOUND if the
|
|
429
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
430
|
+
# exist.
|
|
432
431
|
#
|
|
433
432
|
# @overload get_attestor(request, options = nil)
|
|
434
433
|
# Pass arguments to `get_attestor` via a request object, either of type
|
|
@@ -446,8 +445,9 @@ module Google
|
|
|
446
445
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
447
446
|
#
|
|
448
447
|
# @param name [::String]
|
|
449
|
-
# Required. The name of the
|
|
450
|
-
#
|
|
448
|
+
# Required. The name of the
|
|
449
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
450
|
+
# in the format `projects/*/attestors/*`.
|
|
451
451
|
#
|
|
452
452
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
453
453
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -483,7 +483,9 @@ module Google
|
|
|
483
483
|
options.apply_defaults timeout: @config.rpcs.get_attestor.timeout,
|
|
484
484
|
metadata: metadata,
|
|
485
485
|
retry_policy: @config.rpcs.get_attestor.retry_policy
|
|
486
|
-
|
|
486
|
+
|
|
487
|
+
options.apply_defaults timeout: @config.timeout,
|
|
488
|
+
metadata: @config.metadata,
|
|
487
489
|
retry_policy: @config.retry_policy
|
|
488
490
|
|
|
489
491
|
@binauthz_management_service_stub.call_rpc :get_attestor, request, options: options do |response, operation|
|
|
@@ -496,7 +498,9 @@ module Google
|
|
|
496
498
|
|
|
497
499
|
##
|
|
498
500
|
# Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
499
|
-
# Returns NOT_FOUND if the
|
|
501
|
+
# Returns NOT_FOUND if the
|
|
502
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
503
|
+
# exist.
|
|
500
504
|
#
|
|
501
505
|
# @overload update_attestor(request, options = nil)
|
|
502
506
|
# Pass arguments to `update_attestor` via a request object, either of type
|
|
@@ -514,9 +518,12 @@ module Google
|
|
|
514
518
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
515
519
|
#
|
|
516
520
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
517
|
-
# Required. The updated
|
|
518
|
-
#
|
|
519
|
-
#
|
|
521
|
+
# Required. The updated
|
|
522
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
523
|
+
# service will overwrite the [attestor
|
|
524
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
525
|
+
# the resource name in the request URL, in the format
|
|
526
|
+
# `projects/*/attestors/*`.
|
|
520
527
|
#
|
|
521
528
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
522
529
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -552,7 +559,9 @@ module Google
|
|
|
552
559
|
options.apply_defaults timeout: @config.rpcs.update_attestor.timeout,
|
|
553
560
|
metadata: metadata,
|
|
554
561
|
retry_policy: @config.rpcs.update_attestor.retry_policy
|
|
555
|
-
|
|
562
|
+
|
|
563
|
+
options.apply_defaults timeout: @config.timeout,
|
|
564
|
+
metadata: @config.metadata,
|
|
556
565
|
retry_policy: @config.retry_policy
|
|
557
566
|
|
|
558
567
|
@binauthz_management_service_stub.call_rpc :update_attestor, request, options: options do |response, operation|
|
|
@@ -584,14 +593,16 @@ module Google
|
|
|
584
593
|
#
|
|
585
594
|
# @param parent [::String]
|
|
586
595
|
# Required. The resource name of the project associated with the
|
|
587
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
596
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
597
|
+
# format `projects/*`.
|
|
588
598
|
# @param page_size [::Integer]
|
|
589
599
|
# Requested page size. The server may return fewer results than requested. If
|
|
590
600
|
# unspecified, the server will pick an appropriate default.
|
|
591
601
|
# @param page_token [::String]
|
|
592
602
|
# A token identifying a page of results the server should return. Typically,
|
|
593
|
-
# this is the value of
|
|
594
|
-
#
|
|
603
|
+
# this is the value of
|
|
604
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
605
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
595
606
|
#
|
|
596
607
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
597
608
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>]
|
|
@@ -627,7 +638,9 @@ module Google
|
|
|
627
638
|
options.apply_defaults timeout: @config.rpcs.list_attestors.timeout,
|
|
628
639
|
metadata: metadata,
|
|
629
640
|
retry_policy: @config.rpcs.list_attestors.retry_policy
|
|
630
|
-
|
|
641
|
+
|
|
642
|
+
options.apply_defaults timeout: @config.timeout,
|
|
643
|
+
metadata: @config.metadata,
|
|
631
644
|
retry_policy: @config.retry_policy
|
|
632
645
|
|
|
633
646
|
@binauthz_management_service_stub.call_rpc :list_attestors, request, options: options do |response, operation|
|
|
@@ -640,8 +653,10 @@ module Google
|
|
|
640
653
|
end
|
|
641
654
|
|
|
642
655
|
##
|
|
643
|
-
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
644
|
-
#
|
|
656
|
+
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
657
|
+
# Returns NOT_FOUND if the
|
|
658
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
659
|
+
# exist.
|
|
645
660
|
#
|
|
646
661
|
# @overload delete_attestor(request, options = nil)
|
|
647
662
|
# Pass arguments to `delete_attestor` via a request object, either of type
|
|
@@ -659,8 +674,9 @@ module Google
|
|
|
659
674
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
660
675
|
#
|
|
661
676
|
# @param name [::String]
|
|
662
|
-
# Required. The name of the
|
|
663
|
-
#
|
|
677
|
+
# Required. The name of the
|
|
678
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
679
|
+
# in the format `projects/*/attestors/*`.
|
|
664
680
|
#
|
|
665
681
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
666
682
|
# @yieldparam response [::Google::Protobuf::Empty]
|
|
@@ -696,7 +712,9 @@ module Google
|
|
|
696
712
|
options.apply_defaults timeout: @config.rpcs.delete_attestor.timeout,
|
|
697
713
|
metadata: metadata,
|
|
698
714
|
retry_policy: @config.rpcs.delete_attestor.retry_policy
|
|
699
|
-
|
|
715
|
+
|
|
716
|
+
options.apply_defaults timeout: @config.timeout,
|
|
717
|
+
metadata: @config.metadata,
|
|
700
718
|
retry_policy: @config.retry_policy
|
|
701
719
|
|
|
702
720
|
@binauthz_management_service_stub.call_rpc :delete_attestor, request, options: options do |response, operation|
|
|
@@ -720,22 +738,21 @@ module Google
|
|
|
720
738
|
# Configuration can be applied globally to all clients, or to a single client
|
|
721
739
|
# on construction.
|
|
722
740
|
#
|
|
723
|
-
#
|
|
724
|
-
#
|
|
725
|
-
#
|
|
726
|
-
# to 20 seconds,
|
|
727
|
-
#
|
|
728
|
-
#
|
|
729
|
-
#
|
|
730
|
-
#
|
|
731
|
-
#
|
|
732
|
-
#
|
|
733
|
-
#
|
|
734
|
-
#
|
|
735
|
-
#
|
|
736
|
-
#
|
|
737
|
-
#
|
|
738
|
-
# end
|
|
741
|
+
# @example
|
|
742
|
+
#
|
|
743
|
+
# # Modify the global config, setting the timeout for
|
|
744
|
+
# # get_policy to 20 seconds,
|
|
745
|
+
# # and all remaining timeouts to 10 seconds.
|
|
746
|
+
# ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.configure do |config|
|
|
747
|
+
# config.timeout = 10.0
|
|
748
|
+
# config.rpcs.get_policy.timeout = 20.0
|
|
749
|
+
# end
|
|
750
|
+
#
|
|
751
|
+
# # Apply the above configuration only to a new client.
|
|
752
|
+
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new do |config|
|
|
753
|
+
# config.timeout = 10.0
|
|
754
|
+
# config.rpcs.get_policy.timeout = 20.0
|
|
755
|
+
# end
|
|
739
756
|
#
|
|
740
757
|
# @!attribute [rw] endpoint
|
|
741
758
|
# The hostname or hostname:port of the service endpoint.
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
|
|
3
|
+
|
|
4
|
+
require 'google/protobuf'
|
|
5
|
+
|
|
6
|
+
require 'google/protobuf/timestamp_pb'
|
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
8
|
+
add_file("google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto", :syntax => :proto3) do
|
|
9
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent" do
|
|
10
|
+
oneof :event_type do
|
|
11
|
+
optional :pod_event, :message, 1, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent"
|
|
12
|
+
optional :unsupported_policy_event, :message, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent"
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent" do
|
|
16
|
+
optional :pod, :string, 1
|
|
17
|
+
optional :deploy_time, :message, 2, "google.protobuf.Timestamp"
|
|
18
|
+
optional :end_time, :message, 3, "google.protobuf.Timestamp"
|
|
19
|
+
optional :verdict, :enum, 4, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict"
|
|
20
|
+
repeated :images, :message, 5, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails"
|
|
21
|
+
end
|
|
22
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails" do
|
|
23
|
+
optional :image, :string, 1
|
|
24
|
+
optional :result, :enum, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult"
|
|
25
|
+
optional :description, :string, 3
|
|
26
|
+
end
|
|
27
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult" do
|
|
28
|
+
value :AUDIT_RESULT_UNSPECIFIED, 0
|
|
29
|
+
value :ALLOW, 1
|
|
30
|
+
value :DENY, 2
|
|
31
|
+
end
|
|
32
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict" do
|
|
33
|
+
value :POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, 0
|
|
34
|
+
value :VIOLATES_POLICY, 1
|
|
35
|
+
end
|
|
36
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent" do
|
|
37
|
+
optional :description, :string, 1
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
module Google
|
|
43
|
+
module Cloud
|
|
44
|
+
module BinaryAuthorization
|
|
45
|
+
module V1beta1
|
|
46
|
+
ContinuousValidationEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent").msgclass
|
|
47
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent").msgclass
|
|
48
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails").msgclass
|
|
49
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult").enummodule
|
|
50
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict").enummodule
|
|
51
|
+
ContinuousValidationEvent::UnsupportedPolicyEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent").msgclass
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -42,36 +42,50 @@ module Google
|
|
|
42
42
|
self.unmarshal_class_method = :decode
|
|
43
43
|
self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
|
|
44
44
|
|
|
45
|
-
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
-
#
|
|
45
|
+
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
+
# [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
|
|
47
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
47
48
|
# image. There is at most one policy per project. All image admission
|
|
48
49
|
# requests are permitted if a project has no policy.
|
|
49
50
|
#
|
|
50
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
51
|
-
#
|
|
51
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
52
|
+
# project. Returns a default
|
|
53
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
|
|
54
|
+
# does not have one.
|
|
52
55
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
53
|
-
# Creates or updates a project's
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
#
|
|
57
|
-
#
|
|
56
|
+
# Creates or updates a project's
|
|
57
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
|
|
58
|
+
# copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
|
|
59
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
60
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
61
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
62
|
+
# malformed.
|
|
58
63
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
59
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
60
|
-
#
|
|
61
|
-
#
|
|
62
|
-
#
|
|
64
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
65
|
+
# and returns a copy of the new
|
|
66
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
|
|
67
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
68
|
+
# malformed, ALREADY_EXISTS if the
|
|
69
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
|
|
70
|
+
# exists.
|
|
63
71
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
64
72
|
# Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
65
|
-
# Returns NOT_FOUND if the
|
|
73
|
+
# Returns NOT_FOUND if the
|
|
74
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
75
|
+
# exist.
|
|
66
76
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
67
77
|
# Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
68
|
-
# Returns NOT_FOUND if the
|
|
78
|
+
# Returns NOT_FOUND if the
|
|
79
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
80
|
+
# exist.
|
|
69
81
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
70
82
|
# Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
71
83
|
# Returns INVALID_ARGUMENT if the project does not exist.
|
|
72
84
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
|
|
73
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
74
|
-
#
|
|
85
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
86
|
+
# Returns NOT_FOUND if the
|
|
87
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
88
|
+
# exist.
|
|
75
89
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
|
76
90
|
end
|
|
77
91
|
|
|
@@ -57,9 +57,15 @@ module Google
|
|
|
57
57
|
|
|
58
58
|
# Denotes that a (repeated) field is an unordered list.
|
|
59
59
|
# This indicates that the service may provide the elements of the list
|
|
60
|
-
# in any arbitrary
|
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
|
61
61
|
# provided. Additionally, the list's order may or may not be stable.
|
|
62
62
|
UNORDERED_LIST = 6
|
|
63
|
+
|
|
64
|
+
# Denotes that this field returns a non-empty default value if not set.
|
|
65
|
+
# This indicates that if the user provides the empty value in a request,
|
|
66
|
+
# a non-empty value will be returned. The user will not be aware of what
|
|
67
|
+
# non-empty value to expect.
|
|
68
|
+
NON_EMPTY_DEFAULT = 7
|
|
63
69
|
end
|
|
64
70
|
end
|
|
65
71
|
end
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# Copyright 2021 Google LLC
|
|
4
|
+
#
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
#
|
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
#
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
module Google
|
|
21
|
+
module Cloud
|
|
22
|
+
module BinaryAuthorization
|
|
23
|
+
module V1beta1
|
|
24
|
+
# Represents an auditing event from Continuous Validation.
|
|
25
|
+
# @!attribute [rw] pod_event
|
|
26
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent]
|
|
27
|
+
# Pod event.
|
|
28
|
+
# @!attribute [rw] unsupported_policy_event
|
|
29
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::UnsupportedPolicyEvent]
|
|
30
|
+
# Unsupported policy event.
|
|
31
|
+
class ContinuousValidationEvent
|
|
32
|
+
include ::Google::Protobuf::MessageExts
|
|
33
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
34
|
+
|
|
35
|
+
# An auditing event for one Pod.
|
|
36
|
+
# @!attribute [rw] pod
|
|
37
|
+
# @return [::String]
|
|
38
|
+
# The name of the Pod.
|
|
39
|
+
# @!attribute [rw] deploy_time
|
|
40
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
41
|
+
# Deploy time of the Pod from k8s.
|
|
42
|
+
# @!attribute [rw] end_time
|
|
43
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
44
|
+
# Termination time of the Pod from k8s, or nothing if still running.
|
|
45
|
+
# @!attribute [rw] verdict
|
|
46
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict]
|
|
47
|
+
# Auditing verdict for this Pod.
|
|
48
|
+
# @!attribute [rw] images
|
|
49
|
+
# @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails>]
|
|
50
|
+
# List of images with auditing details.
|
|
51
|
+
class ContinuousValidationPodEvent
|
|
52
|
+
include ::Google::Protobuf::MessageExts
|
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
54
|
+
|
|
55
|
+
# Container image with auditing details.
|
|
56
|
+
# @!attribute [rw] image
|
|
57
|
+
# @return [::String]
|
|
58
|
+
# The name of the image.
|
|
59
|
+
# @!attribute [rw] result
|
|
60
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult]
|
|
61
|
+
# The result of the audit for this image.
|
|
62
|
+
# @!attribute [rw] description
|
|
63
|
+
# @return [::String]
|
|
64
|
+
# Description of the above result.
|
|
65
|
+
class ImageDetails
|
|
66
|
+
include ::Google::Protobuf::MessageExts
|
|
67
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
68
|
+
|
|
69
|
+
# Result of the audit.
|
|
70
|
+
module AuditResult
|
|
71
|
+
# Unspecified result. This is an error.
|
|
72
|
+
AUDIT_RESULT_UNSPECIFIED = 0
|
|
73
|
+
|
|
74
|
+
# Image is allowed.
|
|
75
|
+
ALLOW = 1
|
|
76
|
+
|
|
77
|
+
# Image is denied.
|
|
78
|
+
DENY = 2
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
# Audit time policy conformance verdict.
|
|
83
|
+
module PolicyConformanceVerdict
|
|
84
|
+
# We should always have a verdict. This is an error.
|
|
85
|
+
POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0
|
|
86
|
+
|
|
87
|
+
# The pod violates the policy.
|
|
88
|
+
VIOLATES_POLICY = 1
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# An event describing that the project policy is unsupported by CV.
|
|
93
|
+
# @!attribute [rw] description
|
|
94
|
+
# @return [::String]
|
|
95
|
+
# A description of the unsupported policy.
|
|
96
|
+
class UnsupportedPolicyEvent
|
|
97
|
+
include ::Google::Protobuf::MessageExts
|
|
98
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
end
|
|
@@ -74,10 +74,10 @@ module Google
|
|
|
74
74
|
# Not specified: DISABLE is assumed.
|
|
75
75
|
GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
|
|
76
76
|
|
|
77
|
-
# Enables
|
|
77
|
+
# Enables system policy evaluation.
|
|
78
78
|
ENABLE = 1
|
|
79
79
|
|
|
80
|
-
# Disables
|
|
80
|
+
# Disables system policy evaluation.
|
|
81
81
|
DISABLE = 2
|
|
82
82
|
end
|
|
83
83
|
end
|
|
@@ -24,8 +24,9 @@ module Google
|
|
|
24
24
|
# Request message for [BinauthzManagementService.GetPolicy][].
|
|
25
25
|
# @!attribute [rw] name
|
|
26
26
|
# @return [::String]
|
|
27
|
-
# Required. The resource name of the
|
|
28
|
-
#
|
|
27
|
+
# Required. The resource name of the
|
|
28
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
29
|
+
# the format `projects/*/policy`.
|
|
29
30
|
class GetPolicyRequest
|
|
30
31
|
include ::Google::Protobuf::MessageExts
|
|
31
32
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -34,9 +35,11 @@ module Google
|
|
|
34
35
|
# Request message for [BinauthzManagementService.UpdatePolicy][].
|
|
35
36
|
# @!attribute [rw] policy
|
|
36
37
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
37
|
-
# Required. A new or updated
|
|
38
|
-
#
|
|
39
|
-
#
|
|
38
|
+
# Required. A new or updated
|
|
39
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
40
|
+
# service will overwrite the [policy
|
|
41
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
42
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
40
43
|
class UpdatePolicyRequest
|
|
41
44
|
include ::Google::Protobuf::MessageExts
|
|
42
45
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -45,15 +48,19 @@ module Google
|
|
|
45
48
|
# Request message for [BinauthzManagementService.CreateAttestor][].
|
|
46
49
|
# @!attribute [rw] parent
|
|
47
50
|
# @return [::String]
|
|
48
|
-
# Required. The parent of this
|
|
51
|
+
# Required. The parent of this
|
|
52
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
49
53
|
# @!attribute [rw] attestor_id
|
|
50
54
|
# @return [::String]
|
|
51
|
-
# Required. The
|
|
55
|
+
# Required. The
|
|
56
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
52
57
|
# @!attribute [rw] attestor
|
|
53
58
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
54
|
-
# Required. The initial
|
|
55
|
-
#
|
|
56
|
-
#
|
|
59
|
+
# Required. The initial
|
|
60
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
61
|
+
# service will overwrite the [attestor
|
|
62
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
63
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
57
64
|
class CreateAttestorRequest
|
|
58
65
|
include ::Google::Protobuf::MessageExts
|
|
59
66
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -62,8 +69,9 @@ module Google
|
|
|
62
69
|
# Request message for [BinauthzManagementService.GetAttestor][].
|
|
63
70
|
# @!attribute [rw] name
|
|
64
71
|
# @return [::String]
|
|
65
|
-
# Required. The name of the
|
|
66
|
-
#
|
|
72
|
+
# Required. The name of the
|
|
73
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
74
|
+
# in the format `projects/*/attestors/*`.
|
|
67
75
|
class GetAttestorRequest
|
|
68
76
|
include ::Google::Protobuf::MessageExts
|
|
69
77
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -72,9 +80,12 @@ module Google
|
|
|
72
80
|
# Request message for [BinauthzManagementService.UpdateAttestor][].
|
|
73
81
|
# @!attribute [rw] attestor
|
|
74
82
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
75
|
-
# Required. The updated
|
|
76
|
-
#
|
|
77
|
-
#
|
|
83
|
+
# Required. The updated
|
|
84
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
85
|
+
# service will overwrite the [attestor
|
|
86
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
87
|
+
# the resource name in the request URL, in the format
|
|
88
|
+
# `projects/*/attestors/*`.
|
|
78
89
|
class UpdateAttestorRequest
|
|
79
90
|
include ::Google::Protobuf::MessageExts
|
|
80
91
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -84,7 +95,8 @@ module Google
|
|
|
84
95
|
# @!attribute [rw] parent
|
|
85
96
|
# @return [::String]
|
|
86
97
|
# Required. The resource name of the project associated with the
|
|
87
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
98
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
99
|
+
# format `projects/*`.
|
|
88
100
|
# @!attribute [rw] page_size
|
|
89
101
|
# @return [::Integer]
|
|
90
102
|
# Requested page size. The server may return fewer results than requested. If
|
|
@@ -92,8 +104,9 @@ module Google
|
|
|
92
104
|
# @!attribute [rw] page_token
|
|
93
105
|
# @return [::String]
|
|
94
106
|
# A token identifying a page of results the server should return. Typically,
|
|
95
|
-
# this is the value of
|
|
96
|
-
#
|
|
107
|
+
# this is the value of
|
|
108
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
109
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
97
110
|
class ListAttestorsRequest
|
|
98
111
|
include ::Google::Protobuf::MessageExts
|
|
99
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -106,8 +119,9 @@ module Google
|
|
|
106
119
|
# @!attribute [rw] next_page_token
|
|
107
120
|
# @return [::String]
|
|
108
121
|
# A token to retrieve the next page of results. Pass this value in the
|
|
109
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
110
|
-
# `ListAttestors` method to retrieve the
|
|
122
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
123
|
+
# field in the subsequent call to the `ListAttestors` method to retrieve the
|
|
124
|
+
# next page of results.
|
|
111
125
|
class ListAttestorsResponse
|
|
112
126
|
include ::Google::Protobuf::MessageExts
|
|
113
127
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -116,8 +130,9 @@ module Google
|
|
|
116
130
|
# Request message for [BinauthzManagementService.DeleteAttestor][].
|
|
117
131
|
# @!attribute [rw] name
|
|
118
132
|
# @return [::String]
|
|
119
|
-
# Required. The name of the
|
|
120
|
-
#
|
|
133
|
+
# Required. The name of the
|
|
134
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
135
|
+
# in the format `projects/*/attestors/*`.
|
|
121
136
|
class DeleteAttestorRequest
|
|
122
137
|
include ::Google::Protobuf::MessageExts
|
|
123
138
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-binary_authorization-v1beta1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.7'
|
|
20
|
+
- - "<"
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
22
|
+
version: 2.a
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0.7'
|
|
30
|
+
- - "<"
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
32
|
+
version: 2.a
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: google-cloud-errors
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -172,12 +178,14 @@ files:
|
|
|
172
178
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/credentials.rb
|
|
173
179
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/paths.rb
|
|
174
180
|
- lib/google/cloud/binary_authorization/v1beta1/version.rb
|
|
181
|
+
- lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb
|
|
175
182
|
- lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb
|
|
176
183
|
- lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb
|
|
177
184
|
- lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb
|
|
178
185
|
- proto_docs/README.md
|
|
179
186
|
- proto_docs/google/api/field_behavior.rb
|
|
180
187
|
- proto_docs/google/api/resource.rb
|
|
188
|
+
- proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb
|
|
181
189
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb
|
|
182
190
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb
|
|
183
191
|
- proto_docs/google/protobuf/empty.rb
|
|
@@ -201,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
201
209
|
- !ruby/object:Gem::Version
|
|
202
210
|
version: '0'
|
|
203
211
|
requirements: []
|
|
204
|
-
rubygems_version: 3.2.
|
|
212
|
+
rubygems_version: 3.2.17
|
|
205
213
|
signing_key:
|
|
206
214
|
specification_version: 4
|
|
207
215
|
summary: API Client library for the Binary Authorization V1beta1 API
|