google-cloud-binary_authorization-v1beta1 0.3.0 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +8 -8
- data/README.md +1 -1
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +122 -105
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb +55 -0
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +31 -17
- data/proto_docs/google/api/field_behavior.rb +7 -1
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb +104 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +2 -2
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- metadata +15 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0b2409e68ea2a91e67465a81c38b4f7d8da7cc0880180287e2e3f50f62a030c6
|
|
4
|
+
data.tar.gz: 8c0093f6dda1fee6797b5a0d5e62475abbcaebfb4193b25aff7c81421a20a2db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 43b6ba3464e0b63b7ef496a35aee3406a00ea7aa9aa9d22037fae12434b51a8a4e218b7c6fef00f301109fd174ac3f0ae63e5f9239e0fdb9dbe03e5ae7206458
|
|
7
|
+
data.tar.gz: 9e0d97ec9a80a0818257f6dddc208b377bf44702795171027a6e98b511968f0b0c864aa1df74a31558ef8bd3c875b6f9777e82a197820ec05d64fa8fd1f09d18
|
data/AUTHENTICATION.md
CHANGED
|
@@ -66,11 +66,11 @@ The environment variables that google-cloud-binary_authorization-v1beta1
|
|
|
66
66
|
checks for credentials are configured on the service Credentials class (such as
|
|
67
67
|
{::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Credentials}):
|
|
68
68
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
69
|
+
* `BINARY_AUTHORIZATION_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
70
|
+
* `BINARY_AUTHORIZATION_KEYFILE` - Path to JSON file, or JSON contents
|
|
71
|
+
* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
72
|
+
* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
|
|
73
|
+
* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
|
|
74
74
|
|
|
75
75
|
```ruby
|
|
76
76
|
require "google/cloud/binary_authorization/v1beta1"
|
|
@@ -82,8 +82,8 @@ client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementServic
|
|
|
82
82
|
|
|
83
83
|
### Configuration
|
|
84
84
|
|
|
85
|
-
The **Credentials JSON** can be configured instead of
|
|
86
|
-
environment
|
|
85
|
+
The path to the **Credentials JSON** file can be configured instead of storing
|
|
86
|
+
it in an environment variable. Either on an individual client initialization:
|
|
87
87
|
|
|
88
88
|
```ruby
|
|
89
89
|
require "google/cloud/binary_authorization/v1beta1"
|
|
@@ -93,7 +93,7 @@ client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementServic
|
|
|
93
93
|
end
|
|
94
94
|
```
|
|
95
95
|
|
|
96
|
-
Or
|
|
96
|
+
Or globally for all clients:
|
|
97
97
|
|
|
98
98
|
```ruby
|
|
99
99
|
require "google/cloud/binary_authorization/v1beta1"
|
data/README.md
CHANGED
|
@@ -33,7 +33,7 @@ In order to use this library, you first need to go through the following steps:
|
|
|
33
33
|
require "google/cloud/binary_authorization/v1beta1"
|
|
34
34
|
|
|
35
35
|
client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new
|
|
36
|
-
request =
|
|
36
|
+
request = ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest.new # (request fields as keyword arguments...)
|
|
37
37
|
response = client.get_policy request
|
|
38
38
|
```
|
|
39
39
|
|
|
@@ -47,13 +47,12 @@ module Google
|
|
|
47
47
|
# See {::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client::Configuration}
|
|
48
48
|
# for a description of the configuration fields.
|
|
49
49
|
#
|
|
50
|
-
#
|
|
50
|
+
# @example
|
|
51
51
|
#
|
|
52
|
-
#
|
|
53
|
-
#
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
# end
|
|
52
|
+
# # Modify the configuration for all BinauthzManagementService clients
|
|
53
|
+
# ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.configure do |config|
|
|
54
|
+
# config.timeout = 10.0
|
|
55
|
+
# end
|
|
57
56
|
#
|
|
58
57
|
# @yield [config] Configure the Client client.
|
|
59
58
|
# @yieldparam config [Client::Configuration]
|
|
@@ -73,52 +72,34 @@ module Google
|
|
|
73
72
|
|
|
74
73
|
default_config.rpcs.get_policy.timeout = 600.0
|
|
75
74
|
default_config.rpcs.get_policy.retry_policy = {
|
|
76
|
-
initial_delay: 0.1,
|
|
77
|
-
max_delay: 60.0,
|
|
78
|
-
multiplier: 1.3,
|
|
79
|
-
retry_codes: [4, 14]
|
|
75
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
80
76
|
}
|
|
81
77
|
|
|
82
78
|
default_config.rpcs.update_policy.timeout = 600.0
|
|
83
79
|
default_config.rpcs.update_policy.retry_policy = {
|
|
84
|
-
initial_delay: 0.1,
|
|
85
|
-
max_delay: 60.0,
|
|
86
|
-
multiplier: 1.3,
|
|
87
|
-
retry_codes: [4, 14]
|
|
80
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
88
81
|
}
|
|
89
82
|
|
|
90
83
|
default_config.rpcs.create_attestor.timeout = 600.0
|
|
91
84
|
|
|
92
85
|
default_config.rpcs.get_attestor.timeout = 600.0
|
|
93
86
|
default_config.rpcs.get_attestor.retry_policy = {
|
|
94
|
-
initial_delay: 0.1,
|
|
95
|
-
max_delay: 60.0,
|
|
96
|
-
multiplier: 1.3,
|
|
97
|
-
retry_codes: [4, 14]
|
|
87
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
98
88
|
}
|
|
99
89
|
|
|
100
90
|
default_config.rpcs.update_attestor.timeout = 600.0
|
|
101
91
|
default_config.rpcs.update_attestor.retry_policy = {
|
|
102
|
-
initial_delay: 0.1,
|
|
103
|
-
max_delay: 60.0,
|
|
104
|
-
multiplier: 1.3,
|
|
105
|
-
retry_codes: [4, 14]
|
|
92
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
106
93
|
}
|
|
107
94
|
|
|
108
95
|
default_config.rpcs.list_attestors.timeout = 600.0
|
|
109
96
|
default_config.rpcs.list_attestors.retry_policy = {
|
|
110
|
-
initial_delay: 0.1,
|
|
111
|
-
max_delay: 60.0,
|
|
112
|
-
multiplier: 1.3,
|
|
113
|
-
retry_codes: [4, 14]
|
|
97
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
114
98
|
}
|
|
115
99
|
|
|
116
100
|
default_config.rpcs.delete_attestor.timeout = 600.0
|
|
117
101
|
default_config.rpcs.delete_attestor.retry_policy = {
|
|
118
|
-
initial_delay: 0.1,
|
|
119
|
-
max_delay: 60.0,
|
|
120
|
-
multiplier: 1.3,
|
|
121
|
-
retry_codes: [4, 14]
|
|
102
|
+
initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [4, 14]
|
|
122
103
|
}
|
|
123
104
|
|
|
124
105
|
default_config
|
|
@@ -150,19 +131,15 @@ module Google
|
|
|
150
131
|
##
|
|
151
132
|
# Create a new BinauthzManagementService client object.
|
|
152
133
|
#
|
|
153
|
-
#
|
|
154
|
-
#
|
|
155
|
-
# To create a new BinauthzManagementService client with the default
|
|
156
|
-
# configuration:
|
|
157
|
-
#
|
|
158
|
-
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new
|
|
134
|
+
# @example
|
|
159
135
|
#
|
|
160
|
-
#
|
|
161
|
-
#
|
|
136
|
+
# # Create a client using the default configuration
|
|
137
|
+
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new
|
|
162
138
|
#
|
|
163
|
-
#
|
|
164
|
-
#
|
|
165
|
-
#
|
|
139
|
+
# # Create a client using a custom configuration
|
|
140
|
+
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new do |config|
|
|
141
|
+
# config.timeout = 10.0
|
|
142
|
+
# end
|
|
166
143
|
#
|
|
167
144
|
# @yield [config] Configure the BinauthzManagementService client.
|
|
168
145
|
# @yieldparam config [Client::Configuration]
|
|
@@ -182,14 +159,13 @@ module Google
|
|
|
182
159
|
|
|
183
160
|
# Create credentials
|
|
184
161
|
credentials = @config.credentials
|
|
185
|
-
# Use self-signed JWT if the
|
|
162
|
+
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
186
163
|
# but only if the default endpoint does not have a region prefix.
|
|
187
|
-
enable_self_signed_jwt = @config.
|
|
188
|
-
@config.endpoint == Client.configure.endpoint &&
|
|
164
|
+
enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
|
|
189
165
|
!@config.endpoint.split(".").first.include?("-")
|
|
190
166
|
credentials ||= Credentials.default scope: @config.scope,
|
|
191
167
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
192
|
-
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
|
168
|
+
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
193
169
|
credentials = Credentials.new credentials, scope: @config.scope
|
|
194
170
|
end
|
|
195
171
|
@quota_project_id = @config.quota_project
|
|
@@ -207,13 +183,16 @@ module Google
|
|
|
207
183
|
# Service calls
|
|
208
184
|
|
|
209
185
|
##
|
|
210
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
211
|
-
#
|
|
186
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
187
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must
|
|
188
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
212
189
|
# image. There is at most one policy per project. All image admission
|
|
213
190
|
# requests are permitted if a project has no policy.
|
|
214
191
|
#
|
|
215
|
-
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
216
|
-
#
|
|
192
|
+
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
193
|
+
# project. Returns a default
|
|
194
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project
|
|
195
|
+
# does not have one.
|
|
217
196
|
#
|
|
218
197
|
# @overload get_policy(request, options = nil)
|
|
219
198
|
# Pass arguments to `get_policy` via a request object, either of type
|
|
@@ -231,8 +210,9 @@ module Google
|
|
|
231
210
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
232
211
|
#
|
|
233
212
|
# @param name [::String]
|
|
234
|
-
# Required. The resource name of the
|
|
235
|
-
#
|
|
213
|
+
# Required. The resource name of the
|
|
214
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
215
|
+
# the format `projects/*/policy`.
|
|
236
216
|
#
|
|
237
217
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
238
218
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -268,7 +248,9 @@ module Google
|
|
|
268
248
|
options.apply_defaults timeout: @config.rpcs.get_policy.timeout,
|
|
269
249
|
metadata: metadata,
|
|
270
250
|
retry_policy: @config.rpcs.get_policy.retry_policy
|
|
271
|
-
|
|
251
|
+
|
|
252
|
+
options.apply_defaults timeout: @config.timeout,
|
|
253
|
+
metadata: @config.metadata,
|
|
272
254
|
retry_policy: @config.retry_policy
|
|
273
255
|
|
|
274
256
|
@binauthz_management_service_stub.call_rpc :get_policy, request, options: options do |response, operation|
|
|
@@ -280,11 +262,13 @@ module Google
|
|
|
280
262
|
end
|
|
281
263
|
|
|
282
264
|
##
|
|
283
|
-
# Creates or updates a project's
|
|
284
|
-
#
|
|
285
|
-
#
|
|
286
|
-
#
|
|
287
|
-
#
|
|
265
|
+
# Creates or updates a project's
|
|
266
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a
|
|
267
|
+
# copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}.
|
|
268
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
269
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
270
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
271
|
+
# malformed.
|
|
288
272
|
#
|
|
289
273
|
# @overload update_policy(request, options = nil)
|
|
290
274
|
# Pass arguments to `update_policy` via a request object, either of type
|
|
@@ -302,9 +286,11 @@ module Google
|
|
|
302
286
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
303
287
|
#
|
|
304
288
|
# @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash]
|
|
305
|
-
# Required. A new or updated
|
|
306
|
-
#
|
|
307
|
-
#
|
|
289
|
+
# Required. A new or updated
|
|
290
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
291
|
+
# service will overwrite the [policy
|
|
292
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
293
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
308
294
|
#
|
|
309
295
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
310
296
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -340,7 +326,9 @@ module Google
|
|
|
340
326
|
options.apply_defaults timeout: @config.rpcs.update_policy.timeout,
|
|
341
327
|
metadata: metadata,
|
|
342
328
|
retry_policy: @config.rpcs.update_policy.retry_policy
|
|
343
|
-
|
|
329
|
+
|
|
330
|
+
options.apply_defaults timeout: @config.timeout,
|
|
331
|
+
metadata: @config.metadata,
|
|
344
332
|
retry_policy: @config.retry_policy
|
|
345
333
|
|
|
346
334
|
@binauthz_management_service_stub.call_rpc :update_policy, request, options: options do |response, operation|
|
|
@@ -352,10 +340,13 @@ module Google
|
|
|
352
340
|
end
|
|
353
341
|
|
|
354
342
|
##
|
|
355
|
-
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
356
|
-
#
|
|
357
|
-
#
|
|
358
|
-
#
|
|
343
|
+
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
344
|
+
# and returns a copy of the new
|
|
345
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns
|
|
346
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
347
|
+
# malformed, ALREADY_EXISTS if the
|
|
348
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already
|
|
349
|
+
# exists.
|
|
359
350
|
#
|
|
360
351
|
# @overload create_attestor(request, options = nil)
|
|
361
352
|
# Pass arguments to `create_attestor` via a request object, either of type
|
|
@@ -373,13 +364,17 @@ module Google
|
|
|
373
364
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
374
365
|
#
|
|
375
366
|
# @param parent [::String]
|
|
376
|
-
# Required. The parent of this
|
|
367
|
+
# Required. The parent of this
|
|
368
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
377
369
|
# @param attestor_id [::String]
|
|
378
|
-
# Required. The
|
|
370
|
+
# Required. The
|
|
371
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
379
372
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
380
|
-
# Required. The initial
|
|
381
|
-
#
|
|
382
|
-
#
|
|
373
|
+
# Required. The initial
|
|
374
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
375
|
+
# service will overwrite the [attestor
|
|
376
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
377
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
383
378
|
#
|
|
384
379
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
385
380
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -415,7 +410,9 @@ module Google
|
|
|
415
410
|
options.apply_defaults timeout: @config.rpcs.create_attestor.timeout,
|
|
416
411
|
metadata: metadata,
|
|
417
412
|
retry_policy: @config.rpcs.create_attestor.retry_policy
|
|
418
|
-
|
|
413
|
+
|
|
414
|
+
options.apply_defaults timeout: @config.timeout,
|
|
415
|
+
metadata: @config.metadata,
|
|
419
416
|
retry_policy: @config.retry_policy
|
|
420
417
|
|
|
421
418
|
@binauthz_management_service_stub.call_rpc :create_attestor, request, options: options do |response, operation|
|
|
@@ -428,7 +425,9 @@ module Google
|
|
|
428
425
|
|
|
429
426
|
##
|
|
430
427
|
# Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
431
|
-
# Returns NOT_FOUND if the
|
|
428
|
+
# Returns NOT_FOUND if the
|
|
429
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
430
|
+
# exist.
|
|
432
431
|
#
|
|
433
432
|
# @overload get_attestor(request, options = nil)
|
|
434
433
|
# Pass arguments to `get_attestor` via a request object, either of type
|
|
@@ -446,8 +445,9 @@ module Google
|
|
|
446
445
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
447
446
|
#
|
|
448
447
|
# @param name [::String]
|
|
449
|
-
# Required. The name of the
|
|
450
|
-
#
|
|
448
|
+
# Required. The name of the
|
|
449
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
450
|
+
# in the format `projects/*/attestors/*`.
|
|
451
451
|
#
|
|
452
452
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
453
453
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -483,7 +483,9 @@ module Google
|
|
|
483
483
|
options.apply_defaults timeout: @config.rpcs.get_attestor.timeout,
|
|
484
484
|
metadata: metadata,
|
|
485
485
|
retry_policy: @config.rpcs.get_attestor.retry_policy
|
|
486
|
-
|
|
486
|
+
|
|
487
|
+
options.apply_defaults timeout: @config.timeout,
|
|
488
|
+
metadata: @config.metadata,
|
|
487
489
|
retry_policy: @config.retry_policy
|
|
488
490
|
|
|
489
491
|
@binauthz_management_service_stub.call_rpc :get_attestor, request, options: options do |response, operation|
|
|
@@ -496,7 +498,9 @@ module Google
|
|
|
496
498
|
|
|
497
499
|
##
|
|
498
500
|
# Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
499
|
-
# Returns NOT_FOUND if the
|
|
501
|
+
# Returns NOT_FOUND if the
|
|
502
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
503
|
+
# exist.
|
|
500
504
|
#
|
|
501
505
|
# @overload update_attestor(request, options = nil)
|
|
502
506
|
# Pass arguments to `update_attestor` via a request object, either of type
|
|
@@ -514,9 +518,12 @@ module Google
|
|
|
514
518
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
515
519
|
#
|
|
516
520
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
517
|
-
# Required. The updated
|
|
518
|
-
#
|
|
519
|
-
#
|
|
521
|
+
# Required. The updated
|
|
522
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
523
|
+
# service will overwrite the [attestor
|
|
524
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
525
|
+
# the resource name in the request URL, in the format
|
|
526
|
+
# `projects/*/attestors/*`.
|
|
520
527
|
#
|
|
521
528
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
522
529
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -552,7 +559,9 @@ module Google
|
|
|
552
559
|
options.apply_defaults timeout: @config.rpcs.update_attestor.timeout,
|
|
553
560
|
metadata: metadata,
|
|
554
561
|
retry_policy: @config.rpcs.update_attestor.retry_policy
|
|
555
|
-
|
|
562
|
+
|
|
563
|
+
options.apply_defaults timeout: @config.timeout,
|
|
564
|
+
metadata: @config.metadata,
|
|
556
565
|
retry_policy: @config.retry_policy
|
|
557
566
|
|
|
558
567
|
@binauthz_management_service_stub.call_rpc :update_attestor, request, options: options do |response, operation|
|
|
@@ -584,14 +593,16 @@ module Google
|
|
|
584
593
|
#
|
|
585
594
|
# @param parent [::String]
|
|
586
595
|
# Required. The resource name of the project associated with the
|
|
587
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
596
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
597
|
+
# format `projects/*`.
|
|
588
598
|
# @param page_size [::Integer]
|
|
589
599
|
# Requested page size. The server may return fewer results than requested. If
|
|
590
600
|
# unspecified, the server will pick an appropriate default.
|
|
591
601
|
# @param page_token [::String]
|
|
592
602
|
# A token identifying a page of results the server should return. Typically,
|
|
593
|
-
# this is the value of
|
|
594
|
-
#
|
|
603
|
+
# this is the value of
|
|
604
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
605
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
595
606
|
#
|
|
596
607
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
597
608
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>]
|
|
@@ -627,7 +638,9 @@ module Google
|
|
|
627
638
|
options.apply_defaults timeout: @config.rpcs.list_attestors.timeout,
|
|
628
639
|
metadata: metadata,
|
|
629
640
|
retry_policy: @config.rpcs.list_attestors.retry_policy
|
|
630
|
-
|
|
641
|
+
|
|
642
|
+
options.apply_defaults timeout: @config.timeout,
|
|
643
|
+
metadata: @config.metadata,
|
|
631
644
|
retry_policy: @config.retry_policy
|
|
632
645
|
|
|
633
646
|
@binauthz_management_service_stub.call_rpc :list_attestors, request, options: options do |response, operation|
|
|
@@ -640,8 +653,10 @@ module Google
|
|
|
640
653
|
end
|
|
641
654
|
|
|
642
655
|
##
|
|
643
|
-
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
644
|
-
#
|
|
656
|
+
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
657
|
+
# Returns NOT_FOUND if the
|
|
658
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
659
|
+
# exist.
|
|
645
660
|
#
|
|
646
661
|
# @overload delete_attestor(request, options = nil)
|
|
647
662
|
# Pass arguments to `delete_attestor` via a request object, either of type
|
|
@@ -659,8 +674,9 @@ module Google
|
|
|
659
674
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
660
675
|
#
|
|
661
676
|
# @param name [::String]
|
|
662
|
-
# Required. The name of the
|
|
663
|
-
#
|
|
677
|
+
# Required. The name of the
|
|
678
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
679
|
+
# in the format `projects/*/attestors/*`.
|
|
664
680
|
#
|
|
665
681
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
666
682
|
# @yieldparam response [::Google::Protobuf::Empty]
|
|
@@ -696,7 +712,9 @@ module Google
|
|
|
696
712
|
options.apply_defaults timeout: @config.rpcs.delete_attestor.timeout,
|
|
697
713
|
metadata: metadata,
|
|
698
714
|
retry_policy: @config.rpcs.delete_attestor.retry_policy
|
|
699
|
-
|
|
715
|
+
|
|
716
|
+
options.apply_defaults timeout: @config.timeout,
|
|
717
|
+
metadata: @config.metadata,
|
|
700
718
|
retry_policy: @config.retry_policy
|
|
701
719
|
|
|
702
720
|
@binauthz_management_service_stub.call_rpc :delete_attestor, request, options: options do |response, operation|
|
|
@@ -720,22 +738,21 @@ module Google
|
|
|
720
738
|
# Configuration can be applied globally to all clients, or to a single client
|
|
721
739
|
# on construction.
|
|
722
740
|
#
|
|
723
|
-
#
|
|
724
|
-
#
|
|
725
|
-
#
|
|
726
|
-
# to 20 seconds,
|
|
727
|
-
#
|
|
728
|
-
#
|
|
729
|
-
#
|
|
730
|
-
#
|
|
731
|
-
#
|
|
732
|
-
#
|
|
733
|
-
#
|
|
734
|
-
#
|
|
735
|
-
#
|
|
736
|
-
#
|
|
737
|
-
#
|
|
738
|
-
# end
|
|
741
|
+
# @example
|
|
742
|
+
#
|
|
743
|
+
# # Modify the global config, setting the timeout for
|
|
744
|
+
# # get_policy to 20 seconds,
|
|
745
|
+
# # and all remaining timeouts to 10 seconds.
|
|
746
|
+
# ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.configure do |config|
|
|
747
|
+
# config.timeout = 10.0
|
|
748
|
+
# config.rpcs.get_policy.timeout = 20.0
|
|
749
|
+
# end
|
|
750
|
+
#
|
|
751
|
+
# # Apply the above configuration only to a new client.
|
|
752
|
+
# client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Client.new do |config|
|
|
753
|
+
# config.timeout = 10.0
|
|
754
|
+
# config.rpcs.get_policy.timeout = 20.0
|
|
755
|
+
# end
|
|
739
756
|
#
|
|
740
757
|
# @!attribute [rw] endpoint
|
|
741
758
|
# The hostname or hostname:port of the service endpoint.
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
|
|
3
|
+
|
|
4
|
+
require 'google/protobuf'
|
|
5
|
+
|
|
6
|
+
require 'google/protobuf/timestamp_pb'
|
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
8
|
+
add_file("google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto", :syntax => :proto3) do
|
|
9
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent" do
|
|
10
|
+
oneof :event_type do
|
|
11
|
+
optional :pod_event, :message, 1, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent"
|
|
12
|
+
optional :unsupported_policy_event, :message, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent"
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent" do
|
|
16
|
+
optional :pod, :string, 1
|
|
17
|
+
optional :deploy_time, :message, 2, "google.protobuf.Timestamp"
|
|
18
|
+
optional :end_time, :message, 3, "google.protobuf.Timestamp"
|
|
19
|
+
optional :verdict, :enum, 4, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict"
|
|
20
|
+
repeated :images, :message, 5, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails"
|
|
21
|
+
end
|
|
22
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails" do
|
|
23
|
+
optional :image, :string, 1
|
|
24
|
+
optional :result, :enum, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult"
|
|
25
|
+
optional :description, :string, 3
|
|
26
|
+
end
|
|
27
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult" do
|
|
28
|
+
value :AUDIT_RESULT_UNSPECIFIED, 0
|
|
29
|
+
value :ALLOW, 1
|
|
30
|
+
value :DENY, 2
|
|
31
|
+
end
|
|
32
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict" do
|
|
33
|
+
value :POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, 0
|
|
34
|
+
value :VIOLATES_POLICY, 1
|
|
35
|
+
end
|
|
36
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent" do
|
|
37
|
+
optional :description, :string, 1
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
module Google
|
|
43
|
+
module Cloud
|
|
44
|
+
module BinaryAuthorization
|
|
45
|
+
module V1beta1
|
|
46
|
+
ContinuousValidationEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent").msgclass
|
|
47
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent").msgclass
|
|
48
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails").msgclass
|
|
49
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult").enummodule
|
|
50
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict").enummodule
|
|
51
|
+
ContinuousValidationEvent::UnsupportedPolicyEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent").msgclass
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -42,36 +42,50 @@ module Google
|
|
|
42
42
|
self.unmarshal_class_method = :decode
|
|
43
43
|
self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
|
|
44
44
|
|
|
45
|
-
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
-
#
|
|
45
|
+
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
+
# [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
|
|
47
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
47
48
|
# image. There is at most one policy per project. All image admission
|
|
48
49
|
# requests are permitted if a project has no policy.
|
|
49
50
|
#
|
|
50
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
51
|
-
#
|
|
51
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
52
|
+
# project. Returns a default
|
|
53
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
|
|
54
|
+
# does not have one.
|
|
52
55
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
53
|
-
# Creates or updates a project's
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
#
|
|
57
|
-
#
|
|
56
|
+
# Creates or updates a project's
|
|
57
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
|
|
58
|
+
# copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
|
|
59
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
60
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
61
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
62
|
+
# malformed.
|
|
58
63
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
59
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
60
|
-
#
|
|
61
|
-
#
|
|
62
|
-
#
|
|
64
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
65
|
+
# and returns a copy of the new
|
|
66
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
|
|
67
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
68
|
+
# malformed, ALREADY_EXISTS if the
|
|
69
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
|
|
70
|
+
# exists.
|
|
63
71
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
64
72
|
# Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
65
|
-
# Returns NOT_FOUND if the
|
|
73
|
+
# Returns NOT_FOUND if the
|
|
74
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
75
|
+
# exist.
|
|
66
76
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
67
77
|
# Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
68
|
-
# Returns NOT_FOUND if the
|
|
78
|
+
# Returns NOT_FOUND if the
|
|
79
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
80
|
+
# exist.
|
|
69
81
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
70
82
|
# Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
71
83
|
# Returns INVALID_ARGUMENT if the project does not exist.
|
|
72
84
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
|
|
73
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
74
|
-
#
|
|
85
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
86
|
+
# Returns NOT_FOUND if the
|
|
87
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
88
|
+
# exist.
|
|
75
89
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
|
76
90
|
end
|
|
77
91
|
|
|
@@ -57,9 +57,15 @@ module Google
|
|
|
57
57
|
|
|
58
58
|
# Denotes that a (repeated) field is an unordered list.
|
|
59
59
|
# This indicates that the service may provide the elements of the list
|
|
60
|
-
# in any arbitrary
|
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
|
61
61
|
# provided. Additionally, the list's order may or may not be stable.
|
|
62
62
|
UNORDERED_LIST = 6
|
|
63
|
+
|
|
64
|
+
# Denotes that this field returns a non-empty default value if not set.
|
|
65
|
+
# This indicates that if the user provides the empty value in a request,
|
|
66
|
+
# a non-empty value will be returned. The user will not be aware of what
|
|
67
|
+
# non-empty value to expect.
|
|
68
|
+
NON_EMPTY_DEFAULT = 7
|
|
63
69
|
end
|
|
64
70
|
end
|
|
65
71
|
end
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# Copyright 2021 Google LLC
|
|
4
|
+
#
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
#
|
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
#
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
module Google
|
|
21
|
+
module Cloud
|
|
22
|
+
module BinaryAuthorization
|
|
23
|
+
module V1beta1
|
|
24
|
+
# Represents an auditing event from Continuous Validation.
|
|
25
|
+
# @!attribute [rw] pod_event
|
|
26
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent]
|
|
27
|
+
# Pod event.
|
|
28
|
+
# @!attribute [rw] unsupported_policy_event
|
|
29
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::UnsupportedPolicyEvent]
|
|
30
|
+
# Unsupported policy event.
|
|
31
|
+
class ContinuousValidationEvent
|
|
32
|
+
include ::Google::Protobuf::MessageExts
|
|
33
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
34
|
+
|
|
35
|
+
# An auditing event for one Pod.
|
|
36
|
+
# @!attribute [rw] pod
|
|
37
|
+
# @return [::String]
|
|
38
|
+
# The name of the Pod.
|
|
39
|
+
# @!attribute [rw] deploy_time
|
|
40
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
41
|
+
# Deploy time of the Pod from k8s.
|
|
42
|
+
# @!attribute [rw] end_time
|
|
43
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
44
|
+
# Termination time of the Pod from k8s, or nothing if still running.
|
|
45
|
+
# @!attribute [rw] verdict
|
|
46
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict]
|
|
47
|
+
# Auditing verdict for this Pod.
|
|
48
|
+
# @!attribute [rw] images
|
|
49
|
+
# @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails>]
|
|
50
|
+
# List of images with auditing details.
|
|
51
|
+
class ContinuousValidationPodEvent
|
|
52
|
+
include ::Google::Protobuf::MessageExts
|
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
54
|
+
|
|
55
|
+
# Container image with auditing details.
|
|
56
|
+
# @!attribute [rw] image
|
|
57
|
+
# @return [::String]
|
|
58
|
+
# The name of the image.
|
|
59
|
+
# @!attribute [rw] result
|
|
60
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult]
|
|
61
|
+
# The result of the audit for this image.
|
|
62
|
+
# @!attribute [rw] description
|
|
63
|
+
# @return [::String]
|
|
64
|
+
# Description of the above result.
|
|
65
|
+
class ImageDetails
|
|
66
|
+
include ::Google::Protobuf::MessageExts
|
|
67
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
68
|
+
|
|
69
|
+
# Result of the audit.
|
|
70
|
+
module AuditResult
|
|
71
|
+
# Unspecified result. This is an error.
|
|
72
|
+
AUDIT_RESULT_UNSPECIFIED = 0
|
|
73
|
+
|
|
74
|
+
# Image is allowed.
|
|
75
|
+
ALLOW = 1
|
|
76
|
+
|
|
77
|
+
# Image is denied.
|
|
78
|
+
DENY = 2
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
# Audit time policy conformance verdict.
|
|
83
|
+
module PolicyConformanceVerdict
|
|
84
|
+
# We should always have a verdict. This is an error.
|
|
85
|
+
POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0
|
|
86
|
+
|
|
87
|
+
# The pod violates the policy.
|
|
88
|
+
VIOLATES_POLICY = 1
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# An event describing that the project policy is unsupported by CV.
|
|
93
|
+
# @!attribute [rw] description
|
|
94
|
+
# @return [::String]
|
|
95
|
+
# A description of the unsupported policy.
|
|
96
|
+
class UnsupportedPolicyEvent
|
|
97
|
+
include ::Google::Protobuf::MessageExts
|
|
98
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
end
|
|
@@ -74,10 +74,10 @@ module Google
|
|
|
74
74
|
# Not specified: DISABLE is assumed.
|
|
75
75
|
GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
|
|
76
76
|
|
|
77
|
-
# Enables
|
|
77
|
+
# Enables system policy evaluation.
|
|
78
78
|
ENABLE = 1
|
|
79
79
|
|
|
80
|
-
# Disables
|
|
80
|
+
# Disables system policy evaluation.
|
|
81
81
|
DISABLE = 2
|
|
82
82
|
end
|
|
83
83
|
end
|
|
@@ -24,8 +24,9 @@ module Google
|
|
|
24
24
|
# Request message for [BinauthzManagementService.GetPolicy][].
|
|
25
25
|
# @!attribute [rw] name
|
|
26
26
|
# @return [::String]
|
|
27
|
-
# Required. The resource name of the
|
|
28
|
-
#
|
|
27
|
+
# Required. The resource name of the
|
|
28
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
29
|
+
# the format `projects/*/policy`.
|
|
29
30
|
class GetPolicyRequest
|
|
30
31
|
include ::Google::Protobuf::MessageExts
|
|
31
32
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -34,9 +35,11 @@ module Google
|
|
|
34
35
|
# Request message for [BinauthzManagementService.UpdatePolicy][].
|
|
35
36
|
# @!attribute [rw] policy
|
|
36
37
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
37
|
-
# Required. A new or updated
|
|
38
|
-
#
|
|
39
|
-
#
|
|
38
|
+
# Required. A new or updated
|
|
39
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
40
|
+
# service will overwrite the [policy
|
|
41
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
42
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
40
43
|
class UpdatePolicyRequest
|
|
41
44
|
include ::Google::Protobuf::MessageExts
|
|
42
45
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -45,15 +48,19 @@ module Google
|
|
|
45
48
|
# Request message for [BinauthzManagementService.CreateAttestor][].
|
|
46
49
|
# @!attribute [rw] parent
|
|
47
50
|
# @return [::String]
|
|
48
|
-
# Required. The parent of this
|
|
51
|
+
# Required. The parent of this
|
|
52
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
49
53
|
# @!attribute [rw] attestor_id
|
|
50
54
|
# @return [::String]
|
|
51
|
-
# Required. The
|
|
55
|
+
# Required. The
|
|
56
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
52
57
|
# @!attribute [rw] attestor
|
|
53
58
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
54
|
-
# Required. The initial
|
|
55
|
-
#
|
|
56
|
-
#
|
|
59
|
+
# Required. The initial
|
|
60
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
61
|
+
# service will overwrite the [attestor
|
|
62
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
63
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
57
64
|
class CreateAttestorRequest
|
|
58
65
|
include ::Google::Protobuf::MessageExts
|
|
59
66
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -62,8 +69,9 @@ module Google
|
|
|
62
69
|
# Request message for [BinauthzManagementService.GetAttestor][].
|
|
63
70
|
# @!attribute [rw] name
|
|
64
71
|
# @return [::String]
|
|
65
|
-
# Required. The name of the
|
|
66
|
-
#
|
|
72
|
+
# Required. The name of the
|
|
73
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
74
|
+
# in the format `projects/*/attestors/*`.
|
|
67
75
|
class GetAttestorRequest
|
|
68
76
|
include ::Google::Protobuf::MessageExts
|
|
69
77
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -72,9 +80,12 @@ module Google
|
|
|
72
80
|
# Request message for [BinauthzManagementService.UpdateAttestor][].
|
|
73
81
|
# @!attribute [rw] attestor
|
|
74
82
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
75
|
-
# Required. The updated
|
|
76
|
-
#
|
|
77
|
-
#
|
|
83
|
+
# Required. The updated
|
|
84
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
85
|
+
# service will overwrite the [attestor
|
|
86
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
87
|
+
# the resource name in the request URL, in the format
|
|
88
|
+
# `projects/*/attestors/*`.
|
|
78
89
|
class UpdateAttestorRequest
|
|
79
90
|
include ::Google::Protobuf::MessageExts
|
|
80
91
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -84,7 +95,8 @@ module Google
|
|
|
84
95
|
# @!attribute [rw] parent
|
|
85
96
|
# @return [::String]
|
|
86
97
|
# Required. The resource name of the project associated with the
|
|
87
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
98
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
99
|
+
# format `projects/*`.
|
|
88
100
|
# @!attribute [rw] page_size
|
|
89
101
|
# @return [::Integer]
|
|
90
102
|
# Requested page size. The server may return fewer results than requested. If
|
|
@@ -92,8 +104,9 @@ module Google
|
|
|
92
104
|
# @!attribute [rw] page_token
|
|
93
105
|
# @return [::String]
|
|
94
106
|
# A token identifying a page of results the server should return. Typically,
|
|
95
|
-
# this is the value of
|
|
96
|
-
#
|
|
107
|
+
# this is the value of
|
|
108
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
109
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
97
110
|
class ListAttestorsRequest
|
|
98
111
|
include ::Google::Protobuf::MessageExts
|
|
99
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -106,8 +119,9 @@ module Google
|
|
|
106
119
|
# @!attribute [rw] next_page_token
|
|
107
120
|
# @return [::String]
|
|
108
121
|
# A token to retrieve the next page of results. Pass this value in the
|
|
109
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
110
|
-
# `ListAttestors` method to retrieve the
|
|
122
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
123
|
+
# field in the subsequent call to the `ListAttestors` method to retrieve the
|
|
124
|
+
# next page of results.
|
|
111
125
|
class ListAttestorsResponse
|
|
112
126
|
include ::Google::Protobuf::MessageExts
|
|
113
127
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -116,8 +130,9 @@ module Google
|
|
|
116
130
|
# Request message for [BinauthzManagementService.DeleteAttestor][].
|
|
117
131
|
# @!attribute [rw] name
|
|
118
132
|
# @return [::String]
|
|
119
|
-
# Required. The name of the
|
|
120
|
-
#
|
|
133
|
+
# Required. The name of the
|
|
134
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
135
|
+
# in the format `projects/*/attestors/*`.
|
|
121
136
|
class DeleteAttestorRequest
|
|
122
137
|
include ::Google::Protobuf::MessageExts
|
|
123
138
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-binary_authorization-v1beta1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.7'
|
|
20
|
+
- - "<"
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
22
|
+
version: 2.a
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0.7'
|
|
30
|
+
- - "<"
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
32
|
+
version: 2.a
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: google-cloud-errors
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -172,12 +178,14 @@ files:
|
|
|
172
178
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/credentials.rb
|
|
173
179
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/paths.rb
|
|
174
180
|
- lib/google/cloud/binary_authorization/v1beta1/version.rb
|
|
181
|
+
- lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb
|
|
175
182
|
- lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb
|
|
176
183
|
- lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb
|
|
177
184
|
- lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb
|
|
178
185
|
- proto_docs/README.md
|
|
179
186
|
- proto_docs/google/api/field_behavior.rb
|
|
180
187
|
- proto_docs/google/api/resource.rb
|
|
188
|
+
- proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb
|
|
181
189
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb
|
|
182
190
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb
|
|
183
191
|
- proto_docs/google/protobuf/empty.rb
|
|
@@ -201,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
201
209
|
- !ruby/object:Gem::Version
|
|
202
210
|
version: '0'
|
|
203
211
|
requirements: []
|
|
204
|
-
rubygems_version: 3.2.
|
|
212
|
+
rubygems_version: 3.2.17
|
|
205
213
|
signing_key:
|
|
206
214
|
specification_version: 4
|
|
207
215
|
summary: API Client library for the Binary Authorization V1beta1 API
|