google-cloud-binary_authorization-v1beta1 0.3.5 → 0.4.0

data/lib/google/cloud/binary_authorization/v1beta1/system_policy/credentials.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "googleauth"
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        module SystemPolicy
+          # Credentials for the SystemPolicy API.
+          class Credentials < ::Google::Auth::Credentials
+            self.scope = [
+              "https://www.googleapis.com/auth/cloud-platform"
+            ]
+            self.env_vars = [
+              "BINARY_AUTHORIZATION_CREDENTIALS",
+              "BINARY_AUTHORIZATION_KEYFILE",
+              "GOOGLE_CLOUD_CREDENTIALS",
+              "GOOGLE_CLOUD_KEYFILE",
+              "GCLOUD_KEYFILE",
+              "BINARY_AUTHORIZATION_CREDENTIALS_JSON",
+              "BINARY_AUTHORIZATION_KEYFILE_JSON",
+              "GOOGLE_CLOUD_CREDENTIALS_JSON",
+              "GOOGLE_CLOUD_KEYFILE_JSON",
+              "GCLOUD_KEYFILE_JSON"
+            ]
+            self.paths = [
+              "~/.config/google_cloud/application_default_credentials.json"
+            ]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/binary_authorization/v1beta1/system_policy/paths.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        module SystemPolicy
+          # Path helper methods for the SystemPolicy API.
+          module Paths
+            ##
+            # Create a fully-qualified Policy resource string.
+            #
+            # @overload policy_path(project:)
+            #   The resource will be in the following format:
+            #
+            #   `projects/{project}/policy`
+            #
+            #   @param project [String]
+            #
+            # @overload policy_path(location:)
+            #   The resource will be in the following format:
+            #
+            #   `locations/{location}/policy`
+            #
+            #   @param location [String]
+            #
+            # @return [::String]
+            def policy_path **args
+              resources = {
+                "project" => (proc do |project:|
+                  "projects/#{project}/policy"
+                end),
+                "location" => (proc do |location:|
+                  "locations/#{location}/policy"
+                end)
+              }
+
+              resource = resources[args.keys.sort.join(":")]
+              raise ::ArgumentError, "no resource found for values #{args.keys}" if resource.nil?
+              resource.call(**args)
+            end
+
+            extend self
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/binary_authorization/v1beta1/system_policy.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "gapic/common"
+require "gapic/config"
+require "gapic/config/method"
+
+require "google/cloud/binary_authorization/v1beta1/version"
+
+require "google/cloud/binary_authorization/v1beta1/system_policy/credentials"
+require "google/cloud/binary_authorization/v1beta1/system_policy/paths"
+require "google/cloud/binary_authorization/v1beta1/system_policy/client"
+
+module Google
+  module Cloud
+    module BinaryAuthorization
+      module V1beta1
+        ##
+        # API for working with the system policy.
+        #
+        # To load this service and instantiate a client:
+        #
+        #     require "google/cloud/binary_authorization/v1beta1/system_policy"
+        #     client = ::Google::Cloud::BinaryAuthorization::V1beta1::SystemPolicy::Client.new
+        #
+        module SystemPolicy
+        end
+      end
+    end
+  end
+end
+
+helper_path = ::File.join __dir__, "system_policy", "helpers.rb"
+require "google/cloud/binary_authorization/v1beta1/system_policy/helpers" if ::File.file? helper_path

data/lib/google/cloud/binary_authorization/v1beta1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module BinaryAuthorization
       module V1beta1
-        VERSION = "0.3.5"
+        VERSION = "0.4.0"
       end
     end
   end

data/lib/google/cloud/binary_authorization/v1beta1.rb

@@ -17,6 +17,7 @@
 # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
 
 require "google/cloud/binary_authorization/v1beta1/binauthz_management_service"
+require "google/cloud/binary_authorization/v1beta1/system_policy"
 require "google/cloud/binary_authorization/v1beta1/version"
 
 module Google

data/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/binaryauthorization/v1beta1/resources.proto
 
-require 'google/api/annotations_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
 require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -15,6 +15,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :global_policy_evaluation_mode, :enum, 7, "google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode"
       repeated :admission_whitelist_patterns, :message, 2, "google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern"
       map :cluster_admission_rules, :string, :message, 3, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
+      map :kubernetes_namespace_admission_rules, :string, :message, 10, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
+      map :kubernetes_service_account_admission_rules, :string, :message, 8, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
+      map :istio_service_identity_admission_rules, :string, :message, 9, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
       optional :default_admission_rule, :message, 4, "google.cloud.binaryauthorization.v1beta1.AdmissionRule"
       optional :update_time, :message, 5, "google.protobuf.Timestamp"
     end
@@ -70,8 +73,11 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :RSA_SIGN_PKCS1_4096_SHA256, 7
       value :RSA_SIGN_PKCS1_4096_SHA512, 8
       value :ECDSA_P256_SHA256, 9
+      value :EC_SIGN_P256_SHA256, 9
       value :ECDSA_P384_SHA384, 10
+      value :EC_SIGN_P384_SHA384, 10
       value :ECDSA_P521_SHA512, 11
+      value :EC_SIGN_P521_SHA512, 11
     end
     add_message "google.cloud.binaryauthorization.v1beta1.AttestorPublicKey" do
       optional :comment, :string, 1

data/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb

@@ -40,6 +40,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest" do
       optional :name, :string, 1
     end
+    add_message "google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest" do
+      optional :name, :string, 1
+    end
   end
 end
 
@@ -55,6 +58,7 @@ module Google
         ListAttestorsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest").msgclass
         ListAttestorsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse").msgclass
         DeleteAttestorRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest").msgclass
+        GetSystemPolicyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest").msgclass
       end
     end
   end

data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb

@@ -1,7 +1,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # Source: google/cloud/binaryauthorization/v1beta1/service.proto for package 'Google.Cloud.BinaryAuthorization.V1beta1'
 # Original file comments:
-# Copyright 2019 Google LLC.
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,7 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-#
 
 require 'grpc'
 require 'google/cloud/binaryauthorization/v1beta1/service_pb'
@@ -42,53 +41,55 @@ module Google
             self.unmarshal_class_method = :decode
             self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
 
-            # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
-            # [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
-            # attest to a container image, before the project is allowed to deploy that
+            # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
+            # a container image, before the project is allowed to deploy that
             # image. There is at most one policy per project. All image admission
             # requests are permitted if a project has no policy.
             #
-            # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
-            # project. Returns a default
-            # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
-            # does not have one.
+            # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
+            # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
             rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
-            # Creates or updates a project's
-            # [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
-            # copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
-            # A policy is always updated as a whole, to avoid race conditions with
-            # concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
-            # if the project does not exist, INVALID_ARGUMENT if the request is
-            # malformed.
+            # Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
+            # new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
+            # conditions with concurrent policy enforcement (or management!)
+            # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+            # if the request is malformed.
             rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
-            # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
-            # and returns a copy of the new
-            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
-            # NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
-            # malformed, ALREADY_EXISTS if the
-            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
-            # exists.
+            # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
+            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
+            # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
             rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
             # Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
-            # Returns NOT_FOUND if the
-            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
-            # exist.
+            # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
             rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
             # Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
-            # Returns NOT_FOUND if the
-            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
-            # exist.
+            # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
             rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
             # Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
             # Returns INVALID_ARGUMENT if the project does not exist.
             rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
-            # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
-            # Returns NOT_FOUND if the
-            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
-            # exist.
+            # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
+            # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
             rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
           end
 
+          Stub = Service.rpc_stub_class
+        end
+        module SystemPolicyV1Beta1
+          # API for working with the system policy.
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.cloud.binaryauthorization.v1beta1.SystemPolicyV1Beta1'
+
+            # Gets the current system policy in the specified location.
+            rpc :GetSystemPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetSystemPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
+          end
+
           Stub = Service.rpc_stub_class
         end
       end

data/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb

@@ -21,8 +21,7 @@ module Google
   module Cloud
     module BinaryAuthorization
       module V1beta1
-        # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for container
-        # image binary authorization.
+        # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary Authorization.
         # @!attribute [r] name
         #   @return [::String]
         #     Output only. The resource name, in the format `projects/*/policy`. There is
@@ -50,6 +49,21 @@ module Google
         #     (e.g. us-central1).
         #     For `clusterId` syntax restrictions see
         #     https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+        # @!attribute [rw] kubernetes_namespace_admission_rules
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
+        #     Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+        #       `[a-z.-]+`, e.g. `some-namespace`
+        # @!attribute [rw] kubernetes_service_account_admission_rules
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
+        #     Optional. Per-kubernetes-service-account admission rules. Service account
+        #     spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
+        # @!attribute [rw] istio_service_identity_admission_rules
+        #   @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}]
+        #     Optional. Per-istio-service-identity admission rules. Istio service
+        #     identity spec format:
+        #     `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
+        #     `<domain>/ns/<namespace>/sa/<serviceaccount>`
+        #     e.g. `spiffe://example.com/ns/test-ns/sa/default`
         # @!attribute [rw] default_admission_rule
         #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
         #     Required. Default admission rule for a cluster without a per-cluster, per-
@@ -70,6 +84,33 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
+          class KubernetesNamespaceAdmissionRulesEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
+          class KubernetesServiceAccountAdmissionRulesEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # @!attribute [rw] key
+          #   @return [::String]
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
+          class IstioServiceIdentityAdmissionRulesEntry
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           module GlobalPolicyEvaluationMode
             # Not specified: DISABLE is assumed.
             GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
@@ -82,28 +123,28 @@ module Google
           end
         end
 
-        # An [admission allowlist
-        # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
-        # exempts images from checks by [admission
-        # rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
+        # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern} exempts images
+        # from checks by {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rules}.
         # @!attribute [rw] name_pattern
         #   @return [::String]
-        #     An image name pattern to allow, in the form `registry/path/to/image`.
+        #     An image name pattern to allowlist, in the form `registry/path/to/image`.
         #     This supports a trailing `*` as a wildcard, but this is allowed only in
-        #     text after the `registry/` part.
+        #     text after the `registry/` part. `*` wildcard does not match `/`, i.e.,
+        #     `gcr.io/nginx*` matches `gcr.io/nginx@latest`, but it does not match
+        #     `gcr.io/nginx/image`. This also supports a trailing `**` wildcard which
+        #     matches subdirectories, i.e., `gcr.io/nginx**` matches
+        #     `gcr.io/nginx/image`.
         class AdmissionWhitelistPattern
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule}
-        # specifies either that all container images used in a pod creation request
-        # must be attested to by one or more
-        # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod
-        # creations will be allowed, or that all pod creations will be denied.
+        # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule} specifies either that all container images
+        # used in a pod creation request must be attested to by one or more
+        # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod creations will be allowed, or that all
+        # pod creations will be denied.
         #
-        # Images matching an [admission allowlist
-        # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
+        # Images matching an {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern}
         # are exempted from admission rules and will never block a pod creation.
         # @!attribute [rw] evaluation_mode
         #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EvaluationMode]
@@ -133,7 +174,7 @@ module Google
             ALWAYS_ALLOW = 1
 
             # This rule allows a pod creation if all the attestors listed in
-            # 'require_attestations_by' have valid attestations for all of the
+            # `require_attestations_by` have valid attestations for all of the
             # images in the pod spec.
             REQUIRE_ATTESTATION = 2
 
@@ -156,9 +197,9 @@ module Google
           end
         end
 
-        # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests
-        # to container image artifacts. An existing attestor cannot be modified except
-        # where indicated.
+        # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests to container image
+        # artifacts. An existing attestor cannot be modified except where
+        # indicated.
         # @!attribute [rw] name
         #   @return [::String]
         #     Required. The resource name, in the format:
@@ -178,9 +219,8 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # An [user owned drydock
-        # note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote]
-        # references a Drydock ATTESTATION_AUTHORITY Note created by the user.
+        # An {::Google::Cloud::BinaryAuthorization::V1beta1::UserOwnedDrydockNote user owned drydock note} references a Drydock
+        # ATTESTATION_AUTHORITY Note created by the user.
         # @!attribute [rw] note_reference
         #   @return [::String]
         #     Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
@@ -273,17 +313,25 @@ module Google
             # ECDSA on the NIST P-256 curve with a SHA256 digest.
             ECDSA_P256_SHA256 = 9
 
+            # ECDSA on the NIST P-256 curve with a SHA256 digest.
+            EC_SIGN_P256_SHA256 = 9
+
             # ECDSA on the NIST P-384 curve with a SHA384 digest.
             ECDSA_P384_SHA384 = 10
 
+            # ECDSA on the NIST P-384 curve with a SHA384 digest.
+            EC_SIGN_P384_SHA384 = 10
+
             # ECDSA on the NIST P-521 curve with a SHA512 digest.
             ECDSA_P521_SHA512 = 11
+
+            # ECDSA on the NIST P-521 curve with a SHA512 digest.
+            EC_SIGN_P521_SHA512 = 11
           end
         end
 
-        # An [attestor public
-        # key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be
-        # used to verify attestations signed by this attestor.
+        # An {::Google::Cloud::BinaryAuthorization::V1beta1::AttestorPublicKey attestor public key} that will be used to verify
+        # attestations signed by this attestor.
         # @!attribute [rw] comment
         #   @return [::String]
         #     Optional. A descriptive comment. This field may be updated.

data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb

@@ -24,9 +24,8 @@ module Google
         # Request message for [BinauthzManagementService.GetPolicy][].
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
-        #     the format `projects/*/policy`.
+        #     Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve,
+        #     in the format `projects/*/policy`.
         class GetPolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -35,11 +34,9 @@ module Google
         # Request message for [BinauthzManagementService.UpdatePolicy][].
         # @!attribute [rw] policy
         #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
-        #     Required. A new or updated
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
-        #     service will overwrite the [policy
-        #     name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
-        #     resource name in the request URL, in the format `projects/*/policy`.
+        #     Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The service will
+        #     overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy#name policy name} field with the resource name in
+        #     the request URL, in the format `projects/*/policy`.
         class UpdatePolicyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -48,19 +45,15 @@ module Google
         # Request message for [BinauthzManagementService.CreateAttestor][].
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The parent of this
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
+        #     Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
         # @!attribute [rw] attestor_id
         #   @return [::String]
-        #     Required. The
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
+        #     Required. The {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
         # @!attribute [rw] attestor
         #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
-        #     Required. The initial
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
-        #     service will overwrite the [attestor
-        #     name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
-        #     the resource name, in the format `projects/*/attestors/*`.
+        #     Required. The initial {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will
+        #     overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name,
+        #     in the format `projects/*/attestors/*`.
         class CreateAttestorRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -69,9 +62,8 @@ module Google
         # Request message for [BinauthzManagementService.GetAttestor][].
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The name of the
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
-        #     in the format `projects/*/attestors/*`.
+        #     Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, in the format
+        #     `projects/*/attestors/*`.
         class GetAttestorRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -80,12 +72,9 @@ module Google
         # Request message for [BinauthzManagementService.UpdateAttestor][].
         # @!attribute [rw] attestor
         #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
-        #     Required. The updated
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
-        #     service will overwrite the [attestor
-        #     name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
-        #     the resource name in the request URL, in the format
-        #     `projects/*/attestors/*`.
+        #     Required. The updated {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will
+        #     overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name
+        #     in the request URL, in the format `projects/*/attestors/*`.
         class UpdateAttestorRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -95,8 +84,7 @@ module Google
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The resource name of the project associated with the
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
-        #     format `projects/*`.
+        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the format `projects/*`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
         #     Requested page size. The server may return fewer results than requested. If
@@ -104,9 +92,8 @@ module Google
         # @!attribute [rw] page_token
         #   @return [::String]
         #     A token identifying a page of results the server should return. Typically,
-        #     this is the value of
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
-        #     returned from the previous call to the `ListAttestors` method.
+        #     this is the value of {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned
+        #     from the previous call to the `ListAttestors` method.
         class ListAttestorsRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -119,9 +106,8 @@ module Google
         # @!attribute [rw] next_page_token
         #   @return [::String]
         #     A token to retrieve the next page of results. Pass this value in the
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
-        #     field in the subsequent call to the `ListAttestors` method to retrieve the
-        #     next page of results.
+        #     {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the
+        #     `ListAttestors` method to retrieve the next page of results.
         class ListAttestorsResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -130,13 +116,22 @@ module Google
         # Request message for [BinauthzManagementService.DeleteAttestor][].
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The name of the
-        #     {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
-        #     in the format `projects/*/attestors/*`.
+        #     Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, in the format
+        #     `projects/*/attestors/*`.
         class DeleteAttestorRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
+
+        # Request to read the current system policy.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name, in the format `locations/*/policy`.
+        #     Note that the system policy is not associated with a project.
+        class GetSystemPolicyRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
       end
     end
   end