google-cloud-binary_authorization-v1beta1 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +65 -37
- data/lib/google/cloud/binary_authorization/v1beta1/version.rb +1 -1
- data/lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb +55 -0
- data/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +32 -18
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb +104 -0
- data/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +37 -22
- metadata +15 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a598751352a1aa2c62791d1be940c7efeb9fdf5b4b5e291e88e3919d4e288d7
|
|
4
|
+
data.tar.gz: e6ea6e395211cc8e9ba7d9a1f9f2a8cf18c4ae126cfe723cf3012081acdbbafe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: acbbff146956b340ec0ff90480b3d664672c362362593dbee868cf0e21e9d7d5156eda098beff172926a59d182c55e5c217b90902e9797c185aa10bb00e5a035
|
|
7
|
+
data.tar.gz: 9c6494ac01fe4ef6a4fc2d386d512b8e2f76a95f229e610621b59b0e56658603b0eaf1d79b79a17af8b461885e789745cf8ca546625ccb1503c9b919931b8ca6
|
|
@@ -207,13 +207,16 @@ module Google
|
|
|
207
207
|
# Service calls
|
|
208
208
|
|
|
209
209
|
##
|
|
210
|
-
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
211
|
-
#
|
|
210
|
+
# A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the
|
|
211
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must
|
|
212
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
212
213
|
# image. There is at most one policy per project. All image admission
|
|
213
214
|
# requests are permitted if a project has no policy.
|
|
214
215
|
#
|
|
215
|
-
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
216
|
-
#
|
|
216
|
+
# Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this
|
|
217
|
+
# project. Returns a default
|
|
218
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project
|
|
219
|
+
# does not have one.
|
|
217
220
|
#
|
|
218
221
|
# @overload get_policy(request, options = nil)
|
|
219
222
|
# Pass arguments to `get_policy` via a request object, either of type
|
|
@@ -231,8 +234,9 @@ module Google
|
|
|
231
234
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
232
235
|
#
|
|
233
236
|
# @param name [::String]
|
|
234
|
-
# Required. The resource name of the
|
|
235
|
-
#
|
|
237
|
+
# Required. The resource name of the
|
|
238
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
239
|
+
# the format `projects/*/policy`.
|
|
236
240
|
#
|
|
237
241
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
238
242
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -280,11 +284,13 @@ module Google
|
|
|
280
284
|
end
|
|
281
285
|
|
|
282
286
|
##
|
|
283
|
-
# Creates or updates a project's
|
|
284
|
-
#
|
|
285
|
-
#
|
|
286
|
-
#
|
|
287
|
-
#
|
|
287
|
+
# Creates or updates a project's
|
|
288
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a
|
|
289
|
+
# copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}.
|
|
290
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
291
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
292
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
293
|
+
# malformed.
|
|
288
294
|
#
|
|
289
295
|
# @overload update_policy(request, options = nil)
|
|
290
296
|
# Pass arguments to `update_policy` via a request object, either of type
|
|
@@ -302,9 +308,11 @@ module Google
|
|
|
302
308
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
303
309
|
#
|
|
304
310
|
# @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash]
|
|
305
|
-
# Required. A new or updated
|
|
306
|
-
#
|
|
307
|
-
#
|
|
311
|
+
# Required. A new or updated
|
|
312
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
313
|
+
# service will overwrite the [policy
|
|
314
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
315
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
308
316
|
#
|
|
309
317
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
310
318
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
@@ -352,10 +360,13 @@ module Google
|
|
|
352
360
|
end
|
|
353
361
|
|
|
354
362
|
##
|
|
355
|
-
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
356
|
-
#
|
|
357
|
-
#
|
|
358
|
-
#
|
|
363
|
+
# Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor},
|
|
364
|
+
# and returns a copy of the new
|
|
365
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns
|
|
366
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
367
|
+
# malformed, ALREADY_EXISTS if the
|
|
368
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already
|
|
369
|
+
# exists.
|
|
359
370
|
#
|
|
360
371
|
# @overload create_attestor(request, options = nil)
|
|
361
372
|
# Pass arguments to `create_attestor` via a request object, either of type
|
|
@@ -373,13 +384,17 @@ module Google
|
|
|
373
384
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
374
385
|
#
|
|
375
386
|
# @param parent [::String]
|
|
376
|
-
# Required. The parent of this
|
|
387
|
+
# Required. The parent of this
|
|
388
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
377
389
|
# @param attestor_id [::String]
|
|
378
|
-
# Required. The
|
|
390
|
+
# Required. The
|
|
391
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
379
392
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
380
|
-
# Required. The initial
|
|
381
|
-
#
|
|
382
|
-
#
|
|
393
|
+
# Required. The initial
|
|
394
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
395
|
+
# service will overwrite the [attestor
|
|
396
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
397
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
383
398
|
#
|
|
384
399
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
385
400
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -428,7 +443,9 @@ module Google
|
|
|
428
443
|
|
|
429
444
|
##
|
|
430
445
|
# Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
431
|
-
# Returns NOT_FOUND if the
|
|
446
|
+
# Returns NOT_FOUND if the
|
|
447
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
448
|
+
# exist.
|
|
432
449
|
#
|
|
433
450
|
# @overload get_attestor(request, options = nil)
|
|
434
451
|
# Pass arguments to `get_attestor` via a request object, either of type
|
|
@@ -446,8 +463,9 @@ module Google
|
|
|
446
463
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
447
464
|
#
|
|
448
465
|
# @param name [::String]
|
|
449
|
-
# Required. The name of the
|
|
450
|
-
#
|
|
466
|
+
# Required. The name of the
|
|
467
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
468
|
+
# in the format `projects/*/attestors/*`.
|
|
451
469
|
#
|
|
452
470
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
453
471
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -496,7 +514,9 @@ module Google
|
|
|
496
514
|
|
|
497
515
|
##
|
|
498
516
|
# Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
499
|
-
# Returns NOT_FOUND if the
|
|
517
|
+
# Returns NOT_FOUND if the
|
|
518
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
519
|
+
# exist.
|
|
500
520
|
#
|
|
501
521
|
# @overload update_attestor(request, options = nil)
|
|
502
522
|
# Pass arguments to `update_attestor` via a request object, either of type
|
|
@@ -514,9 +534,12 @@ module Google
|
|
|
514
534
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
515
535
|
#
|
|
516
536
|
# @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash]
|
|
517
|
-
# Required. The updated
|
|
518
|
-
#
|
|
519
|
-
#
|
|
537
|
+
# Required. The updated
|
|
538
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
539
|
+
# service will overwrite the [attestor
|
|
540
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
541
|
+
# the resource name in the request URL, in the format
|
|
542
|
+
# `projects/*/attestors/*`.
|
|
520
543
|
#
|
|
521
544
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
522
545
|
# @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
@@ -584,14 +607,16 @@ module Google
|
|
|
584
607
|
#
|
|
585
608
|
# @param parent [::String]
|
|
586
609
|
# Required. The resource name of the project associated with the
|
|
587
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
610
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
611
|
+
# format `projects/*`.
|
|
588
612
|
# @param page_size [::Integer]
|
|
589
613
|
# Requested page size. The server may return fewer results than requested. If
|
|
590
614
|
# unspecified, the server will pick an appropriate default.
|
|
591
615
|
# @param page_token [::String]
|
|
592
616
|
# A token identifying a page of results the server should return. Typically,
|
|
593
|
-
# this is the value of
|
|
594
|
-
#
|
|
617
|
+
# this is the value of
|
|
618
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
619
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
595
620
|
#
|
|
596
621
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
597
622
|
# @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>]
|
|
@@ -640,8 +665,10 @@ module Google
|
|
|
640
665
|
end
|
|
641
666
|
|
|
642
667
|
##
|
|
643
|
-
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
644
|
-
#
|
|
668
|
+
# Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
669
|
+
# Returns NOT_FOUND if the
|
|
670
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not
|
|
671
|
+
# exist.
|
|
645
672
|
#
|
|
646
673
|
# @overload delete_attestor(request, options = nil)
|
|
647
674
|
# Pass arguments to `delete_attestor` via a request object, either of type
|
|
@@ -659,8 +686,9 @@ module Google
|
|
|
659
686
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
|
660
687
|
#
|
|
661
688
|
# @param name [::String]
|
|
662
|
-
# Required. The name of the
|
|
663
|
-
#
|
|
689
|
+
# Required. The name of the
|
|
690
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
691
|
+
# in the format `projects/*/attestors/*`.
|
|
664
692
|
#
|
|
665
693
|
# @yield [response, operation] Access the result along with the RPC operation
|
|
666
694
|
# @yieldparam response [::Google::Protobuf::Empty]
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
|
+
# source: google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
|
|
3
|
+
|
|
4
|
+
require 'google/protobuf'
|
|
5
|
+
|
|
6
|
+
require 'google/protobuf/timestamp_pb'
|
|
7
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
8
|
+
add_file("google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto", :syntax => :proto3) do
|
|
9
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent" do
|
|
10
|
+
oneof :event_type do
|
|
11
|
+
optional :pod_event, :message, 1, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent"
|
|
12
|
+
optional :unsupported_policy_event, :message, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent"
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent" do
|
|
16
|
+
optional :pod, :string, 1
|
|
17
|
+
optional :deploy_time, :message, 2, "google.protobuf.Timestamp"
|
|
18
|
+
optional :end_time, :message, 3, "google.protobuf.Timestamp"
|
|
19
|
+
optional :verdict, :enum, 4, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict"
|
|
20
|
+
repeated :images, :message, 5, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails"
|
|
21
|
+
end
|
|
22
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails" do
|
|
23
|
+
optional :image, :string, 1
|
|
24
|
+
optional :result, :enum, 2, "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult"
|
|
25
|
+
optional :description, :string, 3
|
|
26
|
+
end
|
|
27
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult" do
|
|
28
|
+
value :AUDIT_RESULT_UNSPECIFIED, 0
|
|
29
|
+
value :ALLOW, 1
|
|
30
|
+
value :DENY, 2
|
|
31
|
+
end
|
|
32
|
+
add_enum "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict" do
|
|
33
|
+
value :POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, 0
|
|
34
|
+
value :VIOLATES_POLICY, 1
|
|
35
|
+
end
|
|
36
|
+
add_message "google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent" do
|
|
37
|
+
optional :description, :string, 1
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
module Google
|
|
43
|
+
module Cloud
|
|
44
|
+
module BinaryAuthorization
|
|
45
|
+
module V1beta1
|
|
46
|
+
ContinuousValidationEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent").msgclass
|
|
47
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent").msgclass
|
|
48
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails").msgclass
|
|
49
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult").enummodule
|
|
50
|
+
ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict").enummodule
|
|
51
|
+
ContinuousValidationEvent::UnsupportedPolicyEvent = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent").msgclass
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -36,42 +36,56 @@ module Google
|
|
|
36
36
|
# * [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor]
|
|
37
37
|
class Service
|
|
38
38
|
|
|
39
|
-
include GRPC::GenericService
|
|
39
|
+
include ::GRPC::GenericService
|
|
40
40
|
|
|
41
41
|
self.marshal_class_method = :encode
|
|
42
42
|
self.unmarshal_class_method = :decode
|
|
43
43
|
self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
|
|
44
44
|
|
|
45
|
-
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
-
#
|
|
45
|
+
# A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the
|
|
46
|
+
# [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must
|
|
47
|
+
# attest to a container image, before the project is allowed to deploy that
|
|
47
48
|
# image. There is at most one policy per project. All image admission
|
|
48
49
|
# requests are permitted if a project has no policy.
|
|
49
50
|
#
|
|
50
|
-
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
51
|
-
#
|
|
51
|
+
# Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this
|
|
52
|
+
# project. Returns a default
|
|
53
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project
|
|
54
|
+
# does not have one.
|
|
52
55
|
rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
53
|
-
# Creates or updates a project's
|
|
54
|
-
#
|
|
55
|
-
#
|
|
56
|
-
#
|
|
57
|
-
#
|
|
56
|
+
# Creates or updates a project's
|
|
57
|
+
# [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a
|
|
58
|
+
# copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy].
|
|
59
|
+
# A policy is always updated as a whole, to avoid race conditions with
|
|
60
|
+
# concurrent policy enforcement (or management!) requests. Returns NOT_FOUND
|
|
61
|
+
# if the project does not exist, INVALID_ARGUMENT if the request is
|
|
62
|
+
# malformed.
|
|
58
63
|
rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy
|
|
59
|
-
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
60
|
-
#
|
|
61
|
-
#
|
|
62
|
-
#
|
|
64
|
+
# Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor],
|
|
65
|
+
# and returns a copy of the new
|
|
66
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns
|
|
67
|
+
# NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is
|
|
68
|
+
# malformed, ALREADY_EXISTS if the
|
|
69
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already
|
|
70
|
+
# exists.
|
|
63
71
|
rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
64
72
|
# Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
65
|
-
# Returns NOT_FOUND if the
|
|
73
|
+
# Returns NOT_FOUND if the
|
|
74
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
75
|
+
# exist.
|
|
66
76
|
rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
67
77
|
# Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
68
|
-
# Returns NOT_FOUND if the
|
|
78
|
+
# Returns NOT_FOUND if the
|
|
79
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
80
|
+
# exist.
|
|
69
81
|
rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor
|
|
70
82
|
# Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
71
83
|
# Returns INVALID_ARGUMENT if the project does not exist.
|
|
72
84
|
rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse
|
|
73
|
-
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
74
|
-
#
|
|
85
|
+
# Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
|
|
86
|
+
# Returns NOT_FOUND if the
|
|
87
|
+
# [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not
|
|
88
|
+
# exist.
|
|
75
89
|
rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty
|
|
76
90
|
end
|
|
77
91
|
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# Copyright 2021 Google LLC
|
|
4
|
+
#
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
#
|
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
#
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
module Google
|
|
21
|
+
module Cloud
|
|
22
|
+
module BinaryAuthorization
|
|
23
|
+
module V1beta1
|
|
24
|
+
# Represents an auditing event from Continuous Validation.
|
|
25
|
+
# @!attribute [rw] pod_event
|
|
26
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent]
|
|
27
|
+
# Pod event.
|
|
28
|
+
# @!attribute [rw] unsupported_policy_event
|
|
29
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::UnsupportedPolicyEvent]
|
|
30
|
+
# Unsupported policy event.
|
|
31
|
+
class ContinuousValidationEvent
|
|
32
|
+
include ::Google::Protobuf::MessageExts
|
|
33
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
34
|
+
|
|
35
|
+
# An auditing event for one Pod.
|
|
36
|
+
# @!attribute [rw] pod
|
|
37
|
+
# @return [::String]
|
|
38
|
+
# The name of the Pod.
|
|
39
|
+
# @!attribute [rw] deploy_time
|
|
40
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
41
|
+
# Deploy time of the Pod from k8s.
|
|
42
|
+
# @!attribute [rw] end_time
|
|
43
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
44
|
+
# Termination time of the Pod from k8s, or nothing if still running.
|
|
45
|
+
# @!attribute [rw] verdict
|
|
46
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict]
|
|
47
|
+
# Auditing verdict for this Pod.
|
|
48
|
+
# @!attribute [rw] images
|
|
49
|
+
# @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails>]
|
|
50
|
+
# List of images with auditing details.
|
|
51
|
+
class ContinuousValidationPodEvent
|
|
52
|
+
include ::Google::Protobuf::MessageExts
|
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
54
|
+
|
|
55
|
+
# Container image with auditing details.
|
|
56
|
+
# @!attribute [rw] image
|
|
57
|
+
# @return [::String]
|
|
58
|
+
# The name of the image.
|
|
59
|
+
# @!attribute [rw] result
|
|
60
|
+
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult]
|
|
61
|
+
# The result of the audit for this image.
|
|
62
|
+
# @!attribute [rw] description
|
|
63
|
+
# @return [::String]
|
|
64
|
+
# Description of the above result.
|
|
65
|
+
class ImageDetails
|
|
66
|
+
include ::Google::Protobuf::MessageExts
|
|
67
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
68
|
+
|
|
69
|
+
# Result of the audit.
|
|
70
|
+
module AuditResult
|
|
71
|
+
# Unspecified result. This is an error.
|
|
72
|
+
AUDIT_RESULT_UNSPECIFIED = 0
|
|
73
|
+
|
|
74
|
+
# Image is allowed.
|
|
75
|
+
ALLOW = 1
|
|
76
|
+
|
|
77
|
+
# Image is denied.
|
|
78
|
+
DENY = 2
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
# Audit time policy conformance verdict.
|
|
83
|
+
module PolicyConformanceVerdict
|
|
84
|
+
# We should always have a verdict. This is an error.
|
|
85
|
+
POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0
|
|
86
|
+
|
|
87
|
+
# The pod violates the policy.
|
|
88
|
+
VIOLATES_POLICY = 1
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# An event describing that the project policy is unsupported by CV.
|
|
93
|
+
# @!attribute [rw] description
|
|
94
|
+
# @return [::String]
|
|
95
|
+
# A description of the unsupported policy.
|
|
96
|
+
class UnsupportedPolicyEvent
|
|
97
|
+
include ::Google::Protobuf::MessageExts
|
|
98
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
end
|
|
@@ -24,8 +24,9 @@ module Google
|
|
|
24
24
|
# Request message for [BinauthzManagementService.GetPolicy][].
|
|
25
25
|
# @!attribute [rw] name
|
|
26
26
|
# @return [::String]
|
|
27
|
-
# Required. The resource name of the
|
|
28
|
-
#
|
|
27
|
+
# Required. The resource name of the
|
|
28
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in
|
|
29
|
+
# the format `projects/*/policy`.
|
|
29
30
|
class GetPolicyRequest
|
|
30
31
|
include ::Google::Protobuf::MessageExts
|
|
31
32
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -34,9 +35,11 @@ module Google
|
|
|
34
35
|
# Request message for [BinauthzManagementService.UpdatePolicy][].
|
|
35
36
|
# @!attribute [rw] policy
|
|
36
37
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy]
|
|
37
|
-
# Required. A new or updated
|
|
38
|
-
#
|
|
39
|
-
#
|
|
38
|
+
# Required. A new or updated
|
|
39
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The
|
|
40
|
+
# service will overwrite the [policy
|
|
41
|
+
# name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the
|
|
42
|
+
# resource name in the request URL, in the format `projects/*/policy`.
|
|
40
43
|
class UpdatePolicyRequest
|
|
41
44
|
include ::Google::Protobuf::MessageExts
|
|
42
45
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -45,15 +48,19 @@ module Google
|
|
|
45
48
|
# Request message for [BinauthzManagementService.CreateAttestor][].
|
|
46
49
|
# @!attribute [rw] parent
|
|
47
50
|
# @return [::String]
|
|
48
|
-
# Required. The parent of this
|
|
51
|
+
# Required. The parent of this
|
|
52
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}.
|
|
49
53
|
# @!attribute [rw] attestor_id
|
|
50
54
|
# @return [::String]
|
|
51
|
-
# Required. The
|
|
55
|
+
# Required. The
|
|
56
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID.
|
|
52
57
|
# @!attribute [rw] attestor
|
|
53
58
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
54
|
-
# Required. The initial
|
|
55
|
-
#
|
|
56
|
-
#
|
|
59
|
+
# Required. The initial
|
|
60
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
61
|
+
# service will overwrite the [attestor
|
|
62
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
63
|
+
# the resource name, in the format `projects/*/attestors/*`.
|
|
57
64
|
class CreateAttestorRequest
|
|
58
65
|
include ::Google::Protobuf::MessageExts
|
|
59
66
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -62,8 +69,9 @@ module Google
|
|
|
62
69
|
# Request message for [BinauthzManagementService.GetAttestor][].
|
|
63
70
|
# @!attribute [rw] name
|
|
64
71
|
# @return [::String]
|
|
65
|
-
# Required. The name of the
|
|
66
|
-
#
|
|
72
|
+
# Required. The name of the
|
|
73
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve,
|
|
74
|
+
# in the format `projects/*/attestors/*`.
|
|
67
75
|
class GetAttestorRequest
|
|
68
76
|
include ::Google::Protobuf::MessageExts
|
|
69
77
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -72,9 +80,12 @@ module Google
|
|
|
72
80
|
# Request message for [BinauthzManagementService.UpdateAttestor][].
|
|
73
81
|
# @!attribute [rw] attestor
|
|
74
82
|
# @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor]
|
|
75
|
-
# Required. The updated
|
|
76
|
-
#
|
|
77
|
-
#
|
|
83
|
+
# Required. The updated
|
|
84
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The
|
|
85
|
+
# service will overwrite the [attestor
|
|
86
|
+
# name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with
|
|
87
|
+
# the resource name in the request URL, in the format
|
|
88
|
+
# `projects/*/attestors/*`.
|
|
78
89
|
class UpdateAttestorRequest
|
|
79
90
|
include ::Google::Protobuf::MessageExts
|
|
80
91
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -84,7 +95,8 @@ module Google
|
|
|
84
95
|
# @!attribute [rw] parent
|
|
85
96
|
# @return [::String]
|
|
86
97
|
# Required. The resource name of the project associated with the
|
|
87
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
98
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the
|
|
99
|
+
# format `projects/*`.
|
|
88
100
|
# @!attribute [rw] page_size
|
|
89
101
|
# @return [::Integer]
|
|
90
102
|
# Requested page size. The server may return fewer results than requested. If
|
|
@@ -92,8 +104,9 @@ module Google
|
|
|
92
104
|
# @!attribute [rw] page_token
|
|
93
105
|
# @return [::String]
|
|
94
106
|
# A token identifying a page of results the server should return. Typically,
|
|
95
|
-
# this is the value of
|
|
96
|
-
#
|
|
107
|
+
# this is the value of
|
|
108
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token}
|
|
109
|
+
# returned from the previous call to the `ListAttestors` method.
|
|
97
110
|
class ListAttestorsRequest
|
|
98
111
|
include ::Google::Protobuf::MessageExts
|
|
99
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -106,8 +119,9 @@ module Google
|
|
|
106
119
|
# @!attribute [rw] next_page_token
|
|
107
120
|
# @return [::String]
|
|
108
121
|
# A token to retrieve the next page of results. Pass this value in the
|
|
109
|
-
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
110
|
-
# `ListAttestors` method to retrieve the
|
|
122
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token}
|
|
123
|
+
# field in the subsequent call to the `ListAttestors` method to retrieve the
|
|
124
|
+
# next page of results.
|
|
111
125
|
class ListAttestorsResponse
|
|
112
126
|
include ::Google::Protobuf::MessageExts
|
|
113
127
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -116,8 +130,9 @@ module Google
|
|
|
116
130
|
# Request message for [BinauthzManagementService.DeleteAttestor][].
|
|
117
131
|
# @!attribute [rw] name
|
|
118
132
|
# @return [::String]
|
|
119
|
-
# Required. The name of the
|
|
120
|
-
#
|
|
133
|
+
# Required. The name of the
|
|
134
|
+
# {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete,
|
|
135
|
+
# in the format `projects/*/attestors/*`.
|
|
121
136
|
class DeleteAttestorRequest
|
|
122
137
|
include ::Google::Protobuf::MessageExts
|
|
123
138
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-binary_authorization-v1beta1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-06-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.5'
|
|
20
|
+
- - "<"
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
22
|
+
version: 2.a
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0.5'
|
|
30
|
+
- - "<"
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
32
|
+
version: 2.a
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: google-cloud-errors
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -172,12 +178,14 @@ files:
|
|
|
172
178
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/credentials.rb
|
|
173
179
|
- lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/paths.rb
|
|
174
180
|
- lib/google/cloud/binary_authorization/v1beta1/version.rb
|
|
181
|
+
- lib/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging_pb.rb
|
|
175
182
|
- lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb
|
|
176
183
|
- lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb
|
|
177
184
|
- lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb
|
|
178
185
|
- proto_docs/README.md
|
|
179
186
|
- proto_docs/google/api/field_behavior.rb
|
|
180
187
|
- proto_docs/google/api/resource.rb
|
|
188
|
+
- proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb
|
|
181
189
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb
|
|
182
190
|
- proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb
|
|
183
191
|
- proto_docs/google/protobuf/empty.rb
|
|
@@ -201,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
201
209
|
- !ruby/object:Gem::Version
|
|
202
210
|
version: '0'
|
|
203
211
|
requirements: []
|
|
204
|
-
rubygems_version: 3.2.
|
|
212
|
+
rubygems_version: 3.2.17
|
|
205
213
|
signing_key:
|
|
206
214
|
specification_version: 4
|
|
207
215
|
summary: API Client library for the Binary Authorization V1beta1 API
|