google-cloud-confidential_computing-v1 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85e488a02bded453a53552c8e6f48604509821a6d8b49d8f580caebb74e9dc24
-  data.tar.gz: 6dbae5d1f8c324c52956b0b0d497c8cda3d0c36e3a4f1822563389db71322fd1
+  metadata.gz: 42039146f14516a23edf4f069c0615b24f78b09b2736739975f86ae8e893d36f
+  data.tar.gz: ca62b162855d6a5e72f9a843222c1e3152af6bbe847455bf4281801820df3fad
 SHA512:
-  metadata.gz: 70a18319f2dadc2c15990c7c39cf9aaceac62f2d7cafbc6f99b8a6b7acd68be696298652b7919c3936d8cd05415dbf8044ae423357698ddd15300deedb787fd5
-  data.tar.gz: 12d901762e87a2bdab94853a927ea663309ade64880e1a4d4ac4e7c170083b1246e840077a5068d264e38d814790c3fea2c5f9631300dac4fdac684723e35d2f
+  metadata.gz: 7f3c8b442a563e8bc0650ec89f89be9c63b2578e811ef55d317689238a7fdbc44baaafb26797c62026a6f42f13a115e53c5849b0d4364ef081d2456829abf568
+  data.tar.gz: d1e1b94eefcccf653ee9986e29fce14b286b0e88d19d72ce79b67a24741a6a59d23eef490e781b89650873bde006b3a8faccfc29c90f5d97cb01327a52dea3b6

data/README.md

@@ -1,8 +1,8 @@
 # Ruby Client for the Confidential Computing V1 API
 
-API Client library for the Confidential Computing V1 API
+Attestation verifier for Confidential Space.
 
-google-cloud-confidential_computing-v1 is the official client library for the Confidential Computing V1 API.
+Attestation verifier for Confidential Space.
 
 https://github.com/googleapis/google-cloud-ruby
 

data/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb

@@ -136,7 +136,7 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
+              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                                        !@config.endpoint.split(".").first.include?("-")
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
@@ -272,7 +272,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil)
+            # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil)
             #   Pass arguments to `verify_attestation` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -287,6 +287,11 @@ module Google
             #   @param tpm_attestation [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash]
             #     Required. The TPM-specific data provided by the attesting platform, used to
             #     populate any of the claims regarding platform state.
+            #   @param confidential_space_info [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash]
+            #     Optional. Optional information related to the Confidential Space TEE.
+            #   @param token_options [::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash]
+            #     Optional. A collection of optional, workload-specified claims that modify
+            #     the token output.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse]
@@ -434,7 +439,9 @@ module Google
             class Configuration
               extend ::Gapic::Config
 
-              config_attr :endpoint,      "confidentialcomputing.googleapis.com", ::String
+              DEFAULT_ENDPOINT = "confidentialcomputing.googleapis.com"
+
+              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb

@@ -132,7 +132,7 @@ module Google
                 credentials = @config.credentials
                 # Use self-signed JWT if the endpoint is unchanged from default,
                 # but only if the default endpoint does not have a region prefix.
-                enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
+                enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                                          !@config.endpoint.split(".").first.include?("-")
                 credentials ||= Credentials.default scope: @config.scope,
                                                     enable_self_signed_jwt: enable_self_signed_jwt
@@ -241,7 +241,7 @@ module Google
               #   @param options [::Gapic::CallOptions, ::Hash]
               #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
               #
-              # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil)
+              # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil)
               #   Pass arguments to `verify_attestation` via keyword arguments. Note that at
               #   least one keyword argument is required. To specify no parameters, or to keep all
               #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -256,6 +256,11 @@ module Google
               #   @param tpm_attestation [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash]
               #     Required. The TPM-specific data provided by the attesting platform, used to
               #     populate any of the claims regarding platform state.
+              #   @param confidential_space_info [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash]
+              #     Optional. Optional information related to the Confidential Space TEE.
+              #   @param token_options [::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash]
+              #     Optional. A collection of optional, workload-specified claims that modify
+              #     the token output.
               # @yield [result, operation] Access the result along with the TransportOperation object
               # @yieldparam result [::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse]
               # @yieldparam operation [::Gapic::Rest::TransportOperation]
@@ -371,7 +376,9 @@ module Google
               class Configuration
                 extend ::Gapic::Config
 
-                config_attr :endpoint,      "confidentialcomputing.googleapis.com", ::String
+                DEFAULT_ENDPOINT = "confidentialcomputing.googleapis.com"
+
+                config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
                 config_attr :credentials,   nil do |value|
                   allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                   allowed.any? { |klass| klass === value }

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/service_stub.rb

@@ -59,7 +59,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_create_challenge_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end
@@ -97,7 +97,7 @@ module Google
 
                 verb, uri, query_string_params, body = ServiceStub.transcode_verify_attestation_request request_pb
                 query_string_params = if query_string_params.any?
-                                        query_string_params.to_h { |p| p.split("=", 2) }
+                                        query_string_params.to_h { |p| p.split "=", 2 }
                                       else
                                         {}
                                       end

data/lib/google/cloud/confidential_computing/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module ConfidentialComputing
       module V1
-        VERSION = "0.1.0"
+        VERSION = "0.3.0"
       end
     end
   end

data/lib/google/cloud/confidentialcomputing/v1/service_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/cloud/confidentialcomputing/v1/service.proto
 
@@ -9,44 +10,32 @@ require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("google/cloud/confidentialcomputing/v1/service.proto", :syntax => :proto3) do
-    add_message "google.cloud.confidentialcomputing.v1.Challenge" do
-      optional :name, :string, 1
-      optional :create_time, :message, 2, "google.protobuf.Timestamp"
-      optional :expire_time, :message, 3, "google.protobuf.Timestamp"
-      optional :used, :bool, 4
-      optional :tpm_nonce, :string, 6
-    end
-    add_message "google.cloud.confidentialcomputing.v1.CreateChallengeRequest" do
-      optional :parent, :string, 1
-      optional :challenge, :message, 2, "google.cloud.confidentialcomputing.v1.Challenge"
-    end
-    add_message "google.cloud.confidentialcomputing.v1.VerifyAttestationRequest" do
-      optional :challenge, :string, 1
-      optional :gcp_credentials, :message, 2, "google.cloud.confidentialcomputing.v1.GcpCredentials"
-      optional :tpm_attestation, :message, 3, "google.cloud.confidentialcomputing.v1.TpmAttestation"
-    end
-    add_message "google.cloud.confidentialcomputing.v1.VerifyAttestationResponse" do
-      optional :oidc_claims_token, :string, 2
-    end
-    add_message "google.cloud.confidentialcomputing.v1.GcpCredentials" do
-      repeated :service_account_id_tokens, :string, 2
-    end
-    add_message "google.cloud.confidentialcomputing.v1.TpmAttestation" do
-      repeated :quotes, :message, 1, "google.cloud.confidentialcomputing.v1.TpmAttestation.Quote"
-      optional :tcg_event_log, :bytes, 2
-      optional :canonical_event_log, :bytes, 3
-      optional :ak_cert, :bytes, 4
-      repeated :cert_chain, :bytes, 5
-    end
-    add_message "google.cloud.confidentialcomputing.v1.TpmAttestation.Quote" do
-      optional :hash_algo, :int32, 1
-      map :pcr_values, :int32, :bytes, 2
-      optional :raw_quote, :bytes, 3
-      optional :raw_signature, :bytes, 4
+
+descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\xc4\x03\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\";\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"9\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x02\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x02\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x02\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x02*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Google
@@ -58,8 +47,13 @@ module Google
         VerifyAttestationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationRequest").msgclass
         VerifyAttestationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationResponse").msgclass
         GcpCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.GcpCredentials").msgclass
+        TokenOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions").msgclass
         TpmAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation").msgclass
         TpmAttestation::Quote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation.Quote").msgclass
+        ConfidentialSpaceInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo").msgclass
+        SignedEntity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SignedEntity").msgclass
+        ContainerImageSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ContainerImageSignature").msgclass
+        SigningAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SigningAlgorithm").enummodule
       end
     end
   end

data/proto_docs/google/api/client.rb

@@ -83,7 +83,7 @@ module Google
     #     long-running operation pattern.
     # @!attribute [rw] new_issue_uri
     #   @return [::String]
-    #     Link to a place that API users can report issues.  Example:
+    #     Link to a *public* URI where users can report issues.  Example:
     #     https://issuetracker.google.com/issues/new?component=190865&template=1161103
     # @!attribute [rw] documentation_uri
     #   @return [::String]
@@ -353,6 +353,15 @@ module Google
 
       # Street View Org.
       STREET_VIEW = 4
+
+      # Shopping Org.
+      SHOPPING = 5
+
+      # Geo Org.
+      GEO = 6
+
+      # Generative AI - https://developers.generativeai.google
+      GENERATIVE_AI = 7
     end
 
     # To where should client libraries be published?

data/proto_docs/google/cloud/confidentialcomputing/v1/service.rb

@@ -73,6 +73,13 @@ module Google
         #   @return [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation]
         #     Required. The TPM-specific data provided by the attesting platform, used to
         #     populate any of the claims regarding platform state.
+        # @!attribute [rw] confidential_space_info
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo]
+        #     Optional. Optional information related to the Confidential Space TEE.
+        # @!attribute [rw] token_options
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions]
+        #     Optional. A collection of optional, workload-specified claims that modify
+        #     the token output.
         class VerifyAttestationRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -98,6 +105,21 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Options to modify claims in the token to generate custom-purpose tokens.
+        # @!attribute [rw] audience
+        #   @return [::String]
+        #     Optional. Optional string to issue the token with a custom audience claim.
+        #     Required if one or more nonces are specified.
+        # @!attribute [rw] nonce
+        #   @return [::Array<::String>]
+        #     Optional. Optional parameter to place one or more nonces in the eat_nonce
+        #     claim in the output token. The minimum size for JSON-encoded EATs is 10
+        #     bytes and the maximum size is 74 bytes.
+        class TokenOptions
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # TPM2 data containing everything necessary to validate any platform state
         # measured into the TPM.
         # @!attribute [rw] quotes
@@ -153,6 +175,70 @@ module Google
             end
           end
         end
+
+        # ConfidentialSpaceInfo contains information related to the Confidential Space
+        # TEE.
+        # @!attribute [rw] signed_entities
+        #   @return [::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity>]
+        #     Optional. A list of signed entities containing container image signatures
+        #     that can be used for server-side signature verification.
+        class ConfidentialSpaceInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # SignedEntity represents an OCI image object containing everything necessary
+        # to verify container image signatures.
+        # @!attribute [rw] container_image_signatures
+        #   @return [::Array<::Google::Cloud::ConfidentialComputing::V1::ContainerImageSignature>]
+        #     Optional. A list of container image signatures attached to an OCI image
+        #     object.
+        class SignedEntity
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # ContainerImageSignature holds necessary metadata to verify a container image
+        # signature.
+        # @!attribute [rw] payload
+        #   @return [::String]
+        #     Required. The binary signature payload following the SimpleSigning format
+        #     https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
+        #     This payload includes the container image digest.
+        # @!attribute [rw] signature
+        #   @return [::String]
+        #     Required. A signature over the payload.
+        #     The container image digest is incorporated into the signature as follows:
+        #     1. Generate a SimpleSigning format payload that includes the container
+        #     image digest.
+        #     2. Generate a signature over SHA256 digest of the payload.
+        #     The signature generation process can be represented as follows:
+        #     `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`
+        # @!attribute [rw] public_key
+        #   @return [::String]
+        #     Required. An associated public key used to verify the signature.
+        # @!attribute [rw] sig_alg
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::SigningAlgorithm]
+        #     Required. The algorithm used to produce the container image signature.
+        class ContainerImageSignature
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # SigningAlgorithm enumerates all the supported signing algorithms.
+        module SigningAlgorithm
+          # Unspecified signing algorithm.
+          SIGNING_ALGORITHM_UNSPECIFIED = 0
+
+          # RSASSA-PSS with a SHA256 digest.
+          RSASSA_PSS_SHA256 = 1
+
+          # RSASSA-PKCS1 v1.5 with a SHA256 digest.
+          RSASSA_PKCS1V15_SHA256 = 2
+
+          # ECDSA on the P-256 Curve with a SHA256 digest.
+          ECDSA_P256_SHA256 = 3
+        end
       end
     end
   end

data/proto_docs/google/protobuf/any.rb

@@ -43,8 +43,12 @@ module Google
     #     if (any.is(Foo.class)) {
     #       foo = any.unpack(Foo.class);
     #     }
+    #     // or ...
+    #     if (any.isSameTypeAs(Foo.getDefaultInstance())) {
+    #       foo = any.unpack(Foo.getDefaultInstance());
+    #     }
     #
-    # Example 3: Pack and unpack a message in Python.
+    #  Example 3: Pack and unpack a message in Python.
     #
     #     foo = Foo(...)
     #     any = Any()
@@ -54,7 +58,7 @@ module Google
     #       any.Unpack(foo)
     #       ...
     #
-    # Example 4: Pack and unpack a message in Go
+    #  Example 4: Pack and unpack a message in Go
     #
     #      foo := &pb.Foo{...}
     #      any, err := anypb.New(foo)
@@ -73,9 +77,8 @@ module Google
     # in the type URL, for example "foo.bar.com/x/y.z" will yield type
     # name "y.z".
     #
-    #
     # JSON
-    #
+    # ====
     # The JSON representation of an `Any` value uses the regular
     # representation of the deserialized, embedded message, with an
     # additional field `@type` which contains the type URL. Example:

data/proto_docs/google/protobuf/timestamp.rb

@@ -69,7 +69,6 @@ module Google
     #     Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
     #         .setNanos((int) ((millis % 1000) * 1000000)).build();
     #
-    #
     # Example 5: Compute Timestamp from Java `Instant.now()`.
     #
     #     Instant now = Instant.now();
@@ -78,7 +77,6 @@ module Google
     #         Timestamp.newBuilder().setSeconds(now.getEpochSecond())
     #             .setNanos(now.getNano()).build();
     #
-    #
     # Example 6: Compute Timestamp from current time in Python.
     #
     #     timestamp = Timestamp()
@@ -108,7 +106,7 @@ module Google
     # [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
     # the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
     # the Joda Time's [`ISODateTimeFormat.dateTime()`](
-    # http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+    # http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
     # ) to obtain a formatter capable of generating timestamps in this format.
     # @!attribute [rw] seconds
     #   @return [::Integer]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-confidential_computing-v1
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-27 00:00:00.000000000 Z
+date: 2023-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.18.0
+        version: 0.19.1
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.18.0
+        version: 0.19.1
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -176,8 +176,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-description: google-cloud-confidential_computing-v1 is the official client library
-  for the Confidential Computing V1 API. Note that google-cloud-confidential_computing-v1
+description: Attestation verifier for Confidential Space. Note that google-cloud-confidential_computing-v1
   is a version-specific client library. For most uses, we recommend installing the
   main client library google-cloud-confidential_computing instead. See the readme
   for more details.
@@ -235,5 +234,5 @@ requirements: []
 rubygems_version: 3.4.2
 signing_key: 
 specification_version: 4
-summary: API Client library for the Confidential Computing V1 API
+summary: Attestation verifier for Confidential Space.
 test_files: []