google-cloud-confidential_computing-v1 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '099e694a67a273aae8f4493f8d94ea558fe51daa076f857372895343a5bfeac4'
-  data.tar.gz: 95807c707e30f8436ee1a16142fc5f7a1c5b7990301af7dcb239d32f6137e2e3
+  metadata.gz: 0e6ccf10c1eca851e8e19e98e9820ddccfb0e8344ac00652ac68cff23c2617f3
+  data.tar.gz: 8726f8435bb2041cafa6f6e2d5840709845b68a176ae082e7a15d7b8c88ce9c1
 SHA512:
-  metadata.gz: 898524162abf67fc03f56c6c1c72423ab48fba62fc1235b652f9c498ac7f3d0a0ee34a82e5162962ed3b80c5c6e98e93b96fbecebb6b7fa215edf2628189d0de
-  data.tar.gz: 850f8a951a7bc1e02152776602d65575377266bcf02a817cd4f2f237786a051edc3cb20ea397a9d2eb45adae46b11923a64eb883f23aed906a8b4aa96df7f5ff
+  metadata.gz: 60469fa21e678180baf43e96c7ef911fb059bbea91fcf541b0ccae97209f24cd7c6f56e64002c41213f8b9b2171f6050b6a207c801497a32641d4e0548670d92
+  data.tar.gz: 4076a6885fe1f9d22d11535578599bf7daf8d311d3357171457c635e115515050cc1888b6789a5ddd2f9653c5356cf0b56d27dc8a44dc9c448aae71fd128625d

data/README.md

@@ -1,8 +1,8 @@
 # Ruby Client for the Confidential Computing V1 API
 
-API Client library for the Confidential Computing V1 API
+Attestation verifier for Confidential Space.
 
-google-cloud-confidential_computing-v1 is the official client library for the Confidential Computing V1 API.
+Attestation verifier for Confidential Space.
 
 https://github.com/googleapis/google-cloud-ruby
 

data/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb

@@ -272,7 +272,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil)
+            # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil)
             #   Pass arguments to `verify_attestation` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -287,6 +287,11 @@ module Google
             #   @param tpm_attestation [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash]
             #     Required. The TPM-specific data provided by the attesting platform, used to
             #     populate any of the claims regarding platform state.
+            #   @param confidential_space_info [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash]
+            #     Optional. Optional information related to the Confidential Space TEE.
+            #   @param token_options [::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash]
+            #     Optional. A collection of optional, workload-specified claims that modify
+            #     the token output.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse]

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb

@@ -241,7 +241,7 @@ module Google
               #   @param options [::Gapic::CallOptions, ::Hash]
               #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
               #
-              # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil)
+              # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil)
               #   Pass arguments to `verify_attestation` via keyword arguments. Note that at
               #   least one keyword argument is required. To specify no parameters, or to keep all
               #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -256,6 +256,11 @@ module Google
               #   @param tpm_attestation [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash]
               #     Required. The TPM-specific data provided by the attesting platform, used to
               #     populate any of the claims regarding platform state.
+              #   @param confidential_space_info [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash]
+              #     Optional. Optional information related to the Confidential Space TEE.
+              #   @param token_options [::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash]
+              #     Optional. A collection of optional, workload-specified claims that modify
+              #     the token output.
               # @yield [result, operation] Access the result along with the TransportOperation object
               # @yieldparam result [::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse]
               # @yieldparam operation [::Gapic::Rest::TransportOperation]

data/lib/google/cloud/confidential_computing/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module ConfidentialComputing
       module V1
-        VERSION = "0.2.0"
+        VERSION = "0.4.0"
       end
     end
   end

data/lib/google/cloud/confidentialcomputing/v1/service_pb.rb

@@ -9,9 +9,10 @@ require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/rpc/status_pb'
 
 
-descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x8f\x02\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\";\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
+descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\xc4\x03\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"9\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
 
 pool = Google::Protobuf::DescriptorPool.generated_pool
 
@@ -27,6 +28,7 @@ rescue TypeError => e
   warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
   imports = [
     ["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
+    ["google.rpc.Status", "google/rpc/status.proto"],
   ]
   imports.each do |type_name, expected_filename|
     import_file = pool.lookup(type_name).file_descriptor
@@ -47,8 +49,13 @@ module Google
         VerifyAttestationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationRequest").msgclass
         VerifyAttestationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationResponse").msgclass
         GcpCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.GcpCredentials").msgclass
+        TokenOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions").msgclass
         TpmAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation").msgclass
         TpmAttestation::Quote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation.Quote").msgclass
+        ConfidentialSpaceInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo").msgclass
+        SignedEntity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SignedEntity").msgclass
+        ContainerImageSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ContainerImageSignature").msgclass
+        SigningAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SigningAlgorithm").enummodule
       end
     end
   end

data/proto_docs/google/cloud/confidentialcomputing/v1/service.rb

@@ -73,6 +73,13 @@ module Google
         #   @return [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation]
         #     Required. The TPM-specific data provided by the attesting platform, used to
         #     populate any of the claims regarding platform state.
+        # @!attribute [rw] confidential_space_info
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo]
+        #     Optional. Optional information related to the Confidential Space TEE.
+        # @!attribute [rw] token_options
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions]
+        #     Optional. A collection of optional, workload-specified claims that modify
+        #     the token output.
         class VerifyAttestationRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -83,6 +90,10 @@ module Google
         # @!attribute [r] oidc_claims_token
         #   @return [::String]
         #     Output only. Same as claims_token, but as a string.
+        # @!attribute [r] partial_errors
+        #   @return [::Array<::Google::Rpc::Status>]
+        #     Output only. A list of messages that carry the partial error details
+        #     related to VerifyAttestation.
         class VerifyAttestationResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -98,6 +109,21 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Options to modify claims in the token to generate custom-purpose tokens.
+        # @!attribute [rw] audience
+        #   @return [::String]
+        #     Optional. Optional string to issue the token with a custom audience claim.
+        #     Required if one or more nonces are specified.
+        # @!attribute [rw] nonce
+        #   @return [::Array<::String>]
+        #     Optional. Optional parameter to place one or more nonces in the eat_nonce
+        #     claim in the output token. The minimum size for JSON-encoded EATs is 10
+        #     bytes and the maximum size is 74 bytes.
+        class TokenOptions
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # TPM2 data containing everything necessary to validate any platform state
         # measured into the TPM.
         # @!attribute [rw] quotes
@@ -153,6 +179,70 @@ module Google
             end
           end
         end
+
+        # ConfidentialSpaceInfo contains information related to the Confidential Space
+        # TEE.
+        # @!attribute [rw] signed_entities
+        #   @return [::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity>]
+        #     Optional. A list of signed entities containing container image signatures
+        #     that can be used for server-side signature verification.
+        class ConfidentialSpaceInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # SignedEntity represents an OCI image object containing everything necessary
+        # to verify container image signatures.
+        # @!attribute [rw] container_image_signatures
+        #   @return [::Array<::Google::Cloud::ConfidentialComputing::V1::ContainerImageSignature>]
+        #     Optional. A list of container image signatures attached to an OCI image
+        #     object.
+        class SignedEntity
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # ContainerImageSignature holds necessary metadata to verify a container image
+        # signature.
+        # @!attribute [rw] payload
+        #   @return [::String]
+        #     Optional. The binary signature payload following the SimpleSigning format
+        #     https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
+        #     This payload includes the container image digest.
+        # @!attribute [rw] signature
+        #   @return [::String]
+        #     Optional. A signature over the payload.
+        #     The container image digest is incorporated into the signature as follows:
+        #     1. Generate a SimpleSigning format payload that includes the container
+        #     image digest.
+        #     2. Generate a signature over SHA256 digest of the payload.
+        #     The signature generation process can be represented as follows:
+        #     `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`
+        # @!attribute [rw] public_key
+        #   @return [::String]
+        #     Optional. Reserved for future use.
+        # @!attribute [rw] sig_alg
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::SigningAlgorithm]
+        #     Optional. Reserved for future use.
+        class ContainerImageSignature
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # SigningAlgorithm enumerates all the supported signing algorithms.
+        module SigningAlgorithm
+          # Unspecified signing algorithm.
+          SIGNING_ALGORITHM_UNSPECIFIED = 0
+
+          # RSASSA-PSS with a SHA256 digest.
+          RSASSA_PSS_SHA256 = 1
+
+          # RSASSA-PKCS1 v1.5 with a SHA256 digest.
+          RSASSA_PKCS1V15_SHA256 = 2
+
+          # ECDSA on the P-256 Curve with a SHA256 digest.
+          ECDSA_P256_SHA256 = 3
+        end
       end
     end
   end

data/proto_docs/google/rpc/status.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Rpc
+    # The `Status` type defines a logical error model that is suitable for
+    # different programming environments, including REST APIs and RPC APIs. It is
+    # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+    # three pieces of data: error code, error message, and error details.
+    #
+    # You can find out more about this error model and how to work with it in the
+    # [API Design Guide](https://cloud.google.com/apis/design/errors).
+    # @!attribute [rw] code
+    #   @return [::Integer]
+    #     The status code, which should be an enum value of
+    #     [google.rpc.Code][google.rpc.Code].
+    # @!attribute [rw] message
+    #   @return [::String]
+    #     A developer-facing error message, which should be in English. Any
+    #     user-facing error message should be localized and sent in the
+    #     {::Google::Rpc::Status#details google.rpc.Status.details} field, or localized
+    #     by the client.
+    # @!attribute [rw] details
+    #   @return [::Array<::Google::Protobuf::Any>]
+    #     A list of messages that carry the error details.  There is a common set of
+    #     message types for APIs to use.
+    class Status
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-confidential_computing-v1
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-06 00:00:00.000000000 Z
+date: 2023-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -176,8 +176,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-description: google-cloud-confidential_computing-v1 is the official client library
-  for the Confidential Computing V1 API. Note that google-cloud-confidential_computing-v1
+description: Attestation verifier for Confidential Space. Note that google-cloud-confidential_computing-v1
   is a version-specific client library. For most uses, we recommend installing the
   main client library google-cloud-confidential_computing instead. See the readme
   for more details.
@@ -213,6 +212,7 @@ files:
 - proto_docs/google/protobuf/any.rb
 - proto_docs/google/protobuf/duration.rb
 - proto_docs/google/protobuf/timestamp.rb
+- proto_docs/google/rpc/status.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
 licenses:
 - Apache-2.0
@@ -235,5 +235,5 @@ requirements: []
 rubygems_version: 3.4.2
 signing_key: 
 specification_version: 4
-summary: API Client library for the Confidential Computing V1 API
+summary: Attestation verifier for Confidential Space.
 test_files: []