RubyGems - google-cloud-confidential_computing-v1 - Versions diffs - 0.2.0 → 0.4.0 - Mend

google-cloud-confidential_computing-v1 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '099e694a67a273aae8f4493f8d94ea558fe51daa076f857372895343a5bfeac4'
-  data.tar.gz: 95807c707e30f8436ee1a16142fc5f7a1c5b7990301af7dcb239d32f6137e2e3
+  metadata.gz: 0e6ccf10c1eca851e8e19e98e9820ddccfb0e8344ac00652ac68cff23c2617f3
+  data.tar.gz: 8726f8435bb2041cafa6f6e2d5840709845b68a176ae082e7a15d7b8c88ce9c1
 SHA512:
-  metadata.gz: 898524162abf67fc03f56c6c1c72423ab48fba62fc1235b652f9c498ac7f3d0a0ee34a82e5162962ed3b80c5c6e98e93b96fbecebb6b7fa215edf2628189d0de
-  data.tar.gz: 850f8a951a7bc1e02152776602d65575377266bcf02a817cd4f2f237786a051edc3cb20ea397a9d2eb45adae46b11923a64eb883f23aed906a8b4aa96df7f5ff
+  metadata.gz: 60469fa21e678180baf43e96c7ef911fb059bbea91fcf541b0ccae97209f24cd7c6f56e64002c41213f8b9b2171f6050b6a207c801497a32641d4e0548670d92
+  data.tar.gz: 4076a6885fe1f9d22d11535578599bf7daf8d311d3357171457c635e115515050cc1888b6789a5ddd2f9653c5356cf0b56d27dc8a44dc9c448aae71fd128625d

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
 # Ruby Client for the Confidential Computing V1 API
-API Client library for the Confidential Computing V1 API
+Attestation verifier for Confidential Space.
-google-cloud-confidential_computing-v1 is the official client library for the Confidential Computing V1 API.
+Attestation verifier for Confidential Space.
 https://github.com/googleapis/google-cloud-ruby

data/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb CHANGED Viewed

@@ -272,7 +272,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil)
+            # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil)
             #   Pass arguments to `verify_attestation` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -287,6 +287,11 @@ module Google
             #   @param tpm_attestation [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash]
             #     Required. The TPM-specific data provided by the attesting platform, used to
             #     populate any of the claims regarding platform state.
+            #   @param confidential_space_info [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash]
+            #     Optional. Optional information related to the Confidential Space TEE.
+            #   @param token_options [::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash]
+            #     Optional. A collection of optional, workload-specified claims that modify
+            #     the token output.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse]

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb CHANGED Viewed

@@ -241,7 +241,7 @@ module Google
               #   @param options [::Gapic::CallOptions, ::Hash]
               #     Overrides the default settings for this call, e.g, timeout, retries etc. Optional.
               #
-              # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil)
+              # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil)
               #   Pass arguments to `verify_attestation` via keyword arguments. Note that at
               #   least one keyword argument is required. To specify no parameters, or to keep all
               #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -256,6 +256,11 @@ module Google
               #   @param tpm_attestation [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash]
               #     Required. The TPM-specific data provided by the attesting platform, used to
               #     populate any of the claims regarding platform state.
+              #   @param confidential_space_info [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash]
+              #     Optional. Optional information related to the Confidential Space TEE.
+              #   @param token_options [::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash]
+              #     Optional. A collection of optional, workload-specified claims that modify
+              #     the token output.
               # @yield [result, operation] Access the result along with the TransportOperation object
               # @yieldparam result [::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse]
               # @yieldparam operation [::Gapic::Rest::TransportOperation]

data/lib/google/cloud/confidential_computing/v1/version.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module ConfidentialComputing
       module V1
-        VERSION = "0.2.0"
+        VERSION = "0.4.0"
       end
     end
   end

data/lib/google/cloud/confidentialcomputing/v1/service_pb.rb CHANGED Viewed

@@ -9,9 +9,10 @@ require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
+require 'google/rpc/status_pb'
-descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x8f\x02\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\";\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
+descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\xc4\x03\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"9\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
 pool = Google::Protobuf::DescriptorPool.generated_pool
@@ -27,6 +28,7 @@ rescue TypeError => e
   warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
   imports = [
     ["google.protobuf.Timestamp", "google/protobuf/timestamp.proto"],
+    ["google.rpc.Status", "google/rpc/status.proto"],
   ]
   imports.each do |type_name, expected_filename|
     import_file = pool.lookup(type_name).file_descriptor
@@ -47,8 +49,13 @@ module Google
         VerifyAttestationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationRequest").msgclass
         VerifyAttestationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationResponse").msgclass
         GcpCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.GcpCredentials").msgclass
+        TokenOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions").msgclass
         TpmAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation").msgclass
         TpmAttestation::Quote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation.Quote").msgclass
+        ConfidentialSpaceInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo").msgclass
+        SignedEntity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SignedEntity").msgclass
+        ContainerImageSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ContainerImageSignature").msgclass
+        SigningAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SigningAlgorithm").enummodule
       end
     end
   end

data/proto_docs/google/cloud/confidentialcomputing/v1/service.rb CHANGED Viewed

@@ -73,6 +73,13 @@ module Google
         #   @return [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation]
         #     Required. The TPM-specific data provided by the attesting platform, used to
         #     populate any of the claims regarding platform state.
+        # @!attribute [rw] confidential_space_info
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo]
+        #     Optional. Optional information related to the Confidential Space TEE.
+        # @!attribute [rw] token_options
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions]
+        #     Optional. A collection of optional, workload-specified claims that modify
+        #     the token output.
         class VerifyAttestationRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -83,6 +90,10 @@ module Google
         # @!attribute [r] oidc_claims_token
         #   @return [::String]
         #     Output only. Same as claims_token, but as a string.
+        # @!attribute [r] partial_errors
+        #   @return [::Array<::Google::Rpc::Status>]
+        #     Output only. A list of messages that carry the partial error details
+        #     related to VerifyAttestation.
         class VerifyAttestationResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -98,6 +109,21 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
+        # Options to modify claims in the token to generate custom-purpose tokens.
+        # @!attribute [rw] audience
+        #   @return [::String]
+        #     Optional. Optional string to issue the token with a custom audience claim.
+        #     Required if one or more nonces are specified.
+        # @!attribute [rw] nonce
+        #   @return [::Array<::String>]
+        #     Optional. Optional parameter to place one or more nonces in the eat_nonce
+        #     claim in the output token. The minimum size for JSON-encoded EATs is 10
+        #     bytes and the maximum size is 74 bytes.
+        class TokenOptions
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
         # TPM2 data containing everything necessary to validate any platform state
         # measured into the TPM.
         # @!attribute [rw] quotes
@@ -153,6 +179,70 @@ module Google
             end
           end
         end
+        # ConfidentialSpaceInfo contains information related to the Confidential Space
+        # TEE.
+        # @!attribute [rw] signed_entities
+        #   @return [::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity>]
+        #     Optional. A list of signed entities containing container image signatures
+        #     that can be used for server-side signature verification.
+        class ConfidentialSpaceInfo
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+        # SignedEntity represents an OCI image object containing everything necessary
+        # to verify container image signatures.
+        # @!attribute [rw] container_image_signatures
+        #   @return [::Array<::Google::Cloud::ConfidentialComputing::V1::ContainerImageSignature>]
+        #     Optional. A list of container image signatures attached to an OCI image
+        #     object.
+        class SignedEntity
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+        # ContainerImageSignature holds necessary metadata to verify a container image
+        # signature.
+        # @!attribute [rw] payload
+        #   @return [::String]
+        #     Optional. The binary signature payload following the SimpleSigning format
+        #     https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#simple-signing.
+        #     This payload includes the container image digest.
+        # @!attribute [rw] signature
+        #   @return [::String]
+        #     Optional. A signature over the payload.
+        #     The container image digest is incorporated into the signature as follows:
+        #     1. Generate a SimpleSigning format payload that includes the container
+        #     image digest.
+        #     2. Generate a signature over SHA256 digest of the payload.
+        #     The signature generation process can be represented as follows:
+        #     `Sign(sha256(SimpleSigningPayload(sha256(Image Manifest))))`
+        # @!attribute [rw] public_key
+        #   @return [::String]
+        #     Optional. Reserved for future use.
+        # @!attribute [rw] sig_alg
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::SigningAlgorithm]
+        #     Optional. Reserved for future use.
+        class ContainerImageSignature
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+        # SigningAlgorithm enumerates all the supported signing algorithms.
+        module SigningAlgorithm
+          # Unspecified signing algorithm.
+          SIGNING_ALGORITHM_UNSPECIFIED = 0
+          # RSASSA-PSS with a SHA256 digest.
+          RSASSA_PSS_SHA256 = 1
+          # RSASSA-PKCS1 v1.5 with a SHA256 digest.
+          RSASSA_PKCS1V15_SHA256 = 2
+          # ECDSA on the P-256 Curve with a SHA256 digest.
+          ECDSA_P256_SHA256 = 3
+        end
       end
     end
   end

data/proto_docs/google/rpc/status.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+module Google
+  module Rpc
+    # The `Status` type defines a logical error model that is suitable for
+    # different programming environments, including REST APIs and RPC APIs. It is
+    # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+    # three pieces of data: error code, error message, and error details.
+    #
+    # You can find out more about this error model and how to work with it in the
+    # [API Design Guide](https://cloud.google.com/apis/design/errors).
+    # @!attribute [rw] code
+    #   @return [::Integer]
+    #     The status code, which should be an enum value of
+    #     [google.rpc.Code][google.rpc.Code].
+    # @!attribute [rw] message
+    #   @return [::String]
+    #     A developer-facing error message, which should be in English. Any
+    #     user-facing error message should be localized and sent in the
+    #     {::Google::Rpc::Status#details google.rpc.Status.details} field, or localized
+    #     by the client.
+    # @!attribute [rw] details
+    #   @return [::Array<::Google::Protobuf::Any>]
+    #     A list of messages that carry the error details.  There is a common set of
+    #     message types for APIs to use.
+    class Status
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-confidential_computing-v1
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Google LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-06 00:00:00.000000000 Z
+date: 2023-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -176,8 +176,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-description: google-cloud-confidential_computing-v1 is the official client library
-  for the Confidential Computing V1 API. Note that google-cloud-confidential_computing-v1
+description: Attestation verifier for Confidential Space. Note that google-cloud-confidential_computing-v1
   is a version-specific client library. For most uses, we recommend installing the
   main client library google-cloud-confidential_computing instead. See the readme
   for more details.
@@ -213,6 +212,7 @@ files:
 - proto_docs/google/protobuf/any.rb
 - proto_docs/google/protobuf/duration.rb
 - proto_docs/google/protobuf/timestamp.rb
+- proto_docs/google/rpc/status.rb
 homepage: https://github.com/googleapis/google-cloud-ruby
 licenses:
 - Apache-2.0
@@ -235,5 +235,5 @@ requirements: []
 rubygems_version: 3.4.2
 signing_key:
 specification_version: 4
-summary: API Client library for the Confidential Computing V1 API
+summary: Attestation verifier for Confidential Space.
 test_files: []