RubyGems - google-cloud-confidential_computing-v1 - Versions diffs - 0.5.0 → 0.7.0 - Mend

google-cloud-confidential_computing-v1 0.5.0 → 0.7.0

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a4f8f8b81c147efd184884c9bca9e21f796c37cfb1e2f65eaafb2fabb00daaf
-  data.tar.gz: 38282095114201c31f9bac4b3274b5762d2889f5c4d67c130af3a28edb64d43c
+  metadata.gz: e5dd175fb123143ffc07dc4eea9e6ac564d4986044c02408308b9c770c29429d
+  data.tar.gz: d4c87fa9f99092a02ee43908c788cf548f68c82120ad3718556f870beff02a91
 SHA512:
-  metadata.gz: f24dd557b74508cf500d6eccaba1a561f7be3febb44bc9e1bf180b81f72098eb22c29f44552bcc6d585dc340496cde1fd30bd39310fc02ca4f3c88a7fa3d28f8
-  data.tar.gz: 60a90a19ffb4b61b9444b3c53a7ae6871dabcbac745dafb67811f31a8d8c315423c5f324a8234a1b0afca33ad38920e192f759a81a97cdbd55f2ad67ac0279a9
+  metadata.gz: 91461f345056468b7d1337459e90b8c99fdc9e2e39fa98c2d873107b7d96048199b4c7484803834bb0cc6fd7d9b528ff4ee1cc932a3477c8bff4e7446582d09e
+  data.tar.gz: ffabb48ab288c0e3a8ceaf23d194154c547d251fbcd6e23f069e988995bd3f98ba9935ac3da947ac19ee3ed372a03c7cff450a855ae1a793a8662a64559dde40

data/AUTHENTICATION.md CHANGED Viewed

@@ -1,149 +1,122 @@
 # Authentication
-In general, the google-cloud-confidential_computing-v1 library uses
-[Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
-credentials to connect to Google Cloud services. When running within
-[Google Cloud Platform environments](#google-cloud-platform-environments) the
-credentials will be discovered automatically. When running on other
-environments, the Service Account credentials can be specified by providing the
-path to the
-[JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
-for the account (or the JSON itself) in
-[environment variables](#environment-variables). Additionally, Cloud SDK
-credentials can also be discovered automatically, but this is only recommended
-during development.
+The recommended way to authenticate to the google-cloud-confidential_computing-v1 library is to use
+[Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
+To review all of your authentication options, see [Credentials lookup](#credential-lookup).
 ## Quickstart
-1. [Create a service account and credentials](#creating-a-service-account).
-2. Set the [environment variable](#environment-variables).
+The following example shows how to set up authentication for a local development
+environment with your user credentials.
-```sh
-export GOOGLE_CLOUD_CREDENTIALS=path/to/keyfile.json
-```
-3. Initialize the client.
+**NOTE:** This method is _not_ recommended for running in production. User credentials
+should be used only during development.
-```ruby
-require "google/cloud/confidential_computing/v1"
+1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
+2. Set up a local ADC file with your user credentials:
-client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new
+```sh
+gcloud auth application-default login
 ```
-## Credential Lookup
-The google-cloud-confidential_computing-v1 library aims to make authentication
-as simple as possible, and provides several mechanisms to configure your system
-without requiring **Service Account Credentials** directly in code.
-**Credentials** are discovered in the following order:
-1. Specify credentials in method arguments
-2. Specify credentials in configuration
-3. Discover credentials path in environment variables
-4. Discover credentials JSON in environment variables
-5. Discover credentials file in the Cloud SDK's path
-6. Discover GCP credentials
-### Google Cloud Platform environments
+3. Write code as if already authenticated.
-When running on Google Cloud Platform (GCP), including Google Compute Engine
-(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
-Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
-Code should be written as if already authenticated.
+For more information about setting up authentication for a local development environment, see
+[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
-### Environment Variables
+## Credential Lookup
-The **Credentials JSON** can be placed in environment variables instead of
-declaring them directly in code. Each service has its own environment variable,
-allowing for different service accounts to be used for different services. (See
-the READMEs for the individual service gems for details.) The path to the
-**Credentials JSON** file can be stored in the environment variable, or the
-**Credentials JSON** itself can be stored for environments such as Docker
-containers where writing files is difficult or not encouraged.
+The google-cloud-confidential_computing-v1 library provides several mechanisms to configure your system.
+Generally, using Application Default Credentials to facilitate automatic
+credentials discovery is the easist method. But if you need to explicitly specify
+credentials, there are several methods available to you.
-The environment variables that google-cloud-confidential_computing-v1
-checks for credentials are configured on the service Credentials class (such as
-{::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Credentials}):
+Credentials are accepted in the following ways, in the following order or precedence:
-* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
-* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
-* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
+1. Credentials specified in method arguments
+2. Credentials specified in configuration
+3. Credentials pointed to or included in environment variables
+4. Credentials found in local ADC file
+5. Credentials returned by the metadata server for the attached service account (GCP)
-```ruby
-require "google/cloud/confidential_computing/v1"
-ENV["GOOGLE_CLOUD_CREDENTIALS"] = "path/to/keyfile.json"
+### Configuration
-client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new
-```
+You can configure a path to a JSON credentials file, either for an individual client object or
+globally, for all client objects. The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
-### Configuration
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
-The path to the **Credentials JSON** file can be configured instead of storing
-it in an environment variable. Either on an individual client initialization:
+To configure a credentials file for an individual client initialization:
 ```ruby
 require "google/cloud/confidential_computing/v1"
 client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 ```
-Or globally for all clients:
+To configure a credentials file globally for all clients:
 ```ruby
 require "google/cloud/confidential_computing/v1"
 ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.configure do |config|
-  config.credentials = "path/to/keyfile.json"
+  config.credentials = "path/to/credentialfile.json"
 end
 client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new
 ```
-### Cloud SDK
+### Environment Variables
-This option allows for an easy way to authenticate during development. If
-credentials are not provided in code or in environment variables, then Cloud SDK
-credentials are discovered.
+You can also use an environment variable to provide a JSON credentials file.
+The environment variable can contain a path to the credentials file or, for
+environments such as Docker containers where writing files is not encouraged,
+you can include the credentials file itself.
-To configure your system for this, simply:
+The JSON file can contain credentials created for
+[workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
+[workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
+[service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
-1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
-2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
-3. Write code as if already authenticated.
+Note: Service account keys are a security risk if not managed correctly. You should
+[choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
+whenever possible.
+The environment variables that google-cloud-confidential_computing-v1
+checks for credentials are:
-**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
-*should* only be used during development.
+* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
+* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
-## Creating a Service Account
+```ruby
+require "google/cloud/confidential_computing/v1"
-Google Cloud requires **Service Account Credentials** to
-connect to the APIs. You will use the **JSON key file** to
-connect to most services with google-cloud-confidential_computing-v1.
+ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
-If you are not running this client within
-[Google Cloud Platform environments](#google-cloud-platform-environments), you
-need a Google Developers service account.
+client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new
+```
-1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
-2. Create a new project or click on an existing project.
-3. Activate the menu in the upper left and select **APIs & Services**. From
-   here, you will enable the APIs that your application requires.
+### Local ADC file
-   *Note: You may need to enable billing in order to use these services.*
+You can set up a local ADC file with your user credentials for authentication during
+development. If credentials are not provided in code or in environment variables,
+then the local ADC credentials are discovered.
-4. Select **Credentials** from the side navigation.
+Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
-   Find the "Create credentials" drop down near the top of the page, and select
-   "Service account" to be guided through downloading a new JSON key file.
+### Google Cloud Platform environments
-   If you want to re-use an existing service account, you can easily generate a
-   new key file. Just select the account you wish to re-use, click the pencil
-   tool on the right side to edit the service account, select the **Keys** tab,
-   and then select **Add Key**.
+When running on Google Cloud Platform (GCP), including Google Compute Engine
+(GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
+Functions (GCF) and Cloud Run, credentials are retrieved from the attached
+service account automatically. Code should be written as if already authenticated.
-   The key file you download will be used by this library to authenticate API
-   requests and should be stored in a secure location.
+For more information, see
+[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).

data/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb CHANGED Viewed

@@ -31,6 +31,9 @@ module Google
           # Service describing handlers for resources
           #
           class Client
+            # @private
+            DEFAULT_ENDPOINT_TEMPLATE = "confidentialcomputing.$UNIVERSE_DOMAIN$"
             include Paths
             # @private
@@ -103,6 +106,15 @@ module Google
               @config
             end
+            ##
+            # The effective universe domain
+            #
+            # @return [String]
+            #
+            def universe_domain
+              @confidential_computing_stub.universe_domain
+            end
             ##
             # Create a new ConfidentialComputing client object.
             #
@@ -136,8 +148,9 @@ module Google
               credentials = @config.credentials
               # Use self-signed JWT if the endpoint is unchanged from default,
               # but only if the default endpoint does not have a region prefix.
-              enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                       !@config.endpoint.split(".").first.include?("-")
+              enable_self_signed_jwt = @config.endpoint.nil? ||
+                                       (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                       !@config.endpoint.split(".").first.include?("-"))
               credentials ||= Credentials.default scope: @config.scope,
                                                   enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -150,12 +163,15 @@ module Google
                 config.credentials = credentials
                 config.quota_project = @quota_project_id
                 config.endpoint = @config.endpoint
+                config.universe_domain = @config.universe_domain
               end
               @confidential_computing_stub = ::Gapic::ServiceStub.new(
                 ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Stub,
-                credentials:  credentials,
-                endpoint:     @config.endpoint,
+                credentials: credentials,
+                endpoint: @config.endpoint,
+                endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
                 channel_pool_config: @config.channel_pool
@@ -388,9 +404,9 @@ module Google
             #   end
             #
             # @!attribute [rw] endpoint
-            #   The hostname or hostname:port of the service endpoint.
-            #   Defaults to `"confidentialcomputing.googleapis.com"`.
-            #   @return [::String]
+            #   A custom service endpoint, as a hostname or hostname:port. The default is
+            #   nil, indicating to use the default endpoint in the current universe domain.
+            #   @return [::String,nil]
             # @!attribute [rw] credentials
             #   Credentials to send with calls. You may provide any of the following types:
             #    *  (`String`) The path to a service account key file in JSON format
@@ -436,13 +452,20 @@ module Google
             # @!attribute [rw] quota_project
             #   A separate project against which to charge quota.
             #   @return [::String]
+            # @!attribute [rw] universe_domain
+            #   The universe domain within which to make requests. This determines the
+            #   default endpoint URL. The default value of nil uses the environment
+            #   universe (usually the default "googleapis.com" universe).
+            #   @return [::String,nil]
             #
             class Configuration
               extend ::Gapic::Config
+              # @private
+              # The endpoint specific to the default "googleapis.com" universe. Deprecated.
               DEFAULT_ENDPOINT = "confidentialcomputing.googleapis.com"
-              config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+              config_attr :endpoint,      nil, ::String, nil
               config_attr :credentials,   nil do |value|
                 allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
@@ -457,6 +480,7 @@ module Google
               config_attr :metadata,      nil, ::Hash, nil
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
+              config_attr :universe_domain, nil, ::String, nil
               # @private
               def initialize parent_config = nil

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb CHANGED Viewed

@@ -33,6 +33,9 @@ module Google
             # Service describing handlers for resources
             #
             class Client
+              # @private
+              DEFAULT_ENDPOINT_TEMPLATE = "confidentialcomputing.$UNIVERSE_DOMAIN$"
               include Paths
               # @private
@@ -105,6 +108,15 @@ module Google
                 @config
               end
+              ##
+              # The effective universe domain
+              #
+              # @return [String]
+              #
+              def universe_domain
+                @confidential_computing_stub.universe_domain
+              end
               ##
               # Create a new ConfidentialComputing REST client object.
               #
@@ -132,8 +144,9 @@ module Google
                 credentials = @config.credentials
                 # Use self-signed JWT if the endpoint is unchanged from default,
                 # but only if the default endpoint does not have a region prefix.
-                enable_self_signed_jwt = @config.endpoint == Configuration::DEFAULT_ENDPOINT &&
-                                         !@config.endpoint.split(".").first.include?("-")
+                enable_self_signed_jwt = @config.endpoint.nil? ||
+                                         (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
+                                         !@config.endpoint.split(".").first.include?("-"))
                 credentials ||= Credentials.default scope: @config.scope,
                                                     enable_self_signed_jwt: enable_self_signed_jwt
                 if credentials.is_a?(::String) || credentials.is_a?(::Hash)
@@ -147,10 +160,16 @@ module Google
                   config.credentials = credentials
                   config.quota_project = @quota_project_id
                   config.endpoint = @config.endpoint
+                  config.universe_domain = @config.universe_domain
                   config.bindings_override = @config.bindings_override
                 end
-                @confidential_computing_stub = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::ServiceStub.new endpoint: @config.endpoint, credentials: credentials
+                @confidential_computing_stub = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::ServiceStub.new(
+                  endpoint: @config.endpoint,
+                  endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
+                  universe_domain: @config.universe_domain,
+                  credentials: credentials
+                )
               end
               ##
@@ -365,9 +384,9 @@ module Google
               #   end
               #
               # @!attribute [rw] endpoint
-              #   The hostname or hostname:port of the service endpoint.
-              #   Defaults to `"confidentialcomputing.googleapis.com"`.
-              #   @return [::String]
+              #   A custom service endpoint, as a hostname or hostname:port. The default is
+              #   nil, indicating to use the default endpoint in the current universe domain.
+              #   @return [::String,nil]
               # @!attribute [rw] credentials
               #   Credentials to send with calls. You may provide any of the following types:
               #    *  (`String`) The path to a service account key file in JSON format
@@ -404,13 +423,20 @@ module Google
               # @!attribute [rw] quota_project
               #   A separate project against which to charge quota.
               #   @return [::String]
+              # @!attribute [rw] universe_domain
+              #   The universe domain within which to make requests. This determines the
+              #   default endpoint URL. The default value of nil uses the environment
+              #   universe (usually the default "googleapis.com" universe).
+              #   @return [::String,nil]
               #
               class Configuration
                 extend ::Gapic::Config
+                # @private
+                # The endpoint specific to the default "googleapis.com" universe. Deprecated.
                 DEFAULT_ENDPOINT = "confidentialcomputing.googleapis.com"
-                config_attr :endpoint,      DEFAULT_ENDPOINT, ::String
+                config_attr :endpoint,      nil, ::String, nil
                 config_attr :credentials,   nil do |value|
                   allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                   allowed.any? { |klass| klass === value }
@@ -422,6 +448,7 @@ module Google
                 config_attr :metadata,      nil, ::Hash, nil
                 config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
                 config_attr :quota_project, nil, ::String, nil
+                config_attr :universe_domain, nil, ::String, nil
                 # @private
                 # Overrides for http bindings for the RPCs of this service

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/service_stub.rb CHANGED Viewed

@@ -30,16 +30,28 @@ module Google
             # including transcoding, making the REST call, and deserialing the response.
             #
             class ServiceStub
-              def initialize endpoint:, credentials:
+              def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
                 # These require statements are intentionally placed here to initialize
                 # the REST modules only when it's required.
                 require "gapic/rest"
-                @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint, credentials: credentials,
+                @client_stub = ::Gapic::Rest::ClientStub.new endpoint: endpoint,
+                                                             endpoint_template: endpoint_template,
+                                                             universe_domain: universe_domain,
+                                                             credentials: credentials,
                                                              numeric_enums: true,
                                                              raise_faraday_errors: false
               end
+              ##
+              # The effective universe domain
+              #
+              # @return [String]
+              #
+              def universe_domain
+                @client_stub.universe_domain
+              end
               ##
               # Baseline implementation for the create_challenge REST call
               #

data/lib/google/cloud/confidential_computing/v1/version.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module ConfidentialComputing
       module V1
-        VERSION = "0.5.0"
+        VERSION = "0.7.0"
       end
     end
   end

data/lib/google/cloud/confidentialcomputing/v1/service_pb.rb CHANGED Viewed

@@ -12,7 +12,7 @@ require 'google/protobuf/timestamp_pb'
 require 'google/rpc/status_pb'
-descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\xc4\x03\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"9\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
+descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\xc4\x03\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\x84\x01\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12I\n\ntoken_type\x18\x03 \x01(\x0e\x32\x30.google.cloud.confidentialcomputing.v1.TokenTypeB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03*<\n\tTokenType\x12\x1a\n\x16TOKEN_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fTOKEN_TYPE_OIDC\x10\x01\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\xda\x41\x10parent,challenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
 pool = Google::Protobuf::DescriptorPool.generated_pool
@@ -56,6 +56,7 @@ module Google
         SignedEntity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SignedEntity").msgclass
         ContainerImageSignature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ContainerImageSignature").msgclass
         SigningAlgorithm = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SigningAlgorithm").enummodule
+        TokenType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenType").enummodule
       end
     end
   end

data/proto_docs/google/api/client.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module Google
   module Api
     # Required information for every language.
     # @!attribute [rw] reference_docs_uri
+    #   @deprecated This field is deprecated and may be removed in the next major version update.
     #   @return [::String]
     #     Link to automatically generated reference documentation.  Example:
     #     https://cloud.google.com/nodejs/docs/reference/asset/latest
@@ -304,6 +305,19 @@ module Google
     #                seconds: 360 # 6 minutes
     #              total_poll_timeout:
     #                 seconds: 54000 # 90 minutes
+    # @!attribute [rw] auto_populated_fields
+    #   @return [::Array<::String>]
+    #     List of top-level fields of the request message, that should be
+    #     automatically populated by the client libraries based on their
+    #     (google.api.field_info).format. Currently supported format: UUID4.
+    #
+    #     Example of a YAML configuration:
+    #
+    #      publishing:
+    #        method_settings:
+    #          - selector: google.example.v1.ExampleService.CreateExample
+    #            auto_populated_fields:
+    #            - request_id
     class MethodSettings
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/confidentialcomputing/v1/service.rb CHANGED Viewed

@@ -119,6 +119,9 @@ module Google
         #     Optional. Optional parameter to place one or more nonces in the eat_nonce
         #     claim in the output token. The minimum size for JSON-encoded EATs is 10
         #     bytes and the maximum size is 74 bytes.
+        # @!attribute [rw] token_type
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenType]
+        #     Optional. Optional token type to select what type of token to return.
         class TokenOptions
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -243,6 +246,16 @@ module Google
           # ECDSA on the P-256 Curve with a SHA256 digest.
           ECDSA_P256_SHA256 = 3
         end
+        # Token type enum contains the different types of token responses Confidential
+        # Space supports
+        module TokenType
+          # Unspecified token type
+          TOKEN_TYPE_UNSPECIFIED = 0
+          # OpenID Connect (OIDC) token type
+          TOKEN_TYPE_OIDC = 1
+        end
       end
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-confidential_computing-v1
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Google LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-12 00:00:00.000000000 Z
+date: 2024-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.20.0
+        version: 0.21.1
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.20.0
+        version: 0.21.1
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -50,7 +50,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.7'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -60,7 +60,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.7'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -232,7 +232,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Attestation verifier for Confidential Space.