RubyGems - google-cloud-confidential_computing-v1 - Versions diffs - 1.1.2 → 1.3.0 - Mend

google-cloud-confidential_computing-v1 1.1.2 → 1.3.0

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 650d92e58713548a7b8fe753b83ec7ccabcdd25b6d2981a740d9f4aeb30834a8
-  data.tar.gz: ee514bf0a008c2ba8f061c76621491db6ee37b490009ca32d149e96514b9b468
+  metadata.gz: 10c6265b8e206f45908ac12f0c4c7ff7b0a7f8568f14a0b6fbf57f203bf215db
+  data.tar.gz: 26f1cfa9caa92136acfe17b78ce41867afcb1b1672df8f146f43536d6250bd2c
 SHA512:
-  metadata.gz: ec2abffcd70a8c95cdb143c2adff2678fb6249fe4d22731ff7a4ad679b1ac99466b07be32ffd8a1baba2519a1689cc2eacf4d5a12fedd99c6395f02ecbb34e2d
-  data.tar.gz: c8b84054de30c9c45d5e7e70ac76088152a460bc9b6b8527f487ef9ffa7099be7a52e7f7e740205bc29a715c2843296d8b6e5694d3a41b2aadbac96032d70b7a
+  metadata.gz: '02843fb6ca4a5122a0a37f90daf0e014a0556dc9d8918baad8bad121f9578e516996e13509432081706e595ede14fadcb10265d095da1af480bada327b05a7f9'
+  data.tar.gz: 0c4f00ac4d253003099cfe5c75e3b58f2f24ab0dc85870903b49e6eebf6571739b028a0753972c9d1e5ec7e703e45a3f90fc2cec84fb4dd1ec47316917e0a78b

data/README.md CHANGED Viewed

@@ -42,33 +42,43 @@ for class and method documentation.
 See also the [Product Documentation](https://cloud.google.com/confidential-computing)
 for general usage information.
-## Enabling Logging
-To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
-The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
-or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
-that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
-and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
-Configuring a Ruby stdlib logger:
+## Debug Logging
+This library comes with opt-in Debug Logging that can help you troubleshoot
+your application's integration with the API. When logging is activated, key
+events such as requests and responses, along with data payloads and metadata
+such as headers and client configuration, are logged to the standard error
+stream.
+**WARNING:** Client Library Debug Logging includes your data payloads in
+plaintext, which could include sensitive data such as PII for yourself or your
+customers, private keys, or other security data that could be compromising if
+leaked. Always practice good data hygiene with your application logs, and follow
+the principle of least access. Google also recommends that Client Library Debug
+Logging be enabled only temporarily during active debugging, and not used
+permanently in production.
+To enable logging, set the environment variable `GOOGLE_SDK_RUBY_LOGGING_GEMS`
+to the value `all`. Alternatively, you can set the value to a comma-delimited
+list of client library gem names. This will select the default logging behavior,
+which writes logs to the standard error stream. On a local workstation, this may
+result in logs appearing on the console. When running on a Google Cloud hosting
+service such as [Google Cloud Run](https://cloud.google.com/run), this generally
+results in logs appearing alongside your application logs in the
+[Google Cloud Logging](https://cloud.google.com/logging/) service.
+You can customize logging by modifying the `logger` configuration when
+constructing a client object. For example:
 ```ruby
+require "google/cloud/confidential_computing/v1"
 require "logger"
-module MyLogger
-  LOGGER = Logger.new $stderr, level: Logger::WARN
-  def logger
-    LOGGER
-  end
-end
-# Define a gRPC module-level logger method before grpc/logconfig.rb loads.
-module GRPC
-  extend MyLogger
+client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new do |config|
+  config.logger = Logger.new "my-app.log"
 end
 ```
 ## Google Cloud Samples
 To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).

data/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb CHANGED Viewed

@@ -170,14 +170,26 @@ module Google
                 universe_domain: @config.universe_domain,
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors,
-                channel_pool_config: @config.channel_pool
+                channel_pool_config: @config.channel_pool,
+                logger: @config.logger
               )
+              @confidential_computing_stub.stub_logger&.info do |entry|
+                entry.set_system_name
+                entry.set_service
+                entry.message = "Created client for #{entry.service}"
+                entry.set_credentials_fields credentials
+                entry.set "customEndpoint", @config.endpoint if @config.endpoint
+                entry.set "defaultTimeout", @config.timeout if @config.timeout
+                entry.set "quotaProject", @quota_project_id if @quota_project_id
+              end
               @location_client = Google::Cloud::Location::Locations::Client.new do |config|
                 config.credentials = credentials
                 config.quota_project = @quota_project_id
                 config.endpoint = @confidential_computing_stub.endpoint
                 config.universe_domain = @confidential_computing_stub.universe_domain
+                config.logger = @confidential_computing_stub.logger if config.respond_to? :logger=
               end
             end
@@ -188,6 +200,15 @@ module Google
             #
             attr_reader :location_client
+            ##
+            # The logger used for request/response debug logging.
+            #
+            # @return [Logger]
+            #
+            def logger
+              @confidential_computing_stub.logger
+            end
             # Service calls
             ##
@@ -274,7 +295,6 @@ module Google
               @confidential_computing_stub.call_rpc :create_challenge, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -377,7 +397,6 @@ module Google
               @confidential_computing_stub.call_rpc :verify_attestation, request, options: options do |response, operation|
                 yield response, operation if block_given?
-                return response
               end
             rescue ::GRPC::BadStatus => e
               raise ::Google::Cloud::Error.from_error(e)
@@ -466,6 +485,11 @@ module Google
             #   default endpoint URL. The default value of nil uses the environment
             #   universe (usually the default "googleapis.com" universe).
             #   @return [::String,nil]
+            # @!attribute [rw] logger
+            #   A custom logger to use for request/response debug logging, or the value
+            #   `:default` (the default) to construct a default logger, or `nil` to
+            #   explicitly disable logging.
+            #   @return [::Logger,:default,nil]
             #
             class Configuration
               extend ::Gapic::Config
@@ -490,6 +514,7 @@ module Google
               config_attr :retry_policy,  nil, ::Hash, ::Proc, nil
               config_attr :quota_project, nil, ::String, nil
               config_attr :universe_domain, nil, ::String, nil
+              config_attr :logger, :default, ::Logger, nil, :default
               # @private
               def initialize parent_config = nil

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb CHANGED Viewed

@@ -163,15 +163,27 @@ module Google
                   endpoint: @config.endpoint,
                   endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
                   universe_domain: @config.universe_domain,
-                  credentials: credentials
+                  credentials: credentials,
+                  logger: @config.logger
                 )
+                @confidential_computing_stub.logger(stub: true)&.info do |entry|
+                  entry.set_system_name
+                  entry.set_service
+                  entry.message = "Created client for #{entry.service}"
+                  entry.set_credentials_fields credentials
+                  entry.set "customEndpoint", @config.endpoint if @config.endpoint
+                  entry.set "defaultTimeout", @config.timeout if @config.timeout
+                  entry.set "quotaProject", @quota_project_id if @quota_project_id
+                end
                 @location_client = Google::Cloud::Location::Locations::Rest::Client.new do |config|
                   config.credentials = credentials
                   config.quota_project = @quota_project_id
                   config.endpoint = @confidential_computing_stub.endpoint
                   config.universe_domain = @confidential_computing_stub.universe_domain
                   config.bindings_override = @config.bindings_override
+                  config.logger = @confidential_computing_stub.logger if config.respond_to? :logger=
                 end
               end
@@ -182,6 +194,15 @@ module Google
               #
               attr_reader :location_client
+              ##
+              # The logger used for request/response debug logging.
+              #
+              # @return [Logger]
+              #
+              def logger
+                @confidential_computing_stub.logger
+              end
               # Service calls
               ##
@@ -261,7 +282,6 @@ module Google
                 @confidential_computing_stub.create_challenge request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -357,7 +377,6 @@ module Google
                 @confidential_computing_stub.verify_attestation request, options do |result, operation|
                   yield result, operation if block_given?
-                  return result
                 end
               rescue ::Gapic::Rest::Error => e
                 raise ::Google::Cloud::Error.from_error(e)
@@ -437,6 +456,11 @@ module Google
               #   default endpoint URL. The default value of nil uses the environment
               #   universe (usually the default "googleapis.com" universe).
               #   @return [::String,nil]
+              # @!attribute [rw] logger
+              #   A custom logger to use for request/response debug logging, or the value
+              #   `:default` (the default) to construct a default logger, or `nil` to
+              #   explicitly disable logging.
+              #   @return [::Logger,:default,nil]
               #
               class Configuration
                 extend ::Gapic::Config
@@ -465,6 +489,7 @@ module Google
                 # by the host service.
                 # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
                 config_attr :bindings_override, {}, ::Hash, nil
+                config_attr :logger, :default, ::Logger, nil, :default
                 # @private
                 def initialize parent_config = nil

data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/service_stub.rb CHANGED Viewed

@@ -30,7 +30,8 @@ module Google
             # including transcoding, making the REST call, and deserialing the response.
             #
             class ServiceStub
-              def initialize endpoint:, endpoint_template:, universe_domain:, credentials:
+              # @private
+              def initialize endpoint:, endpoint_template:, universe_domain:, credentials:, logger:
                 # These require statements are intentionally placed here to initialize
                 # the REST modules only when it's required.
                 require "gapic/rest"
@@ -40,7 +41,9 @@ module Google
                                                              universe_domain: universe_domain,
                                                              credentials: credentials,
                                                              numeric_enums: true,
-                                                             raise_faraday_errors: false
+                                                             service_name: self.class,
+                                                             raise_faraday_errors: false,
+                                                             logger: logger
               end
               ##
@@ -61,6 +64,15 @@ module Google
                 @client_stub.endpoint
               end
+              ##
+              # The logger used for request/response debug logging.
+              #
+              # @return [Logger]
+              #
+              def logger stub: false
+                stub ? @client_stub.stub_logger : @client_stub.logger
+              end
               ##
               # Baseline implementation for the create_challenge REST call
               #
@@ -87,16 +99,18 @@ module Google
                 response = @client_stub.make_http_request(
                   verb,
-                  uri:     uri,
-                  body:    body || "",
-                  params:  query_string_params,
+                  uri: uri,
+                  body: body || "",
+                  params: query_string_params,
+                  method_name: "create_challenge",
                   options: options
                 )
                 operation = ::Gapic::Rest::TransportOperation.new response
                 result = ::Google::Cloud::ConfidentialComputing::V1::Challenge.decode_json response.body, ignore_unknown_fields: true
-                yield result, operation if block_given?
-                result
+                catch :response do
+                  yield result, operation if block_given?
+                  result
+                end
               end
               ##
@@ -125,16 +139,18 @@ module Google
                 response = @client_stub.make_http_request(
                   verb,
-                  uri:     uri,
-                  body:    body || "",
-                  params:  query_string_params,
+                  uri: uri,
+                  body: body || "",
+                  params: query_string_params,
+                  method_name: "verify_attestation",
                   options: options
                 )
                 operation = ::Gapic::Rest::TransportOperation.new response
                 result = ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse.decode_json response.body, ignore_unknown_fields: true
-                yield result, operation if block_given?
-                result
+                catch :response do
+                  yield result, operation if block_given?
+                  result
+                end
               end
               ##

data/lib/google/cloud/confidential_computing/v1/version.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module ConfidentialComputing
       module V1
-        VERSION = "1.1.2"
+        VERSION = "1.3.0"
       end
     end
   end

data/lib/google/cloud/confidentialcomputing/v1/service_pb.rb CHANGED Viewed

@@ -12,7 +12,7 @@ require 'google/protobuf/timestamp_pb'
 require 'google/rpc/status_pb'
-descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x88\x05\n\x18VerifyAttestationRequest\x12Q\n\x07td_ccel\x18\x06 \x01(\x0b\x32\x39.google.cloud.confidentialcomputing.v1.TdxCcelAttestationB\x03\xe0\x41\x01H\x00\x12\\\n\x13sev_snp_attestation\x18\x07 \x01(\x0b\x32\x38.google.cloud.confidentialcomputing.v1.SevSnpAttestationB\x03\xe0\x41\x01H\x00\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\x42\x11\n\x0ftee_attestation\"\x83\x01\n\x12TdxCcelAttestation\x12\x1c\n\x0f\x63\x63\x65l_acpi_table\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tccel_data\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12 \n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08td_quote\x18\x04 \x01(\x0c\x42\x03\xe0\x41\x01\"?\n\x11SevSnpAttestation\x12\x13\n\x06report\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08\x61ux_blob\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\x84\x01\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12I\n\ntoken_type\x18\x03 \x01(\x0e\x32\x30.google.cloud.confidentialcomputing.v1.TokenTypeB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03*l\n\tTokenType\x12\x1a\n\x16TOKEN_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fTOKEN_TYPE_OIDC\x10\x01\x12\x12\n\x0eTOKEN_TYPE_PKI\x10\x02\x12\x1a\n\x16TOKEN_TYPE_LIMITED_AWS\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\xda\x41\x10parent,challenge\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
+descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x88\x05\n\x18VerifyAttestationRequest\x12Q\n\x07td_ccel\x18\x06 \x01(\x0b\x32\x39.google.cloud.confidentialcomputing.v1.TdxCcelAttestationB\x03\xe0\x41\x01H\x00\x12\\\n\x13sev_snp_attestation\x18\x07 \x01(\x0b\x32\x38.google.cloud.confidentialcomputing.v1.SevSnpAttestationB\x03\xe0\x41\x01H\x00\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\x42\x11\n\x0ftee_attestation\"\x83\x01\n\x12TdxCcelAttestation\x12\x1c\n\x0f\x63\x63\x65l_acpi_table\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tccel_data\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12 \n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08td_quote\x18\x04 \x01(\x0c\x42\x03\xe0\x41\x01\"?\n\x11SevSnpAttestation\x12\x13\n\x06report\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08\x61ux_blob\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\xa6\x05\n\x0cTokenOptions\x12v\n\x1a\x61ws_principal_tags_options\x18\x04 \x01(\x0b\x32K.google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptionsB\x03\xe0\x41\x01H\x00\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12I\n\ntoken_type\x18\x03 \x01(\x0e\x32\x30.google.cloud.confidentialcomputing.v1.TokenTypeB\x03\xe0\x41\x01\x1a\x91\x03\n\x17\x41wsPrincipalTagsOptions\x12\x85\x01\n\x16\x61llowed_principal_tags\x18\x01 \x01(\x0b\x32`.google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTagsB\x03\xe0\x41\x01\x1a\xed\x01\n\x14\x41llowedPrincipalTags\x12\xa2\x01\n\x1a\x63ontainer_image_signatures\x18\x01 \x01(\x0b\x32y.google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignaturesB\x03\xe0\x41\x01\x1a\x30\n\x18\x43ontainerImageSignatures\x12\x14\n\x07key_ids\x18\x01 \x03(\tB\x03\xe0\x41\x01\x42\x14\n\x12token_type_options\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03*\x8e\x01\n\tTokenType\x12\x1a\n\x16TOKEN_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fTOKEN_TYPE_OIDC\x10\x01\x12\x12\n\x0eTOKEN_TYPE_PKI\x10\x02\x12\x1a\n\x16TOKEN_TYPE_LIMITED_AWS\x10\x03\x12 \n\x1cTOKEN_TYPE_AWS_PRINCIPALTAGS\x10\x04\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\xda\x41\x10parent,challenge\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
 pool = Google::Protobuf::DescriptorPool.generated_pool
@@ -52,6 +52,9 @@ module Google
         VerifyAttestationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationResponse").msgclass
         GcpCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.GcpCredentials").msgclass
         TokenOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions").msgclass
+        TokenOptions::AwsPrincipalTagsOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions").msgclass
+        TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags").msgclass
+        TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags::ContainerImageSignatures = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignatures").msgclass
         TpmAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation").msgclass
         TpmAttestation::Quote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation.Quote").msgclass
         ConfidentialSpaceInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo").msgclass

data/proto_docs/google/api/client.rb CHANGED Viewed

@@ -28,6 +28,9 @@ module Google
     # @!attribute [rw] destinations
     #   @return [::Array<::Google::Api::ClientLibraryDestination>]
     #     The destination where API teams want this client library to be published.
+    # @!attribute [rw] selective_gapic_generation
+    #   @return [::Google::Api::SelectiveGapicGeneration]
+    #     Configuration for which RPCs should be generated in the GAPIC client.
     class CommonLanguageSettings
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -212,6 +215,12 @@ module Google
       #     enabled. By default, asynchronous REST clients will not be generated.
       #     This feature will be enabled by default 1 month after launching the
       #     feature in preview packages.
+      # @!attribute [rw] protobuf_pythonic_types_enabled
+      #   @return [::Boolean]
+      #     Enables generation of protobuf code using new types that are more
+      #     Pythonic which are included in `protobuf>=5.29.x`. This feature will be
+      #     enabled by default 1 month after launching the feature in preview
+      #     packages.
       class ExperimentalFeatures
         include ::Google::Protobuf::MessageExts
         extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -297,9 +306,28 @@ module Google
     # @!attribute [rw] common
     #   @return [::Google::Api::CommonLanguageSettings]
     #     Some settings.
+    # @!attribute [rw] renamed_services
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     Map of service names to renamed services. Keys are the package relative
+    #     service names and values are the name to be used for the service client
+    #     and call options.
+    #
+    #     publishing:
+    #       go_settings:
+    #         renamed_services:
+    #           Publisher: TopicAdmin
     class GoSettings
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class RenamedServicesEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
     end
     # Describes the generator configuration for a method.
@@ -375,6 +403,17 @@ module Google
       end
     end
+    # This message is used to configure the generation of a subset of the RPCs in
+    # a service for client libraries.
+    # @!attribute [rw] methods
+    #   @return [::Array<::String>]
+    #     An allowlist of the fully qualified names of RPCs that should be included
+    #     on public client surfaces.
+    class SelectiveGapicGeneration
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
     # The organization for which the client libraries are being published.
     # Affects the url where generated docs are published, etc.
     module ClientLibraryOrganization

data/proto_docs/google/cloud/confidentialcomputing/v1/service.rb CHANGED Viewed

@@ -157,6 +157,9 @@ module Google
         end
         # Options to modify claims in the token to generate custom-purpose tokens.
+        # @!attribute [rw] aws_principal_tags_options
+        #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions::AwsPrincipalTagsOptions]
+        #     Optional. Options for the Limited AWS token type.
         # @!attribute [rw] audience
         #   @return [::String]
         #     Optional. Optional string to issue the token with a custom audience claim.
@@ -172,6 +175,37 @@ module Google
         class TokenOptions
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
+          # Token options that only apply to the AWS Principal Tags token type.
+          # @!attribute [rw] allowed_principal_tags
+          #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags]
+          #     Optional. Principal tags to allow in the token.
+          class AwsPrincipalTagsOptions
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+            # Allowed principal tags is used to define what principal tags will be
+            # placed in the token.
+            # @!attribute [rw] container_image_signatures
+            #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags::ContainerImageSignatures]
+            #     Optional. Container image signatures allowed in the token.
+            class AllowedPrincipalTags
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+              # Allowed Container Image Signatures. Key IDs are required to allow this
+              # claim to fit within the narrow AWS IAM restrictions.
+              # @!attribute [rw] key_ids
+              #   @return [::Array<::String>]
+              #     Optional. List of key ids to filter into the Principal tags. Only
+              #     keys that have been validated and added to the token will be filtered
+              #     into principal tags. Unrecognized key ids will be ignored.
+              class ContainerImageSignatures
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+          end
         end
         # TPM2 data containing everything necessary to validate any platform state
@@ -308,6 +342,9 @@ module Google
           # Limited claim token type for AWS integration
           TOKEN_TYPE_LIMITED_AWS = 3
+          # Principal-tag-based token for AWS integration
+          TOKEN_TYPE_AWS_PRINCIPALTAGS = 4
         end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-confidential_computing-v1
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.3.0
 platform: ruby
 authors:
 - Google LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-30 00:00:00.000000000 Z
+date: 2024-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.21.1
+        version: 0.24.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.21.1
+        version: 0.24.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.6
+rubygems_version: 3.5.23
 signing_key:
 specification_version: 4
 summary: Attestation verifier for Confidential Space.