google-cloud-confidential_computing-v1 1.1.2 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +30 -20
- data/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb +28 -3
- data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb +28 -3
- data/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/service_stub.rb +30 -14
- data/lib/google/cloud/confidential_computing/v1/version.rb +1 -1
- data/lib/google/cloud/confidentialcomputing/v1/service_pb.rb +4 -1
- data/proto_docs/google/api/client.rb +39 -0
- data/proto_docs/google/cloud/confidentialcomputing/v1/service.rb +37 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 10c6265b8e206f45908ac12f0c4c7ff7b0a7f8568f14a0b6fbf57f203bf215db
|
|
4
|
+
data.tar.gz: 26f1cfa9caa92136acfe17b78ce41867afcb1b1672df8f146f43536d6250bd2c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '02843fb6ca4a5122a0a37f90daf0e014a0556dc9d8918baad8bad121f9578e516996e13509432081706e595ede14fadcb10265d095da1af480bada327b05a7f9'
|
|
7
|
+
data.tar.gz: 0c4f00ac4d253003099cfe5c75e3b58f2f24ab0dc85870903b49e6eebf6571739b028a0753972c9d1e5ec7e703e45a3f90fc2cec84fb4dd1ec47316917e0a78b
|
data/README.md
CHANGED
|
@@ -42,33 +42,43 @@ for class and method documentation.
|
|
|
42
42
|
See also the [Product Documentation](https://cloud.google.com/confidential-computing)
|
|
43
43
|
for general usage information.
|
|
44
44
|
|
|
45
|
-
##
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
45
|
+
## Debug Logging
|
|
46
|
+
|
|
47
|
+
This library comes with opt-in Debug Logging that can help you troubleshoot
|
|
48
|
+
your application's integration with the API. When logging is activated, key
|
|
49
|
+
events such as requests and responses, along with data payloads and metadata
|
|
50
|
+
such as headers and client configuration, are logged to the standard error
|
|
51
|
+
stream.
|
|
52
|
+
|
|
53
|
+
**WARNING:** Client Library Debug Logging includes your data payloads in
|
|
54
|
+
plaintext, which could include sensitive data such as PII for yourself or your
|
|
55
|
+
customers, private keys, or other security data that could be compromising if
|
|
56
|
+
leaked. Always practice good data hygiene with your application logs, and follow
|
|
57
|
+
the principle of least access. Google also recommends that Client Library Debug
|
|
58
|
+
Logging be enabled only temporarily during active debugging, and not used
|
|
59
|
+
permanently in production.
|
|
60
|
+
|
|
61
|
+
To enable logging, set the environment variable `GOOGLE_SDK_RUBY_LOGGING_GEMS`
|
|
62
|
+
to the value `all`. Alternatively, you can set the value to a comma-delimited
|
|
63
|
+
list of client library gem names. This will select the default logging behavior,
|
|
64
|
+
which writes logs to the standard error stream. On a local workstation, this may
|
|
65
|
+
result in logs appearing on the console. When running on a Google Cloud hosting
|
|
66
|
+
service such as [Google Cloud Run](https://cloud.google.com/run), this generally
|
|
67
|
+
results in logs appearing alongside your application logs in the
|
|
68
|
+
[Google Cloud Logging](https://cloud.google.com/logging/) service.
|
|
69
|
+
|
|
70
|
+
You can customize logging by modifying the `logger` configuration when
|
|
71
|
+
constructing a client object. For example:
|
|
54
72
|
|
|
55
73
|
```ruby
|
|
74
|
+
require "google/cloud/confidential_computing/v1"
|
|
56
75
|
require "logger"
|
|
57
76
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
def logger
|
|
61
|
-
LOGGER
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
# Define a gRPC module-level logger method before grpc/logconfig.rb loads.
|
|
66
|
-
module GRPC
|
|
67
|
-
extend MyLogger
|
|
77
|
+
client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new do |config|
|
|
78
|
+
config.logger = Logger.new "my-app.log"
|
|
68
79
|
end
|
|
69
80
|
```
|
|
70
81
|
|
|
71
|
-
|
|
72
82
|
## Google Cloud Samples
|
|
73
83
|
|
|
74
84
|
To browse ready to use code samples check [Google Cloud Samples](https://cloud.google.com/docs/samples).
|
|
@@ -170,14 +170,26 @@ module Google
|
|
|
170
170
|
universe_domain: @config.universe_domain,
|
|
171
171
|
channel_args: @config.channel_args,
|
|
172
172
|
interceptors: @config.interceptors,
|
|
173
|
-
channel_pool_config: @config.channel_pool
|
|
173
|
+
channel_pool_config: @config.channel_pool,
|
|
174
|
+
logger: @config.logger
|
|
174
175
|
)
|
|
175
176
|
|
|
177
|
+
@confidential_computing_stub.stub_logger&.info do |entry|
|
|
178
|
+
entry.set_system_name
|
|
179
|
+
entry.set_service
|
|
180
|
+
entry.message = "Created client for #{entry.service}"
|
|
181
|
+
entry.set_credentials_fields credentials
|
|
182
|
+
entry.set "customEndpoint", @config.endpoint if @config.endpoint
|
|
183
|
+
entry.set "defaultTimeout", @config.timeout if @config.timeout
|
|
184
|
+
entry.set "quotaProject", @quota_project_id if @quota_project_id
|
|
185
|
+
end
|
|
186
|
+
|
|
176
187
|
@location_client = Google::Cloud::Location::Locations::Client.new do |config|
|
|
177
188
|
config.credentials = credentials
|
|
178
189
|
config.quota_project = @quota_project_id
|
|
179
190
|
config.endpoint = @confidential_computing_stub.endpoint
|
|
180
191
|
config.universe_domain = @confidential_computing_stub.universe_domain
|
|
192
|
+
config.logger = @confidential_computing_stub.logger if config.respond_to? :logger=
|
|
181
193
|
end
|
|
182
194
|
end
|
|
183
195
|
|
|
@@ -188,6 +200,15 @@ module Google
|
|
|
188
200
|
#
|
|
189
201
|
attr_reader :location_client
|
|
190
202
|
|
|
203
|
+
##
|
|
204
|
+
# The logger used for request/response debug logging.
|
|
205
|
+
#
|
|
206
|
+
# @return [Logger]
|
|
207
|
+
#
|
|
208
|
+
def logger
|
|
209
|
+
@confidential_computing_stub.logger
|
|
210
|
+
end
|
|
211
|
+
|
|
191
212
|
# Service calls
|
|
192
213
|
|
|
193
214
|
##
|
|
@@ -274,7 +295,6 @@ module Google
|
|
|
274
295
|
|
|
275
296
|
@confidential_computing_stub.call_rpc :create_challenge, request, options: options do |response, operation|
|
|
276
297
|
yield response, operation if block_given?
|
|
277
|
-
return response
|
|
278
298
|
end
|
|
279
299
|
rescue ::GRPC::BadStatus => e
|
|
280
300
|
raise ::Google::Cloud::Error.from_error(e)
|
|
@@ -377,7 +397,6 @@ module Google
|
|
|
377
397
|
|
|
378
398
|
@confidential_computing_stub.call_rpc :verify_attestation, request, options: options do |response, operation|
|
|
379
399
|
yield response, operation if block_given?
|
|
380
|
-
return response
|
|
381
400
|
end
|
|
382
401
|
rescue ::GRPC::BadStatus => e
|
|
383
402
|
raise ::Google::Cloud::Error.from_error(e)
|
|
@@ -466,6 +485,11 @@ module Google
|
|
|
466
485
|
# default endpoint URL. The default value of nil uses the environment
|
|
467
486
|
# universe (usually the default "googleapis.com" universe).
|
|
468
487
|
# @return [::String,nil]
|
|
488
|
+
# @!attribute [rw] logger
|
|
489
|
+
# A custom logger to use for request/response debug logging, or the value
|
|
490
|
+
# `:default` (the default) to construct a default logger, or `nil` to
|
|
491
|
+
# explicitly disable logging.
|
|
492
|
+
# @return [::Logger,:default,nil]
|
|
469
493
|
#
|
|
470
494
|
class Configuration
|
|
471
495
|
extend ::Gapic::Config
|
|
@@ -490,6 +514,7 @@ module Google
|
|
|
490
514
|
config_attr :retry_policy, nil, ::Hash, ::Proc, nil
|
|
491
515
|
config_attr :quota_project, nil, ::String, nil
|
|
492
516
|
config_attr :universe_domain, nil, ::String, nil
|
|
517
|
+
config_attr :logger, :default, ::Logger, nil, :default
|
|
493
518
|
|
|
494
519
|
# @private
|
|
495
520
|
def initialize parent_config = nil
|
|
@@ -163,15 +163,27 @@ module Google
|
|
|
163
163
|
endpoint: @config.endpoint,
|
|
164
164
|
endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
|
|
165
165
|
universe_domain: @config.universe_domain,
|
|
166
|
-
credentials: credentials
|
|
166
|
+
credentials: credentials,
|
|
167
|
+
logger: @config.logger
|
|
167
168
|
)
|
|
168
169
|
|
|
170
|
+
@confidential_computing_stub.logger(stub: true)&.info do |entry|
|
|
171
|
+
entry.set_system_name
|
|
172
|
+
entry.set_service
|
|
173
|
+
entry.message = "Created client for #{entry.service}"
|
|
174
|
+
entry.set_credentials_fields credentials
|
|
175
|
+
entry.set "customEndpoint", @config.endpoint if @config.endpoint
|
|
176
|
+
entry.set "defaultTimeout", @config.timeout if @config.timeout
|
|
177
|
+
entry.set "quotaProject", @quota_project_id if @quota_project_id
|
|
178
|
+
end
|
|
179
|
+
|
|
169
180
|
@location_client = Google::Cloud::Location::Locations::Rest::Client.new do |config|
|
|
170
181
|
config.credentials = credentials
|
|
171
182
|
config.quota_project = @quota_project_id
|
|
172
183
|
config.endpoint = @confidential_computing_stub.endpoint
|
|
173
184
|
config.universe_domain = @confidential_computing_stub.universe_domain
|
|
174
185
|
config.bindings_override = @config.bindings_override
|
|
186
|
+
config.logger = @confidential_computing_stub.logger if config.respond_to? :logger=
|
|
175
187
|
end
|
|
176
188
|
end
|
|
177
189
|
|
|
@@ -182,6 +194,15 @@ module Google
|
|
|
182
194
|
#
|
|
183
195
|
attr_reader :location_client
|
|
184
196
|
|
|
197
|
+
##
|
|
198
|
+
# The logger used for request/response debug logging.
|
|
199
|
+
#
|
|
200
|
+
# @return [Logger]
|
|
201
|
+
#
|
|
202
|
+
def logger
|
|
203
|
+
@confidential_computing_stub.logger
|
|
204
|
+
end
|
|
205
|
+
|
|
185
206
|
# Service calls
|
|
186
207
|
|
|
187
208
|
##
|
|
@@ -261,7 +282,6 @@ module Google
|
|
|
261
282
|
|
|
262
283
|
@confidential_computing_stub.create_challenge request, options do |result, operation|
|
|
263
284
|
yield result, operation if block_given?
|
|
264
|
-
return result
|
|
265
285
|
end
|
|
266
286
|
rescue ::Gapic::Rest::Error => e
|
|
267
287
|
raise ::Google::Cloud::Error.from_error(e)
|
|
@@ -357,7 +377,6 @@ module Google
|
|
|
357
377
|
|
|
358
378
|
@confidential_computing_stub.verify_attestation request, options do |result, operation|
|
|
359
379
|
yield result, operation if block_given?
|
|
360
|
-
return result
|
|
361
380
|
end
|
|
362
381
|
rescue ::Gapic::Rest::Error => e
|
|
363
382
|
raise ::Google::Cloud::Error.from_error(e)
|
|
@@ -437,6 +456,11 @@ module Google
|
|
|
437
456
|
# default endpoint URL. The default value of nil uses the environment
|
|
438
457
|
# universe (usually the default "googleapis.com" universe).
|
|
439
458
|
# @return [::String,nil]
|
|
459
|
+
# @!attribute [rw] logger
|
|
460
|
+
# A custom logger to use for request/response debug logging, or the value
|
|
461
|
+
# `:default` (the default) to construct a default logger, or `nil` to
|
|
462
|
+
# explicitly disable logging.
|
|
463
|
+
# @return [::Logger,:default,nil]
|
|
440
464
|
#
|
|
441
465
|
class Configuration
|
|
442
466
|
extend ::Gapic::Config
|
|
@@ -465,6 +489,7 @@ module Google
|
|
|
465
489
|
# by the host service.
|
|
466
490
|
# @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}]
|
|
467
491
|
config_attr :bindings_override, {}, ::Hash, nil
|
|
492
|
+
config_attr :logger, :default, ::Logger, nil, :default
|
|
468
493
|
|
|
469
494
|
# @private
|
|
470
495
|
def initialize parent_config = nil
|
|
@@ -30,7 +30,8 @@ module Google
|
|
|
30
30
|
# including transcoding, making the REST call, and deserialing the response.
|
|
31
31
|
#
|
|
32
32
|
class ServiceStub
|
|
33
|
-
|
|
33
|
+
# @private
|
|
34
|
+
def initialize endpoint:, endpoint_template:, universe_domain:, credentials:, logger:
|
|
34
35
|
# These require statements are intentionally placed here to initialize
|
|
35
36
|
# the REST modules only when it's required.
|
|
36
37
|
require "gapic/rest"
|
|
@@ -40,7 +41,9 @@ module Google
|
|
|
40
41
|
universe_domain: universe_domain,
|
|
41
42
|
credentials: credentials,
|
|
42
43
|
numeric_enums: true,
|
|
43
|
-
|
|
44
|
+
service_name: self.class,
|
|
45
|
+
raise_faraday_errors: false,
|
|
46
|
+
logger: logger
|
|
44
47
|
end
|
|
45
48
|
|
|
46
49
|
##
|
|
@@ -61,6 +64,15 @@ module Google
|
|
|
61
64
|
@client_stub.endpoint
|
|
62
65
|
end
|
|
63
66
|
|
|
67
|
+
##
|
|
68
|
+
# The logger used for request/response debug logging.
|
|
69
|
+
#
|
|
70
|
+
# @return [Logger]
|
|
71
|
+
#
|
|
72
|
+
def logger stub: false
|
|
73
|
+
stub ? @client_stub.stub_logger : @client_stub.logger
|
|
74
|
+
end
|
|
75
|
+
|
|
64
76
|
##
|
|
65
77
|
# Baseline implementation for the create_challenge REST call
|
|
66
78
|
#
|
|
@@ -87,16 +99,18 @@ module Google
|
|
|
87
99
|
|
|
88
100
|
response = @client_stub.make_http_request(
|
|
89
101
|
verb,
|
|
90
|
-
uri:
|
|
91
|
-
body:
|
|
92
|
-
params:
|
|
102
|
+
uri: uri,
|
|
103
|
+
body: body || "",
|
|
104
|
+
params: query_string_params,
|
|
105
|
+
method_name: "create_challenge",
|
|
93
106
|
options: options
|
|
94
107
|
)
|
|
95
108
|
operation = ::Gapic::Rest::TransportOperation.new response
|
|
96
109
|
result = ::Google::Cloud::ConfidentialComputing::V1::Challenge.decode_json response.body, ignore_unknown_fields: true
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
110
|
+
catch :response do
|
|
111
|
+
yield result, operation if block_given?
|
|
112
|
+
result
|
|
113
|
+
end
|
|
100
114
|
end
|
|
101
115
|
|
|
102
116
|
##
|
|
@@ -125,16 +139,18 @@ module Google
|
|
|
125
139
|
|
|
126
140
|
response = @client_stub.make_http_request(
|
|
127
141
|
verb,
|
|
128
|
-
uri:
|
|
129
|
-
body:
|
|
130
|
-
params:
|
|
142
|
+
uri: uri,
|
|
143
|
+
body: body || "",
|
|
144
|
+
params: query_string_params,
|
|
145
|
+
method_name: "verify_attestation",
|
|
131
146
|
options: options
|
|
132
147
|
)
|
|
133
148
|
operation = ::Gapic::Rest::TransportOperation.new response
|
|
134
149
|
result = ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse.decode_json response.body, ignore_unknown_fields: true
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
150
|
+
catch :response do
|
|
151
|
+
yield result, operation if block_given?
|
|
152
|
+
result
|
|
153
|
+
end
|
|
138
154
|
end
|
|
139
155
|
|
|
140
156
|
##
|
|
@@ -12,7 +12,7 @@ require 'google/protobuf/timestamp_pb'
|
|
|
12
12
|
require 'google/rpc/status_pb'
|
|
13
13
|
|
|
14
14
|
|
|
15
|
-
descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x88\x05\n\x18VerifyAttestationRequest\x12Q\n\x07td_ccel\x18\x06 \x01(\x0b\x32\x39.google.cloud.confidentialcomputing.v1.TdxCcelAttestationB\x03\xe0\x41\x01H\x00\x12\\\n\x13sev_snp_attestation\x18\x07 \x01(\x0b\x32\x38.google.cloud.confidentialcomputing.v1.SevSnpAttestationB\x03\xe0\x41\x01H\x00\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\x42\x11\n\x0ftee_attestation\"\x83\x01\n\x12TdxCcelAttestation\x12\x1c\n\x0f\x63\x63\x65l_acpi_table\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tccel_data\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12 \n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08td_quote\x18\x04 \x01(\x0c\x42\x03\xe0\x41\x01\"?\n\x11SevSnpAttestation\x12\x13\n\x06report\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08\x61ux_blob\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\
|
|
15
|
+
descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x88\x05\n\x18VerifyAttestationRequest\x12Q\n\x07td_ccel\x18\x06 \x01(\x0b\x32\x39.google.cloud.confidentialcomputing.v1.TdxCcelAttestationB\x03\xe0\x41\x01H\x00\x12\\\n\x13sev_snp_attestation\x18\x07 \x01(\x0b\x32\x38.google.cloud.confidentialcomputing.v1.SevSnpAttestationB\x03\xe0\x41\x01H\x00\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\x42\x11\n\x0ftee_attestation\"\x83\x01\n\x12TdxCcelAttestation\x12\x1c\n\x0f\x63\x63\x65l_acpi_table\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tccel_data\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12 \n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08td_quote\x18\x04 \x01(\x0c\x42\x03\xe0\x41\x01\"?\n\x11SevSnpAttestation\x12\x13\n\x06report\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08\x61ux_blob\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\xa6\x05\n\x0cTokenOptions\x12v\n\x1a\x61ws_principal_tags_options\x18\x04 \x01(\x0b\x32K.google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptionsB\x03\xe0\x41\x01H\x00\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12I\n\ntoken_type\x18\x03 \x01(\x0e\x32\x30.google.cloud.confidentialcomputing.v1.TokenTypeB\x03\xe0\x41\x01\x1a\x91\x03\n\x17\x41wsPrincipalTagsOptions\x12\x85\x01\n\x16\x61llowed_principal_tags\x18\x01 \x01(\x0b\x32`.google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTagsB\x03\xe0\x41\x01\x1a\xed\x01\n\x14\x41llowedPrincipalTags\x12\xa2\x01\n\x1a\x63ontainer_image_signatures\x18\x01 \x01(\x0b\x32y.google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignaturesB\x03\xe0\x41\x01\x1a\x30\n\x18\x43ontainerImageSignatures\x12\x14\n\x07key_ids\x18\x01 \x03(\tB\x03\xe0\x41\x01\x42\x14\n\x12token_type_options\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03*\x8e\x01\n\tTokenType\x12\x1a\n\x16TOKEN_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fTOKEN_TYPE_OIDC\x10\x01\x12\x12\n\x0eTOKEN_TYPE_PKI\x10\x02\x12\x1a\n\x16TOKEN_TYPE_LIMITED_AWS\x10\x03\x12 \n\x1cTOKEN_TYPE_AWS_PRINCIPALTAGS\x10\x04\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\xda\x41\x10parent,challenge\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3"
|
|
16
16
|
|
|
17
17
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
18
18
|
|
|
@@ -52,6 +52,9 @@ module Google
|
|
|
52
52
|
VerifyAttestationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationResponse").msgclass
|
|
53
53
|
GcpCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.GcpCredentials").msgclass
|
|
54
54
|
TokenOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions").msgclass
|
|
55
|
+
TokenOptions::AwsPrincipalTagsOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions").msgclass
|
|
56
|
+
TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags").msgclass
|
|
57
|
+
TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags::ContainerImageSignatures = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignatures").msgclass
|
|
55
58
|
TpmAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation").msgclass
|
|
56
59
|
TpmAttestation::Quote = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TpmAttestation.Quote").msgclass
|
|
57
60
|
ConfidentialSpaceInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo").msgclass
|
|
@@ -28,6 +28,9 @@ module Google
|
|
|
28
28
|
# @!attribute [rw] destinations
|
|
29
29
|
# @return [::Array<::Google::Api::ClientLibraryDestination>]
|
|
30
30
|
# The destination where API teams want this client library to be published.
|
|
31
|
+
# @!attribute [rw] selective_gapic_generation
|
|
32
|
+
# @return [::Google::Api::SelectiveGapicGeneration]
|
|
33
|
+
# Configuration for which RPCs should be generated in the GAPIC client.
|
|
31
34
|
class CommonLanguageSettings
|
|
32
35
|
include ::Google::Protobuf::MessageExts
|
|
33
36
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -212,6 +215,12 @@ module Google
|
|
|
212
215
|
# enabled. By default, asynchronous REST clients will not be generated.
|
|
213
216
|
# This feature will be enabled by default 1 month after launching the
|
|
214
217
|
# feature in preview packages.
|
|
218
|
+
# @!attribute [rw] protobuf_pythonic_types_enabled
|
|
219
|
+
# @return [::Boolean]
|
|
220
|
+
# Enables generation of protobuf code using new types that are more
|
|
221
|
+
# Pythonic which are included in `protobuf>=5.29.x`. This feature will be
|
|
222
|
+
# enabled by default 1 month after launching the feature in preview
|
|
223
|
+
# packages.
|
|
215
224
|
class ExperimentalFeatures
|
|
216
225
|
include ::Google::Protobuf::MessageExts
|
|
217
226
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -297,9 +306,28 @@ module Google
|
|
|
297
306
|
# @!attribute [rw] common
|
|
298
307
|
# @return [::Google::Api::CommonLanguageSettings]
|
|
299
308
|
# Some settings.
|
|
309
|
+
# @!attribute [rw] renamed_services
|
|
310
|
+
# @return [::Google::Protobuf::Map{::String => ::String}]
|
|
311
|
+
# Map of service names to renamed services. Keys are the package relative
|
|
312
|
+
# service names and values are the name to be used for the service client
|
|
313
|
+
# and call options.
|
|
314
|
+
#
|
|
315
|
+
# publishing:
|
|
316
|
+
# go_settings:
|
|
317
|
+
# renamed_services:
|
|
318
|
+
# Publisher: TopicAdmin
|
|
300
319
|
class GoSettings
|
|
301
320
|
include ::Google::Protobuf::MessageExts
|
|
302
321
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
322
|
+
|
|
323
|
+
# @!attribute [rw] key
|
|
324
|
+
# @return [::String]
|
|
325
|
+
# @!attribute [rw] value
|
|
326
|
+
# @return [::String]
|
|
327
|
+
class RenamedServicesEntry
|
|
328
|
+
include ::Google::Protobuf::MessageExts
|
|
329
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
330
|
+
end
|
|
303
331
|
end
|
|
304
332
|
|
|
305
333
|
# Describes the generator configuration for a method.
|
|
@@ -375,6 +403,17 @@ module Google
|
|
|
375
403
|
end
|
|
376
404
|
end
|
|
377
405
|
|
|
406
|
+
# This message is used to configure the generation of a subset of the RPCs in
|
|
407
|
+
# a service for client libraries.
|
|
408
|
+
# @!attribute [rw] methods
|
|
409
|
+
# @return [::Array<::String>]
|
|
410
|
+
# An allowlist of the fully qualified names of RPCs that should be included
|
|
411
|
+
# on public client surfaces.
|
|
412
|
+
class SelectiveGapicGeneration
|
|
413
|
+
include ::Google::Protobuf::MessageExts
|
|
414
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
415
|
+
end
|
|
416
|
+
|
|
378
417
|
# The organization for which the client libraries are being published.
|
|
379
418
|
# Affects the url where generated docs are published, etc.
|
|
380
419
|
module ClientLibraryOrganization
|
|
@@ -157,6 +157,9 @@ module Google
|
|
|
157
157
|
end
|
|
158
158
|
|
|
159
159
|
# Options to modify claims in the token to generate custom-purpose tokens.
|
|
160
|
+
# @!attribute [rw] aws_principal_tags_options
|
|
161
|
+
# @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions::AwsPrincipalTagsOptions]
|
|
162
|
+
# Optional. Options for the Limited AWS token type.
|
|
160
163
|
# @!attribute [rw] audience
|
|
161
164
|
# @return [::String]
|
|
162
165
|
# Optional. Optional string to issue the token with a custom audience claim.
|
|
@@ -172,6 +175,37 @@ module Google
|
|
|
172
175
|
class TokenOptions
|
|
173
176
|
include ::Google::Protobuf::MessageExts
|
|
174
177
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
178
|
+
|
|
179
|
+
# Token options that only apply to the AWS Principal Tags token type.
|
|
180
|
+
# @!attribute [rw] allowed_principal_tags
|
|
181
|
+
# @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags]
|
|
182
|
+
# Optional. Principal tags to allow in the token.
|
|
183
|
+
class AwsPrincipalTagsOptions
|
|
184
|
+
include ::Google::Protobuf::MessageExts
|
|
185
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
186
|
+
|
|
187
|
+
# Allowed principal tags is used to define what principal tags will be
|
|
188
|
+
# placed in the token.
|
|
189
|
+
# @!attribute [rw] container_image_signatures
|
|
190
|
+
# @return [::Google::Cloud::ConfidentialComputing::V1::TokenOptions::AwsPrincipalTagsOptions::AllowedPrincipalTags::ContainerImageSignatures]
|
|
191
|
+
# Optional. Container image signatures allowed in the token.
|
|
192
|
+
class AllowedPrincipalTags
|
|
193
|
+
include ::Google::Protobuf::MessageExts
|
|
194
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
195
|
+
|
|
196
|
+
# Allowed Container Image Signatures. Key IDs are required to allow this
|
|
197
|
+
# claim to fit within the narrow AWS IAM restrictions.
|
|
198
|
+
# @!attribute [rw] key_ids
|
|
199
|
+
# @return [::Array<::String>]
|
|
200
|
+
# Optional. List of key ids to filter into the Principal tags. Only
|
|
201
|
+
# keys that have been validated and added to the token will be filtered
|
|
202
|
+
# into principal tags. Unrecognized key ids will be ignored.
|
|
203
|
+
class ContainerImageSignatures
|
|
204
|
+
include ::Google::Protobuf::MessageExts
|
|
205
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
206
|
+
end
|
|
207
|
+
end
|
|
208
|
+
end
|
|
175
209
|
end
|
|
176
210
|
|
|
177
211
|
# TPM2 data containing everything necessary to validate any platform state
|
|
@@ -308,6 +342,9 @@ module Google
|
|
|
308
342
|
|
|
309
343
|
# Limited claim token type for AWS integration
|
|
310
344
|
TOKEN_TYPE_LIMITED_AWS = 3
|
|
345
|
+
|
|
346
|
+
# Principal-tag-based token for AWS integration
|
|
347
|
+
TOKEN_TYPE_AWS_PRINCIPALTAGS = 4
|
|
311
348
|
end
|
|
312
349
|
end
|
|
313
350
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-confidential_computing-v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.24.0
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 2.a
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 0.
|
|
29
|
+
version: 0.24.0
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 2.a
|
|
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
120
120
|
- !ruby/object:Gem::Version
|
|
121
121
|
version: '0'
|
|
122
122
|
requirements: []
|
|
123
|
-
rubygems_version: 3.5.
|
|
123
|
+
rubygems_version: 3.5.23
|
|
124
124
|
signing_key:
|
|
125
125
|
specification_version: 4
|
|
126
126
|
summary: Attestation verifier for Confidential Space.
|