google-cloud-container_analysis-v1 0.1.2 → 0.4.1

data/lib/google/cloud/container_analysis/v1.rb

@@ -33,3 +33,6 @@ module Google
     end
   end
 end
+
+helper_path = ::File.join __dir__, "v1", "_helpers.rb"
+require "google/cloud/container_analysis/v1/_helpers" if ::File.file? helper_path

data/lib/google/cloud/container_analysis/v1/container_analysis.rb

@@ -23,6 +23,7 @@ require "gapic/config/method"
 require "google/cloud/container_analysis/v1/version"
 
 require "google/cloud/container_analysis/v1/container_analysis/credentials"
+require "google/cloud/container_analysis/v1/container_analysis/paths"
 require "google/cloud/container_analysis/v1/container_analysis/client"
 
 module Google

data/lib/google/cloud/container_analysis/v1/container_analysis/client.rb

@@ -42,6 +42,8 @@ module Google
           # image with the vulnerability referring to that note.
           #
           class Client
+            include Paths
+
             # @private
             attr_reader :container_analysis_stub
 
@@ -70,7 +72,7 @@ module Google
                 parent_config = while namespace.any?
                                   parent_name = namespace.join "::"
                                   parent_const = const_get parent_name
-                                  break parent_const.configure if parent_const&.respond_to? :configure
+                                  break parent_const.configure if parent_const.respond_to? :configure
                                   namespace.pop
                                 end
                 default_config = Client::Configuration.new parent_config
@@ -142,7 +144,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              credentials ||= Credentials.default scope: @config.scope
+              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # but only if the default endpoint does not have a region prefix.
+              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
+                                       @config.endpoint == Client.configure.endpoint &&
+                                       !@config.endpoint.split(".").first.include?("-")
+              credentials ||= Credentials.default scope: @config.scope,
+                                                  enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
@@ -394,6 +402,75 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
 
+            ##
+            # Gets a summary of the number and severity of occurrences.
+            #
+            # @overload get_vulnerability_occurrences_summary(request, options = nil)
+            #   Pass arguments to `get_vulnerability_occurrences_summary` via a request object, either of type
+            #   {::Google::Cloud::ContainerAnalysis::V1::GetVulnerabilityOccurrencesSummaryRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Cloud::ContainerAnalysis::V1::GetVulnerabilityOccurrencesSummaryRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload get_vulnerability_occurrences_summary(parent: nil, filter: nil)
+            #   Pass arguments to `get_vulnerability_occurrences_summary` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param parent [::String]
+            #     The name of the project to get a vulnerability summary for in the form of
+            #     `projects/[PROJECT_ID]`.
+            #   @param filter [::String]
+            #     The filter expression.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Cloud::ContainerAnalysis::V1::VulnerabilityOccurrencesSummary]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Cloud::ContainerAnalysis::V1::VulnerabilityOccurrencesSummary]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            def get_vulnerability_occurrences_summary request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::ContainerAnalysis::V1::GetVulnerabilityOccurrencesSummaryRequest
+
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+
+              # Customize the options with defaults
+              metadata = @config.rpcs.get_vulnerability_occurrences_summary.metadata.to_h
+
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Cloud::ContainerAnalysis::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+
+              header_params = {
+                "parent" => request.parent
+              }
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+
+              options.apply_defaults timeout:      @config.rpcs.get_vulnerability_occurrences_summary.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.get_vulnerability_occurrences_summary.retry_policy
+              options.apply_defaults metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+
+              @container_analysis_stub.call_rpc :get_vulnerability_occurrences_summary, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+
             ##
             # Configuration class for the ContainerAnalysis API.
             #
@@ -486,7 +563,7 @@ module Google
               config_attr :scope,         nil, ::String, ::Array, nil
               config_attr :lib_name,      nil, ::String, nil
               config_attr :lib_version,   nil, ::String, nil
-              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
               config_attr :interceptors,  nil, ::Array, nil
               config_attr :timeout,       nil, ::Numeric, nil
               config_attr :metadata,      nil, ::Hash, nil
@@ -507,7 +584,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end
@@ -519,7 +596,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:
@@ -545,15 +622,22 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :test_iam_permissions
+                ##
+                # RPC-specific configuration for `get_vulnerability_occurrences_summary`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :get_vulnerability_occurrences_summary
 
                 # @private
                 def initialize parent_rpcs = nil
-                  set_iam_policy_config = parent_rpcs&.set_iam_policy if parent_rpcs&.respond_to? :set_iam_policy
+                  set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
                   @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
-                  get_iam_policy_config = parent_rpcs&.get_iam_policy if parent_rpcs&.respond_to? :get_iam_policy
+                  get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
                   @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
-                  test_iam_permissions_config = parent_rpcs&.test_iam_permissions if parent_rpcs&.respond_to? :test_iam_permissions
+                  test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
                   @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
+                  get_vulnerability_occurrences_summary_config = parent_rpcs.get_vulnerability_occurrences_summary if parent_rpcs.respond_to? :get_vulnerability_occurrences_summary
+                  @get_vulnerability_occurrences_summary = ::Gapic::Config::Method.new get_vulnerability_occurrences_summary_config
 
                   yield self if block_given?
                 end

data/lib/google/cloud/container_analysis/v1/container_analysis/paths.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module ContainerAnalysis
+      module V1
+        module ContainerAnalysis
+          # Path helper methods for the ContainerAnalysis API.
+          module Paths
+            ##
+            # Create a fully-qualified Project resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}`
+            #
+            # @param project [String]
+            #
+            # @return [::String]
+            def project_path project:
+              "projects/#{project}"
+            end
+
+            extend self
+          end
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/container_analysis/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module ContainerAnalysis
       module V1
-        VERSION = "0.1.2"
+        VERSION = "0.4.1"
       end
     end
   end

data/lib/google/devtools/containeranalysis/v1/containeranalysis_pb.rb

@@ -5,11 +5,27 @@ require 'google/protobuf'
 
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
 require 'google/iam/v1/iam_policy_pb'
 require 'google/iam/v1/policy_pb'
 require 'google/protobuf/timestamp_pb'
+require 'grafeas/v1/vulnerability_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/devtools/containeranalysis/v1/containeranalysis.proto", :syntax => :proto3) do
+    add_message "google.devtools.containeranalysis.v1.GetVulnerabilityOccurrencesSummaryRequest" do
+      optional :parent, :string, 1
+      optional :filter, :string, 2
+    end
+    add_message "google.devtools.containeranalysis.v1.VulnerabilityOccurrencesSummary" do
+      repeated :counts, :message, 1, "google.devtools.containeranalysis.v1.VulnerabilityOccurrencesSummary.FixableTotalByDigest"
+    end
+    add_message "google.devtools.containeranalysis.v1.VulnerabilityOccurrencesSummary.FixableTotalByDigest" do
+      optional :resource_uri, :string, 1
+      optional :severity, :enum, 2, "grafeas.v1.Severity"
+      optional :fixable_count, :int64, 3
+      optional :total_count, :int64, 4
+    end
   end
 end
 
@@ -17,6 +33,9 @@ module Google
   module Cloud
     module ContainerAnalysis
       module V1
+        GetVulnerabilityOccurrencesSummaryRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.devtools.containeranalysis.v1.GetVulnerabilityOccurrencesSummaryRequest").msgclass
+        VulnerabilityOccurrencesSummary = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.devtools.containeranalysis.v1.VulnerabilityOccurrencesSummary").msgclass
+        VulnerabilityOccurrencesSummary::FixableTotalByDigest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.devtools.containeranalysis.v1.VulnerabilityOccurrencesSummary.FixableTotalByDigest").msgclass
       end
     end
   end

data/lib/google/devtools/containeranalysis/v1/containeranalysis_services_pb.rb

@@ -1,7 +1,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # Source: google/devtools/containeranalysis/v1/containeranalysis.proto for package 'Google.Cloud.ContainerAnalysis.V1'
 # Original file comments:
-# Copyright 2019 Google LLC.
+# Copyright 2019 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,7 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-#
 
 require 'grpc'
 require 'google/devtools/containeranalysis/v1/containeranalysis_pb'
@@ -40,7 +39,7 @@ module Google
           # image with the vulnerability referring to that note.
           class Service
 
-            include GRPC::GenericService
+            include ::GRPC::GenericService
 
             self.marshal_class_method = :encode
             self.unmarshal_class_method = :decode
@@ -54,7 +53,7 @@ module Google
             # The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
             # notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
             # occurrences.
-            rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Gets the access control policy for a note or an occurrence resource.
             # Requires `containeranalysis.notes.setIamPolicy` or
             # `containeranalysis.occurrences.setIamPolicy` permission if the resource is
@@ -63,7 +62,7 @@ module Google
             # The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
             # notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
             # occurrences.
-            rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Returns the permissions that a caller has on the specified note or
             # occurrence. Requires list permission on the project (for example,
             # `containeranalysis.notes.list`).
@@ -71,7 +70,9 @@ module Google
             # The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
             # notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
             # occurrences.
-            rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
+            rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
+            # Gets a summary of the number and severity of occurrences.
+            rpc :GetVulnerabilityOccurrencesSummary, ::Google::Cloud::ContainerAnalysis::V1::GetVulnerabilityOccurrencesSummaryRequest, ::Google::Cloud::ContainerAnalysis::V1::VulnerabilityOccurrencesSummary
           end
 
           Stub = Service.rpc_stub_class

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/api/resource.rb

@@ -43,12 +43,12 @@ module Google
     #
     # The ResourceDescriptor Yaml config will look like:
     #
-    #    resources:
-    #    - type: "pubsub.googleapis.com/Topic"
-    #      name_descriptor:
-    #        - pattern: "projects/\\{project}/topics/\\{topic}"
-    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #          parent_name_extractor: "projects/\\{project}"
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
     #         }
     # @!attribute [rw] plural
     #   @return [::String]
-    #     The plural name used in the resource name, such as 'projects' for
-    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
-    #     field in k8s CRD spec
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
+    #     concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
     # @!attribute [rw] singular
     #   @return [::String]
     #     The same concept of the `singular` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
     class ResourceDescriptor
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
         # that from being necessary once there are multiple patterns.)
         FUTURE_MULTI_PATTERN = 2
       end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
     end
 
     # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
     #             type: "pubsub.googleapis.com/Topic"
     #           }];
     #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
     # @!attribute [rw] child_type
     #   @return [::String]
     #     The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
     #
     #     Example:
     #
-    #       message ListLogEntriesRequest {
-    #         string parent = 1 [(google.api.resource_reference) = {
-    #           child_type: "logging.googleapis.com/LogEntry"
-    #         };
-    #       }
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
     class ResourceReference
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/devtools/containeranalysis/v1/containeranalysis.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module ContainerAnalysis
+      module V1
+        # Request to get a vulnerability summary for some set of occurrences.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     The name of the project to get a vulnerability summary for in the form of
+        #     `projects/[PROJECT_ID]`.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     The filter expression.
+        class GetVulnerabilityOccurrencesSummaryRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A summary of how many vulnerability occurrences there are per resource and
+        # severity type.
+        # @!attribute [rw] counts
+        #   @return [::Array<::Google::Cloud::ContainerAnalysis::V1::VulnerabilityOccurrencesSummary::FixableTotalByDigest>]
+        #     A listing by resource of the number of fixable and total vulnerabilities.
+        class VulnerabilityOccurrencesSummary
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Per resource and severity counts of fixable and total vulnerabilities.
+          # @!attribute [rw] resource_uri
+          #   @return [::String]
+          #     The affected resource.
+          # @!attribute [rw] severity
+          #   @return [::Grafeas::V1::Severity]
+          #     The severity for this count. SEVERITY_UNSPECIFIED indicates total across
+          #     all severities.
+          # @!attribute [rw] fixable_count
+          #   @return [::Integer]
+          #     The number of fixable vulnerabilities associated with this resource.
+          # @!attribute [rw] total_count
+          #   @return [::Integer]
+          #     The total number of vulnerabilities associated with this resource.
+          class FixableTotalByDigest
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+      end
+    end
+  end
+end