google-cloud-container_analysis-v1 0.4.3 → 0.4.7

data/proto_docs/google/protobuf/field_mask.rb

@@ -0,0 +1,229 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Protobuf
+    # `FieldMask` represents a set of symbolic field paths, for example:
+    #
+    #     paths: "f.a"
+    #     paths: "f.b.d"
+    #
+    # Here `f` represents a field in some root message, `a` and `b`
+    # fields in the message found in `f`, and `d` a field found in the
+    # message in `f.b`.
+    #
+    # Field masks are used to specify a subset of fields that should be
+    # returned by a get operation or modified by an update operation.
+    # Field masks also have a custom JSON encoding (see below).
+    #
+    # # Field Masks in Projections
+    #
+    # When used in the context of a projection, a response message or
+    # sub-message is filtered by the API to only contain those fields as
+    # specified in the mask. For example, if the mask in the previous
+    # example is applied to a response message as follows:
+    #
+    #     f {
+    #       a : 22
+    #       b {
+    #         d : 1
+    #         x : 2
+    #       }
+    #       y : 13
+    #     }
+    #     z: 8
+    #
+    # The result will not contain specific values for fields x,y and z
+    # (their value will be set to the default, and omitted in proto text
+    # output):
+    #
+    #
+    #     f {
+    #       a : 22
+    #       b {
+    #         d : 1
+    #       }
+    #     }
+    #
+    # A repeated field is not allowed except at the last position of a
+    # paths string.
+    #
+    # If a FieldMask object is not present in a get operation, the
+    # operation applies to all fields (as if a FieldMask of all fields
+    # had been specified).
+    #
+    # Note that a field mask does not necessarily apply to the
+    # top-level response message. In case of a REST get operation, the
+    # field mask applies directly to the response, but in case of a REST
+    # list operation, the mask instead applies to each individual message
+    # in the returned resource list. In case of a REST custom method,
+    # other definitions may be used. Where the mask applies will be
+    # clearly documented together with its declaration in the API.  In
+    # any case, the effect on the returned resource/resources is required
+    # behavior for APIs.
+    #
+    # # Field Masks in Update Operations
+    #
+    # A field mask in update operations specifies which fields of the
+    # targeted resource are going to be updated. The API is required
+    # to only change the values of the fields as specified in the mask
+    # and leave the others untouched. If a resource is passed in to
+    # describe the updated values, the API ignores the values of all
+    # fields not covered by the mask.
+    #
+    # If a repeated field is specified for an update operation, new values will
+    # be appended to the existing repeated field in the target resource. Note that
+    # a repeated field is only allowed in the last position of a `paths` string.
+    #
+    # If a sub-message is specified in the last position of the field mask for an
+    # update operation, then new value will be merged into the existing sub-message
+    # in the target resource.
+    #
+    # For example, given the target message:
+    #
+    #     f {
+    #       b {
+    #         d: 1
+    #         x: 2
+    #       }
+    #       c: [1]
+    #     }
+    #
+    # And an update message:
+    #
+    #     f {
+    #       b {
+    #         d: 10
+    #       }
+    #       c: [2]
+    #     }
+    #
+    # then if the field mask is:
+    #
+    #  paths: ["f.b", "f.c"]
+    #
+    # then the result will be:
+    #
+    #     f {
+    #       b {
+    #         d: 10
+    #         x: 2
+    #       }
+    #       c: [1, 2]
+    #     }
+    #
+    # An implementation may provide options to override this default behavior for
+    # repeated and message fields.
+    #
+    # In order to reset a field's value to the default, the field must
+    # be in the mask and set to the default value in the provided resource.
+    # Hence, in order to reset all fields of a resource, provide a default
+    # instance of the resource and set all fields in the mask, or do
+    # not provide a mask as described below.
+    #
+    # If a field mask is not present on update, the operation applies to
+    # all fields (as if a field mask of all fields has been specified).
+    # Note that in the presence of schema evolution, this may mean that
+    # fields the client does not know and has therefore not filled into
+    # the request will be reset to their default. If this is unwanted
+    # behavior, a specific service may require a client to always specify
+    # a field mask, producing an error if not.
+    #
+    # As with get operations, the location of the resource which
+    # describes the updated values in the request message depends on the
+    # operation kind. In any case, the effect of the field mask is
+    # required to be honored by the API.
+    #
+    # ## Considerations for HTTP REST
+    #
+    # The HTTP kind of an update operation which uses a field mask must
+    # be set to PATCH instead of PUT in order to satisfy HTTP semantics
+    # (PUT must only be used for full updates).
+    #
+    # # JSON Encoding of Field Masks
+    #
+    # In JSON, a field mask is encoded as a single string where paths are
+    # separated by a comma. Fields name in each path are converted
+    # to/from lower-camel naming conventions.
+    #
+    # As an example, consider the following message declarations:
+    #
+    #     message Profile {
+    #       User user = 1;
+    #       Photo photo = 2;
+    #     }
+    #     message User {
+    #       string display_name = 1;
+    #       string address = 2;
+    #     }
+    #
+    # In proto a field mask for `Profile` may look as such:
+    #
+    #     mask {
+    #       paths: "user.display_name"
+    #       paths: "photo"
+    #     }
+    #
+    # In JSON, the same mask is represented as below:
+    #
+    #     {
+    #       mask: "user.displayName,photo"
+    #     }
+    #
+    # # Field Masks and Oneof Fields
+    #
+    # Field masks treat fields in oneofs just as regular fields. Consider the
+    # following message:
+    #
+    #     message SampleMessage {
+    #       oneof test_oneof {
+    #         string name = 4;
+    #         SubMessage sub_message = 9;
+    #       }
+    #     }
+    #
+    # The field mask can be:
+    #
+    #     mask {
+    #       paths: "name"
+    #     }
+    #
+    # Or:
+    #
+    #     mask {
+    #       paths: "sub_message"
+    #     }
+    #
+    # Note that oneof type names ("test_oneof" in this case) cannot be used in
+    # paths.
+    #
+    # ## Field Mask Verification
+    #
+    # The implementation of any API method which has a FieldMask type field in the
+    # request should verify the included field paths, and return an
+    # `INVALID_ARGUMENT` error if any path is unmappable.
+    # @!attribute [rw] paths
+    #   @return [::Array<::String>]
+    #     The set of field mask paths.
+    class FieldMask
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/google/rpc/status.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Rpc
+    # The `Status` type defines a logical error model that is suitable for
+    # different programming environments, including REST APIs and RPC APIs. It is
+    # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+    # three pieces of data: error code, error message, and error details.
+    #
+    # You can find out more about this error model and how to work with it in the
+    # [API Design Guide](https://cloud.google.com/apis/design/errors).
+    # @!attribute [rw] code
+    #   @return [::Integer]
+    #     The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
+    # @!attribute [rw] message
+    #   @return [::String]
+    #     A developer-facing error message, which should be in English. Any
+    #     user-facing error message should be localized and sent in the
+    #     {::Google::Rpc::Status#details google.rpc.Status.details} field, or localized by the client.
+    # @!attribute [rw] details
+    #   @return [::Array<::Google::Protobuf::Any>]
+    #     A list of messages that carry the error details.  There is a common set of
+    #     message types for APIs to use.
+    class Status
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/attestation.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Note kind that represents a logical attestation "role" or "authority". For
+    # example, an organization might have one `Authority` for "QA" and one for
+    # "build". This note is intended to act strictly as a grouping mechanism for
+    # the attached occurrences (Attestations). This grouping mechanism also
+    # provides a security boundary, since IAM ACLs gate the ability for a principle
+    # to attach an occurrence to a given note. It also provides a single point of
+    # lookup to find all attached attestation occurrences, even if they don't all
+    # live in the same project.
+    # @!attribute [rw] hint
+    #   @return [::Grafeas::V1::AttestationNote::Hint]
+    #     Hint hints at the purpose of the attestation authority.
+    class AttestationNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # This submessage provides human-readable hints about the purpose of the
+      # authority. Because the name of a note acts as its resource reference, it is
+      # important to disambiguate the canonical name of the Note (which might be a
+      # UUID for security purposes) from "readable" names more suitable for debug
+      # output. Note that these hints should not be used to look up authorities in
+      # security sensitive contexts, such as when looking up attestations to
+      # verify.
+      # @!attribute [rw] human_readable_name
+      #   @return [::String]
+      #     Required. The human readable name of this attestation authority, for
+      #     example "qa".
+      class Hint
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # @!attribute [rw] compact_jwt
+    #   @return [::String]
+    #     The compact encoding of a JWS, which is always three base64 encoded strings
+    #     joined by periods. For details, see:
+    #     https://tools.ietf.org/html/rfc7515.html#section-3.1
+    class Jwt
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Occurrence that represents a single "attestation". The authenticity of an
+    # attestation can be verified using the attached signature. If the verifier
+    # trusts the public key of the signer, then verifying the signature is
+    # sufficient to establish trust. In this circumstance, the authority to which
+    # this attestation is attached is primarily useful for lookup (how to find
+    # this attestation if you already know the authority and artifact to be
+    # verified) and intent (for which authority this attestation was intended to
+    # sign.
+    # @!attribute [rw] serialized_payload
+    #   @return [::String]
+    #     Required. The serialized payload that is verified by one or more
+    #     `signatures`.
+    # @!attribute [rw] signatures
+    #   @return [::Array<::Grafeas::V1::Signature>]
+    #     One or more signatures over `serialized_payload`.  Verifier implementations
+    #     should consider this attestation message verified if at least one
+    #     `signature` verifies `serialized_payload`.  See `Signature` in common.proto
+    #     for more details on signature structure and verification.
+    # @!attribute [rw] jwts
+    #   @return [::Array<::Grafeas::V1::Jwt>]
+    #     One or more JWTs encoding a self-contained attestation.
+    #     Each JWT encodes the payload that it verifies within the JWT itself.
+    #     Verifier implementation SHOULD ignore the `serialized_payload` field
+    #     when verifying these JWTs.
+    #     If only JWTs are present on this AttestationOccurrence, then the
+    #     `serialized_payload` SHOULD be left empty.
+    #     Each JWT SHOULD encode a claim specific to the `resource_uri` of this
+    #     Occurrence, but this is not validated by Grafeas metadata API
+    #     implementations.  The JWT itself is opaque to Grafeas.
+    class AttestationOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/build.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Note holding the version of the provider's builder and the signature of the
+    # provenance message in the build details occurrence.
+    # @!attribute [rw] builder_version
+    #   @return [::String]
+    #     Required. Immutable. Version of the builder which produced this build.
+    class BuildNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details of a build occurrence.
+    # @!attribute [rw] provenance
+    #   @return [::Grafeas::V1::BuildProvenance]
+    #     The actual provenance for the build.
+    # @!attribute [rw] provenance_bytes
+    #   @return [::String]
+    #     Serialized JSON representation of the provenance, used in generating the
+    #     build signature in the corresponding build note. After verifying the
+    #     signature, `provenance_bytes` can be unmarshalled and compared to the
+    #     provenance to confirm that it is unchanged. A base64-encoded string
+    #     representation of the provenance bytes is used for the signature in order
+    #     to interoperate with openssl which expects this format for signature
+    #     verification.
+    #
+    #     The serialized form is captured both to avoid ambiguity in how the
+    #     provenance is marshalled to json as well to prevent incompatibilities with
+    #     future changes.
+    # @!attribute [rw] intoto_provenance
+    #   @return [::Grafeas::V1::InTotoProvenance]
+    #     Deprecated. See InTotoStatement for the replacement.
+    #     In-toto Provenance representation as defined in spec.
+    # @!attribute [rw] intoto_statement
+    #   @return [::Grafeas::V1::InTotoStatement]
+    #     In-toto Statement representation as defined in spec.
+    #     The intoto_statement can contain any type of provenance. The serialized
+    #     payload of the statement can be stored and signed in the Occurrence's
+    #     envelope.
+    class BuildOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/common.rb

@@ -65,7 +65,7 @@ module Grafeas
     #   @return [::String]
     #     The identifier for the public key that verifies this signature.
     #       * The `public_key_id` is required.
-    #       * The `public_key_id` MUST be an RFC3986 conformant URI.
+    #       * The `public_key_id` SHOULD be an RFC3986 conformant URI.
     #       * When possible, the `public_key_id` SHOULD be an immutable reference,
     #         such as a cryptographic digest.
     #
@@ -85,9 +85,32 @@ module Grafeas
       extend ::Google::Protobuf::MessageExts::ClassMethods
     end
 
+    # MUST match
+    # https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
+    # authenticated message of arbitrary type.
+    # @!attribute [rw] payload
+    #   @return [::String]
+    # @!attribute [rw] payload_type
+    #   @return [::String]
+    # @!attribute [rw] signatures
+    #   @return [::Array<::Grafeas::V1::EnvelopeSignature>]
+    class Envelope
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # @!attribute [rw] sig
+    #   @return [::String]
+    # @!attribute [rw] keyid
+    #   @return [::String]
+    class EnvelopeSignature
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
     # Kind represents the kinds of notes supported.
     module NoteKind
-      # Unknown.
+      # Default value. This value is unused.
       NOTE_KIND_UNSPECIFIED = 0
 
       # The note and occurrence represent a package vulnerability.
@@ -113,6 +136,12 @@ module Grafeas
 
       # This represents an available package upgrade.
       UPGRADE = 8
+
+      # This represents a Compliance Note
+      COMPLIANCE = 9
+
+      # This represents a DSSE attestation Note
+      DSSE_ATTESTATION = 10
     end
   end
 end

data/proto_docs/grafeas/v1/compliance.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # @!attribute [rw] title
+    #   @return [::String]
+    #     The title that identifies this compliance check.
+    # @!attribute [rw] description
+    #   @return [::String]
+    #     A description about this compliance check.
+    # @!attribute [rw] version
+    #   @return [::Array<::Grafeas::V1::ComplianceVersion>]
+    #     The OS and config versions the benchmark applies to.
+    # @!attribute [rw] rationale
+    #   @return [::String]
+    #     A rationale for the existence of this compliance check.
+    # @!attribute [rw] remediation
+    #   @return [::String]
+    #     A description of remediation steps if the compliance check fails.
+    # @!attribute [rw] cis_benchmark
+    #   @return [::Grafeas::V1::ComplianceNote::CisBenchmark]
+    # @!attribute [rw] scan_instructions
+    #   @return [::String]
+    #     Serialized scan instructions with a predefined format.
+    class ComplianceNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A compliance check that is a CIS benchmark.
+      # @!attribute [rw] profile_level
+      #   @return [::Integer]
+      # @!attribute [rw] severity
+      #   @return [::Grafeas::V1::Severity]
+      class CisBenchmark
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Describes the CIS benchmark version that is applicable to a given OS and
+    # os version.
+    # @!attribute [rw] cpe_uri
+    #   @return [::String]
+    #     The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
+    #     applicable to.
+    # @!attribute [rw] version
+    #   @return [::String]
+    #     The version of the benchmark. This is set to the version of the OS-specific
+    #     CIS document the benchmark is defined in.
+    class ComplianceVersion
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # An indication that the compliance checks in the associated ComplianceNote
+    # were not satisfied for particular resources or a specified reason.
+    # @!attribute [rw] non_compliant_files
+    #   @return [::Array<::Grafeas::V1::NonCompliantFile>]
+    # @!attribute [rw] non_compliance_reason
+    #   @return [::String]
+    class ComplianceOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details about files that caused a compliance check to fail.
+    # @!attribute [rw] path
+    #   @return [::String]
+    #     Empty if `display_command` is set.
+    # @!attribute [rw] display_command
+    #   @return [::String]
+    #     Command to display the non-compliant files.
+    # @!attribute [rw] reason
+    #   @return [::String]
+    #     Explains why a file is non compliant for a CIS check.
+    class NonCompliantFile
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end