google-cloud-container_analysis-v1 0.4.3 → 0.4.7

data/proto_docs/grafeas/v1/intoto_statement.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Spec defined at
+    # https://github.com/in-toto/attestation/tree/main/spec#statement The
+    # serialized InTotoStatement will be stored as Envelope.payload.
+    # Envelope.payloadType is always "application/vnd.in-toto+json".
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     Always `https://in-toto.io/Statement/v0.1`.
+    # @!attribute [rw] subject
+    #   @return [::Array<::Grafeas::V1::Subject>]
+    # @!attribute [rw] predicate_type
+    #   @return [::String]
+    #     `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
+    # @!attribute [rw] provenance
+    #   @return [::Grafeas::V1::InTotoProvenance]
+    # @!attribute [rw] slsa_provenance
+    #   @return [::Grafeas::V1::SlsaProvenance]
+    class InTotoStatement
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # @!attribute [rw] name
+    #   @return [::String]
+    # @!attribute [rw] digest
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     `"<ALGORITHM>": "<HEX_VALUE>"`
+    #     Algorithms can be e.g. sha256, sha512
+    #     See
+    #     https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+    class Subject
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class DigestEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/package.rb

@@ -101,6 +101,14 @@ module Grafeas
     # @!attribute [rw] revision
     #   @return [::String]
     #     The iteration of the package build from the above version.
+    # @!attribute [rw] inclusive
+    #   @return [::Boolean]
+    #     Whether this version is specifying part of an inclusive range. Grafeas
+    #     does not have the capability to specify version ranges; instead we have
+    #     fields that specify start version and end versions. At times this is
+    #     insufficient - we also need to specify whether the version is included in
+    #     the range or is excluded from the range. This boolean is expected to be set
+    #     to true when the version is included in a range.
     # @!attribute [rw] kind
     #   @return [::Grafeas::V1::Version::VersionKind]
     #     Required. Distinguishes between sentinel MIN/MAX versions and normal

data/proto_docs/grafeas/v1/provenance.rb

@@ -0,0 +1,318 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Provenance of a build. Contains all information needed to verify the full
+    # details about the build from source to completion.
+    # @!attribute [rw] id
+    #   @return [::String]
+    #     Required. Unique identifier of the build.
+    # @!attribute [rw] project_id
+    #   @return [::String]
+    #     ID of the project.
+    # @!attribute [rw] commands
+    #   @return [::Array<::Grafeas::V1::Command>]
+    #     Commands requested by the build.
+    # @!attribute [rw] built_artifacts
+    #   @return [::Array<::Grafeas::V1::Artifact>]
+    #     Output of the build.
+    # @!attribute [rw] create_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     Time at which the build was created.
+    # @!attribute [rw] start_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     Time at which execution of the build was started.
+    # @!attribute [rw] end_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     Time at which execution of the build was finished.
+    # @!attribute [rw] creator
+    #   @return [::String]
+    #     E-mail address of the user who initiated this build. Note that this was the
+    #     user's e-mail address at the time the build was initiated; this address may
+    #     not represent the same end-user for all time.
+    # @!attribute [rw] logs_uri
+    #   @return [::String]
+    #     URI where any logs for this provenance were written.
+    # @!attribute [rw] source_provenance
+    #   @return [::Grafeas::V1::Source]
+    #     Details of the Source input to the build.
+    # @!attribute [rw] trigger_id
+    #   @return [::String]
+    #     Trigger identifier if the build was triggered automatically; empty if not.
+    # @!attribute [rw] build_options
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     Special options applied to this build. This is a catch-all field where
+    #     build providers can enter any desired additional details.
+    # @!attribute [rw] builder_version
+    #   @return [::String]
+    #     Version string of the builder at the time this build was executed.
+    class BuildProvenance
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class BuildOptionsEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Source describes the location of the source used for the build.
+    # @!attribute [rw] artifact_storage_source_uri
+    #   @return [::String]
+    #     If provided, the input binary artifacts for the build came from this
+    #     location.
+    # @!attribute [rw] file_hashes
+    #   @return [::Google::Protobuf::Map{::String => ::Grafeas::V1::FileHashes}]
+    #     Hash(es) of the build source, which can be used to verify that the original
+    #     source integrity was maintained in the build.
+    #
+    #     The keys to this map are file paths used as build source and the values
+    #     contain the hash values for those files.
+    #
+    #     If the build source came in a single package such as a gzipped tarfile
+    #     (.tar.gz), the FileHash will be for the single path to that file.
+    # @!attribute [rw] context
+    #   @return [::Grafeas::V1::SourceContext]
+    #     If provided, the source code used for the build came from this location.
+    # @!attribute [rw] additional_contexts
+    #   @return [::Array<::Grafeas::V1::SourceContext>]
+    #     If provided, some of the source code used for the build may be found in
+    #     these locations, in the case where the source repository had multiple
+    #     remotes or submodules. This list will not include the context specified in
+    #     the context field.
+    class Source
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::Grafeas::V1::FileHashes]
+      class FileHashesEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Container message for hashes of byte content of files, used in source
+    # messages to verify integrity of source input to the build.
+    # @!attribute [rw] file_hash
+    #   @return [::Array<::Grafeas::V1::Hash>]
+    #     Required. Collection of file hashes.
+    class FileHashes
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Container message for hash values.
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     Required. The type of hash that was performed, e.g. "SHA-256".
+    # @!attribute [rw] value
+    #   @return [::String]
+    #     Required. The hash value.
+    class Hash
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Command describes a step performed as part of the build pipeline.
+    # @!attribute [rw] name
+    #   @return [::String]
+    #     Required. Name of the command, as presented on the command line, or if the
+    #     command is packaged as a Docker container, as presented to `docker pull`.
+    # @!attribute [rw] env
+    #   @return [::Array<::String>]
+    #     Environment variables set before running this command.
+    # @!attribute [rw] args
+    #   @return [::Array<::String>]
+    #     Command-line arguments used when executing this command.
+    # @!attribute [rw] dir
+    #   @return [::String]
+    #     Working directory (relative to project source root) used when running this
+    #     command.
+    # @!attribute [rw] id
+    #   @return [::String]
+    #     Optional unique identifier for this command, used in wait_for to reference
+    #     this command as a dependency.
+    # @!attribute [rw] wait_for
+    #   @return [::Array<::String>]
+    #     The ID(s) of the command(s) that this command depends on.
+    class Command
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Artifact describes a build product.
+    # @!attribute [rw] checksum
+    #   @return [::String]
+    #     Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
+    #     container.
+    # @!attribute [rw] id
+    #   @return [::String]
+    #     Artifact ID, if any; for container images, this will be a URL by digest
+    #     like `gcr.io/projectID/imagename@sha256:123456`.
+    # @!attribute [rw] names
+    #   @return [::Array<::String>]
+    #     Related artifact names. This may be the path to a binary or jar file, or in
+    #     the case of a container build, the name used to push the container image to
+    #     Google Container Registry, as presented to `docker push`. Note that a
+    #     single Artifact ID can have multiple names, for example if two tags are
+    #     applied to one image.
+    class Artifact
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # A SourceContext is a reference to a tree of files. A SourceContext together
+    # with a path point to a unique revision of a single file or directory.
+    # @!attribute [rw] cloud_repo
+    #   @return [::Grafeas::V1::CloudRepoSourceContext]
+    #     A SourceContext referring to a revision in a Google Cloud Source Repo.
+    # @!attribute [rw] gerrit
+    #   @return [::Grafeas::V1::GerritSourceContext]
+    #     A SourceContext referring to a Gerrit project.
+    # @!attribute [rw] git
+    #   @return [::Grafeas::V1::GitSourceContext]
+    #     A SourceContext referring to any third party Git repo (e.g., GitHub).
+    # @!attribute [rw] labels
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     Labels with user defined metadata.
+    class SourceContext
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class LabelsEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # An alias to a repo revision.
+    # @!attribute [rw] kind
+    #   @return [::Grafeas::V1::AliasContext::Kind]
+    #     The alias kind.
+    # @!attribute [rw] name
+    #   @return [::String]
+    #     The alias name.
+    class AliasContext
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # The type of an alias.
+      module Kind
+        # Unknown.
+        KIND_UNSPECIFIED = 0
+
+        # Git tag.
+        FIXED = 1
+
+        # Git branch.
+        MOVABLE = 2
+
+        # Used to specify non-standard aliases. For example, if a Git repo has a
+        # ref named "refs/foo/bar".
+        OTHER = 4
+      end
+    end
+
+    # A CloudRepoSourceContext denotes a particular revision in a Google Cloud
+    # Source Repo.
+    # @!attribute [rw] repo_id
+    #   @return [::Grafeas::V1::RepoId]
+    #     The ID of the repo.
+    # @!attribute [rw] revision_id
+    #   @return [::String]
+    #     A revision ID.
+    # @!attribute [rw] alias_context
+    #   @return [::Grafeas::V1::AliasContext]
+    #     An alias, which may be a branch or tag.
+    class CloudRepoSourceContext
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # A SourceContext referring to a Gerrit project.
+    # @!attribute [rw] host_uri
+    #   @return [::String]
+    #     The URI of a running Gerrit instance.
+    # @!attribute [rw] gerrit_project
+    #   @return [::String]
+    #     The full project name within the host. Projects may be nested, so
+    #     "project/subproject" is a valid project name. The "repo name" is the
+    #     hostURI/project.
+    # @!attribute [rw] revision_id
+    #   @return [::String]
+    #     A revision (commit) ID.
+    # @!attribute [rw] alias_context
+    #   @return [::Grafeas::V1::AliasContext]
+    #     An alias, which may be a branch or tag.
+    class GerritSourceContext
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # A GitSourceContext denotes a particular revision in a third party Git
+    # repository (e.g., GitHub).
+    # @!attribute [rw] url
+    #   @return [::String]
+    #     Git repository URL.
+    # @!attribute [rw] revision_id
+    #   @return [::String]
+    #     Git commit hash.
+    class GitSourceContext
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # A unique identifier for a Cloud Repo.
+    # @!attribute [rw] project_repo_id
+    #   @return [::Grafeas::V1::ProjectRepoId]
+    #     A combination of a project ID and a repo name.
+    # @!attribute [rw] uid
+    #   @return [::String]
+    #     A server-assigned, globally unique identifier.
+    class RepoId
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Selects a repo using a Google Cloud Platform project ID (e.g.,
+    # winged-cargo-31) and a repo name within that project.
+    # @!attribute [rw] project_id
+    #   @return [::String]
+    #     The ID of the project.
+    # @!attribute [rw] repo_name
+    #   @return [::String]
+    #     The name of the repo. Leave empty for the default repo.
+    class ProjectRepoId
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/severity.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Note provider assigned severity/impact ranking.
+    module Severity
+      # Unknown.
+      SEVERITY_UNSPECIFIED = 0
+
+      # Minimal severity.
+      MINIMAL = 1
+
+      # Low severity.
+      LOW = 2
+
+      # Medium severity.
+      MEDIUM = 3
+
+      # High severity.
+      HIGH = 4
+
+      # Critical severity.
+      CRITICAL = 5
+    end
+  end
+end

data/proto_docs/grafeas/v1/slsa_provenance.rb

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # @!attribute [rw] builder
+    #   @return [::Grafeas::V1::SlsaProvenance::SlsaBuilder]
+    # @!attribute [rw] recipe
+    #   @return [::Grafeas::V1::SlsaProvenance::SlsaRecipe]
+    #     Identifies the configuration used for the build.
+    #     When combined with materials, this SHOULD fully describe the build,
+    #     such that re-running this recipe results in bit-for-bit identical output
+    #     (if the build is reproducible).
+    # @!attribute [rw] metadata
+    #   @return [::Grafeas::V1::SlsaProvenance::SlsaMetadata]
+    # @!attribute [rw] materials
+    #   @return [::Array<::Grafeas::V1::SlsaProvenance::Material>]
+    #     The collection of artifacts that influenced the build including sources,
+    #     dependencies, build tools, base images, and so on. This is considered to be
+    #     incomplete unless metadata.completeness.materials is true. Unset or null is
+    #     equivalent to empty.
+    class SlsaProvenance
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Steps taken to build the artifact.
+      # For a TaskRun, typically each container corresponds to one step in the
+      # recipe.
+      # @!attribute [rw] type
+      #   @return [::String]
+      #     URI indicating what type of recipe was performed. It determines the
+      #     meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and
+      #     materials.
+      # @!attribute [rw] defined_in_material
+      #   @return [::Integer]
+      #     Index in materials containing the recipe steps that are not implied by
+      #     recipe.type. For example, if the recipe type were "make", then this would
+      #     point to the source containing the Makefile, not the make program itself.
+      #     Set to -1 if the recipe doesn't come from a material, as zero is default
+      #     unset value for int64.
+      # @!attribute [rw] entry_point
+      #   @return [::String]
+      #     String identifying the entry point into the build.
+      #     This is often a path to a configuration file and/or a target label within
+      #     that file. The syntax and meaning are defined by recipe.type. For
+      #     example, if the recipe type were "make", then this would reference the
+      #     directory in which to run make as well as which target to use.
+      # @!attribute [rw] arguments
+      #   @return [::Google::Protobuf::Any]
+      #     Collection of all external inputs that influenced the build on top of
+      #     recipe.definedInMaterial and recipe.entryPoint. For example, if the
+      #     recipe type were "make", then this might be the flags passed to make
+      #     aside from the target, which is captured in recipe.entryPoint. Depending
+      #     on the recipe Type, the structure may be different.
+      # @!attribute [rw] environment
+      #   @return [::Google::Protobuf::Any]
+      #     Any other builder-controlled inputs necessary for correctly evaluating
+      #     the recipe. Usually only needed for reproducing the build but not
+      #     evaluated as part of policy. Depending on the recipe Type, the structure
+      #     may be different.
+      class SlsaRecipe
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Indicates that the builder claims certain fields in this message to be
+      # complete.
+      # @!attribute [rw] arguments
+      #   @return [::Boolean]
+      #     If true, the builder claims that recipe.arguments is complete, meaning
+      #     that all external inputs are properly captured in the recipe.
+      # @!attribute [rw] environment
+      #   @return [::Boolean]
+      #     If true, the builder claims that recipe.environment is claimed to be
+      #     complete.
+      # @!attribute [rw] materials
+      #   @return [::Boolean]
+      #     If true, the builder claims that materials are complete, usually through
+      #     some controls to prevent network access. Sometimes called "hermetic".
+      class SlsaCompleteness
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Other properties of the build.
+      # @!attribute [rw] build_invocation_id
+      #   @return [::String]
+      #     Identifies the particular build invocation, which can be useful for
+      #     finding associated logs or other ad-hoc analysis. The value SHOULD be
+      #     globally unique, per in-toto Provenance spec.
+      # @!attribute [rw] build_started_on
+      #   @return [::Google::Protobuf::Timestamp]
+      #     The timestamp of when the build started.
+      # @!attribute [rw] build_finished_on
+      #   @return [::Google::Protobuf::Timestamp]
+      #     The timestamp of when the build completed.
+      # @!attribute [rw] completeness
+      #   @return [::Grafeas::V1::SlsaProvenance::SlsaCompleteness]
+      #     Indicates that the builder claims certain fields in this message to be
+      #     complete.
+      # @!attribute [rw] reproducible
+      #   @return [::Boolean]
+      #     If true, the builder claims that running the recipe on materials will
+      #     produce bit-for-bit identical output.
+      class SlsaMetadata
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # @!attribute [rw] id
+      #   @return [::String]
+      class SlsaBuilder
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # @!attribute [rw] uri
+      #   @return [::String]
+      # @!attribute [rw] digest
+      #   @return [::Google::Protobuf::Map{::String => ::String}]
+      class Material
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # @!attribute [rw] key
+        #   @return [::String]
+        # @!attribute [rw] value
+        #   @return [::String]
+        class DigestEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end