grafeas-client 0.3.0 → 0.4.0

data/lib/grafeas/v1/doc/grafeas/v1/attestation.rb

@@ -1,64 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # Note kind that represents a logical attestation "role" or "authority". For
-    # example, an organization might have one `Authority` for "QA" and one for
-    # "build". This note is intended to act strictly as a grouping mechanism for
-    # the attached occurrences (Attestations). This grouping mechanism also
-    # provides a security boundary, since IAM ACLs gate the ability for a principle
-    # to attach an occurrence to a given note. It also provides a single point of
-    # lookup to find all attached attestation occurrences, even if they don't all
-    # live in the same project.
-    # @!attribute [rw] hint
-    #   @return [Grafeas::V1::AttestationNote::Hint]
-    #     Hint hints at the purpose of the attestation authority.
-    class AttestationNote
-      # This submessage provides human-readable hints about the purpose of the
-      # authority. Because the name of a note acts as its resource reference, it is
-      # important to disambiguate the canonical name of the Note (which might be a
-      # UUID for security purposes) from "readable" names more suitable for debug
-      # output. Note that these hints should not be used to look up authorities in
-      # security sensitive contexts, such as when looking up attestations to
-      # verify.
-      # @!attribute [rw] human_readable_name
-      #   @return [String]
-      #     Required. The human readable name of this attestation authority, for
-      #     example "qa".
-      class Hint; end
-    end
-
-    # Occurrence that represents a single "attestation". The authenticity of an
-    # attestation can be verified using the attached signature. If the verifier
-    # trusts the public key of the signer, then verifying the signature is
-    # sufficient to establish trust. In this circumstance, the authority to which
-    # this attestation is attached is primarily useful for lookup (how to find
-    # this attestation if you already know the authority and artifact to be
-    # verified) and intent (for which authority this attestation was intended to
-    # sign.
-    # @!attribute [rw] serialized_payload
-    #   @return [String]
-    #     Required. The serialized payload that is verified by one or more
-    #     `signatures`.
-    # @!attribute [rw] signatures
-    #   @return [Array<Grafeas::V1::Signature>]
-    #     One or more signatures over `serialized_payload`.  Verifier implementations
-    #     should consider this attestation message verified if at least one
-    #     `signature` verifies `serialized_payload`.  See `Signature` in common.proto
-    #     for more details on signature structure and verification.
-    class AttestationOccurrence; end
-  end
-end

data/lib/grafeas/v1/doc/grafeas/v1/build.rb

@@ -1,44 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # Note holding the version of the provider's builder and the signature of the
-    # provenance message in the build details occurrence.
-    # @!attribute [rw] builder_version
-    #   @return [String]
-    #     Required. Immutable. Version of the builder which produced this build.
-    class BuildNote; end
-
-    # Details of a build occurrence.
-    # @!attribute [rw] provenance
-    #   @return [Grafeas::V1::BuildProvenance]
-    #     Required. The actual provenance for the build.
-    # @!attribute [rw] provenance_bytes
-    #   @return [String]
-    #     Serialized JSON representation of the provenance, used in generating the
-    #     build signature in the corresponding build note. After verifying the
-    #     signature, `provenance_bytes` can be unmarshalled and compared to the
-    #     provenance to confirm that it is unchanged. A base64-encoded string
-    #     representation of the provenance bytes is used for the signature in order
-    #     to interoperate with openssl which expects this format for signature
-    #     verification.
-    #
-    #     The serialized form is captured both to avoid ambiguity in how the
-    #     provenance is marshalled to json as well to prevent incompatibilities with
-    #     future changes.
-    class BuildOccurrence; end
-  end
-end

data/lib/grafeas/v1/doc/grafeas/v1/common.rb

@@ -1,105 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # Metadata for any related URL information.
-    # @!attribute [rw] url
-    #   @return [String]
-    #     Specific URL associated with the resource.
-    # @!attribute [rw] label
-    #   @return [String]
-    #     Label to describe usage of the URL.
-    class RelatedUrl; end
-
-    # Verifiers (e.g. Kritis implementations) MUST verify signatures
-    # with respect to the trust anchors defined in policy (e.g. a Kritis policy).
-    # Typically this means that the verifier has been configured with a map from
-    # `public_key_id` to public key material (and any required parameters, e.g.
-    # signing algorithm).
-    #
-    # In particular, verification implementations MUST NOT treat the signature
-    # `public_key_id` as anything more than a key lookup hint. The `public_key_id`
-    # DOES NOT validate or authenticate a public key; it only provides a mechanism
-    # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
-    # a trusted channel. Verification implementations MUST reject signatures in any
-    # of the following circumstances:
-    # * The `public_key_id` is not recognized by the verifier.
-    #   * The public key that `public_key_id` refers to does not verify the
-    #     signature with respect to the payload.
-    #
-    #   The `signature` contents SHOULD NOT be "attached" (where the payload is
-    #   included with the serialized `signature` bytes). Verifiers MUST ignore any
-    #   "attached" payload and only verify signatures with respect to explicitly
-    #   provided payload (e.g. a `payload` field on the proto message that holds
-    #   this Signature, or the canonical serialization of the proto message that
-    #   holds this signature).
-    # @!attribute [rw] signature
-    #   @return [String]
-    #     The content of the signature, an opaque bytestring.
-    #     The payload that this signature verifies MUST be unambiguously provided
-    #     with the Signature during verification. A wrapper message might provide
-    #     the payload explicitly. Alternatively, a message might have a canonical
-    #     serialization that can always be unambiguously computed to derive the
-    #     payload.
-    # @!attribute [rw] public_key_id
-    #   @return [String]
-    #     The identifier for the public key that verifies this signature.
-    #     * The `public_key_id` is required.
-    #       * The `public_key_id` MUST be an RFC3986 conformant URI.
-    #       * When possible, the `public_key_id` SHOULD be an immutable reference,
-    #         such as a cryptographic digest.
-    #
-    #       Examples of valid `public_key_id`s:
-    #
-    #     OpenPGP V4 public key fingerprint:
-    #     * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
-    #       See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
-    #       details on this scheme.
-    #
-    #     RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
-    #     serialization):
-    #     * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
-    #       * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
-    class Signature; end
-
-    # Kind represents the kinds of notes supported.
-    module NoteKind
-      # Unknown.
-      NOTE_KIND_UNSPECIFIED = 0
-
-      # The note and occurrence represent a package vulnerability.
-      VULNERABILITY = 1
-
-      # The note and occurrence assert build provenance.
-      BUILD = 2
-
-      # This represents an image basis relationship.
-      IMAGE = 3
-
-      # This represents a package installed via a package manager.
-      PACKAGE = 4
-
-      # The note and occurrence track deployment events.
-      DEPLOYMENT = 5
-
-      # The note and occurrence track the initial discovery status of a resource.
-      DISCOVERY = 6
-
-      # This represents a logical "role" that can attest to artifacts.
-      ATTESTATION = 7
-    end
-  end
-end

data/lib/grafeas/v1/doc/grafeas/v1/cvss.rb

@@ -1,104 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # Common Vulnerability Scoring System version 3.
-    # For details, see https://www.first.org/cvss/specification-document
-    # @!attribute [rw] base_score
-    #   @return [Float]
-    #     The base score is a function of the base metric scores.
-    # @!attribute [rw] exploitability_score
-    #   @return [Float]
-    # @!attribute [rw] impact_score
-    #   @return [Float]
-    # @!attribute [rw] attack_vector
-    #   @return [Grafeas::V1::CVSSv3::AttackVector]
-    #     Base Metrics
-    #     Represents the intrinsic characteristics of a vulnerability that are
-    #     constant over time and across user environments.
-    # @!attribute [rw] attack_complexity
-    #   @return [Grafeas::V1::CVSSv3::AttackComplexity]
-    # @!attribute [rw] privileges_required
-    #   @return [Grafeas::V1::CVSSv3::PrivilegesRequired]
-    # @!attribute [rw] user_interaction
-    #   @return [Grafeas::V1::CVSSv3::UserInteraction]
-    # @!attribute [rw] scope
-    #   @return [Grafeas::V1::CVSSv3::Scope]
-    # @!attribute [rw] confidentiality_impact
-    #   @return [Grafeas::V1::CVSSv3::Impact]
-    # @!attribute [rw] integrity_impact
-    #   @return [Grafeas::V1::CVSSv3::Impact]
-    # @!attribute [rw] availability_impact
-    #   @return [Grafeas::V1::CVSSv3::Impact]
-    class CVSSv3
-      module AttackComplexity
-        ATTACK_COMPLEXITY_UNSPECIFIED = 0
-
-        ATTACK_COMPLEXITY_LOW = 1
-
-        ATTACK_COMPLEXITY_HIGH = 2
-      end
-
-      module AttackVector
-        ATTACK_VECTOR_UNSPECIFIED = 0
-
-        ATTACK_VECTOR_NETWORK = 1
-
-        ATTACK_VECTOR_ADJACENT = 2
-
-        ATTACK_VECTOR_LOCAL = 3
-
-        ATTACK_VECTOR_PHYSICAL = 4
-      end
-
-      module Impact
-        IMPACT_UNSPECIFIED = 0
-
-        IMPACT_HIGH = 1
-
-        IMPACT_LOW = 2
-
-        IMPACT_NONE = 3
-      end
-
-      module PrivilegesRequired
-        PRIVILEGES_REQUIRED_UNSPECIFIED = 0
-
-        PRIVILEGES_REQUIRED_NONE = 1
-
-        PRIVILEGES_REQUIRED_LOW = 2
-
-        PRIVILEGES_REQUIRED_HIGH = 3
-      end
-
-      module Scope
-        SCOPE_UNSPECIFIED = 0
-
-        SCOPE_UNCHANGED = 1
-
-        SCOPE_CHANGED = 2
-      end
-
-      module UserInteraction
-        USER_INTERACTION_UNSPECIFIED = 0
-
-        USER_INTERACTION_NONE = 1
-
-        USER_INTERACTION_REQUIRED = 2
-      end
-    end
-  end
-end

data/lib/grafeas/v1/doc/grafeas/v1/deployment.rb

@@ -1,64 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # An artifact that can be deployed in some runtime.
-    # @!attribute [rw] resource_uri
-    #   @return [Array<String>]
-    #     Required. Resource URI for the artifact being deployed.
-    class DeploymentNote; end
-
-    # The period during which some deployable was active in a runtime.
-    # @!attribute [rw] user_email
-    #   @return [String]
-    #     Identity of the user that triggered this deployment.
-    # @!attribute [rw] deploy_time
-    #   @return [Google::Protobuf::Timestamp]
-    #     Required. Beginning of the lifetime of this deployment.
-    # @!attribute [rw] undeploy_time
-    #   @return [Google::Protobuf::Timestamp]
-    #     End of the lifetime of this deployment.
-    # @!attribute [rw] config
-    #   @return [String]
-    #     Configuration used to create this deployment.
-    # @!attribute [rw] address
-    #   @return [String]
-    #     Address of the runtime element hosting this deployment.
-    # @!attribute [rw] resource_uri
-    #   @return [Array<String>]
-    #     Output only. Resource URI for the artifact being deployed taken from
-    #     the deployable field with the same name.
-    # @!attribute [rw] platform
-    #   @return [Grafeas::V1::DeploymentOccurrence::Platform]
-    #     Platform hosting this deployment.
-    class DeploymentOccurrence
-      # Types of platforms.
-      module Platform
-        # Unknown.
-        PLATFORM_UNSPECIFIED = 0
-
-        # Google Container Engine.
-        GKE = 1
-
-        # Google App Engine: Flexible Environment.
-        FLEX = 2
-
-        # Custom user-defined platform.
-        CUSTOM = 3
-      end
-    end
-  end
-end

data/lib/grafeas/v1/doc/grafeas/v1/discovery.rb

@@ -1,76 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-module Grafeas
-  module V1
-    # A note that indicates a type of analysis a provider would perform. This note
-    # exists in a provider's project. A `Discovery` occurrence is created in a
-    # consumer's project at the start of analysis.
-    # @!attribute [rw] analysis_kind
-    #   @return [Grafeas::V1::NoteKind]
-    #     Required. Immutable. The kind of analysis that is handled by this
-    #     discovery.
-    class DiscoveryNote; end
-
-    # Provides information about the analysis status of a discovered resource.
-    # @!attribute [rw] continuous_analysis
-    #   @return [Grafeas::V1::DiscoveryOccurrence::ContinuousAnalysis]
-    #     Whether the resource is continuously analyzed.
-    # @!attribute [rw] analysis_status
-    #   @return [Grafeas::V1::DiscoveryOccurrence::AnalysisStatus]
-    #     The status of discovery for the resource.
-    # @!attribute [rw] analysis_status_error
-    #   @return [Google::Rpc::Status]
-    #     When an error is encountered this will contain a LocalizedMessage under
-    #     details to show to the user. The LocalizedMessage is output only and
-    #     populated by the API.
-    class DiscoveryOccurrence
-      # Analysis status for a resource. Currently for initial analysis only (not
-      # updated in continuous analysis).
-      module AnalysisStatus
-        # Unknown.
-        ANALYSIS_STATUS_UNSPECIFIED = 0
-
-        # Resource is known but no action has been taken yet.
-        PENDING = 1
-
-        # Resource is being analyzed.
-        SCANNING = 2
-
-        # Analysis has finished successfully.
-        FINISHED_SUCCESS = 3
-
-        # Analysis has finished unsuccessfully, the analysis itself is in a bad
-        # state.
-        FINISHED_FAILED = 4
-
-        # The resource is known not to be supported
-        FINISHED_UNSUPPORTED = 5
-      end
-
-      # Whether the resource is continuously analyzed.
-      module ContinuousAnalysis
-        # Unknown.
-        CONTINUOUS_ANALYSIS_UNSPECIFIED = 0
-
-        # The resource is continuously analyzed.
-        ACTIVE = 1
-
-        # The resource is ignored for continuous analysis.
-        INACTIVE = 2
-      end
-    end
-  end
-end