grafeas-v1 0.1.0

data/proto_docs/google/rpc/status.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Rpc
+    # The `Status` type defines a logical error model that is suitable for
+    # different programming environments, including REST APIs and RPC APIs. It is
+    # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+    # three pieces of data: error code, error message, and error details.
+    #
+    # You can find out more about this error model and how to work with it in the
+    # [API Design Guide](https://cloud.google.com/apis/design/errors).
+    # @!attribute [rw] code
+    #   @return [::Integer]
+    #     The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
+    # @!attribute [rw] message
+    #   @return [::String]
+    #     A developer-facing error message, which should be in English. Any
+    #     user-facing error message should be localized and sent in the
+    #     {::Google::Rpc::Status#details google.rpc.Status.details} field, or localized by the client.
+    # @!attribute [rw] details
+    #   @return [::Array<::Google::Protobuf::Any>]
+    #     A list of messages that carry the error details.  There is a common set of
+    #     message types for APIs to use.
+    class Status
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/attestation.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Note kind that represents a logical attestation "role" or "authority". For
+    # example, an organization might have one `Authority` for "QA" and one for
+    # "build". This note is intended to act strictly as a grouping mechanism for
+    # the attached occurrences (Attestations). This grouping mechanism also
+    # provides a security boundary, since IAM ACLs gate the ability for a principle
+    # to attach an occurrence to a given note. It also provides a single point of
+    # lookup to find all attached attestation occurrences, even if they don't all
+    # live in the same project.
+    # @!attribute [rw] hint
+    #   @return [::Grafeas::V1::AttestationNote::Hint]
+    #     Hint hints at the purpose of the attestation authority.
+    class AttestationNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # This submessage provides human-readable hints about the purpose of the
+      # authority. Because the name of a note acts as its resource reference, it is
+      # important to disambiguate the canonical name of the Note (which might be a
+      # UUID for security purposes) from "readable" names more suitable for debug
+      # output. Note that these hints should not be used to look up authorities in
+      # security sensitive contexts, such as when looking up attestations to
+      # verify.
+      # @!attribute [rw] human_readable_name
+      #   @return [::String]
+      #     Required. The human readable name of this attestation authority, for
+      #     example "qa".
+      class Hint
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Occurrence that represents a single "attestation". The authenticity of an
+    # attestation can be verified using the attached signature. If the verifier
+    # trusts the public key of the signer, then verifying the signature is
+    # sufficient to establish trust. In this circumstance, the authority to which
+    # this attestation is attached is primarily useful for lookup (how to find
+    # this attestation if you already know the authority and artifact to be
+    # verified) and intent (for which authority this attestation was intended to
+    # sign.
+    # @!attribute [rw] serialized_payload
+    #   @return [::String]
+    #     Required. The serialized payload that is verified by one or more
+    #     `signatures`.
+    # @!attribute [rw] signatures
+    #   @return [::Array<::Grafeas::V1::Signature>]
+    #     One or more signatures over `serialized_payload`.  Verifier implementations
+    #     should consider this attestation message verified if at least one
+    #     `signature` verifies `serialized_payload`.  See `Signature` in common.proto
+    #     for more details on signature structure and verification.
+    class AttestationOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/build.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Note holding the version of the provider's builder and the signature of the
+    # provenance message in the build details occurrence.
+    # @!attribute [rw] builder_version
+    #   @return [::String]
+    #     Required. Immutable. Version of the builder which produced this build.
+    class BuildNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details of a build occurrence.
+    # @!attribute [rw] provenance
+    #   @return [::Grafeas::V1::BuildProvenance]
+    #     Required. The actual provenance for the build.
+    # @!attribute [rw] provenance_bytes
+    #   @return [::String]
+    #     Serialized JSON representation of the provenance, used in generating the
+    #     build signature in the corresponding build note. After verifying the
+    #     signature, `provenance_bytes` can be unmarshalled and compared to the
+    #     provenance to confirm that it is unchanged. A base64-encoded string
+    #     representation of the provenance bytes is used for the signature in order
+    #     to interoperate with openssl which expects this format for signature
+    #     verification.
+    #
+    #     The serialized form is captured both to avoid ambiguity in how the
+    #     provenance is marshalled to json as well to prevent incompatibilities with
+    #     future changes.
+    class BuildOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/grafeas/v1/common.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Metadata for any related URL information.
+    # @!attribute [rw] url
+    #   @return [::String]
+    #     Specific URL associated with the resource.
+    # @!attribute [rw] label
+    #   @return [::String]
+    #     Label to describe usage of the URL.
+    class RelatedUrl
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Verifiers (e.g. Kritis implementations) MUST verify signatures
+    # with respect to the trust anchors defined in policy (e.g. a Kritis policy).
+    # Typically this means that the verifier has been configured with a map from
+    # `public_key_id` to public key material (and any required parameters, e.g.
+    # signing algorithm).
+    #
+    # In particular, verification implementations MUST NOT treat the signature
+    # `public_key_id` as anything more than a key lookup hint. The `public_key_id`
+    # DOES NOT validate or authenticate a public key; it only provides a mechanism
+    # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
+    # a trusted channel. Verification implementations MUST reject signatures in any
+    # of the following circumstances:
+    #   * The `public_key_id` is not recognized by the verifier.
+    #   * The public key that `public_key_id` refers to does not verify the
+    #     signature with respect to the payload.
+    #
+    # The `signature` contents SHOULD NOT be "attached" (where the payload is
+    # included with the serialized `signature` bytes). Verifiers MUST ignore any
+    # "attached" payload and only verify signatures with respect to explicitly
+    # provided payload (e.g. a `payload` field on the proto message that holds
+    # this Signature, or the canonical serialization of the proto message that
+    # holds this signature).
+    # @!attribute [rw] signature
+    #   @return [::String]
+    #     The content of the signature, an opaque bytestring.
+    #     The payload that this signature verifies MUST be unambiguously provided
+    #     with the Signature during verification. A wrapper message might provide
+    #     the payload explicitly. Alternatively, a message might have a canonical
+    #     serialization that can always be unambiguously computed to derive the
+    #     payload.
+    # @!attribute [rw] public_key_id
+    #   @return [::String]
+    #     The identifier for the public key that verifies this signature.
+    #       * The `public_key_id` is required.
+    #       * The `public_key_id` MUST be an RFC3986 conformant URI.
+    #       * When possible, the `public_key_id` SHOULD be an immutable reference,
+    #         such as a cryptographic digest.
+    #
+    #     Examples of valid `public_key_id`s:
+    #
+    #     OpenPGP V4 public key fingerprint:
+    #       * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
+    #     See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
+    #     details on this scheme.
+    #
+    #     RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
+    #     serialization):
+    #       * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
+    #       * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+    class Signature
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Kind represents the kinds of notes supported.
+    module NoteKind
+      # Unknown.
+      NOTE_KIND_UNSPECIFIED = 0
+
+      # The note and occurrence represent a package vulnerability.
+      VULNERABILITY = 1
+
+      # The note and occurrence assert build provenance.
+      BUILD = 2
+
+      # This represents an image basis relationship.
+      IMAGE = 3
+
+      # This represents a package installed via a package manager.
+      PACKAGE = 4
+
+      # The note and occurrence track deployment events.
+      DEPLOYMENT = 5
+
+      # The note and occurrence track the initial discovery status of a resource.
+      DISCOVERY = 6
+
+      # This represents a logical "role" that can attest to artifacts.
+      ATTESTATION = 7
+
+      # This represents an available package upgrade.
+      UPGRADE = 8
+    end
+  end
+end

data/proto_docs/grafeas/v1/cvss.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # Common Vulnerability Scoring System version 3.
+    # For details, see https://www.first.org/cvss/specification-document
+    # @!attribute [rw] base_score
+    #   @return [::Float]
+    #     The base score is a function of the base metric scores.
+    # @!attribute [rw] exploitability_score
+    #   @return [::Float]
+    # @!attribute [rw] impact_score
+    #   @return [::Float]
+    # @!attribute [rw] attack_vector
+    #   @return [::Grafeas::V1::CVSSv3::AttackVector]
+    #     Base Metrics
+    #     Represents the intrinsic characteristics of a vulnerability that are
+    #     constant over time and across user environments.
+    # @!attribute [rw] attack_complexity
+    #   @return [::Grafeas::V1::CVSSv3::AttackComplexity]
+    # @!attribute [rw] privileges_required
+    #   @return [::Grafeas::V1::CVSSv3::PrivilegesRequired]
+    # @!attribute [rw] user_interaction
+    #   @return [::Grafeas::V1::CVSSv3::UserInteraction]
+    # @!attribute [rw] scope
+    #   @return [::Grafeas::V1::CVSSv3::Scope]
+    # @!attribute [rw] confidentiality_impact
+    #   @return [::Grafeas::V1::CVSSv3::Impact]
+    # @!attribute [rw] integrity_impact
+    #   @return [::Grafeas::V1::CVSSv3::Impact]
+    # @!attribute [rw] availability_impact
+    #   @return [::Grafeas::V1::CVSSv3::Impact]
+    class CVSSv3
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      module AttackVector
+        ATTACK_VECTOR_UNSPECIFIED = 0
+
+        ATTACK_VECTOR_NETWORK = 1
+
+        ATTACK_VECTOR_ADJACENT = 2
+
+        ATTACK_VECTOR_LOCAL = 3
+
+        ATTACK_VECTOR_PHYSICAL = 4
+      end
+
+      module AttackComplexity
+        ATTACK_COMPLEXITY_UNSPECIFIED = 0
+
+        ATTACK_COMPLEXITY_LOW = 1
+
+        ATTACK_COMPLEXITY_HIGH = 2
+      end
+
+      module PrivilegesRequired
+        PRIVILEGES_REQUIRED_UNSPECIFIED = 0
+
+        PRIVILEGES_REQUIRED_NONE = 1
+
+        PRIVILEGES_REQUIRED_LOW = 2
+
+        PRIVILEGES_REQUIRED_HIGH = 3
+      end
+
+      module UserInteraction
+        USER_INTERACTION_UNSPECIFIED = 0
+
+        USER_INTERACTION_NONE = 1
+
+        USER_INTERACTION_REQUIRED = 2
+      end
+
+      module Scope
+        SCOPE_UNSPECIFIED = 0
+
+        SCOPE_UNCHANGED = 1
+
+        SCOPE_CHANGED = 2
+      end
+
+      module Impact
+        IMPACT_UNSPECIFIED = 0
+
+        IMPACT_HIGH = 1
+
+        IMPACT_LOW = 2
+
+        IMPACT_NONE = 3
+      end
+    end
+  end
+end

data/proto_docs/grafeas/v1/deployment.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Grafeas
+  module V1
+    # An artifact that can be deployed in some runtime.
+    # @!attribute [rw] resource_uri
+    #   @return [::Array<::String>]
+    #     Required. Resource URI for the artifact being deployed.
+    class DeploymentNote
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # The period during which some deployable was active in a runtime.
+    # @!attribute [rw] user_email
+    #   @return [::String]
+    #     Identity of the user that triggered this deployment.
+    # @!attribute [rw] deploy_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     Required. Beginning of the lifetime of this deployment.
+    # @!attribute [rw] undeploy_time
+    #   @return [::Google::Protobuf::Timestamp]
+    #     End of the lifetime of this deployment.
+    # @!attribute [rw] config
+    #   @return [::String]
+    #     Configuration used to create this deployment.
+    # @!attribute [rw] address
+    #   @return [::String]
+    #     Address of the runtime element hosting this deployment.
+    # @!attribute [rw] resource_uri
+    #   @return [::Array<::String>]
+    #     Output only. Resource URI for the artifact being deployed taken from
+    #     the deployable field with the same name.
+    # @!attribute [rw] platform
+    #   @return [::Grafeas::V1::DeploymentOccurrence::Platform]
+    #     Platform hosting this deployment.
+    class DeploymentOccurrence
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Types of platforms.
+      module Platform
+        # Unknown.
+        PLATFORM_UNSPECIFIED = 0
+
+        # Google Container Engine.
+        GKE = 1
+
+        # Google App Engine: Flexible Environment.
+        FLEX = 2
+
+        # Custom user-defined platform.
+        CUSTOM = 3
+      end
+    end
+  end
+end