grafeas-v1 0.2.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/README.md +1 -1
- data/lib/grafeas/v1/attestation_pb.rb +6 -1
- data/lib/grafeas/v1/build_pb.rb +5 -1
- data/lib/grafeas/v1/common_pb.rb +13 -0
- data/lib/grafeas/v1/compliance_pb.rb +48 -0
- data/lib/grafeas/v1/cvss_pb.rb +62 -0
- data/lib/grafeas/v1/deployment_pb.rb +1 -1
- data/lib/grafeas/v1/discovery_pb.rb +4 -2
- data/lib/grafeas/v1/dsse_attestation_pb.rb +31 -0
- data/lib/grafeas/v1/grafeas/client.rb +375 -121
- data/lib/grafeas/v1/grafeas_pb.rb +9 -2
- data/lib/grafeas/v1/intoto_provenance_pb.rb +49 -0
- data/lib/grafeas/v1/intoto_statement_pb.rb +31 -0
- data/lib/grafeas/v1/package_pb.rb +1 -0
- data/lib/grafeas/v1/provenance_pb.rb +1 -1
- data/lib/grafeas/v1/severity_pb.rb +23 -0
- data/lib/grafeas/v1/slsa_provenance_pb.rb +54 -0
- data/lib/grafeas/v1/upgrade_pb.rb +2 -2
- data/lib/grafeas/v1/version.rb +1 -1
- data/lib/grafeas/v1/vulnerability_pb.rb +9 -11
- data/proto_docs/google/api/field_behavior.rb +7 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/grafeas/v1/attestation.rb +21 -0
- data/proto_docs/grafeas/v1/build.rb +11 -1
- data/proto_docs/grafeas/v1/common.rb +31 -2
- data/proto_docs/grafeas/v1/compliance.rb +98 -0
- data/proto_docs/grafeas/v1/cvss.rb +105 -0
- data/proto_docs/grafeas/v1/discovery.rb +3 -0
- data/proto_docs/grafeas/v1/dsse_attestation.rb +59 -0
- data/proto_docs/grafeas/v1/grafeas.rb +15 -0
- data/proto_docs/grafeas/v1/intoto_provenance.rb +134 -0
- data/proto_docs/grafeas/v1/intoto_statement.rb +65 -0
- data/proto_docs/grafeas/v1/package.rb +8 -0
- data/proto_docs/grafeas/v1/severity.rb +43 -0
- data/proto_docs/grafeas/v1/slsa_provenance.rb +152 -0
- data/proto_docs/grafeas/v1/vulnerability.rb +25 -21
- metadata +17 -5
@@ -1,8 +1,6 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: grafeas/v1/grafeas.proto
|
3
3
|
|
4
|
-
require 'google/protobuf'
|
5
|
-
|
6
4
|
require 'google/api/annotations_pb'
|
7
5
|
require 'google/api/client_pb'
|
8
6
|
require 'google/api/field_behavior_pb'
|
@@ -13,12 +11,16 @@ require 'google/protobuf/timestamp_pb'
|
|
13
11
|
require 'grafeas/v1/attestation_pb'
|
14
12
|
require 'grafeas/v1/build_pb'
|
15
13
|
require 'grafeas/v1/common_pb'
|
14
|
+
require 'grafeas/v1/compliance_pb'
|
16
15
|
require 'grafeas/v1/deployment_pb'
|
17
16
|
require 'grafeas/v1/discovery_pb'
|
17
|
+
require 'grafeas/v1/dsse_attestation_pb'
|
18
18
|
require 'grafeas/v1/image_pb'
|
19
19
|
require 'grafeas/v1/package_pb'
|
20
20
|
require 'grafeas/v1/upgrade_pb'
|
21
21
|
require 'grafeas/v1/vulnerability_pb'
|
22
|
+
require 'google/protobuf'
|
23
|
+
|
22
24
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
23
25
|
add_file("grafeas/v1/grafeas.proto", :syntax => :proto3) do
|
24
26
|
add_message "grafeas.v1.Occurrence" do
|
@@ -29,6 +31,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
29
31
|
optional :remediation, :string, 5
|
30
32
|
optional :create_time, :message, 6, "google.protobuf.Timestamp"
|
31
33
|
optional :update_time, :message, 7, "google.protobuf.Timestamp"
|
34
|
+
optional :envelope, :message, 18, "grafeas.v1.Envelope"
|
32
35
|
oneof :details do
|
33
36
|
optional :vulnerability, :message, 8, "grafeas.v1.VulnerabilityOccurrence"
|
34
37
|
optional :build, :message, 9, "grafeas.v1.BuildOccurrence"
|
@@ -38,6 +41,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
38
41
|
optional :discovery, :message, 13, "grafeas.v1.DiscoveryOccurrence"
|
39
42
|
optional :attestation, :message, 14, "grafeas.v1.AttestationOccurrence"
|
40
43
|
optional :upgrade, :message, 15, "grafeas.v1.UpgradeOccurrence"
|
44
|
+
optional :compliance, :message, 16, "grafeas.v1.ComplianceOccurrence"
|
45
|
+
optional :dsse_attestation, :message, 17, "grafeas.v1.DSSEAttestationOccurrence"
|
41
46
|
end
|
42
47
|
end
|
43
48
|
add_message "grafeas.v1.Note" do
|
@@ -59,6 +64,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
59
64
|
optional :discovery, :message, 15, "grafeas.v1.DiscoveryNote"
|
60
65
|
optional :attestation, :message, 16, "grafeas.v1.AttestationNote"
|
61
66
|
optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
|
67
|
+
optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
|
68
|
+
optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
|
62
69
|
end
|
63
70
|
end
|
64
71
|
add_message "grafeas.v1.GetOccurrenceRequest" do
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: grafeas/v1/intoto_provenance.proto
|
3
|
+
|
4
|
+
require 'google/protobuf/any_pb'
|
5
|
+
require 'google/protobuf/timestamp_pb'
|
6
|
+
require 'google/protobuf'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("grafeas/v1/intoto_provenance.proto", :syntax => :proto3) do
|
10
|
+
add_message "grafeas.v1.Recipe" do
|
11
|
+
optional :type, :string, 1
|
12
|
+
optional :defined_in_material, :int64, 2
|
13
|
+
optional :entry_point, :string, 3
|
14
|
+
repeated :arguments, :message, 4, "google.protobuf.Any"
|
15
|
+
repeated :environment, :message, 5, "google.protobuf.Any"
|
16
|
+
end
|
17
|
+
add_message "grafeas.v1.Completeness" do
|
18
|
+
optional :arguments, :bool, 1
|
19
|
+
optional :environment, :bool, 2
|
20
|
+
optional :materials, :bool, 3
|
21
|
+
end
|
22
|
+
add_message "grafeas.v1.Metadata" do
|
23
|
+
optional :build_invocation_id, :string, 1
|
24
|
+
optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
|
25
|
+
optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
|
26
|
+
optional :completeness, :message, 4, "grafeas.v1.Completeness"
|
27
|
+
optional :reproducible, :bool, 5
|
28
|
+
end
|
29
|
+
add_message "grafeas.v1.BuilderConfig" do
|
30
|
+
optional :id, :string, 1
|
31
|
+
end
|
32
|
+
add_message "grafeas.v1.InTotoProvenance" do
|
33
|
+
optional :builder_config, :message, 1, "grafeas.v1.BuilderConfig"
|
34
|
+
optional :recipe, :message, 2, "grafeas.v1.Recipe"
|
35
|
+
optional :metadata, :message, 3, "grafeas.v1.Metadata"
|
36
|
+
repeated :materials, :string, 4
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
module Grafeas
|
42
|
+
module V1
|
43
|
+
Recipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Recipe").msgclass
|
44
|
+
Completeness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Completeness").msgclass
|
45
|
+
Metadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Metadata").msgclass
|
46
|
+
BuilderConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.BuilderConfig").msgclass
|
47
|
+
InTotoProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.InTotoProvenance").msgclass
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: grafeas/v1/intoto_statement.proto
|
3
|
+
|
4
|
+
require 'grafeas/v1/intoto_provenance_pb'
|
5
|
+
require 'grafeas/v1/slsa_provenance_pb'
|
6
|
+
require 'google/protobuf'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("grafeas/v1/intoto_statement.proto", :syntax => :proto3) do
|
10
|
+
add_message "grafeas.v1.InTotoStatement" do
|
11
|
+
optional :type, :string, 1, json_name: "_type"
|
12
|
+
repeated :subject, :message, 2, "grafeas.v1.Subject"
|
13
|
+
optional :predicate_type, :string, 3
|
14
|
+
oneof :predicate do
|
15
|
+
optional :provenance, :message, 4, "grafeas.v1.InTotoProvenance"
|
16
|
+
optional :slsa_provenance, :message, 5, "grafeas.v1.SlsaProvenance"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
add_message "grafeas.v1.Subject" do
|
20
|
+
optional :name, :string, 1
|
21
|
+
map :digest, :string, :string, 2
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
module Grafeas
|
27
|
+
module V1
|
28
|
+
InTotoStatement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.InTotoStatement").msgclass
|
29
|
+
Subject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Subject").msgclass
|
30
|
+
end
|
31
|
+
end
|
@@ -30,6 +30,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
30
30
|
optional :epoch, :int32, 1
|
31
31
|
optional :name, :string, 2
|
32
32
|
optional :revision, :string, 3
|
33
|
+
optional :inclusive, :bool, 6
|
33
34
|
optional :kind, :enum, 4, "grafeas.v1.Version.VersionKind"
|
34
35
|
optional :full_name, :string, 5
|
35
36
|
end
|
@@ -1,9 +1,9 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: grafeas/v1/provenance.proto
|
3
3
|
|
4
|
+
require 'google/protobuf/timestamp_pb'
|
4
5
|
require 'google/protobuf'
|
5
6
|
|
6
|
-
require 'google/protobuf/timestamp_pb'
|
7
7
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
8
8
|
add_file("grafeas/v1/provenance.proto", :syntax => :proto3) do
|
9
9
|
add_message "grafeas.v1.BuildProvenance" do
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: grafeas/v1/severity.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
7
|
+
add_file("grafeas/v1/severity.proto", :syntax => :proto3) do
|
8
|
+
add_enum "grafeas.v1.Severity" do
|
9
|
+
value :SEVERITY_UNSPECIFIED, 0
|
10
|
+
value :MINIMAL, 1
|
11
|
+
value :LOW, 2
|
12
|
+
value :MEDIUM, 3
|
13
|
+
value :HIGH, 4
|
14
|
+
value :CRITICAL, 5
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
module Grafeas
|
20
|
+
module V1
|
21
|
+
Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: grafeas/v1/slsa_provenance.proto
|
3
|
+
|
4
|
+
require 'google/protobuf/any_pb'
|
5
|
+
require 'google/protobuf/timestamp_pb'
|
6
|
+
require 'google/protobuf'
|
7
|
+
|
8
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
|
+
add_file("grafeas/v1/slsa_provenance.proto", :syntax => :proto3) do
|
10
|
+
add_message "grafeas.v1.SlsaProvenance" do
|
11
|
+
optional :builder, :message, 1, "grafeas.v1.SlsaProvenance.SlsaBuilder"
|
12
|
+
optional :recipe, :message, 2, "grafeas.v1.SlsaProvenance.SlsaRecipe"
|
13
|
+
optional :metadata, :message, 3, "grafeas.v1.SlsaProvenance.SlsaMetadata"
|
14
|
+
repeated :materials, :message, 4, "grafeas.v1.SlsaProvenance.Material"
|
15
|
+
end
|
16
|
+
add_message "grafeas.v1.SlsaProvenance.SlsaRecipe" do
|
17
|
+
optional :type, :string, 1
|
18
|
+
optional :defined_in_material, :int64, 2
|
19
|
+
optional :entry_point, :string, 3
|
20
|
+
optional :arguments, :message, 4, "google.protobuf.Any"
|
21
|
+
optional :environment, :message, 5, "google.protobuf.Any"
|
22
|
+
end
|
23
|
+
add_message "grafeas.v1.SlsaProvenance.SlsaCompleteness" do
|
24
|
+
optional :arguments, :bool, 1
|
25
|
+
optional :environment, :bool, 2
|
26
|
+
optional :materials, :bool, 3
|
27
|
+
end
|
28
|
+
add_message "grafeas.v1.SlsaProvenance.SlsaMetadata" do
|
29
|
+
optional :build_invocation_id, :string, 1
|
30
|
+
optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
|
31
|
+
optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
|
32
|
+
optional :completeness, :message, 4, "grafeas.v1.SlsaProvenance.SlsaCompleteness"
|
33
|
+
optional :reproducible, :bool, 5
|
34
|
+
end
|
35
|
+
add_message "grafeas.v1.SlsaProvenance.SlsaBuilder" do
|
36
|
+
optional :id, :string, 1
|
37
|
+
end
|
38
|
+
add_message "grafeas.v1.SlsaProvenance.Material" do
|
39
|
+
optional :uri, :string, 1
|
40
|
+
map :digest, :string, :string, 2
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
module Grafeas
|
46
|
+
module V1
|
47
|
+
SlsaProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance").msgclass
|
48
|
+
SlsaProvenance::SlsaRecipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaRecipe").msgclass
|
49
|
+
SlsaProvenance::SlsaCompleteness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaCompleteness").msgclass
|
50
|
+
SlsaProvenance::SlsaMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaMetadata").msgclass
|
51
|
+
SlsaProvenance::SlsaBuilder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaBuilder").msgclass
|
52
|
+
SlsaProvenance::Material = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.Material").msgclass
|
53
|
+
end
|
54
|
+
end
|
@@ -1,10 +1,10 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: grafeas/v1/upgrade.proto
|
3
3
|
|
4
|
-
require 'google/protobuf'
|
5
|
-
|
6
4
|
require 'google/protobuf/timestamp_pb'
|
7
5
|
require 'grafeas/v1/package_pb'
|
6
|
+
require 'google/protobuf'
|
7
|
+
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("grafeas/v1/upgrade.proto", :syntax => :proto3) do
|
10
10
|
add_message "grafeas.v1.UpgradeNote" do
|
data/lib/grafeas/v1/version.rb
CHANGED
@@ -1,12 +1,14 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: grafeas/v1/vulnerability.proto
|
3
3
|
|
4
|
-
require 'google/
|
5
|
-
|
4
|
+
require 'google/api/field_behavior_pb'
|
6
5
|
require 'google/protobuf/timestamp_pb'
|
7
6
|
require 'grafeas/v1/common_pb'
|
8
7
|
require 'grafeas/v1/cvss_pb'
|
9
8
|
require 'grafeas/v1/package_pb'
|
9
|
+
require 'grafeas/v1/severity_pb'
|
10
|
+
require 'google/protobuf'
|
11
|
+
|
10
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
13
|
add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
|
12
14
|
add_message "grafeas.v1.VulnerabilityNote" do
|
@@ -30,6 +32,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
30
32
|
optional :fixed_version, :message, 10, "grafeas.v1.Version"
|
31
33
|
optional :is_obsolete, :bool, 11
|
32
34
|
optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
|
35
|
+
optional :source, :string, 13
|
36
|
+
optional :vendor, :string, 14
|
33
37
|
end
|
34
38
|
add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
|
35
39
|
optional :cpe_uri, :string, 1
|
@@ -45,6 +49,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
45
49
|
optional :type, :string, 1
|
46
50
|
optional :severity, :enum, 2, "grafeas.v1.Severity"
|
47
51
|
optional :cvss_score, :float, 3
|
52
|
+
optional :cvssv3, :message, 10, "grafeas.v1.CVSS"
|
48
53
|
repeated :package_issue, :message, 4, "grafeas.v1.VulnerabilityOccurrence.PackageIssue"
|
49
54
|
optional :short_description, :string, 5
|
50
55
|
optional :long_description, :string, 6
|
@@ -60,14 +65,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
60
65
|
optional :fixed_package, :string, 5
|
61
66
|
optional :fixed_version, :message, 6, "grafeas.v1.Version"
|
62
67
|
optional :fix_available, :bool, 7
|
63
|
-
|
64
|
-
|
65
|
-
value :SEVERITY_UNSPECIFIED, 0
|
66
|
-
value :MINIMAL, 1
|
67
|
-
value :LOW, 2
|
68
|
-
value :MEDIUM, 3
|
69
|
-
value :HIGH, 4
|
70
|
-
value :CRITICAL, 5
|
68
|
+
optional :package_type, :string, 8
|
69
|
+
optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
|
71
70
|
end
|
72
71
|
end
|
73
72
|
end
|
@@ -80,6 +79,5 @@ module Grafeas
|
|
80
79
|
VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
|
81
80
|
VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
|
82
81
|
VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
|
83
|
-
Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
|
84
82
|
end
|
85
83
|
end
|
@@ -57,9 +57,15 @@ module Google
|
|
57
57
|
|
58
58
|
# Denotes that a (repeated) field is an unordered list.
|
59
59
|
# This indicates that the service may provide the elements of the list
|
60
|
-
# in any arbitrary
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
61
|
# provided. Additionally, the list's order may or may not be stable.
|
62
62
|
UNORDERED_LIST = 6
|
63
|
+
|
64
|
+
# Denotes that this field returns a non-empty default value if not set.
|
65
|
+
# This indicates that if the user provides the empty value in a request,
|
66
|
+
# a non-empty value will be returned. The user will not be aware of what
|
67
|
+
# non-empty value to expect.
|
68
|
+
NON_EMPTY_DEFAULT = 7
|
63
69
|
end
|
64
70
|
end
|
65
71
|
end
|
@@ -33,11 +33,7 @@ module Google
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
34
|
# option (google.api.resource) = {
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
36
|
-
#
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
40
|
-
# }
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
41
37
|
# };
|
42
38
|
# }
|
43
39
|
#
|
@@ -45,10 +41,7 @@ module Google
|
|
45
41
|
#
|
46
42
|
# resources:
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
48
|
-
#
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
52
45
|
#
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
47
|
# live under multiple parents.
|
@@ -58,26 +51,10 @@ module Google
|
|
58
51
|
# message LogEntry {
|
59
52
|
# option (google.api.resource) = {
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
61
|
-
#
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
# }
|
66
|
-
# name_descriptor: {
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
70
|
-
# }
|
71
|
-
# name_descriptor: {
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
75
|
-
# }
|
76
|
-
# name_descriptor: {
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
80
|
-
# }
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
81
58
|
# };
|
82
59
|
# }
|
83
60
|
#
|
@@ -85,48 +62,10 @@ module Google
|
|
85
62
|
#
|
86
63
|
# resources:
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
-
#
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
101
|
-
#
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
103
|
-
# the resource itself has parents for policy evaluation.
|
104
|
-
#
|
105
|
-
# Example:
|
106
|
-
#
|
107
|
-
# message Shelf {
|
108
|
-
# option (google.api.resource) = {
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
110
|
-
# name_descriptor: {
|
111
|
-
# pattern: "shelves/{shelf}"
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
113
|
-
# }
|
114
|
-
# name_descriptor: {
|
115
|
-
# pattern: "shelves/{shelf}"
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
117
|
-
# }
|
118
|
-
# };
|
119
|
-
# }
|
120
|
-
#
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
122
|
-
#
|
123
|
-
# resources:
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
125
|
-
# name_descriptor:
|
126
|
-
# - pattern: "shelves/{shelf}"
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
128
|
-
# - pattern: "shelves/{shelf}"
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
130
69
|
# @!attribute [rw] type
|
131
70
|
# @return [::String]
|
132
71
|
# The resource type. It must be in the format of
|
@@ -51,6 +51,16 @@ module Grafeas
|
|
51
51
|
end
|
52
52
|
end
|
53
53
|
|
54
|
+
# @!attribute [rw] compact_jwt
|
55
|
+
# @return [::String]
|
56
|
+
# The compact encoding of a JWS, which is always three base64 encoded strings
|
57
|
+
# joined by periods. For details, see:
|
58
|
+
# https://tools.ietf.org/html/rfc7515.html#section-3.1
|
59
|
+
class Jwt
|
60
|
+
include ::Google::Protobuf::MessageExts
|
61
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
62
|
+
end
|
63
|
+
|
54
64
|
# Occurrence that represents a single "attestation". The authenticity of an
|
55
65
|
# attestation can be verified using the attached signature. If the verifier
|
56
66
|
# trusts the public key of the signer, then verifying the signature is
|
@@ -69,6 +79,17 @@ module Grafeas
|
|
69
79
|
# should consider this attestation message verified if at least one
|
70
80
|
# `signature` verifies `serialized_payload`. See `Signature` in common.proto
|
71
81
|
# for more details on signature structure and verification.
|
82
|
+
# @!attribute [rw] jwts
|
83
|
+
# @return [::Array<::Grafeas::V1::Jwt>]
|
84
|
+
# One or more JWTs encoding a self-contained attestation.
|
85
|
+
# Each JWT encodes the payload that it verifies within the JWT itself.
|
86
|
+
# Verifier implementation SHOULD ignore the `serialized_payload` field
|
87
|
+
# when verifying these JWTs.
|
88
|
+
# If only JWTs are present on this AttestationOccurrence, then the
|
89
|
+
# `serialized_payload` SHOULD be left empty.
|
90
|
+
# Each JWT SHOULD encode a claim specific to the `resource_uri` of this
|
91
|
+
# Occurrence, but this is not validated by Grafeas metadata API
|
92
|
+
# implementations. The JWT itself is opaque to Grafeas.
|
72
93
|
class AttestationOccurrence
|
73
94
|
include ::Google::Protobuf::MessageExts
|
74
95
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -32,7 +32,7 @@ module Grafeas
|
|
32
32
|
# Details of a build occurrence.
|
33
33
|
# @!attribute [rw] provenance
|
34
34
|
# @return [::Grafeas::V1::BuildProvenance]
|
35
|
-
#
|
35
|
+
# The actual provenance for the build.
|
36
36
|
# @!attribute [rw] provenance_bytes
|
37
37
|
# @return [::String]
|
38
38
|
# Serialized JSON representation of the provenance, used in generating the
|
@@ -46,6 +46,16 @@ module Grafeas
|
|
46
46
|
# The serialized form is captured both to avoid ambiguity in how the
|
47
47
|
# provenance is marshalled to json as well to prevent incompatibilities with
|
48
48
|
# future changes.
|
49
|
+
# @!attribute [rw] intoto_provenance
|
50
|
+
# @return [::Grafeas::V1::InTotoProvenance]
|
51
|
+
# Deprecated. See InTotoStatement for the replacement.
|
52
|
+
# In-toto Provenance representation as defined in spec.
|
53
|
+
# @!attribute [rw] intoto_statement
|
54
|
+
# @return [::Grafeas::V1::InTotoStatement]
|
55
|
+
# In-toto Statement representation as defined in spec.
|
56
|
+
# The intoto_statement can contain any type of provenance. The serialized
|
57
|
+
# payload of the statement can be stored and signed in the Occurrence's
|
58
|
+
# envelope.
|
49
59
|
class BuildOccurrence
|
50
60
|
include ::Google::Protobuf::MessageExts
|
51
61
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -65,7 +65,7 @@ module Grafeas
|
|
65
65
|
# @return [::String]
|
66
66
|
# The identifier for the public key that verifies this signature.
|
67
67
|
# * The `public_key_id` is required.
|
68
|
-
# * The `public_key_id`
|
68
|
+
# * The `public_key_id` SHOULD be an RFC3986 conformant URI.
|
69
69
|
# * When possible, the `public_key_id` SHOULD be an immutable reference,
|
70
70
|
# such as a cryptographic digest.
|
71
71
|
#
|
@@ -85,9 +85,32 @@ module Grafeas
|
|
85
85
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
86
86
|
end
|
87
87
|
|
88
|
+
# MUST match
|
89
|
+
# https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
|
90
|
+
# authenticated message of arbitrary type.
|
91
|
+
# @!attribute [rw] payload
|
92
|
+
# @return [::String]
|
93
|
+
# @!attribute [rw] payload_type
|
94
|
+
# @return [::String]
|
95
|
+
# @!attribute [rw] signatures
|
96
|
+
# @return [::Array<::Grafeas::V1::EnvelopeSignature>]
|
97
|
+
class Envelope
|
98
|
+
include ::Google::Protobuf::MessageExts
|
99
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
100
|
+
end
|
101
|
+
|
102
|
+
# @!attribute [rw] sig
|
103
|
+
# @return [::String]
|
104
|
+
# @!attribute [rw] keyid
|
105
|
+
# @return [::String]
|
106
|
+
class EnvelopeSignature
|
107
|
+
include ::Google::Protobuf::MessageExts
|
108
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
109
|
+
end
|
110
|
+
|
88
111
|
# Kind represents the kinds of notes supported.
|
89
112
|
module NoteKind
|
90
|
-
#
|
113
|
+
# Default value. This value is unused.
|
91
114
|
NOTE_KIND_UNSPECIFIED = 0
|
92
115
|
|
93
116
|
# The note and occurrence represent a package vulnerability.
|
@@ -113,6 +136,12 @@ module Grafeas
|
|
113
136
|
|
114
137
|
# This represents an available package upgrade.
|
115
138
|
UPGRADE = 8
|
139
|
+
|
140
|
+
# This represents a Compliance Note
|
141
|
+
COMPLIANCE = 9
|
142
|
+
|
143
|
+
# This represents a DSSE attestation Note
|
144
|
+
DSSE_ATTESTATION = 10
|
116
145
|
end
|
117
146
|
end
|
118
147
|
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Grafeas
|
21
|
+
module V1
|
22
|
+
# @!attribute [rw] title
|
23
|
+
# @return [::String]
|
24
|
+
# The title that identifies this compliance check.
|
25
|
+
# @!attribute [rw] description
|
26
|
+
# @return [::String]
|
27
|
+
# A description about this compliance check.
|
28
|
+
# @!attribute [rw] version
|
29
|
+
# @return [::Array<::Grafeas::V1::ComplianceVersion>]
|
30
|
+
# The OS and config versions the benchmark applies to.
|
31
|
+
# @!attribute [rw] rationale
|
32
|
+
# @return [::String]
|
33
|
+
# A rationale for the existence of this compliance check.
|
34
|
+
# @!attribute [rw] remediation
|
35
|
+
# @return [::String]
|
36
|
+
# A description of remediation steps if the compliance check fails.
|
37
|
+
# @!attribute [rw] cis_benchmark
|
38
|
+
# @return [::Grafeas::V1::ComplianceNote::CisBenchmark]
|
39
|
+
# @!attribute [rw] scan_instructions
|
40
|
+
# @return [::String]
|
41
|
+
# Serialized scan instructions with a predefined format.
|
42
|
+
class ComplianceNote
|
43
|
+
include ::Google::Protobuf::MessageExts
|
44
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
45
|
+
|
46
|
+
# A compliance check that is a CIS benchmark.
|
47
|
+
# @!attribute [rw] profile_level
|
48
|
+
# @return [::Integer]
|
49
|
+
# @!attribute [rw] severity
|
50
|
+
# @return [::Grafeas::V1::Severity]
|
51
|
+
class CisBenchmark
|
52
|
+
include ::Google::Protobuf::MessageExts
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
# Describes the CIS benchmark version that is applicable to a given OS and
|
58
|
+
# os version.
|
59
|
+
# @!attribute [rw] cpe_uri
|
60
|
+
# @return [::String]
|
61
|
+
# The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
|
62
|
+
# applicable to.
|
63
|
+
# @!attribute [rw] version
|
64
|
+
# @return [::String]
|
65
|
+
# The version of the benchmark. This is set to the version of the OS-specific
|
66
|
+
# CIS document the benchmark is defined in.
|
67
|
+
class ComplianceVersion
|
68
|
+
include ::Google::Protobuf::MessageExts
|
69
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
70
|
+
end
|
71
|
+
|
72
|
+
# An indication that the compliance checks in the associated ComplianceNote
|
73
|
+
# were not satisfied for particular resources or a specified reason.
|
74
|
+
# @!attribute [rw] non_compliant_files
|
75
|
+
# @return [::Array<::Grafeas::V1::NonCompliantFile>]
|
76
|
+
# @!attribute [rw] non_compliance_reason
|
77
|
+
# @return [::String]
|
78
|
+
class ComplianceOccurrence
|
79
|
+
include ::Google::Protobuf::MessageExts
|
80
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
81
|
+
end
|
82
|
+
|
83
|
+
# Details about files that caused a compliance check to fail.
|
84
|
+
# @!attribute [rw] path
|
85
|
+
# @return [::String]
|
86
|
+
# Empty if `display_command` is set.
|
87
|
+
# @!attribute [rw] display_command
|
88
|
+
# @return [::String]
|
89
|
+
# Command to display the non-compliant files.
|
90
|
+
# @!attribute [rw] reason
|
91
|
+
# @return [::String]
|
92
|
+
# Explains why a file is non compliant for a CIS check.
|
93
|
+
class NonCompliantFile
|
94
|
+
include ::Google::Protobuf::MessageExts
|
95
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|