grafeas-v1 0.2.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +1 -1
  3. data/README.md +1 -1
  4. data/lib/grafeas/v1/attestation_pb.rb +6 -1
  5. data/lib/grafeas/v1/build_pb.rb +5 -1
  6. data/lib/grafeas/v1/common_pb.rb +13 -0
  7. data/lib/grafeas/v1/compliance_pb.rb +48 -0
  8. data/lib/grafeas/v1/cvss_pb.rb +62 -0
  9. data/lib/grafeas/v1/deployment_pb.rb +1 -1
  10. data/lib/grafeas/v1/discovery_pb.rb +4 -2
  11. data/lib/grafeas/v1/dsse_attestation_pb.rb +31 -0
  12. data/lib/grafeas/v1/grafeas/client.rb +375 -121
  13. data/lib/grafeas/v1/grafeas_pb.rb +9 -2
  14. data/lib/grafeas/v1/intoto_provenance_pb.rb +49 -0
  15. data/lib/grafeas/v1/intoto_statement_pb.rb +31 -0
  16. data/lib/grafeas/v1/package_pb.rb +1 -0
  17. data/lib/grafeas/v1/provenance_pb.rb +1 -1
  18. data/lib/grafeas/v1/severity_pb.rb +23 -0
  19. data/lib/grafeas/v1/slsa_provenance_pb.rb +54 -0
  20. data/lib/grafeas/v1/upgrade_pb.rb +2 -2
  21. data/lib/grafeas/v1/version.rb +1 -1
  22. data/lib/grafeas/v1/vulnerability_pb.rb +9 -11
  23. data/proto_docs/google/api/field_behavior.rb +7 -1
  24. data/proto_docs/google/api/resource.rb +10 -71
  25. data/proto_docs/grafeas/v1/attestation.rb +21 -0
  26. data/proto_docs/grafeas/v1/build.rb +11 -1
  27. data/proto_docs/grafeas/v1/common.rb +31 -2
  28. data/proto_docs/grafeas/v1/compliance.rb +98 -0
  29. data/proto_docs/grafeas/v1/cvss.rb +105 -0
  30. data/proto_docs/grafeas/v1/discovery.rb +3 -0
  31. data/proto_docs/grafeas/v1/dsse_attestation.rb +59 -0
  32. data/proto_docs/grafeas/v1/grafeas.rb +15 -0
  33. data/proto_docs/grafeas/v1/intoto_provenance.rb +134 -0
  34. data/proto_docs/grafeas/v1/intoto_statement.rb +65 -0
  35. data/proto_docs/grafeas/v1/package.rb +8 -0
  36. data/proto_docs/grafeas/v1/severity.rb +43 -0
  37. data/proto_docs/grafeas/v1/slsa_provenance.rb +152 -0
  38. data/proto_docs/grafeas/v1/vulnerability.rb +25 -21
  39. metadata +17 -5
@@ -1,8 +1,6 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/grafeas.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/api/annotations_pb'
7
5
  require 'google/api/client_pb'
8
6
  require 'google/api/field_behavior_pb'
@@ -13,12 +11,16 @@ require 'google/protobuf/timestamp_pb'
13
11
  require 'grafeas/v1/attestation_pb'
14
12
  require 'grafeas/v1/build_pb'
15
13
  require 'grafeas/v1/common_pb'
14
+ require 'grafeas/v1/compliance_pb'
16
15
  require 'grafeas/v1/deployment_pb'
17
16
  require 'grafeas/v1/discovery_pb'
17
+ require 'grafeas/v1/dsse_attestation_pb'
18
18
  require 'grafeas/v1/image_pb'
19
19
  require 'grafeas/v1/package_pb'
20
20
  require 'grafeas/v1/upgrade_pb'
21
21
  require 'grafeas/v1/vulnerability_pb'
22
+ require 'google/protobuf'
23
+
22
24
  Google::Protobuf::DescriptorPool.generated_pool.build do
23
25
  add_file("grafeas/v1/grafeas.proto", :syntax => :proto3) do
24
26
  add_message "grafeas.v1.Occurrence" do
@@ -29,6 +31,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
29
31
  optional :remediation, :string, 5
30
32
  optional :create_time, :message, 6, "google.protobuf.Timestamp"
31
33
  optional :update_time, :message, 7, "google.protobuf.Timestamp"
34
+ optional :envelope, :message, 18, "grafeas.v1.Envelope"
32
35
  oneof :details do
33
36
  optional :vulnerability, :message, 8, "grafeas.v1.VulnerabilityOccurrence"
34
37
  optional :build, :message, 9, "grafeas.v1.BuildOccurrence"
@@ -38,6 +41,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
38
41
  optional :discovery, :message, 13, "grafeas.v1.DiscoveryOccurrence"
39
42
  optional :attestation, :message, 14, "grafeas.v1.AttestationOccurrence"
40
43
  optional :upgrade, :message, 15, "grafeas.v1.UpgradeOccurrence"
44
+ optional :compliance, :message, 16, "grafeas.v1.ComplianceOccurrence"
45
+ optional :dsse_attestation, :message, 17, "grafeas.v1.DSSEAttestationOccurrence"
41
46
  end
42
47
  end
43
48
  add_message "grafeas.v1.Note" do
@@ -59,6 +64,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
59
64
  optional :discovery, :message, 15, "grafeas.v1.DiscoveryNote"
60
65
  optional :attestation, :message, 16, "grafeas.v1.AttestationNote"
61
66
  optional :upgrade, :message, 17, "grafeas.v1.UpgradeNote"
67
+ optional :compliance, :message, 18, "grafeas.v1.ComplianceNote"
68
+ optional :dsse_attestation, :message, 19, "grafeas.v1.DSSEAttestationNote"
62
69
  end
63
70
  end
64
71
  add_message "grafeas.v1.GetOccurrenceRequest" do
@@ -0,0 +1,49 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/intoto_provenance.proto
3
+
4
+ require 'google/protobuf/any_pb'
5
+ require 'google/protobuf/timestamp_pb'
6
+ require 'google/protobuf'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("grafeas/v1/intoto_provenance.proto", :syntax => :proto3) do
10
+ add_message "grafeas.v1.Recipe" do
11
+ optional :type, :string, 1
12
+ optional :defined_in_material, :int64, 2
13
+ optional :entry_point, :string, 3
14
+ repeated :arguments, :message, 4, "google.protobuf.Any"
15
+ repeated :environment, :message, 5, "google.protobuf.Any"
16
+ end
17
+ add_message "grafeas.v1.Completeness" do
18
+ optional :arguments, :bool, 1
19
+ optional :environment, :bool, 2
20
+ optional :materials, :bool, 3
21
+ end
22
+ add_message "grafeas.v1.Metadata" do
23
+ optional :build_invocation_id, :string, 1
24
+ optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
25
+ optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
26
+ optional :completeness, :message, 4, "grafeas.v1.Completeness"
27
+ optional :reproducible, :bool, 5
28
+ end
29
+ add_message "grafeas.v1.BuilderConfig" do
30
+ optional :id, :string, 1
31
+ end
32
+ add_message "grafeas.v1.InTotoProvenance" do
33
+ optional :builder_config, :message, 1, "grafeas.v1.BuilderConfig"
34
+ optional :recipe, :message, 2, "grafeas.v1.Recipe"
35
+ optional :metadata, :message, 3, "grafeas.v1.Metadata"
36
+ repeated :materials, :string, 4
37
+ end
38
+ end
39
+ end
40
+
41
+ module Grafeas
42
+ module V1
43
+ Recipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Recipe").msgclass
44
+ Completeness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Completeness").msgclass
45
+ Metadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Metadata").msgclass
46
+ BuilderConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.BuilderConfig").msgclass
47
+ InTotoProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.InTotoProvenance").msgclass
48
+ end
49
+ end
@@ -0,0 +1,31 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/intoto_statement.proto
3
+
4
+ require 'grafeas/v1/intoto_provenance_pb'
5
+ require 'grafeas/v1/slsa_provenance_pb'
6
+ require 'google/protobuf'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("grafeas/v1/intoto_statement.proto", :syntax => :proto3) do
10
+ add_message "grafeas.v1.InTotoStatement" do
11
+ optional :type, :string, 1, json_name: "_type"
12
+ repeated :subject, :message, 2, "grafeas.v1.Subject"
13
+ optional :predicate_type, :string, 3
14
+ oneof :predicate do
15
+ optional :provenance, :message, 4, "grafeas.v1.InTotoProvenance"
16
+ optional :slsa_provenance, :message, 5, "grafeas.v1.SlsaProvenance"
17
+ end
18
+ end
19
+ add_message "grafeas.v1.Subject" do
20
+ optional :name, :string, 1
21
+ map :digest, :string, :string, 2
22
+ end
23
+ end
24
+ end
25
+
26
+ module Grafeas
27
+ module V1
28
+ InTotoStatement = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.InTotoStatement").msgclass
29
+ Subject = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Subject").msgclass
30
+ end
31
+ end
@@ -30,6 +30,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
30
30
  optional :epoch, :int32, 1
31
31
  optional :name, :string, 2
32
32
  optional :revision, :string, 3
33
+ optional :inclusive, :bool, 6
33
34
  optional :kind, :enum, 4, "grafeas.v1.Version.VersionKind"
34
35
  optional :full_name, :string, 5
35
36
  end
@@ -1,9 +1,9 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/provenance.proto
3
3
 
4
+ require 'google/protobuf/timestamp_pb'
4
5
  require 'google/protobuf'
5
6
 
6
- require 'google/protobuf/timestamp_pb'
7
7
  Google::Protobuf::DescriptorPool.generated_pool.build do
8
8
  add_file("grafeas/v1/provenance.proto", :syntax => :proto3) do
9
9
  add_message "grafeas.v1.BuildProvenance" do
@@ -0,0 +1,23 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/severity.proto
3
+
4
+ require 'google/protobuf'
5
+
6
+ Google::Protobuf::DescriptorPool.generated_pool.build do
7
+ add_file("grafeas/v1/severity.proto", :syntax => :proto3) do
8
+ add_enum "grafeas.v1.Severity" do
9
+ value :SEVERITY_UNSPECIFIED, 0
10
+ value :MINIMAL, 1
11
+ value :LOW, 2
12
+ value :MEDIUM, 3
13
+ value :HIGH, 4
14
+ value :CRITICAL, 5
15
+ end
16
+ end
17
+ end
18
+
19
+ module Grafeas
20
+ module V1
21
+ Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
22
+ end
23
+ end
@@ -0,0 +1,54 @@
1
+ # Generated by the protocol buffer compiler. DO NOT EDIT!
2
+ # source: grafeas/v1/slsa_provenance.proto
3
+
4
+ require 'google/protobuf/any_pb'
5
+ require 'google/protobuf/timestamp_pb'
6
+ require 'google/protobuf'
7
+
8
+ Google::Protobuf::DescriptorPool.generated_pool.build do
9
+ add_file("grafeas/v1/slsa_provenance.proto", :syntax => :proto3) do
10
+ add_message "grafeas.v1.SlsaProvenance" do
11
+ optional :builder, :message, 1, "grafeas.v1.SlsaProvenance.SlsaBuilder"
12
+ optional :recipe, :message, 2, "grafeas.v1.SlsaProvenance.SlsaRecipe"
13
+ optional :metadata, :message, 3, "grafeas.v1.SlsaProvenance.SlsaMetadata"
14
+ repeated :materials, :message, 4, "grafeas.v1.SlsaProvenance.Material"
15
+ end
16
+ add_message "grafeas.v1.SlsaProvenance.SlsaRecipe" do
17
+ optional :type, :string, 1
18
+ optional :defined_in_material, :int64, 2
19
+ optional :entry_point, :string, 3
20
+ optional :arguments, :message, 4, "google.protobuf.Any"
21
+ optional :environment, :message, 5, "google.protobuf.Any"
22
+ end
23
+ add_message "grafeas.v1.SlsaProvenance.SlsaCompleteness" do
24
+ optional :arguments, :bool, 1
25
+ optional :environment, :bool, 2
26
+ optional :materials, :bool, 3
27
+ end
28
+ add_message "grafeas.v1.SlsaProvenance.SlsaMetadata" do
29
+ optional :build_invocation_id, :string, 1
30
+ optional :build_started_on, :message, 2, "google.protobuf.Timestamp"
31
+ optional :build_finished_on, :message, 3, "google.protobuf.Timestamp"
32
+ optional :completeness, :message, 4, "grafeas.v1.SlsaProvenance.SlsaCompleteness"
33
+ optional :reproducible, :bool, 5
34
+ end
35
+ add_message "grafeas.v1.SlsaProvenance.SlsaBuilder" do
36
+ optional :id, :string, 1
37
+ end
38
+ add_message "grafeas.v1.SlsaProvenance.Material" do
39
+ optional :uri, :string, 1
40
+ map :digest, :string, :string, 2
41
+ end
42
+ end
43
+ end
44
+
45
+ module Grafeas
46
+ module V1
47
+ SlsaProvenance = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance").msgclass
48
+ SlsaProvenance::SlsaRecipe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaRecipe").msgclass
49
+ SlsaProvenance::SlsaCompleteness = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaCompleteness").msgclass
50
+ SlsaProvenance::SlsaMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaMetadata").msgclass
51
+ SlsaProvenance::SlsaBuilder = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.SlsaBuilder").msgclass
52
+ SlsaProvenance::Material = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.SlsaProvenance.Material").msgclass
53
+ end
54
+ end
@@ -1,10 +1,10 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/upgrade.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/protobuf/timestamp_pb'
7
5
  require 'grafeas/v1/package_pb'
6
+ require 'google/protobuf'
7
+
8
8
  Google::Protobuf::DescriptorPool.generated_pool.build do
9
9
  add_file("grafeas/v1/upgrade.proto", :syntax => :proto3) do
10
10
  add_message "grafeas.v1.UpgradeNote" do
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Grafeas
21
21
  module V1
22
- VERSION = "0.2.1"
22
+ VERSION = "0.4.0"
23
23
  end
24
24
  end
@@ -1,12 +1,14 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: grafeas/v1/vulnerability.proto
3
3
 
4
- require 'google/protobuf'
5
-
4
+ require 'google/api/field_behavior_pb'
6
5
  require 'google/protobuf/timestamp_pb'
7
6
  require 'grafeas/v1/common_pb'
8
7
  require 'grafeas/v1/cvss_pb'
9
8
  require 'grafeas/v1/package_pb'
9
+ require 'grafeas/v1/severity_pb'
10
+ require 'google/protobuf'
11
+
10
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
11
13
  add_file("grafeas/v1/vulnerability.proto", :syntax => :proto3) do
12
14
  add_message "grafeas.v1.VulnerabilityNote" do
@@ -30,6 +32,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
30
32
  optional :fixed_version, :message, 10, "grafeas.v1.Version"
31
33
  optional :is_obsolete, :bool, 11
32
34
  optional :source_update_time, :message, 12, "google.protobuf.Timestamp"
35
+ optional :source, :string, 13
36
+ optional :vendor, :string, 14
33
37
  end
34
38
  add_message "grafeas.v1.VulnerabilityNote.WindowsDetail" do
35
39
  optional :cpe_uri, :string, 1
@@ -45,6 +49,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
45
49
  optional :type, :string, 1
46
50
  optional :severity, :enum, 2, "grafeas.v1.Severity"
47
51
  optional :cvss_score, :float, 3
52
+ optional :cvssv3, :message, 10, "grafeas.v1.CVSS"
48
53
  repeated :package_issue, :message, 4, "grafeas.v1.VulnerabilityOccurrence.PackageIssue"
49
54
  optional :short_description, :string, 5
50
55
  optional :long_description, :string, 6
@@ -60,14 +65,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
60
65
  optional :fixed_package, :string, 5
61
66
  optional :fixed_version, :message, 6, "grafeas.v1.Version"
62
67
  optional :fix_available, :bool, 7
63
- end
64
- add_enum "grafeas.v1.Severity" do
65
- value :SEVERITY_UNSPECIFIED, 0
66
- value :MINIMAL, 1
67
- value :LOW, 2
68
- value :MEDIUM, 3
69
- value :HIGH, 4
70
- value :CRITICAL, 5
68
+ optional :package_type, :string, 8
69
+ optional :effective_severity, :enum, 9, "grafeas.v1.Severity"
71
70
  end
72
71
  end
73
72
  end
@@ -80,6 +79,5 @@ module Grafeas
80
79
  VulnerabilityNote::WindowsDetail::KnowledgeBase = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityNote.WindowsDetail.KnowledgeBase").msgclass
81
80
  VulnerabilityOccurrence = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence").msgclass
82
81
  VulnerabilityOccurrence::PackageIssue = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.VulnerabilityOccurrence.PackageIssue").msgclass
83
- Severity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("grafeas.v1.Severity").enummodule
84
82
  end
85
83
  end
@@ -57,9 +57,15 @@ module Google
57
57
 
58
58
  # Denotes that a (repeated) field is an unordered list.
59
59
  # This indicates that the service may provide the elements of the list
60
- # in any arbitrary order, rather than the order the user originally
60
+ # in any arbitrary order, rather than the order the user originally
61
61
  # provided. Additionally, the list's order may or may not be stable.
62
62
  UNORDERED_LIST = 6
63
+
64
+ # Denotes that this field returns a non-empty default value if not set.
65
+ # This indicates that if the user provides the empty value in a request,
66
+ # a non-empty value will be returned. The user will not be aware of what
67
+ # non-empty value to expect.
68
+ NON_EMPTY_DEFAULT = 7
63
69
  end
64
70
  end
65
71
  end
@@ -33,11 +33,7 @@ module Google
33
33
  # // For Kubernetes resources, the format is {api group}/{kind}.
34
34
  # option (google.api.resource) = {
35
35
  # type: "pubsub.googleapis.com/Topic"
36
- # name_descriptor: {
37
- # pattern: "projects/{project}/topics/{topic}"
38
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
39
- # parent_name_extractor: "projects/{project}"
40
- # }
36
+ # pattern: "projects/{project}/topics/{topic}"
41
37
  # };
42
38
  # }
43
39
  #
@@ -45,10 +41,7 @@ module Google
45
41
  #
46
42
  # resources:
47
43
  # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/{project}/topics/{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/{project}"
44
+ # pattern: "projects/{project}/topics/{topic}"
52
45
  #
53
46
  # Sometimes, resources have multiple patterns, typically because they can
54
47
  # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
58
51
  # message LogEntry {
59
52
  # option (google.api.resource) = {
60
53
  # type: "logging.googleapis.com/LogEntry"
61
- # name_descriptor: {
62
- # pattern: "projects/{project}/logs/{log}"
63
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
64
- # parent_name_extractor: "projects/{project}"
65
- # }
66
- # name_descriptor: {
67
- # pattern: "folders/{folder}/logs/{log}"
68
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
69
- # parent_name_extractor: "folders/{folder}"
70
- # }
71
- # name_descriptor: {
72
- # pattern: "organizations/{organization}/logs/{log}"
73
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
74
- # parent_name_extractor: "organizations/{organization}"
75
- # }
76
- # name_descriptor: {
77
- # pattern: "billingAccounts/{billing_account}/logs/{log}"
78
- # parent_type: "billing.googleapis.com/BillingAccount"
79
- # parent_name_extractor: "billingAccounts/{billing_account}"
80
- # }
54
+ # pattern: "projects/{project}/logs/{log}"
55
+ # pattern: "folders/{folder}/logs/{log}"
56
+ # pattern: "organizations/{organization}/logs/{log}"
57
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
81
58
  # };
82
59
  # }
83
60
  #
@@ -85,48 +62,10 @@ module Google
85
62
  #
86
63
  # resources:
87
64
  # - type: 'logging.googleapis.com/LogEntry'
88
- # name_descriptor:
89
- # - pattern: "projects/{project}/logs/{log}"
90
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
91
- # parent_name_extractor: "projects/{project}"
92
- # - pattern: "folders/{folder}/logs/{log}"
93
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
94
- # parent_name_extractor: "folders/{folder}"
95
- # - pattern: "organizations/{organization}/logs/{log}"
96
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
97
- # parent_name_extractor: "organizations/{organization}"
98
- # - pattern: "billingAccounts/{billing_account}/logs/{log}"
99
- # parent_type: "billing.googleapis.com/BillingAccount"
100
- # parent_name_extractor: "billingAccounts/{billing_account}"
101
- #
102
- # For flexible resources, the resource name doesn't contain parent names, but
103
- # the resource itself has parents for policy evaluation.
104
- #
105
- # Example:
106
- #
107
- # message Shelf {
108
- # option (google.api.resource) = {
109
- # type: "library.googleapis.com/Shelf"
110
- # name_descriptor: {
111
- # pattern: "shelves/{shelf}"
112
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
113
- # }
114
- # name_descriptor: {
115
- # pattern: "shelves/{shelf}"
116
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
117
- # }
118
- # };
119
- # }
120
- #
121
- # The ResourceDescriptor Yaml config will look like:
122
- #
123
- # resources:
124
- # - type: 'library.googleapis.com/Shelf'
125
- # name_descriptor:
126
- # - pattern: "shelves/{shelf}"
127
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
128
- # - pattern: "shelves/{shelf}"
129
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
65
+ # pattern: "projects/{project}/logs/{log}"
66
+ # pattern: "folders/{folder}/logs/{log}"
67
+ # pattern: "organizations/{organization}/logs/{log}"
68
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
130
69
  # @!attribute [rw] type
131
70
  # @return [::String]
132
71
  # The resource type. It must be in the format of
@@ -51,6 +51,16 @@ module Grafeas
51
51
  end
52
52
  end
53
53
 
54
+ # @!attribute [rw] compact_jwt
55
+ # @return [::String]
56
+ # The compact encoding of a JWS, which is always three base64 encoded strings
57
+ # joined by periods. For details, see:
58
+ # https://tools.ietf.org/html/rfc7515.html#section-3.1
59
+ class Jwt
60
+ include ::Google::Protobuf::MessageExts
61
+ extend ::Google::Protobuf::MessageExts::ClassMethods
62
+ end
63
+
54
64
  # Occurrence that represents a single "attestation". The authenticity of an
55
65
  # attestation can be verified using the attached signature. If the verifier
56
66
  # trusts the public key of the signer, then verifying the signature is
@@ -69,6 +79,17 @@ module Grafeas
69
79
  # should consider this attestation message verified if at least one
70
80
  # `signature` verifies `serialized_payload`. See `Signature` in common.proto
71
81
  # for more details on signature structure and verification.
82
+ # @!attribute [rw] jwts
83
+ # @return [::Array<::Grafeas::V1::Jwt>]
84
+ # One or more JWTs encoding a self-contained attestation.
85
+ # Each JWT encodes the payload that it verifies within the JWT itself.
86
+ # Verifier implementation SHOULD ignore the `serialized_payload` field
87
+ # when verifying these JWTs.
88
+ # If only JWTs are present on this AttestationOccurrence, then the
89
+ # `serialized_payload` SHOULD be left empty.
90
+ # Each JWT SHOULD encode a claim specific to the `resource_uri` of this
91
+ # Occurrence, but this is not validated by Grafeas metadata API
92
+ # implementations. The JWT itself is opaque to Grafeas.
72
93
  class AttestationOccurrence
73
94
  include ::Google::Protobuf::MessageExts
74
95
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -32,7 +32,7 @@ module Grafeas
32
32
  # Details of a build occurrence.
33
33
  # @!attribute [rw] provenance
34
34
  # @return [::Grafeas::V1::BuildProvenance]
35
- # Required. The actual provenance for the build.
35
+ # The actual provenance for the build.
36
36
  # @!attribute [rw] provenance_bytes
37
37
  # @return [::String]
38
38
  # Serialized JSON representation of the provenance, used in generating the
@@ -46,6 +46,16 @@ module Grafeas
46
46
  # The serialized form is captured both to avoid ambiguity in how the
47
47
  # provenance is marshalled to json as well to prevent incompatibilities with
48
48
  # future changes.
49
+ # @!attribute [rw] intoto_provenance
50
+ # @return [::Grafeas::V1::InTotoProvenance]
51
+ # Deprecated. See InTotoStatement for the replacement.
52
+ # In-toto Provenance representation as defined in spec.
53
+ # @!attribute [rw] intoto_statement
54
+ # @return [::Grafeas::V1::InTotoStatement]
55
+ # In-toto Statement representation as defined in spec.
56
+ # The intoto_statement can contain any type of provenance. The serialized
57
+ # payload of the statement can be stored and signed in the Occurrence's
58
+ # envelope.
49
59
  class BuildOccurrence
50
60
  include ::Google::Protobuf::MessageExts
51
61
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -65,7 +65,7 @@ module Grafeas
65
65
  # @return [::String]
66
66
  # The identifier for the public key that verifies this signature.
67
67
  # * The `public_key_id` is required.
68
- # * The `public_key_id` MUST be an RFC3986 conformant URI.
68
+ # * The `public_key_id` SHOULD be an RFC3986 conformant URI.
69
69
  # * When possible, the `public_key_id` SHOULD be an immutable reference,
70
70
  # such as a cryptographic digest.
71
71
  #
@@ -85,9 +85,32 @@ module Grafeas
85
85
  extend ::Google::Protobuf::MessageExts::ClassMethods
86
86
  end
87
87
 
88
+ # MUST match
89
+ # https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An
90
+ # authenticated message of arbitrary type.
91
+ # @!attribute [rw] payload
92
+ # @return [::String]
93
+ # @!attribute [rw] payload_type
94
+ # @return [::String]
95
+ # @!attribute [rw] signatures
96
+ # @return [::Array<::Grafeas::V1::EnvelopeSignature>]
97
+ class Envelope
98
+ include ::Google::Protobuf::MessageExts
99
+ extend ::Google::Protobuf::MessageExts::ClassMethods
100
+ end
101
+
102
+ # @!attribute [rw] sig
103
+ # @return [::String]
104
+ # @!attribute [rw] keyid
105
+ # @return [::String]
106
+ class EnvelopeSignature
107
+ include ::Google::Protobuf::MessageExts
108
+ extend ::Google::Protobuf::MessageExts::ClassMethods
109
+ end
110
+
88
111
  # Kind represents the kinds of notes supported.
89
112
  module NoteKind
90
- # Unknown.
113
+ # Default value. This value is unused.
91
114
  NOTE_KIND_UNSPECIFIED = 0
92
115
 
93
116
  # The note and occurrence represent a package vulnerability.
@@ -113,6 +136,12 @@ module Grafeas
113
136
 
114
137
  # This represents an available package upgrade.
115
138
  UPGRADE = 8
139
+
140
+ # This represents a Compliance Note
141
+ COMPLIANCE = 9
142
+
143
+ # This represents a DSSE attestation Note
144
+ DSSE_ATTESTATION = 10
116
145
  end
117
146
  end
118
147
  end
@@ -0,0 +1,98 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # @!attribute [rw] title
23
+ # @return [::String]
24
+ # The title that identifies this compliance check.
25
+ # @!attribute [rw] description
26
+ # @return [::String]
27
+ # A description about this compliance check.
28
+ # @!attribute [rw] version
29
+ # @return [::Array<::Grafeas::V1::ComplianceVersion>]
30
+ # The OS and config versions the benchmark applies to.
31
+ # @!attribute [rw] rationale
32
+ # @return [::String]
33
+ # A rationale for the existence of this compliance check.
34
+ # @!attribute [rw] remediation
35
+ # @return [::String]
36
+ # A description of remediation steps if the compliance check fails.
37
+ # @!attribute [rw] cis_benchmark
38
+ # @return [::Grafeas::V1::ComplianceNote::CisBenchmark]
39
+ # @!attribute [rw] scan_instructions
40
+ # @return [::String]
41
+ # Serialized scan instructions with a predefined format.
42
+ class ComplianceNote
43
+ include ::Google::Protobuf::MessageExts
44
+ extend ::Google::Protobuf::MessageExts::ClassMethods
45
+
46
+ # A compliance check that is a CIS benchmark.
47
+ # @!attribute [rw] profile_level
48
+ # @return [::Integer]
49
+ # @!attribute [rw] severity
50
+ # @return [::Grafeas::V1::Severity]
51
+ class CisBenchmark
52
+ include ::Google::Protobuf::MessageExts
53
+ extend ::Google::Protobuf::MessageExts::ClassMethods
54
+ end
55
+ end
56
+
57
+ # Describes the CIS benchmark version that is applicable to a given OS and
58
+ # os version.
59
+ # @!attribute [rw] cpe_uri
60
+ # @return [::String]
61
+ # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is
62
+ # applicable to.
63
+ # @!attribute [rw] version
64
+ # @return [::String]
65
+ # The version of the benchmark. This is set to the version of the OS-specific
66
+ # CIS document the benchmark is defined in.
67
+ class ComplianceVersion
68
+ include ::Google::Protobuf::MessageExts
69
+ extend ::Google::Protobuf::MessageExts::ClassMethods
70
+ end
71
+
72
+ # An indication that the compliance checks in the associated ComplianceNote
73
+ # were not satisfied for particular resources or a specified reason.
74
+ # @!attribute [rw] non_compliant_files
75
+ # @return [::Array<::Grafeas::V1::NonCompliantFile>]
76
+ # @!attribute [rw] non_compliance_reason
77
+ # @return [::String]
78
+ class ComplianceOccurrence
79
+ include ::Google::Protobuf::MessageExts
80
+ extend ::Google::Protobuf::MessageExts::ClassMethods
81
+ end
82
+
83
+ # Details about files that caused a compliance check to fail.
84
+ # @!attribute [rw] path
85
+ # @return [::String]
86
+ # Empty if `display_command` is set.
87
+ # @!attribute [rw] display_command
88
+ # @return [::String]
89
+ # Command to display the non-compliant files.
90
+ # @!attribute [rw] reason
91
+ # @return [::String]
92
+ # Explains why a file is non compliant for a CIS check.
93
+ class NonCompliantFile
94
+ include ::Google::Protobuf::MessageExts
95
+ extend ::Google::Protobuf::MessageExts::ClassMethods
96
+ end
97
+ end
98
+ end