diff --git a/google-cloud-binary_authorization-v1/.owlbot-manifest.json b/google-cloud-binary_authorization-v1/.owlbot-manifest.json index 13e6ffbc628c..3053fd2c95df 100644 --- a/google-cloud-binary_authorization-v1/.owlbot-manifest.json +++ b/google-cloud-binary_authorization-v1/.owlbot-manifest.json @@ -22,6 +22,7 @@ "lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb", "lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb", "lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/service_stub.rb", + "lib/google/cloud/binary_authorization/v1/bindings_override.rb", "lib/google/cloud/binary_authorization/v1/rest.rb", "lib/google/cloud/binary_authorization/v1/system_policy.rb", "lib/google/cloud/binary_authorization/v1/system_policy/client.rb", @@ -49,7 +50,9 @@ "proto_docs/google/cloud/binaryauthorization/v1/service.rb", "proto_docs/google/protobuf/duration.rb", "proto_docs/google/protobuf/empty.rb", + "proto_docs/google/protobuf/field_mask.rb", "proto_docs/google/protobuf/timestamp.rb", + "proto_docs/google/type/expr.rb", "proto_docs/grafeas/v1/attestation.rb", "proto_docs/grafeas/v1/common.rb", "snippets/Gemfile", diff --git a/google-cloud-binary_authorization-v1/README.md b/google-cloud-binary_authorization-v1/README.md index 63f987d70c92..7de92b7671db 100644 --- a/google-cloud-binary_authorization-v1/README.md +++ b/google-cloud-binary_authorization-v1/README.md @@ -1,6 +1,6 @@ # Ruby Client for the Binary Authorization V1 API -The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters, Anthos clusters on VMware, and Cloud Run. +The management interface for Binary Authorization, a service that provides policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run. Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and GKE on-prem. diff --git a/google-cloud-binary_authorization-v1/google-cloud-binary_authorization-v1.gemspec b/google-cloud-binary_authorization-v1/google-cloud-binary_authorization-v1.gemspec index 82b010a81116..aebc820b6b8d 100644 --- a/google-cloud-binary_authorization-v1/google-cloud-binary_authorization-v1.gemspec +++ b/google-cloud-binary_authorization-v1/google-cloud-binary_authorization-v1.gemspec @@ -10,7 +10,7 @@ Gem::Specification.new do |gem| gem.authors = ["Google LLC"] gem.email = "googleapis-packages@google.com" gem.description = "Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and GKE on-prem. Note that google-cloud-binary_authorization-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-binary_authorization instead. See the readme for more details." - gem.summary = "The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters, Anthos clusters on VMware, and Cloud Run." + gem.summary = "The management interface for Binary Authorization, a service that provides policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run." gem.homepage = "https://github.com/googleapis/google-cloud-ruby" gem.license = "Apache-2.0" @@ -25,5 +25,6 @@ Gem::Specification.new do |gem| gem.add_dependency "gapic-common", "~> 1.3" gem.add_dependency "google-cloud-errors", "~> 1.0" + gem.add_dependency "google-iam-v1", "~> 1.3" gem.add_dependency "grafeas-v1", "> 0.0", "< 2.a" end diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb index ac0d99aa96cb..9725f34a5271 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/client.rb @@ -18,6 +18,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1/service_pb" +require "google/iam/v1" module Google module Cloud @@ -208,8 +209,23 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @binauthz_management_service_stub.endpoint + config.universe_domain = @binauthz_management_service_stub.universe_domain + config.logger = @binauthz_management_service_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -222,13 +238,16 @@ def logger # Service calls ## - # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} specifies the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} that must attest to - # a container image, before the project is allowed to deploy that - # image. There is at most one policy per project. All image admission - # requests are permitted if a project has no policy. + # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} specifies the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} that must attest + # to a container image, before the project is allowed to deploy that image. + # There is at most one policy per project. All image admission requests are + # permitted if a project has no policy. # - # Gets the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for this project. Returns a default - # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} if the project does not have one. + # Gets the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for this + # project. Returns a default + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} if the project does + # not have one. # # @overload get_policy(request, options = nil) # Pass arguments to `get_policy` via a request object, either of type @@ -246,8 +265,9 @@ def logger # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, - # in the format `projects/*/policy`. + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, in the + # format `projects/*/policy`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1::Policy] @@ -314,11 +334,12 @@ def get_policy request, options = nil end ## - # Creates or updates a project's {::Google::Cloud::BinaryAuthorization::V1::Policy policy}, and returns a copy of the - # new {::Google::Cloud::BinaryAuthorization::V1::Policy policy}. A policy is always updated as a whole, to avoid race - # conditions with concurrent policy enforcement (or management!) - # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT - # if the request is malformed. + # Creates or updates a project's + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy}, and returns a copy of + # the new {::Google::Cloud::BinaryAuthorization::V1::Policy policy}. A policy is + # always updated as a whole, to avoid race conditions with concurrent policy + # enforcement (or management!) requests. Returns `NOT_FOUND` if the project + # does not exist, `INVALID_ARGUMENT` if the request is malformed. # # @overload update_policy(request, options = nil) # Pass arguments to `update_policy` via a request object, either of type @@ -336,9 +357,11 @@ def get_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param policy [::Google::Cloud::BinaryAuthorization::V1::Policy, ::Hash] - # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Policy#name policy name} field with the resource name in - # the request URL, in the format `projects/*/policy`. + # Required. A new or updated + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service + # will overwrite the [policy + # name][google.cloud.binaryauthorization.v1.Policy.name] field with the + # resource name in the request URL, in the format `projects/*/policy`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1::Policy] @@ -405,9 +428,11 @@ def update_policy request, options = nil end ## - # Creates an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}, and returns a copy of the new - # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. Returns NOT_FOUND if the project does not exist, - # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the + # Creates an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}, and + # returns a copy of the new + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. Returns + # `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the + # request is malformed, `ALREADY_EXISTS` if the # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} already exists. # # @overload create_attestor(request, options = nil) @@ -426,13 +451,16 @@ def update_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param parent [::String] - # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. + # Required. The parent of this + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. # @param attestor_id [::String] # Required. The {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} ID. # @param attestor [::Google::Cloud::BinaryAuthorization::V1::Attestor, ::Hash] - # Required. The initial {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name, - # in the format `projects/*/attestors/*`. + # Required. The initial + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service + # will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the + # resource name, in the format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1::Attestor] @@ -500,7 +528,8 @@ def create_attestor request, options = nil ## # Gets an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. + # Returns `NOT_FOUND` if the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. # # @overload get_attestor(request, options = nil) # Pass arguments to `get_attestor` via a request object, either of type @@ -518,8 +547,9 @@ def create_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in + # the format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1::Attestor] @@ -587,7 +617,8 @@ def get_attestor request, options = nil ## # Updates an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. + # Returns `NOT_FOUND` if the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. # # @overload update_attestor(request, options = nil) # Pass arguments to `update_attestor` via a request object, either of type @@ -605,9 +636,11 @@ def get_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param attestor [::Google::Cloud::BinaryAuthorization::V1::Attestor, ::Hash] - # Required. The updated {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name - # in the request URL, in the format `projects/*/attestors/*`. + # Required. The updated + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service + # will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the + # resource name in the request URL, in the format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1::Attestor] @@ -675,7 +708,7 @@ def update_attestor request, options = nil ## # Lists {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}. - # Returns INVALID_ARGUMENT if the project does not exist. + # Returns `INVALID_ARGUMENT` if the project does not exist. # # @overload list_attestors(request, options = nil) # Pass arguments to `list_attestors` via a request object, either of type @@ -694,14 +727,16 @@ def update_attestor request, options = nil # # @param parent [::String] # Required. The resource name of the project associated with the - # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format `projects/*`. + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format + # `projects/*`. # @param page_size [::Integer] # Requested page size. The server may return fewer results than requested. If # unspecified, the server will pick an appropriate default. # @param page_token [::String] # A token identifying a page of results the server should return. Typically, - # this is the value of {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned - # from the previous call to the `ListAttestors` method. + # this is the value of + # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} + # returned from the previous call to the `ListAttestors` method. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1::Attestor>] @@ -774,7 +809,8 @@ def list_attestors request, options = nil end ## - # Deletes an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. Returns NOT_FOUND if the + # Deletes an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. + # Returns `NOT_FOUND` if the # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. # # @overload delete_attestor(request, options = nil) @@ -793,8 +829,9 @@ def list_attestors request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the + # format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Protobuf::Empty] diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb index 5f9546c1d463..918951969b14 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest.rb @@ -21,6 +21,7 @@ require "gapic/config/method" require "google/cloud/binary_authorization/v1/version" +require "google/cloud/binary_authorization/v1/bindings_override" require "google/cloud/binary_authorization/v1/binauthz_management_service/credentials" require "google/cloud/binary_authorization/v1/binauthz_management_service/paths" diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb index 6bf6305770be..669c154cf57e 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/binauthz_management_service/rest/client.rb @@ -19,6 +19,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1/service_pb" require "google/cloud/binary_authorization/v1/binauthz_management_service/rest/service_stub" +require "google/iam/v1/rest" module Google module Cloud @@ -201,8 +202,24 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @binauthz_management_service_stub.endpoint + config.universe_domain = @binauthz_management_service_stub.universe_domain + config.bindings_override = @config.bindings_override + config.logger = @binauthz_management_service_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Rest::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -215,13 +232,16 @@ def logger # Service calls ## - # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} specifies the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} that must attest to - # a container image, before the project is allowed to deploy that - # image. There is at most one policy per project. All image admission - # requests are permitted if a project has no policy. + # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} specifies the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} that must attest + # to a container image, before the project is allowed to deploy that image. + # There is at most one policy per project. All image admission requests are + # permitted if a project has no policy. # - # Gets the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for this project. Returns a default - # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} if the project does not have one. + # Gets the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for this + # project. Returns a default + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} if the project does + # not have one. # # @overload get_policy(request, options = nil) # Pass arguments to `get_policy` via a request object, either of type @@ -239,8 +259,9 @@ def logger # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, - # in the format `projects/*/policy`. + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, in the + # format `projects/*/policy`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1::Policy] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -300,11 +321,12 @@ def get_policy request, options = nil end ## - # Creates or updates a project's {::Google::Cloud::BinaryAuthorization::V1::Policy policy}, and returns a copy of the - # new {::Google::Cloud::BinaryAuthorization::V1::Policy policy}. A policy is always updated as a whole, to avoid race - # conditions with concurrent policy enforcement (or management!) - # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT - # if the request is malformed. + # Creates or updates a project's + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy}, and returns a copy of + # the new {::Google::Cloud::BinaryAuthorization::V1::Policy policy}. A policy is + # always updated as a whole, to avoid race conditions with concurrent policy + # enforcement (or management!) requests. Returns `NOT_FOUND` if the project + # does not exist, `INVALID_ARGUMENT` if the request is malformed. # # @overload update_policy(request, options = nil) # Pass arguments to `update_policy` via a request object, either of type @@ -322,9 +344,11 @@ def get_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param policy [::Google::Cloud::BinaryAuthorization::V1::Policy, ::Hash] - # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Policy#name policy name} field with the resource name in - # the request URL, in the format `projects/*/policy`. + # Required. A new or updated + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service + # will overwrite the [policy + # name][google.cloud.binaryauthorization.v1.Policy.name] field with the + # resource name in the request URL, in the format `projects/*/policy`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1::Policy] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -384,9 +408,11 @@ def update_policy request, options = nil end ## - # Creates an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}, and returns a copy of the new - # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. Returns NOT_FOUND if the project does not exist, - # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the + # Creates an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}, and + # returns a copy of the new + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. Returns + # `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the + # request is malformed, `ALREADY_EXISTS` if the # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} already exists. # # @overload create_attestor(request, options = nil) @@ -405,13 +431,16 @@ def update_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param parent [::String] - # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. + # Required. The parent of this + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. # @param attestor_id [::String] # Required. The {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} ID. # @param attestor [::Google::Cloud::BinaryAuthorization::V1::Attestor, ::Hash] - # Required. The initial {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name, - # in the format `projects/*/attestors/*`. + # Required. The initial + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service + # will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the + # resource name, in the format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1::Attestor] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -472,7 +501,8 @@ def create_attestor request, options = nil ## # Gets an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. + # Returns `NOT_FOUND` if the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. # # @overload get_attestor(request, options = nil) # Pass arguments to `get_attestor` via a request object, either of type @@ -490,8 +520,9 @@ def create_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in + # the format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1::Attestor] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -552,7 +583,8 @@ def get_attestor request, options = nil ## # Updates an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. + # Returns `NOT_FOUND` if the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. # # @overload update_attestor(request, options = nil) # Pass arguments to `update_attestor` via a request object, either of type @@ -570,9 +602,11 @@ def get_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param attestor [::Google::Cloud::BinaryAuthorization::V1::Attestor, ::Hash] - # Required. The updated {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name - # in the request URL, in the format `projects/*/attestors/*`. + # Required. The updated + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service + # will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the + # resource name in the request URL, in the format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1::Attestor] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -633,7 +667,7 @@ def update_attestor request, options = nil ## # Lists {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}. - # Returns INVALID_ARGUMENT if the project does not exist. + # Returns `INVALID_ARGUMENT` if the project does not exist. # # @overload list_attestors(request, options = nil) # Pass arguments to `list_attestors` via a request object, either of type @@ -652,14 +686,16 @@ def update_attestor request, options = nil # # @param parent [::String] # Required. The resource name of the project associated with the - # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format `projects/*`. + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format + # `projects/*`. # @param page_size [::Integer] # Requested page size. The server may return fewer results than requested. If # unspecified, the server will pick an appropriate default. # @param page_token [::String] # A token identifying a page of results the server should return. Typically, - # this is the value of {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned - # from the previous call to the `ListAttestors` method. + # this is the value of + # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} + # returned from the previous call to the `ListAttestors` method. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Gapic::Rest::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1::Attestor>] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -725,7 +761,8 @@ def list_attestors request, options = nil end ## - # Deletes an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. Returns NOT_FOUND if the + # Deletes an {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. + # Returns `NOT_FOUND` if the # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} does not exist. # # @overload delete_attestor(request, options = nil) @@ -744,8 +781,9 @@ def list_attestors request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the + # format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Protobuf::Empty] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -912,6 +950,13 @@ class Configuration config_attr :retry_policy, nil, ::Hash, ::Proc, nil config_attr :quota_project, nil, ::String, nil config_attr :universe_domain, nil, ::String, nil + + # @private + # Overrides for http bindings for the RPCs of this service + # are only used when this service is used as mixin, and only + # by the host service. + # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}] + config_attr :bindings_override, {}, ::Hash, nil config_attr :logger, :default, ::Logger, nil, :default # @private diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/bindings_override.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/bindings_override.rb new file mode 100644 index 000000000000..c14860ee4c3b --- /dev/null +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/bindings_override.rb @@ -0,0 +1,110 @@ +# frozen_string_literal: true + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +require "gapic/rest" + +module Google + module Cloud + module BinaryAuthorization + ## + # @example Loading just the REST part of this package, including all its services, and instantiating a REST client + # + # require "google/cloud/binary_authorization/v1/rest" + # client = ::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Rest::Client.new + # + module V1 + ## + # @private + # Initialize the mixin bindings configuration + # + def self.configure + @configure ||= begin + namespace = ["Google", "Cloud", "BinaryAuthorization"] + parent_config = while namespace.any? + parent_name = namespace.join "::" + parent_const = const_get parent_name + break parent_const.configure if parent_const.respond_to? :configure + namespace.pop + end + + default_config = ::Gapic::Rest::HttpBindingOverrideConfiguration.new parent_config + default_config.bindings_override["google.iam.v1.IAMPolicy.GetIamPolicy"] = [ + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :get, + uri_template: "/v1/{resource}:getIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/policy/?$}, false] + ], + body: nil + ), + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :get, + uri_template: "/v1/{resource}:getIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/attestors/[^/]+/?$}, false] + ], + body: nil + ) + ] + default_config.bindings_override["google.iam.v1.IAMPolicy.SetIamPolicy"] = [ + + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1/{resource}:setIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/policy/?$}, false] + ], + body: "*" + ), + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1/{resource}:setIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/attestors/[^/]+/?$}, false] + ], + body: "*" + ) + ] + default_config.bindings_override["google.iam.v1.IAMPolicy.TestIamPermissions"] = [ + + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1/{resource}:testIamPermissions", + matches: [ + ["resource", %r{^projects/[^/]+/policy/?$}, false] + ], + body: "*" + ), + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1/{resource}:testIamPermissions", + matches: [ + ["resource", %r{^projects/[^/]+/attestors/[^/]+/?$}, false] + ], + body: "*" + ) + ] + default_config + end + yield @configure if block_given? + @configure + end + end + end + end +end diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/rest.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/rest.rb index dd28ae20f88f..2bb5f0dd7054 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/rest.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/rest.rb @@ -19,6 +19,7 @@ require "google/cloud/binary_authorization/v1/binauthz_management_service/rest" require "google/cloud/binary_authorization/v1/system_policy/rest" require "google/cloud/binary_authorization/v1/validation_helper/rest" +require "google/cloud/binary_authorization/v1/bindings_override" require "google/cloud/binary_authorization/v1/version" module Google diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/client.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/client.rb index 83f4c86ef4c3..e833b60af755 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/client.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/client.rb @@ -18,6 +18,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1/service_pb" +require "google/iam/v1" module Google module Cloud @@ -170,8 +171,23 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @system_policy_stub.endpoint + config.universe_domain = @system_policy_stub.universe_domain + config.logger = @system_policy_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest.rb index 06ba2a95dc77..15fe18482f8a 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest.rb @@ -21,6 +21,7 @@ require "gapic/config/method" require "google/cloud/binary_authorization/v1/version" +require "google/cloud/binary_authorization/v1/bindings_override" require "google/cloud/binary_authorization/v1/system_policy/credentials" require "google/cloud/binary_authorization/v1/system_policy/paths" diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb index 19c94b465ab3..9e8c24c8c924 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/system_policy/rest/client.rb @@ -19,6 +19,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1/service_pb" require "google/cloud/binary_authorization/v1/system_policy/rest/service_stub" +require "google/iam/v1/rest" module Google module Cloud @@ -163,8 +164,24 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @system_policy_stub.endpoint + config.universe_domain = @system_policy_stub.universe_domain + config.bindings_override = @config.bindings_override + config.logger = @system_policy_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Rest::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -363,6 +380,13 @@ class Configuration config_attr :retry_policy, nil, ::Hash, ::Proc, nil config_attr :quota_project, nil, ::String, nil config_attr :universe_domain, nil, ::String, nil + + # @private + # Overrides for http bindings for the RPCs of this service + # are only used when this service is used as mixin, and only + # by the host service. + # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}] + config_attr :bindings_override, {}, ::Hash, nil config_attr :logger, :default, ::Logger, nil, :default # @private diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb index 37a82b08e6e3..e8bf6116a677 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/client.rb @@ -18,6 +18,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1/service_pb" +require "google/iam/v1" module Google module Cloud @@ -168,8 +169,23 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @validation_helper_stub.endpoint + config.universe_domain = @validation_helper_stub.universe_domain + config.logger = @validation_helper_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -182,8 +198,8 @@ def logger # Service calls ## - # Returns whether the given Attestation for the given image URI - # was signed by the given Attestor + # Returns whether the given `Attestation` for the given image URI + # was signed by the given `Attestor` # # @overload validate_attestation_occurrence(request, options = nil) # Pass arguments to `validate_attestation_occurrence` via a request object, either of type @@ -201,14 +217,15 @@ def logger # the default parameter values, pass an empty Hash as a request object (see above). # # @param attestor [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the # [occurrence][grafeas.v1.Occurrence], in the format # `projects/*/attestors/*`. # @param attestation [::Grafeas::V1::AttestationOccurrence, ::Hash] # Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to - # be checked that it can be verified by the Attestor. It does not have to be - # an existing entity in Container Analysis. It must otherwise be a valid - # AttestationOccurrence. + # be checked that it can be verified by the `Attestor`. It does not have to + # be an existing entity in Container Analysis. It must otherwise be a valid + # `AttestationOccurrence`. # @param occurrence_note [::String] # Required. The resource name of the [Note][grafeas.v1.Note] to which the # containing [Occurrence][grafeas.v1.Occurrence] is associated. diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest.rb index 1248694c6a31..59bf499c72de 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest.rb @@ -21,6 +21,7 @@ require "gapic/config/method" require "google/cloud/binary_authorization/v1/version" +require "google/cloud/binary_authorization/v1/bindings_override" require "google/cloud/binary_authorization/v1/validation_helper/credentials" require "google/cloud/binary_authorization/v1/validation_helper/rest/client" diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb index 8699be7a2965..2997a1e66ada 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binary_authorization/v1/validation_helper/rest/client.rb @@ -19,6 +19,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1/service_pb" require "google/cloud/binary_authorization/v1/validation_helper/rest/service_stub" +require "google/iam/v1/rest" module Google module Cloud @@ -161,8 +162,24 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @validation_helper_stub.endpoint + config.universe_domain = @validation_helper_stub.universe_domain + config.bindings_override = @config.bindings_override + config.logger = @validation_helper_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Rest::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -175,8 +192,8 @@ def logger # Service calls ## - # Returns whether the given Attestation for the given image URI - # was signed by the given Attestor + # Returns whether the given `Attestation` for the given image URI + # was signed by the given `Attestor` # # @overload validate_attestation_occurrence(request, options = nil) # Pass arguments to `validate_attestation_occurrence` via a request object, either of type @@ -194,14 +211,15 @@ def logger # the default parameter values, pass an empty Hash as a request object (see above). # # @param attestor [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the # [occurrence][grafeas.v1.Occurrence], in the format # `projects/*/attestors/*`. # @param attestation [::Grafeas::V1::AttestationOccurrence, ::Hash] # Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to - # be checked that it can be verified by the Attestor. It does not have to be - # an existing entity in Container Analysis. It must otherwise be a valid - # AttestationOccurrence. + # be checked that it can be verified by the `Attestor`. It does not have to + # be an existing entity in Container Analysis. It must otherwise be a valid + # `AttestationOccurrence`. # @param occurrence_note [::String] # Required. The resource name of the [Note][grafeas.v1.Note] to which the # containing [Occurrence][grafeas.v1.Occurrence] is associated. @@ -374,6 +392,13 @@ class Configuration config_attr :retry_policy, nil, ::Hash, ::Proc, nil config_attr :quota_project, nil, ::String, nil config_attr :universe_domain, nil, ::String, nil + + # @private + # Overrides for http bindings for the RPCs of this service + # are only used when this service is used as mixin, and only + # by the host service. + # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}] + config_attr :bindings_override, {}, ::Hash, nil config_attr :logger, :default, ::Logger, nil, :default # @private diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/resources_pb.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/resources_pb.rb index a82e617c64e7..cdca87873041 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/resources_pb.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/resources_pb.rb @@ -9,7 +9,7 @@ require 'google/protobuf/timestamp_pb' -descriptor_data = "\n3google/cloud/binaryauthorization/v1/resources.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xf8\x0c\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12r\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12i\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32>.google.cloud.binaryauthorization.v1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12l\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32\x46.google.cloud.binaryauthorization.v1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x85\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32R.google.cloud.binaryauthorization.v1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x90\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32W.google.cloud.binaryauthorization.v1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x88\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32S.google.cloud.binaryauthorization.v1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12W\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1ap\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a|\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a}\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xda\x03\n\rAdmissionRule\x12_\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x41.google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x61\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32\x42.google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xb7\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\\\n\x17user_owned_grafeas_note\x18\x03 \x01(\x0b\x32\x39.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb4\x01\n\x14UserOwnedGrafeasNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12P\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32\x36.google.cloud.binaryauthorization.v1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xbf\x04\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12\x62\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32\x45.google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm\"\xb1\x03\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x1a\x02\x10\x01\"\xba\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12M\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\x8c\x02\n5com.google.protos.google.cloud.binaryauthorization.v1P\x00ZYcloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb;binaryauthorizationpb\xf8\x01\x01\xaa\x02#Google.Cloud.BinaryAuthorization.V1\xca\x02#Google\\Cloud\\BinaryAuthorization\\V1\xea\x02&Google::Cloud::BinaryAuthorization::V1b\x06proto3" +descriptor_data = "\n3google/cloud/binaryauthorization/v1/resources.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\x8b\r\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12r\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12i\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32>.google.cloud.binaryauthorization.v1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12l\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32\x46.google.cloud.binaryauthorization.v1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x85\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32R.google.cloud.binaryauthorization.v1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x90\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32W.google.cloud.binaryauthorization.v1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x88\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32S.google.cloud.binaryauthorization.v1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12W\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x0b \x01(\tB\x03\xe0\x41\x01\x1ap\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a|\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\x1a}\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x41\n\x05value\x18\x02 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xda\x03\n\rAdmissionRule\x12_\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x41.google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x61\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32\x42.google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xca\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\\\n\x17user_owned_grafeas_note\x18\x03 \x01(\x0b\x32\x39.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x07 \x01(\tB\x03\xe0\x41\x01:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb4\x01\n\x14UserOwnedGrafeasNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12P\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32\x36.google.cloud.binaryauthorization.v1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xdb\x05\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12\x62\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32\x45.google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm\x12\x13\n\x06key_id\x18\x03 \x01(\tB\x03\xe0\x41\x01\"\xb8\x04\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x1c\n\x18RSA_SIGN_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x1c\n\x18RSA_SIGN_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x12\r\n\tML_DSA_65\x10\r\x1a\x02\x10\x01\"\xba\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12M\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\x89\x02\n5com.google.protos.google.cloud.binaryauthorization.v1P\x00ZYcloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02#Google.Cloud.BinaryAuthorization.V1\xca\x02#Google\\Cloud\\BinaryAuthorization\\V1\xea\x02&Google::Cloud::BinaryAuthorization::V1b\x06proto3" pool = ::Google::Protobuf::DescriptorPool.generated_pool pool.add_serialized_file(descriptor_data) diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_pb.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_pb.rb index f2f357a019f3..4e7c5af85afd 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_pb.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_pb.rb @@ -13,7 +13,7 @@ require 'grafeas/v1/attestation_pb' -descriptor_data = "\n1google/cloud/binaryauthorization/v1/service.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x33google/cloud/binaryauthorization/v1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1cgrafeas/v1/attestation.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"W\n\x13UpdatePolicyRequest\x12@\n\x06policy\x18\x01 \x01(\x0b\x32+.google.cloud.binaryauthorization.v1.PolicyB\x03\xe0\x41\x02\"\xbc\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x44\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"]\n\x15UpdateAttestorRequest\x12\x44\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"r\n\x15ListAttestorsResponse\x12@\n\tattestors\x18\x01 \x03(\x0b\x32-.google.cloud.binaryauthorization.v1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\xbe\x01\n$ValidateAttestationOccurrenceRequest\x12\x15\n\x08\x61ttestor\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12;\n\x0b\x61ttestation\x18\x02 \x01(\x0b\x32!.grafeas.v1.AttestationOccurrenceB\x03\xe0\x41\x02\x12\x1c\n\x0foccurrence_note\x18\x03 \x01(\tB\x03\xe0\x41\x02\x12$\n\x17occurrence_resource_uri\x18\x04 \x01(\tB\x03\xe0\x41\x02\"\xf1\x01\n%ValidateAttestationOccurrenceResponse\x12\x61\n\x06result\x18\x01 \x01(\x0e\x32Q.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result\x12\x15\n\rdenial_reason\x18\x02 \x01(\t\"N\n\x06Result\x12\x16\n\x12RESULT_UNSPECIFIED\x10\x00\x12\x0c\n\x08VERIFIED\x10\x01\x12\x1e\n\x1a\x41TTESTATION_NOT_VERIFIABLE\x10\x02\x32\xe2\n\n\x1b\x42inauthzManagementServiceV1\x12\x9c\x01\n\tGetPolicy\x12\x35.google.cloud.binaryauthorization.v1.GetPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"+\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1e\x12\x1c/v1/{name=projects/*/policy}\x12\xb3\x01\n\x0cUpdatePolicy\x12\x38.google.cloud.binaryauthorization.v1.UpdatePolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"<\xda\x41\x06policy\x82\xd3\xe4\x93\x02-\x1a#/v1/{policy.name=projects/*/policy}:\x06policy\x12\xce\x01\n\x0e\x43reateAttestor\x12:.google.cloud.binaryauthorization.v1.CreateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"Q\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02-\"!/v1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xa7\x01\n\x0bGetAttestor\x12\x37.google.cloud.binaryauthorization.v1.GetAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1/{name=projects/*/attestors/*}\x12\xc4\x01\n\x0eUpdateAttestor\x12:.google.cloud.binaryauthorization.v1.UpdateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"G\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02\x36\x1a*/v1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xba\x01\n\rListAttestors\x12\x39.google.cloud.binaryauthorization.v1.ListAttestorsRequest\x1a:.google.cloud.binaryauthorization.v1.ListAttestorsResponse\"2\xda\x41\x06parent\x82\xd3\xe4\x93\x02#\x12!/v1/{parent=projects/*}/attestors\x12\x96\x01\n\x0e\x44\x65leteAttestor\x12:.google.cloud.binaryauthorization.v1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#*!/v1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\x94\x02\n\x0eSystemPolicyV1\x12\xa9\x01\n\x0fGetSystemPolicy\x12;.google.cloud.binaryauthorization.v1.GetSystemPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\",\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1f\x12\x1d/v1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xf5\x02\n\x12ValidationHelperV1\x12\x86\x02\n\x1dValidateAttestationOccurrence\x12I.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest\x1aJ.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse\"N\x82\xd3\xe4\x93\x02H\"C/v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence:\x01*\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x8c\x02\n5com.google.protos.google.cloud.binaryauthorization.v1P\x00ZYcloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb;binaryauthorizationpb\xf8\x01\x01\xaa\x02#Google.Cloud.BinaryAuthorization.V1\xca\x02#Google\\Cloud\\BinaryAuthorization\\V1\xea\x02&Google::Cloud::BinaryAuthorization::V1b\x06proto3" +descriptor_data = "\n1google/cloud/binaryauthorization/v1/service.proto\x12#google.cloud.binaryauthorization.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x33google/cloud/binaryauthorization/v1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1cgrafeas/v1/attestation.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"W\n\x13UpdatePolicyRequest\x12@\n\x06policy\x18\x01 \x01(\x0b\x32+.google.cloud.binaryauthorization.v1.PolicyB\x03\xe0\x41\x02\"\xbc\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x44\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"]\n\x15UpdateAttestorRequest\x12\x44\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32-.google.cloud.binaryauthorization.v1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"r\n\x15ListAttestorsResponse\x12@\n\tattestors\x18\x01 \x03(\x0b\x32-.google.cloud.binaryauthorization.v1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\xbe\x01\n$ValidateAttestationOccurrenceRequest\x12\x15\n\x08\x61ttestor\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12;\n\x0b\x61ttestation\x18\x02 \x01(\x0b\x32!.grafeas.v1.AttestationOccurrenceB\x03\xe0\x41\x02\x12\x1c\n\x0foccurrence_note\x18\x03 \x01(\tB\x03\xe0\x41\x02\x12$\n\x17occurrence_resource_uri\x18\x04 \x01(\tB\x03\xe0\x41\x02\"\xf1\x01\n%ValidateAttestationOccurrenceResponse\x12\x61\n\x06result\x18\x01 \x01(\x0e\x32Q.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result\x12\x15\n\rdenial_reason\x18\x02 \x01(\t\"N\n\x06Result\x12\x16\n\x12RESULT_UNSPECIFIED\x10\x00\x12\x0c\n\x08VERIFIED\x10\x01\x12\x1e\n\x1a\x41TTESTATION_NOT_VERIFIABLE\x10\x02\x32\xe2\n\n\x1b\x42inauthzManagementServiceV1\x12\x9c\x01\n\tGetPolicy\x12\x35.google.cloud.binaryauthorization.v1.GetPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"+\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1e\x12\x1c/v1/{name=projects/*/policy}\x12\xb3\x01\n\x0cUpdatePolicy\x12\x38.google.cloud.binaryauthorization.v1.UpdatePolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\"<\xda\x41\x06policy\x82\xd3\xe4\x93\x02-\x1a#/v1/{policy.name=projects/*/policy}:\x06policy\x12\xce\x01\n\x0e\x43reateAttestor\x12:.google.cloud.binaryauthorization.v1.CreateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"Q\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02-\"!/v1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xa7\x01\n\x0bGetAttestor\x12\x37.google.cloud.binaryauthorization.v1.GetAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1/{name=projects/*/attestors/*}\x12\xc4\x01\n\x0eUpdateAttestor\x12:.google.cloud.binaryauthorization.v1.UpdateAttestorRequest\x1a-.google.cloud.binaryauthorization.v1.Attestor\"G\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02\x36\x1a*/v1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xba\x01\n\rListAttestors\x12\x39.google.cloud.binaryauthorization.v1.ListAttestorsRequest\x1a:.google.cloud.binaryauthorization.v1.ListAttestorsResponse\"2\xda\x41\x06parent\x82\xd3\xe4\x93\x02#\x12!/v1/{parent=projects/*}/attestors\x12\x96\x01\n\x0e\x44\x65leteAttestor\x12:.google.cloud.binaryauthorization.v1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#*!/v1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\x94\x02\n\x0eSystemPolicyV1\x12\xa9\x01\n\x0fGetSystemPolicy\x12;.google.cloud.binaryauthorization.v1.GetSystemPolicyRequest\x1a+.google.cloud.binaryauthorization.v1.Policy\",\xda\x41\x04name\x82\xd3\xe4\x93\x02\x1f\x12\x1d/v1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xf5\x02\n\x12ValidationHelperV1\x12\x86\x02\n\x1dValidateAttestationOccurrence\x12I.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest\x1aJ.google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse\"N\x82\xd3\xe4\x93\x02H\"C/v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence:\x01*\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x89\x02\n5com.google.protos.google.cloud.binaryauthorization.v1P\x00ZYcloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02#Google.Cloud.BinaryAuthorization.V1\xca\x02#Google\\Cloud\\BinaryAuthorization\\V1\xea\x02&Google::Cloud::BinaryAuthorization::V1b\x06proto3" pool = ::Google::Protobuf::DescriptorPool.generated_pool pool.add_serialized_file(descriptor_data) diff --git a/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb b/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb index 5d7400cb1f1a..bae70b7a6165 100644 --- a/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb +++ b/google-cloud-binary_authorization-v1/lib/google/cloud/binaryauthorization/v1/service_services_pb.rb @@ -41,35 +41,44 @@ class Service self.unmarshal_class_method = :decode self.service_name = 'google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1' - # A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to - # a container image, before the project is allowed to deploy that - # image. There is at most one policy per project. All image admission - # requests are permitted if a project has no policy. + # A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the + # [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest + # to a container image, before the project is allowed to deploy that image. + # There is at most one policy per project. All image admission requests are + # permitted if a project has no policy. # - # Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default - # [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one. + # Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this + # project. Returns a default + # [policy][google.cloud.binaryauthorization.v1.Policy] if the project does + # not have one. rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy - # Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the - # new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race - # conditions with concurrent policy enforcement (or management!) - # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT - # if the request is malformed. + # Creates or updates a project's + # [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of + # the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is + # always updated as a whole, to avoid race conditions with concurrent policy + # enforcement (or management!) requests. Returns `NOT_FOUND` if the project + # does not exist, `INVALID_ARGUMENT` if the request is malformed. rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1::Policy - # Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new - # [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist, - # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the + # Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and + # returns a copy of the new + # [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns + # `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the + # request is malformed, `ALREADY_EXISTS` if the # [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists. rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor # Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor]. - # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist. + # Returns `NOT_FOUND` if the + # [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist. rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor # Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor]. - # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist. + # Returns `NOT_FOUND` if the + # [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist. rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1::Attestor # Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. - # Returns INVALID_ARGUMENT if the project does not exist. + # Returns `INVALID_ARGUMENT` if the project does not exist. rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse - # Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the + # Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. + # Returns `NOT_FOUND` if the # [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist. rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1::DeleteAttestorRequest, ::Google::Protobuf::Empty end @@ -102,8 +111,8 @@ class Service self.unmarshal_class_method = :decode self.service_name = 'google.cloud.binaryauthorization.v1.ValidationHelperV1' - # Returns whether the given Attestation for the given image URI - # was signed by the given Attestor + # Returns whether the given `Attestation` for the given image URI + # was signed by the given `Attestor` rpc :ValidateAttestationOccurrence, ::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceRequest, ::Google::Cloud::BinaryAuthorization::V1::ValidateAttestationOccurrenceResponse end diff --git a/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/resources.rb b/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/resources.rb index f8f448ce1d20..19fb7eb48525 100644 --- a/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/resources.rb +++ b/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/resources.rb @@ -21,7 +21,8 @@ module Google module Cloud module BinaryAuthorization module V1 - # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for container image binary authorization. + # A {::Google::Cloud::BinaryAuthorization::V1::Policy policy} for container image + # binary authorization. # @!attribute [r] name # @return [::String] # Output only. The resource name, in the format `projects/*/policy`. There is @@ -42,7 +43,12 @@ module V1 # third-party infrastructure images from Binary Authorization policies. # @!attribute [rw] cluster_admission_rules # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}] - # Optional. Per-cluster admission rules. Cluster spec format: + # Optional. A valid policy has only one of the following rule maps non-empty, + # i.e. only one of `cluster_admission_rules`, + # `kubernetes_namespace_admission_rules`, + # `kubernetes_service_account_admission_rules`, + # or `istio_service_identity_admission_rules` can be non-empty. + # Per-cluster admission rules. Cluster spec format: # `location.clusterId`. There can be at most one admission rule per cluster # spec. # A `location` is either a compute zone (e.g. us-central1-a) or a region @@ -51,19 +57,20 @@ module V1 # https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. # @!attribute [rw] kubernetes_namespace_admission_rules # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}] - # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: - # [a-z.-]+, e.g. 'some-namespace' + # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec + # format: + # `[a-z.-]+`, e.g. `some-namespace` # @!attribute [rw] kubernetes_service_account_admission_rules # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}] # Optional. Per-kubernetes-service-account admission rules. Service account - # spec format: `namespace:serviceaccount`. e.g. 'test-ns:default' + # spec format: `namespace:serviceaccount`. e.g. `test-ns:default` # @!attribute [rw] istio_service_identity_admission_rules # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}] # Optional. Per-istio-service-identity admission rules. Istio service # identity spec format: - # spiffe:///ns//sa/ or - # /ns//sa/ - # e.g. spiffe://example.com/ns/test-ns/sa/default + # `spiffe:///ns//sa/` or + # `/ns//sa/` + # e.g. `spiffe://example.com/ns/test-ns/sa/default` # @!attribute [rw] default_admission_rule # @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule] # Required. Default admission rule for a cluster without a per-cluster, per- @@ -71,6 +78,11 @@ module V1 # @!attribute [r] update_time # @return [::Google::Protobuf::Timestamp] # Output only. Time when the policy was last updated. + # @!attribute [rw] etag + # @return [::String] + # Optional. A checksum, returned by the server, that can be sent on update + # requests to ensure the policy has an up-to-date value before attempting to + # update it. See https://google.aip.dev/154. class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -112,7 +124,7 @@ class IstioServiceIdentityAdmissionRulesEntry end module GlobalPolicyEvaluationMode - # Not specified: DISABLE is assumed. + # Not specified: `DISABLE` is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. @@ -123,8 +135,10 @@ module GlobalPolicyEvaluationMode end end - # An {::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern admission allowlist pattern} exempts images - # from checks by {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rules}. + # An [admission allowlist + # pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] + # exempts images from checks by [admission + # rules][google.cloud.binaryauthorization.v1.AdmissionRule]. # @!attribute [rw] name_pattern # @return [::String] # An image name pattern to allowlist, in the form `registry/path/to/image`. @@ -136,13 +150,15 @@ class AdmissionWhitelistPattern extend ::Google::Protobuf::MessageExts::ClassMethods end - # An {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rule} specifies either that all container images - # used in a pod creation request must be attested to by one or more - # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, that all pod creations will be allowed, or that all - # pod creations will be denied. + # An {::Google::Cloud::BinaryAuthorization::V1::AdmissionRule admission rule} + # specifies either that all container images used in a pod creation request + # must be attested to by one or more + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, that all pod + # creations will be allowed, or that all pod creations will be denied. # - # Images matching an {::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern admission allowlist pattern} - # are exempted from admission rules and will never block a pod creation. + # Images matching an [admission allowlist + # pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are + # exempted from admission rules and will never block a pod creation. # @!attribute [rw] evaluation_mode # @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule::EvaluationMode] # Required. How this admission rule will be evaluated. @@ -154,8 +170,8 @@ class AdmissionWhitelistPattern # to a policy the principal issuing the policy change request must be able # to read the attestor resource. # - # Note: this field must be non-empty when the evaluation_mode field specifies - # REQUIRE_ATTESTATION, otherwise it must be empty. + # Note: this field must be non-empty when the `evaluation_mode` field + # specifies `REQUIRE_ATTESTATION`, otherwise it must be empty. # @!attribute [rw] enforcement_mode # @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule::EnforcementMode] # Required. The action when a pod creation is denied by the admission rule. @@ -167,11 +183,11 @@ module EvaluationMode # Do not use. EVALUATION_MODE_UNSPECIFIED = 0 - # This rule allows all all pod creations. + # This rule allows all pod creations. ALWAYS_ALLOW = 1 # This rule allows a pod creation if all the attestors listed in - # 'require_attestations_by' have valid attestations for all of the + # `require_attestations_by` have valid attestations for all of the # images in the pod spec. REQUIRE_ATTESTATION = 2 @@ -194,9 +210,9 @@ module EnforcementMode end end - # An {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} that attests to container image - # artifacts. An existing attestor cannot be modified except where - # indicated. + # An {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} that attests to + # container image artifacts. An existing attestor cannot be modified except + # where indicated. # @!attribute [rw] name # @return [::String] # Required. The resource name, in the format: @@ -212,18 +228,24 @@ module EnforcementMode # @!attribute [r] update_time # @return [::Google::Protobuf::Timestamp] # Output only. Time when the attestor was last updated. + # @!attribute [rw] etag + # @return [::String] + # Optional. A checksum, returned by the server, that can be sent on update + # requests to ensure the attestor has an up-to-date value before attempting + # to update it. See https://google.aip.dev/154. class Attestor include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # An {::Google::Cloud::BinaryAuthorization::V1::UserOwnedGrafeasNote user owned Grafeas note} references a Grafeas - # Attestation.Authority Note created by the user. + # An [user owned Grafeas + # note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a + # Grafeas Attestation.Authority Note created by the user. # @!attribute [rw] note_reference # @return [::String] # Required. The Grafeas resource name of a Attestation.Authority Note, - # created by the user, in the format: `projects/*/notes/*`. This field may - # not be updated. + # created by the user, in the format: `projects/[PROJECT_ID]/notes/*`. This + # field may not be updated. A project ID must be used, not a project number. # # An attestation by this attestor is stored as a Grafeas # Attestation.Authority Occurrence that names a container image and that @@ -242,12 +264,13 @@ class Attestor # @!attribute [r] delegation_service_account_email # @return [::String] # Output only. This field will contain the service account email address - # that this Attestor will use as the principal when querying Container + # that this attestor will use as the principal when querying Container # Analysis. Attestor administrators must grant this service account the - # IAM role needed to read attestations from the [note_reference][Note] in - # Container Analysis (`containeranalysis.notes.occurrences.viewer`). + # IAM role needed to read attestations from the + # {::Google::Cloud::BinaryAuthorization::V1::UserOwnedGrafeasNote#note_reference note_reference} + # in Container Analysis (`containeranalysis.notes.occurrences.viewer`). # - # This email address is fixed for the lifetime of the Attestor, but callers + # This email address is fixed for the lifetime of the attestor, but callers # should not make any other assumptions about the service account email; # future versions may use an email based on a different naming pattern. class UserOwnedGrafeasNote @@ -255,10 +278,9 @@ class UserOwnedGrafeasNote extend ::Google::Protobuf::MessageExts::ClassMethods end - # A public key in the PkixPublicKey format (see - # https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). - # Public keys of this type are typically textually encoded using the PEM - # format. + # A public key in the PkixPublicKey + # [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of + # this type are typically textually encoded using the PEM format. # @!attribute [rw] public_key_pem # @return [::String] # A PEM-encoded public key, as described in @@ -270,6 +292,22 @@ class UserOwnedGrafeasNote # These signature algorithm must match the structure and any object # identifiers encoded in `public_key_pem` (i.e. this algorithm must match # that of the public key). + # @!attribute [rw] key_id + # @return [::String] + # Optional. The ID of this public key. + # Signatures verified by Binary Authorization must include the ID of the + # public key that can be used to verify them. The ID must match exactly + # contents of the `key_id` field exactly. + # + # The ID may be explicitly provided by the caller, but it MUST be a valid + # RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used + # in the context of a wrapper (see next paragraph), a default key ID will be + # computed based on the digest of the DER encoding of the public key. + # + # If this `PkixPublicKey` is used in the context of a wrapper that has its + # own notion of key ID (e.g. `AttestorPublicKey`), then this field can + # either match that value exactly, or be left blank, in which case it behaves + # exactly as though it is equal to that wrapper value. class PkixPublicKey include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -277,9 +315,10 @@ class PkixPublicKey # Represents a signature algorithm and other information necessary to verify # signatures with a given public key. # This is based primarily on the public key types supported by Tink's - # PemKeyType, which is in turn based on KMS's supported signing algorithms. - # See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz - # might support additional public key types independently of Tink and/or KMS. + # PemKeyType, which is in turn based on KMS's supported signing + # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future, + # Binary Authorization might support additional public key types + # independently of Tink and/or KMS. module SignatureAlgorithm # Not specified. SIGNATURE_ALGORITHM_UNSPECIFIED = 0 @@ -287,15 +326,27 @@ module SignatureAlgorithm # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_PSS_2048_SHA256 = 1 + # RSASSA-PSS 2048 bit key with a SHA256 digest. + RSA_SIGN_PSS_2048_SHA256 = 1 + # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_PSS_3072_SHA256 = 2 + # RSASSA-PSS 3072 bit key with a SHA256 digest. + RSA_SIGN_PSS_3072_SHA256 = 2 + # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_PSS_4096_SHA256 = 3 + # RSASSA-PSS 4096 bit key with a SHA256 digest. + RSA_SIGN_PSS_4096_SHA256 = 3 + # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_PSS_4096_SHA512 = 4 + # RSASSA-PSS 4096 bit key with a SHA512 digest. + RSA_SIGN_PSS_4096_SHA512 = 4 + # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RSA_SIGN_PKCS1_2048_SHA256 = 5 @@ -325,33 +376,36 @@ module SignatureAlgorithm # ECDSA on the NIST P-521 curve with a SHA512 digest. EC_SIGN_P521_SHA512 = 11 + + # ML-DSA-65 Post-Quantum Cryptography signature algorithm. + ML_DSA_65 = 13 end end - # An {::Google::Cloud::BinaryAuthorization::V1::AttestorPublicKey attestor public key} that will be used to verify - # attestations signed by this attestor. + # An [attestor public + # key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used + # to verify attestations signed by this attestor. # @!attribute [rw] comment # @return [::String] # Optional. A descriptive comment. This field may be updated. # @!attribute [rw] id # @return [::String] # The ID of this public key. - # Signatures verified by BinAuthz must include the ID of the public key that - # can be used to verify them, and that ID must match the contents of this - # field exactly. - # Additional restrictions on this field can be imposed based on which public - # key type is encapsulated. See the documentation on `public_key` cases below - # for details. + # Signatures verified by Binary Authorization must include the ID of the + # public key that can be used to verify them, and that ID must match the + # contents of this field exactly. Additional restrictions on this field can + # be imposed based on which public key type is encapsulated. See the + # documentation on `public_key` cases below for details. # @!attribute [rw] ascii_armored_pgp_public_key # @return [::String] # ASCII-armored representation of a PGP public key, as the entire output by # the command `gpg --export --armor foo@example.com` (either LF or CRLF # line endings). - # When using this field, `id` should be left blank. The BinAuthz API - # handlers will calculate the ID and fill it in automatically. BinAuthz - # computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as - # upper-case hex. If `id` is provided by the caller, it will be - # overwritten by the API-calculated ID. + # When using this field, `id` should be left blank. The Binary + # Authorization API handlers will calculate the ID and fill it in + # automatically. Binary Authorization computes this ID as the OpenPGP + # RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is + # provided by the caller, it will be overwritten by the API-calculated ID. # # Note: The following fields are mutually exclusive: `ascii_armored_pgp_public_key`, `pkix_public_key`. If a field in that set is populated, all other fields in the set will automatically be cleared. # @!attribute [rw] pkix_public_key diff --git a/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/service.rb b/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/service.rb index 596dbbcf04b9..ea4405205c09 100644 --- a/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/service.rb +++ b/google-cloud-binary_authorization-v1/proto_docs/google/cloud/binaryauthorization/v1/service.rb @@ -21,70 +21,86 @@ module Google module Cloud module BinaryAuthorization module V1 - # Request message for [BinauthzManagementService.GetPolicy][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#get_policy BinauthzManagementServiceV1.GetPolicy}. # @!attribute [rw] name # @return [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, - # in the format `projects/*/policy`. + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} to retrieve, in the + # format `projects/*/policy`. class GetPolicyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Request message for [BinauthzManagementService.UpdatePolicy][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#update_policy BinauthzManagementServiceV1.UpdatePolicy}. # @!attribute [rw] policy # @return [::Google::Cloud::BinaryAuthorization::V1::Policy] - # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Policy#name policy name} field with the resource name in - # the request URL, in the format `projects/*/policy`. + # Required. A new or updated + # {::Google::Cloud::BinaryAuthorization::V1::Policy policy} value. The service + # will overwrite the [policy + # name][google.cloud.binaryauthorization.v1.Policy.name] field with the + # resource name in the request URL, in the format `projects/*/policy`. class UpdatePolicyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Request message for [BinauthzManagementService.CreateAttestor][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#create_attestor BinauthzManagementServiceV1.CreateAttestor}. # @!attribute [rw] parent # @return [::String] - # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. + # Required. The parent of this + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor}. # @!attribute [rw] attestor_id # @return [::String] # Required. The {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} ID. # @!attribute [rw] attestor # @return [::Google::Cloud::BinaryAuthorization::V1::Attestor] - # Required. The initial {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name, - # in the format `projects/*/attestors/*`. + # Required. The initial + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service + # will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the + # resource name, in the format `projects/*/attestors/*`. class CreateAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Request message for [BinauthzManagementService.GetAttestor][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#get_attestor BinauthzManagementServiceV1.GetAttestor}. # @!attribute [rw] name # @return [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} to retrieve, in + # the format `projects/*/attestors/*`. class GetAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Request message for [BinauthzManagementService.UpdateAttestor][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#update_attestor BinauthzManagementServiceV1.UpdateAttestor}. # @!attribute [rw] attestor # @return [::Google::Cloud::BinaryAuthorization::V1::Attestor] - # Required. The updated {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1::Attestor#name attestor name} field with the resource name - # in the request URL, in the format `projects/*/attestors/*`. + # Required. The updated + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestor} value. The service + # will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1.Attestor.name] field with the + # resource name in the request URL, in the format `projects/*/attestors/*`. class UpdateAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Request message for [BinauthzManagementService.ListAttestors][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#list_attestors BinauthzManagementServiceV1.ListAttestors}. # @!attribute [rw] parent # @return [::String] # Required. The resource name of the project associated with the - # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format `projects/*`. + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}, in the format + # `projects/*`. # @!attribute [rw] page_size # @return [::Integer] # Requested page size. The server may return fewer results than requested. If @@ -92,32 +108,37 @@ class UpdateAttestorRequest # @!attribute [rw] page_token # @return [::String] # A token identifying a page of results the server should return. Typically, - # this is the value of {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned - # from the previous call to the `ListAttestors` method. + # this is the value of + # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} + # returned from the previous call to the `ListAttestors` method. class ListAttestorsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Response message for [BinauthzManagementService.ListAttestors][]. + # Response message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#list_attestors BinauthzManagementServiceV1.ListAttestors}. # @!attribute [rw] attestors # @return [::Array<::Google::Cloud::BinaryAuthorization::V1::Attestor>] # The list of {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors}. # @!attribute [rw] next_page_token # @return [::String] # A token to retrieve the next page of results. Pass this value in the - # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the - # `ListAttestors` method to retrieve the next page of results. + # {::Google::Cloud::BinaryAuthorization::V1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} + # field in the subsequent call to the `ListAttestors` method to retrieve the + # next page of results. class ListAttestorsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # Request message for [BinauthzManagementService.DeleteAttestor][]. + # Request message for + # {::Google::Cloud::BinaryAuthorization::V1::BinauthzManagementService::Client#delete_attestor BinauthzManagementServiceV1.DeleteAttestor}. # @!attribute [rw] name # @return [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor attestors} to delete, in the + # format `projects/*/attestors/*`. class DeleteAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -137,15 +158,16 @@ class GetSystemPolicyRequest # {::Google::Cloud::BinaryAuthorization::V1::ValidationHelper::Client#validate_attestation_occurrence ValidationHelperV1.ValidateAttestationOccurrence}. # @!attribute [rw] attestor # @return [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1::Attestor Attestor} of the # [occurrence][grafeas.v1.Occurrence], in the format # `projects/*/attestors/*`. # @!attribute [rw] attestation # @return [::Grafeas::V1::AttestationOccurrence] # Required. An {::Grafeas::V1::AttestationOccurrence AttestationOccurrence} to - # be checked that it can be verified by the Attestor. It does not have to be - # an existing entity in Container Analysis. It must otherwise be a valid - # AttestationOccurrence. + # be checked that it can be verified by the `Attestor`. It does not have to + # be an existing entity in Container Analysis. It must otherwise be a valid + # `AttestationOccurrence`. # @!attribute [rw] occurrence_note # @return [::String] # Required. The resource name of the [Note][grafeas.v1.Note] to which the @@ -171,7 +193,7 @@ class ValidateAttestationOccurrenceResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods - # The enum returned in the "result" field. + # The enum returned in the `result` field. module Result # Unspecified. RESULT_UNSPECIFIED = 0 diff --git a/google-cloud-binary_authorization-v1/proto_docs/google/protobuf/field_mask.rb b/google-cloud-binary_authorization-v1/proto_docs/google/protobuf/field_mask.rb new file mode 100644 index 000000000000..7f3ffc78601a --- /dev/null +++ b/google-cloud-binary_authorization-v1/proto_docs/google/protobuf/field_mask.rb @@ -0,0 +1,229 @@ +# frozen_string_literal: true + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + + +module Google + module Protobuf + # `FieldMask` represents a set of symbolic field paths, for example: + # + # paths: "f.a" + # paths: "f.b.d" + # + # Here `f` represents a field in some root message, `a` and `b` + # fields in the message found in `f`, and `d` a field found in the + # message in `f.b`. + # + # Field masks are used to specify a subset of fields that should be + # returned by a get operation or modified by an update operation. + # Field masks also have a custom JSON encoding (see below). + # + # # Field Masks in Projections + # + # When used in the context of a projection, a response message or + # sub-message is filtered by the API to only contain those fields as + # specified in the mask. For example, if the mask in the previous + # example is applied to a response message as follows: + # + # f { + # a : 22 + # b { + # d : 1 + # x : 2 + # } + # y : 13 + # } + # z: 8 + # + # The result will not contain specific values for fields x,y and z + # (their value will be set to the default, and omitted in proto text + # output): + # + # + # f { + # a : 22 + # b { + # d : 1 + # } + # } + # + # A repeated field is not allowed except at the last position of a + # paths string. + # + # If a FieldMask object is not present in a get operation, the + # operation applies to all fields (as if a FieldMask of all fields + # had been specified). + # + # Note that a field mask does not necessarily apply to the + # top-level response message. In case of a REST get operation, the + # field mask applies directly to the response, but in case of a REST + # list operation, the mask instead applies to each individual message + # in the returned resource list. In case of a REST custom method, + # other definitions may be used. Where the mask applies will be + # clearly documented together with its declaration in the API. In + # any case, the effect on the returned resource/resources is required + # behavior for APIs. + # + # # Field Masks in Update Operations + # + # A field mask in update operations specifies which fields of the + # targeted resource are going to be updated. The API is required + # to only change the values of the fields as specified in the mask + # and leave the others untouched. If a resource is passed in to + # describe the updated values, the API ignores the values of all + # fields not covered by the mask. + # + # If a repeated field is specified for an update operation, new values will + # be appended to the existing repeated field in the target resource. Note that + # a repeated field is only allowed in the last position of a `paths` string. + # + # If a sub-message is specified in the last position of the field mask for an + # update operation, then new value will be merged into the existing sub-message + # in the target resource. + # + # For example, given the target message: + # + # f { + # b { + # d: 1 + # x: 2 + # } + # c: [1] + # } + # + # And an update message: + # + # f { + # b { + # d: 10 + # } + # c: [2] + # } + # + # then if the field mask is: + # + # paths: ["f.b", "f.c"] + # + # then the result will be: + # + # f { + # b { + # d: 10 + # x: 2 + # } + # c: [1, 2] + # } + # + # An implementation may provide options to override this default behavior for + # repeated and message fields. + # + # In order to reset a field's value to the default, the field must + # be in the mask and set to the default value in the provided resource. + # Hence, in order to reset all fields of a resource, provide a default + # instance of the resource and set all fields in the mask, or do + # not provide a mask as described below. + # + # If a field mask is not present on update, the operation applies to + # all fields (as if a field mask of all fields has been specified). + # Note that in the presence of schema evolution, this may mean that + # fields the client does not know and has therefore not filled into + # the request will be reset to their default. If this is unwanted + # behavior, a specific service may require a client to always specify + # a field mask, producing an error if not. + # + # As with get operations, the location of the resource which + # describes the updated values in the request message depends on the + # operation kind. In any case, the effect of the field mask is + # required to be honored by the API. + # + # ## Considerations for HTTP REST + # + # The HTTP kind of an update operation which uses a field mask must + # be set to PATCH instead of PUT in order to satisfy HTTP semantics + # (PUT must only be used for full updates). + # + # # JSON Encoding of Field Masks + # + # In JSON, a field mask is encoded as a single string where paths are + # separated by a comma. Fields name in each path are converted + # to/from lower-camel naming conventions. + # + # As an example, consider the following message declarations: + # + # message Profile { + # User user = 1; + # Photo photo = 2; + # } + # message User { + # string display_name = 1; + # string address = 2; + # } + # + # In proto a field mask for `Profile` may look as such: + # + # mask { + # paths: "user.display_name" + # paths: "photo" + # } + # + # In JSON, the same mask is represented as below: + # + # { + # mask: "user.displayName,photo" + # } + # + # # Field Masks and Oneof Fields + # + # Field masks treat fields in oneofs just as regular fields. Consider the + # following message: + # + # message SampleMessage { + # oneof test_oneof { + # string name = 4; + # SubMessage sub_message = 9; + # } + # } + # + # The field mask can be: + # + # mask { + # paths: "name" + # } + # + # Or: + # + # mask { + # paths: "sub_message" + # } + # + # Note that oneof type names ("test_oneof" in this case) cannot be used in + # paths. + # + # ## Field Mask Verification + # + # The implementation of any API method which has a FieldMask type field in the + # request should verify the included field paths, and return an + # `INVALID_ARGUMENT` error if any path is unmappable. + # @!attribute [rw] paths + # @return [::Array<::String>] + # The set of field mask paths. + class FieldMask + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + end +end diff --git a/google-cloud-binary_authorization-v1/proto_docs/google/type/expr.rb b/google-cloud-binary_authorization-v1/proto_docs/google/type/expr.rb new file mode 100644 index 000000000000..53e7733b6592 --- /dev/null +++ b/google-cloud-binary_authorization-v1/proto_docs/google/type/expr.rb @@ -0,0 +1,75 @@ +# frozen_string_literal: true + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + + +module Google + module Type + # Represents a textual expression in the Common Expression Language (CEL) + # syntax. CEL is a C-like expression language. The syntax and semantics of CEL + # are documented at https://github.com/google/cel-spec. + # + # Example (Comparison): + # + # title: "Summary size limit" + # description: "Determines if a summary is less than 100 chars" + # expression: "document.summary.size() < 100" + # + # Example (Equality): + # + # title: "Requestor is owner" + # description: "Determines if requestor is the document owner" + # expression: "document.owner == request.auth.claims.email" + # + # Example (Logic): + # + # title: "Public documents" + # description: "Determine whether the document should be publicly visible" + # expression: "document.type != 'private' && document.type != 'internal'" + # + # Example (Data Manipulation): + # + # title: "Notification string" + # description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" + # + # The exact variables and functions that may be referenced within an expression + # are determined by the service that evaluates it. See the service + # documentation for additional information. + # @!attribute [rw] expression + # @return [::String] + # Textual representation of an expression in Common Expression Language + # syntax. + # @!attribute [rw] title + # @return [::String] + # Optional. Title for the expression, i.e. a short string describing + # its purpose. This can be used e.g. in UIs which allow to enter the + # expression. + # @!attribute [rw] description + # @return [::String] + # Optional. Description of the expression. This is a longer text which + # describes the expression, e.g. when hovered over it in a UI. + # @!attribute [rw] location + # @return [::String] + # Optional. String indicating the location of the expression for error + # reporting, e.g. a file name and a position in the file. + class Expr + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + end +end