diff --git a/google-cloud-binary_authorization-v1beta1/.owlbot-manifest.json b/google-cloud-binary_authorization-v1beta1/.owlbot-manifest.json index 8ed70d1ee1dd..34275a7ef495 100644 --- a/google-cloud-binary_authorization-v1beta1/.owlbot-manifest.json +++ b/google-cloud-binary_authorization-v1beta1/.owlbot-manifest.json @@ -22,6 +22,7 @@ "lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb", "lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb", "lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/service_stub.rb", + "lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb", "lib/google/cloud/binary_authorization/v1beta1/rest.rb", "lib/google/cloud/binary_authorization/v1beta1/system_policy.rb", "lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb", @@ -45,7 +46,9 @@ "proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb", "proto_docs/google/protobuf/duration.rb", "proto_docs/google/protobuf/empty.rb", + "proto_docs/google/protobuf/field_mask.rb", "proto_docs/google/protobuf/timestamp.rb", + "proto_docs/google/type/expr.rb", "snippets/Gemfile", "snippets/binauthz_management_service/create_attestor.rb", "snippets/binauthz_management_service/delete_attestor.rb", diff --git a/google-cloud-binary_authorization-v1beta1/README.md b/google-cloud-binary_authorization-v1beta1/README.md index d9eb75dd820d..84667672376f 100644 --- a/google-cloud-binary_authorization-v1beta1/README.md +++ b/google-cloud-binary_authorization-v1beta1/README.md @@ -1,6 +1,6 @@ # Ruby Client for the Binary Authorization V1beta1 API -The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters, Anthos clusters on VMware, and Cloud Run. +The management interface for Binary Authorization, a service that provides policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run. Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and GKE on-prem. diff --git a/google-cloud-binary_authorization-v1beta1/google-cloud-binary_authorization-v1beta1.gemspec b/google-cloud-binary_authorization-v1beta1/google-cloud-binary_authorization-v1beta1.gemspec index 251568eedee0..8baa815ccb07 100644 --- a/google-cloud-binary_authorization-v1beta1/google-cloud-binary_authorization-v1beta1.gemspec +++ b/google-cloud-binary_authorization-v1beta1/google-cloud-binary_authorization-v1beta1.gemspec @@ -10,7 +10,7 @@ Gem::Specification.new do |gem| gem.authors = ["Google LLC"] gem.email = "googleapis-packages@google.com" gem.description = "Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and GKE on-prem. Note that google-cloud-binary_authorization-v1beta1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-binary_authorization instead. See the readme for more details." - gem.summary = "The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters, Anthos clusters on VMware, and Cloud Run." + gem.summary = "The management interface for Binary Authorization, a service that provides policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run." gem.homepage = "https://github.com/googleapis/google-cloud-ruby" gem.license = "Apache-2.0" @@ -25,4 +25,5 @@ Gem::Specification.new do |gem| gem.add_dependency "gapic-common", "~> 1.3" gem.add_dependency "google-cloud-errors", "~> 1.0" + gem.add_dependency "google-iam-v1", "~> 1.3" end diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb index 58a47f23bf87..617d6f0c78ee 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/client.rb @@ -18,6 +18,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1beta1/service_pb" +require "google/iam/v1" module Google module Cloud @@ -208,8 +209,23 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @binauthz_management_service_stub.endpoint + config.universe_domain = @binauthz_management_service_stub.universe_domain + config.logger = @binauthz_management_service_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -222,13 +238,16 @@ def logger # Service calls ## - # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must attest to - # a container image, before the project is allowed to deploy that + # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must + # attest to a container image, before the project is allowed to deploy that # image. There is at most one policy per project. All image admission # requests are permitted if a project has no policy. # - # Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this project. Returns a default - # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project does not have one. + # Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this + # project. Returns a default + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project + # does not have one. # # @overload get_policy(request, options = nil) # Pass arguments to `get_policy` via a request object, either of type @@ -246,8 +265,9 @@ def logger # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, - # in the format `projects/*/policy`. + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in + # the format `projects/*/policy`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy] @@ -314,11 +334,13 @@ def get_policy request, options = nil end ## - # Creates or updates a project's {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a copy of the - # new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}. A policy is always updated as a whole, to avoid race - # conditions with concurrent policy enforcement (or management!) - # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT - # if the request is malformed. + # Creates or updates a project's + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a + # copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}. + # A policy is always updated as a whole, to avoid race conditions with + # concurrent policy enforcement (or management!) requests. Returns NOT_FOUND + # if the project does not exist, INVALID_ARGUMENT if the request is + # malformed. # # @overload update_policy(request, options = nil) # Pass arguments to `update_policy` via a request object, either of type @@ -336,9 +358,11 @@ def get_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash] - # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy#name policy name} field with the resource name in - # the request URL, in the format `projects/*/policy`. + # Required. A new or updated + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The + # service will overwrite the [policy + # name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the + # resource name in the request URL, in the format `projects/*/policy`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Policy] @@ -405,10 +429,13 @@ def update_policy request, options = nil end ## - # Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}, and returns a copy of the new - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns NOT_FOUND if the project does not exist, - # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already exists. + # Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}, + # and returns a copy of the new + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns + # NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is + # malformed, ALREADY_EXISTS if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already + # exists. # # @overload create_attestor(request, options = nil) # Pass arguments to `create_attestor` via a request object, either of type @@ -426,13 +453,17 @@ def update_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param parent [::String] - # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. + # Required. The parent of this + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. # @param attestor_id [::String] - # Required. The {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID. + # Required. The + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID. # @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash] - # Required. The initial {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name, - # in the format `projects/*/attestors/*`. + # Required. The initial + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The + # service will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with + # the resource name, in the format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] @@ -500,7 +531,9 @@ def create_attestor request, options = nil ## # Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not exist. + # Returns NOT_FOUND if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not + # exist. # # @overload get_attestor(request, options = nil) # Pass arguments to `get_attestor` via a request object, either of type @@ -518,8 +551,9 @@ def create_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, + # in the format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] @@ -587,7 +621,9 @@ def get_attestor request, options = nil ## # Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not exist. + # Returns NOT_FOUND if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not + # exist. # # @overload update_attestor(request, options = nil) # Pass arguments to `update_attestor` via a request object, either of type @@ -605,9 +641,12 @@ def get_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash] - # Required. The updated {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name - # in the request URL, in the format `projects/*/attestors/*`. + # Required. The updated + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The + # service will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with + # the resource name in the request URL, in the format + # `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] @@ -694,14 +733,16 @@ def update_attestor request, options = nil # # @param parent [::String] # Required. The resource name of the project associated with the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the format `projects/*`. + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the + # format `projects/*`. # @param page_size [::Integer] # Requested page size. The server may return fewer results than requested. If # unspecified, the server will pick an appropriate default. # @param page_token [::String] # A token identifying a page of results the server should return. Typically, - # this is the value of {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned - # from the previous call to the `ListAttestors` method. + # this is the value of + # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} + # returned from the previous call to the `ListAttestors` method. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>] @@ -774,8 +815,10 @@ def list_attestors request, options = nil end ## - # Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns NOT_FOUND if the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not exist. + # Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. + # Returns NOT_FOUND if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not + # exist. # # @overload delete_attestor(request, options = nil) # Pass arguments to `delete_attestor` via a request object, either of type @@ -793,8 +836,9 @@ def list_attestors request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, + # in the format `projects/*/attestors/*`. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Protobuf::Empty] diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb index 8387461a5ff6..4bd4d92d93ba 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest.rb @@ -21,6 +21,7 @@ require "gapic/config/method" require "google/cloud/binary_authorization/v1beta1/version" +require "google/cloud/binary_authorization/v1beta1/bindings_override" require "google/cloud/binary_authorization/v1beta1/binauthz_management_service/credentials" require "google/cloud/binary_authorization/v1beta1/binauthz_management_service/paths" diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb index bb738d74babf..85be5bd751a5 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/client.rb @@ -19,6 +19,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1beta1/service_pb" require "google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest/service_stub" +require "google/iam/v1/rest" module Google module Cloud @@ -201,8 +202,24 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @binauthz_management_service_stub.endpoint + config.universe_domain = @binauthz_management_service_stub.universe_domain + config.bindings_override = @config.bindings_override + config.logger = @binauthz_management_service_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Rest::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -215,13 +232,16 @@ def logger # Service calls ## - # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must attest to - # a container image, before the project is allowed to deploy that + # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} specifies the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} that must + # attest to a container image, before the project is allowed to deploy that # image. There is at most one policy per project. All image admission # requests are permitted if a project has no policy. # - # Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this project. Returns a default - # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project does not have one. + # Gets the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for this + # project. Returns a default + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} if the project + # does not have one. # # @overload get_policy(request, options = nil) # Pass arguments to `get_policy` via a request object, either of type @@ -239,8 +259,9 @@ def logger # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, - # in the format `projects/*/policy`. + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in + # the format `projects/*/policy`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1beta1::Policy] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -300,11 +321,13 @@ def get_policy request, options = nil end ## - # Creates or updates a project's {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a copy of the - # new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}. A policy is always updated as a whole, to avoid race - # conditions with concurrent policy enforcement (or management!) - # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT - # if the request is malformed. + # Creates or updates a project's + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}, and returns a + # copy of the new {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy}. + # A policy is always updated as a whole, to avoid race conditions with + # concurrent policy enforcement (or management!) requests. Returns NOT_FOUND + # if the project does not exist, INVALID_ARGUMENT if the request is + # malformed. # # @overload update_policy(request, options = nil) # Pass arguments to `update_policy` via a request object, either of type @@ -322,9 +345,11 @@ def get_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param policy [::Google::Cloud::BinaryAuthorization::V1beta1::Policy, ::Hash] - # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy#name policy name} field with the resource name in - # the request URL, in the format `projects/*/policy`. + # Required. A new or updated + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The + # service will overwrite the [policy + # name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the + # resource name in the request URL, in the format `projects/*/policy`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1beta1::Policy] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -384,10 +409,13 @@ def update_policy request, options = nil end ## - # Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}, and returns a copy of the new - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns NOT_FOUND if the project does not exist, - # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already exists. + # Creates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}, + # and returns a copy of the new + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns + # NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is + # malformed, ALREADY_EXISTS if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} already + # exists. # # @overload create_attestor(request, options = nil) # Pass arguments to `create_attestor` via a request object, either of type @@ -405,13 +433,17 @@ def update_policy request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param parent [::String] - # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. + # Required. The parent of this + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. # @param attestor_id [::String] - # Required. The {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID. + # Required. The + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID. # @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash] - # Required. The initial {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name, - # in the format `projects/*/attestors/*`. + # Required. The initial + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The + # service will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with + # the resource name, in the format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -472,7 +504,9 @@ def create_attestor request, options = nil ## # Gets an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not exist. + # Returns NOT_FOUND if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not + # exist. # # @overload get_attestor(request, options = nil) # Pass arguments to `get_attestor` via a request object, either of type @@ -490,8 +524,9 @@ def create_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, + # in the format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -552,7 +587,9 @@ def get_attestor request, options = nil ## # Updates an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. - # Returns NOT_FOUND if the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not exist. + # Returns NOT_FOUND if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not + # exist. # # @overload update_attestor(request, options = nil) # Pass arguments to `update_attestor` via a request object, either of type @@ -570,9 +607,12 @@ def get_attestor request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param attestor [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor, ::Hash] - # Required. The updated {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name - # in the request URL, in the format `projects/*/attestors/*`. + # Required. The updated + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The + # service will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with + # the resource name in the request URL, in the format + # `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -652,14 +692,16 @@ def update_attestor request, options = nil # # @param parent [::String] # Required. The resource name of the project associated with the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the format `projects/*`. + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the + # format `projects/*`. # @param page_size [::Integer] # Requested page size. The server may return fewer results than requested. If # unspecified, the server will pick an appropriate default. # @param page_token [::String] # A token identifying a page of results the server should return. Typically, - # this is the value of {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned - # from the previous call to the `ListAttestors` method. + # this is the value of + # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} + # returned from the previous call to the `ListAttestors` method. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Gapic::Rest::PagedEnumerable<::Google::Cloud::BinaryAuthorization::V1beta1::Attestor>] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -725,8 +767,10 @@ def list_attestors request, options = nil end ## - # Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. Returns NOT_FOUND if the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not exist. + # Deletes an {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. + # Returns NOT_FOUND if the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} does not + # exist. # # @overload delete_attestor(request, options = nil) # Pass arguments to `delete_attestor` via a request object, either of type @@ -744,8 +788,9 @@ def list_attestors request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param name [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, + # in the format `projects/*/attestors/*`. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Protobuf::Empty] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -912,6 +957,13 @@ class Configuration config_attr :retry_policy, nil, ::Hash, ::Proc, nil config_attr :quota_project, nil, ::String, nil config_attr :universe_domain, nil, ::String, nil + + # @private + # Overrides for http bindings for the RPCs of this service + # are only used when this service is used as mixin, and only + # by the host service. + # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}] + config_attr :bindings_override, {}, ::Hash, nil config_attr :logger, :default, ::Logger, nil, :default # @private diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb new file mode 100644 index 000000000000..e68ac8794c08 --- /dev/null +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/bindings_override.rb @@ -0,0 +1,110 @@ +# frozen_string_literal: true + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + +require "gapic/rest" + +module Google + module Cloud + module BinaryAuthorization + ## + # @example Loading just the REST part of this package, including all its services, and instantiating a REST client + # + # require "google/cloud/binary_authorization/v1beta1/rest" + # client = ::Google::Cloud::BinaryAuthorization::V1beta1::BinauthzManagementService::Rest::Client.new + # + module V1beta1 + ## + # @private + # Initialize the mixin bindings configuration + # + def self.configure + @configure ||= begin + namespace = ["Google", "Cloud", "BinaryAuthorization"] + parent_config = while namespace.any? + parent_name = namespace.join "::" + parent_const = const_get parent_name + break parent_const.configure if parent_const.respond_to? :configure + namespace.pop + end + + default_config = ::Gapic::Rest::HttpBindingOverrideConfiguration.new parent_config + default_config.bindings_override["google.iam.v1.IAMPolicy.GetIamPolicy"] = [ + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :get, + uri_template: "/v1beta1/{resource}:getIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/policy/?$}, false] + ], + body: nil + ), + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :get, + uri_template: "/v1beta1/{resource}:getIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/attestors/[^/]+/?$}, false] + ], + body: nil + ) + ] + default_config.bindings_override["google.iam.v1.IAMPolicy.SetIamPolicy"] = [ + + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1beta1/{resource}:setIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/policy/?$}, false] + ], + body: "*" + ), + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1beta1/{resource}:setIamPolicy", + matches: [ + ["resource", %r{^projects/[^/]+/attestors/[^/]+/?$}, false] + ], + body: "*" + ) + ] + default_config.bindings_override["google.iam.v1.IAMPolicy.TestIamPermissions"] = [ + + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1beta1/{resource}:testIamPermissions", + matches: [ + ["resource", %r{^projects/[^/]+/policy/?$}, false] + ], + body: "*" + ), + Gapic::Rest::GrpcTranscoder::HttpBinding.create_with_validation( + uri_method: :post, + uri_template: "/v1beta1/{resource}:testIamPermissions", + matches: [ + ["resource", %r{^projects/[^/]+/attestors/[^/]+/?$}, false] + ], + body: "*" + ) + ] + default_config + end + yield @configure if block_given? + @configure + end + end + end + end +end diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/rest.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/rest.rb index b70b450af2c5..7cd1564cfbd5 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/rest.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/rest.rb @@ -18,6 +18,7 @@ require "google/cloud/binary_authorization/v1beta1/binauthz_management_service/rest" require "google/cloud/binary_authorization/v1beta1/system_policy/rest" +require "google/cloud/binary_authorization/v1beta1/bindings_override" require "google/cloud/binary_authorization/v1beta1/version" module Google diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb index a31615800d4a..1fe8b232ca32 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/client.rb @@ -18,6 +18,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1beta1/service_pb" +require "google/iam/v1" module Google module Cloud @@ -170,8 +171,23 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @system_policy_stub.endpoint + config.universe_domain = @system_policy_stub.universe_domain + config.logger = @system_policy_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest.rb index d7c2b41c59d7..809893f7a951 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest.rb @@ -21,6 +21,7 @@ require "gapic/config/method" require "google/cloud/binary_authorization/v1beta1/version" +require "google/cloud/binary_authorization/v1beta1/bindings_override" require "google/cloud/binary_authorization/v1beta1/system_policy/credentials" require "google/cloud/binary_authorization/v1beta1/system_policy/paths" diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest/client.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest/client.rb index 50abbffc1cda..794a2932e7f2 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest/client.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binary_authorization/v1beta1/system_policy/rest/client.rb @@ -19,6 +19,7 @@ require "google/cloud/errors" require "google/cloud/binaryauthorization/v1beta1/service_pb" require "google/cloud/binary_authorization/v1beta1/system_policy/rest/service_stub" +require "google/iam/v1/rest" module Google module Cloud @@ -163,8 +164,24 @@ def initialize entry.set "defaultTimeout", @config.timeout if @config.timeout entry.set "quotaProject", @quota_project_id if @quota_project_id end + + @iam_policy_client = Google::Iam::V1::IAMPolicy::Rest::Client.new do |config| + config.credentials = credentials + config.quota_project = @quota_project_id + config.endpoint = @system_policy_stub.endpoint + config.universe_domain = @system_policy_stub.universe_domain + config.bindings_override = @config.bindings_override + config.logger = @system_policy_stub.logger if config.respond_to? :logger= + end end + ## + # Get the associated client for mix-in of the IAMPolicy. + # + # @return [Google::Iam::V1::IAMPolicy::Rest::Client] + # + attr_reader :iam_policy_client + ## # The logger used for request/response debug logging. # @@ -363,6 +380,13 @@ class Configuration config_attr :retry_policy, nil, ::Hash, ::Proc, nil config_attr :quota_project, nil, ::String, nil config_attr :universe_domain, nil, ::String, nil + + # @private + # Overrides for http bindings for the RPCs of this service + # are only used when this service is used as mixin, and only + # by the host service. + # @return [::Hash{::Symbol=>::Array<::Gapic::Rest::GrpcTranscoder::HttpBinding>}] + config_attr :bindings_override, {}, ::Hash, nil config_attr :logger, :default, ::Logger, nil, :default # @private diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb index 469851b91756..164d18d0e897 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/resources_pb.rb @@ -9,7 +9,7 @@ require 'google/protobuf/timestamp_pb' -descriptor_data = "\n8google/cloud/binaryauthorization/v1beta1/resources.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xb1\r\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12w\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32K.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12n\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32\x43.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12q\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32K.google.cloud.binaryauthorization.v1beta1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8a\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32W.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x95\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32\\.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8d\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32X.google.cloud.binaryauthorization.v1beta1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12\\\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1au\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x86\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x82\x01\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xe4\x03\n\rAdmissionRule\x12\x64\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x66\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32G.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xbc\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\x61\n\x17user_owned_drydock_note\x18\x03 \x01(\x0b\x32>.google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb9\x01\n\x14UserOwnedDrydockNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12U\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32;.google.cloud.binaryauthorization.v1beta1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xc4\x04\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12g\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32J.google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm\"\xb1\x03\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x1a\x02\x10\x01\"\xbf\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12R\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\xba\x02\n,com.google.cloud.binaryauthorization.v1beta1B!BinaryAuthorizationResourcesProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xf8\x01\x01\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3" +descriptor_data = "\n8google/cloud/binaryauthorization/v1beta1/resources.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xc4\r\n\x06Policy\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12w\n\x1dglobal_policy_evaluation_mode\x18\x07 \x01(\x0e\x32K.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationModeB\x03\xe0\x41\x01\x12n\n\x1c\x61\x64mission_whitelist_patterns\x18\x02 \x03(\x0b\x32\x43.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternB\x03\xe0\x41\x01\x12q\n\x17\x63luster_admission_rules\x18\x03 \x03(\x0b\x32K.google.cloud.binaryauthorization.v1beta1.Policy.ClusterAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8a\x01\n$kubernetes_namespace_admission_rules\x18\n \x03(\x0b\x32W.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesNamespaceAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x95\x01\n*kubernetes_service_account_admission_rules\x18\x08 \x03(\x0b\x32\\.google.cloud.binaryauthorization.v1beta1.Policy.KubernetesServiceAccountAdmissionRulesEntryB\x03\xe0\x41\x01\x12\x8d\x01\n&istio_service_identity_admission_rules\x18\t \x03(\x0b\x32X.google.cloud.binaryauthorization.v1beta1.Policy.IstioServiceIdentityAdmissionRulesEntryB\x03\xe0\x41\x01\x12\\\n\x16\x64\x65\x66\x61ult_admission_rule\x18\x04 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRuleB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x0b \x01(\tB\x03\xe0\x41\x01\x1au\n\x1a\x43lusterAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x81\x01\n&KubernetesNamespaceAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x86\x01\n+KubernetesServiceAccountAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\x1a\x82\x01\n\'IstioServiceIdentityAdmissionRulesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x46\n\x05value\x18\x02 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.AdmissionRule:\x02\x38\x01\"d\n\x1aGlobalPolicyEvaluationMode\x12-\n)GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED\x10\x00\x12\n\n\x06\x45NABLE\x10\x01\x12\x0b\n\x07\x44ISABLE\x10\x02:f\xea\x41\x63\n)binaryauthorization.googleapis.com/Policy\x12\x19projects/{project}/policy\x12\x1blocations/{location}/policy\"1\n\x19\x41\x64missionWhitelistPattern\x12\x14\n\x0cname_pattern\x18\x01 \x01(\t\"\xe4\x03\n\rAdmissionRule\x12\x64\n\x0f\x65valuation_mode\x18\x01 \x01(\x0e\x32\x46.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationModeB\x03\xe0\x41\x02\x12$\n\x17require_attestations_by\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12\x66\n\x10\x65nforcement_mode\x18\x03 \x01(\x0e\x32G.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementModeB\x03\xe0\x41\x02\"m\n\x0e\x45valuationMode\x12\x1f\n\x1b\x45VALUATION_MODE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41LWAYS_ALLOW\x10\x01\x12\x17\n\x13REQUIRE_ATTESTATION\x10\x02\x12\x0f\n\x0b\x41LWAYS_DENY\x10\x03\"p\n\x0f\x45nforcementMode\x12 \n\x1c\x45NFORCEMENT_MODE_UNSPECIFIED\x10\x00\x12 \n\x1c\x45NFORCED_BLOCK_AND_AUDIT_LOG\x10\x01\x12\x19\n\x15\x44RYRUN_AUDIT_LOG_ONLY\x10\x02\"\xcf\x02\n\x08\x41ttestor\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x64\x65scription\x18\x06 \x01(\tB\x03\xe0\x41\x01\x12\x61\n\x17user_owned_drydock_note\x18\x03 \x01(\x0b\x32>.google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNoteH\x00\x12\x34\n\x0bupdate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04\x65tag\x18\x07 \x01(\tB\x03\xe0\x41\x01:Y\xea\x41V\n+binaryauthorization.googleapis.com/Attestor\x12\'projects/{project}/attestors/{attestor}B\x0f\n\rattestor_type\"\xb9\x01\n\x14UserOwnedDrydockNote\x12\x1b\n\x0enote_reference\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12U\n\x0bpublic_keys\x18\x02 \x03(\x0b\x32;.google.cloud.binaryauthorization.v1beta1.AttestorPublicKeyB\x03\xe0\x41\x01\x12-\n delegation_service_account_email\x18\x03 \x01(\tB\x03\xe0\x41\x03\"\xcb\x05\n\rPkixPublicKey\x12\x16\n\x0epublic_key_pem\x18\x01 \x01(\t\x12g\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32J.google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm\"\xb8\x04\n\x12SignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12\x17\n\x13RSA_PSS_2048_SHA256\x10\x01\x12\x1c\n\x18RSA_SIGN_PSS_2048_SHA256\x10\x01\x12\x17\n\x13RSA_PSS_3072_SHA256\x10\x02\x12\x1c\n\x18RSA_SIGN_PSS_3072_SHA256\x10\x02\x12\x17\n\x13RSA_PSS_4096_SHA256\x10\x03\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA256\x10\x03\x12\x17\n\x13RSA_PSS_4096_SHA512\x10\x04\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA512\x10\x04\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x08\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\t\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\t\x12\x15\n\x11\x45\x43\x44SA_P384_SHA384\x10\n\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\n\x12\x15\n\x11\x45\x43\x44SA_P521_SHA512\x10\x0b\x12\x17\n\x13\x45\x43_SIGN_P521_SHA512\x10\x0b\x12\r\n\tML_DSA_65\x10\r\x1a\x02\x10\x01\"\xbf\x01\n\x11\x41ttestorPublicKey\x12\x14\n\x07\x63omment\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\n\n\x02id\x18\x02 \x01(\t\x12&\n\x1c\x61scii_armored_pgp_public_key\x18\x03 \x01(\tH\x00\x12R\n\x0fpkix_public_key\x18\x05 \x01(\x0b\x32\x37.google.cloud.binaryauthorization.v1beta1.PkixPublicKeyH\x00\x42\x0c\n\npublic_keyB\xb7\x02\n,com.google.cloud.binaryauthorization.v1beta1B!BinaryAuthorizationResourcesProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3" pool = ::Google::Protobuf::DescriptorPool.generated_pool pool.add_serialized_file(descriptor_data) diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb index 9cb9ff3147e9..6741655dceb7 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_pb.rb @@ -12,7 +12,7 @@ require 'google/protobuf/empty_pb' -descriptor_data = "\n6google/cloud/binaryauthorization/v1beta1/service.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x38google/cloud/binaryauthorization/v1beta1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\\\n\x13UpdatePolicyRequest\x12\x45\n\x06policy\x18\x01 \x01(\x0b\x32\x30.google.cloud.binaryauthorization.v1beta1.PolicyB\x03\xe0\x41\x02\"\xc1\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12I\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"b\n\x15UpdateAttestorRequest\x12I\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"w\n\x15ListAttestorsResponse\x12\x45\n\tattestors\x18\x01 \x03(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy2\xcb\x0b\n BinauthzManagementServiceV1Beta1\x12\xab\x01\n\tGetPolicy\x12:.google.cloud.binaryauthorization.v1beta1.GetPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1beta1/{name=projects/*/policy}\x12\xc2\x01\n\x0cUpdatePolicy\x12=.google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"A\xda\x41\x06policy\x82\xd3\xe4\x93\x02\x32\x1a(/v1beta1/{policy.name=projects/*/policy}:\x06policy\x12\xdd\x01\n\x0e\x43reateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"V\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02\x32\"&/v1beta1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xb6\x01\n\x0bGetAttestor\x12<.google.cloud.binaryauthorization.v1beta1.GetAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{name=projects/*/attestors/*}\x12\xd3\x01\n\x0eUpdateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"L\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02;\x1a//v1beta1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xc9\x01\n\rListAttestors\x12>.google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest\x1a?.google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse\"7\xda\x41\x06parent\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{parent=projects/*}/attestors\x12\xa0\x01\n\x0e\x44\x65leteAttestor\x12?.google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(*&/v1beta1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xa8\x02\n\x13SystemPolicyV1Beta1\x12\xb8\x01\n\x0fGetSystemPolicy\x12@.google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"1\xda\x41\x04name\x82\xd3\xe4\x93\x02$\x12\"/v1beta1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xb8\x02\n,com.google.cloud.binaryauthorization.v1beta1B\x1f\x42inaryAuthorizationServiceProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xf8\x01\x01\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3" +descriptor_data = "\n6google/cloud/binaryauthorization/v1beta1/service.proto\x12(google.cloud.binaryauthorization.v1beta1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x38google/cloud/binaryauthorization/v1beta1/resources.proto\x1a\x1bgoogle/protobuf/empty.proto\"S\n\x10GetPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy\"\\\n\x13UpdatePolicyRequest\x12\x45\n\x06policy\x18\x01 \x01(\x0b\x32\x30.google.cloud.binaryauthorization.v1beta1.PolicyB\x03\xe0\x41\x02\"\xc1\x01\n\x15\x43reateAttestorRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x18\n\x0b\x61ttestor_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12I\n\x08\x61ttestor\x18\x03 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"W\n\x12GetAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"b\n\x15UpdateAttestorRequest\x12I\n\x08\x61ttestor\x18\x01 \x01(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.AttestorB\x03\xe0\x41\x02\"\x82\x01\n\x14ListAttestorsRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"w\n\x15ListAttestorsResponse\x12\x45\n\tattestors\x18\x01 \x03(\x0b\x32\x32.google.cloud.binaryauthorization.v1beta1.Attestor\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"Z\n\x15\x44\x65leteAttestorRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+binaryauthorization.googleapis.com/Attestor\"Y\n\x16GetSystemPolicyRequest\x12?\n\x04name\x18\x01 \x01(\tB1\xe0\x41\x02\xfa\x41+\n)binaryauthorization.googleapis.com/Policy2\xcb\x0b\n BinauthzManagementServiceV1Beta1\x12\xab\x01\n\tGetPolicy\x12:.google.cloud.binaryauthorization.v1beta1.GetPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"0\xda\x41\x04name\x82\xd3\xe4\x93\x02#\x12!/v1beta1/{name=projects/*/policy}\x12\xc2\x01\n\x0cUpdatePolicy\x12=.google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"A\xda\x41\x06policy\x82\xd3\xe4\x93\x02\x32\x1a(/v1beta1/{policy.name=projects/*/policy}:\x06policy\x12\xdd\x01\n\x0e\x43reateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"V\xda\x41\x1bparent,attestor_id,attestor\x82\xd3\xe4\x93\x02\x32\"&/v1beta1/{parent=projects/*}/attestors:\x08\x61ttestor\x12\xb6\x01\n\x0bGetAttestor\x12<.google.cloud.binaryauthorization.v1beta1.GetAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{name=projects/*/attestors/*}\x12\xd3\x01\n\x0eUpdateAttestor\x12?.google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest\x1a\x32.google.cloud.binaryauthorization.v1beta1.Attestor\"L\xda\x41\x08\x61ttestor\x82\xd3\xe4\x93\x02;\x1a//v1beta1/{attestor.name=projects/*/attestors/*}:\x08\x61ttestor\x12\xc9\x01\n\rListAttestors\x12>.google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest\x1a?.google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse\"7\xda\x41\x06parent\x82\xd3\xe4\x93\x02(\x12&/v1beta1/{parent=projects/*}/attestors\x12\xa0\x01\n\x0e\x44\x65leteAttestor\x12?.google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest\x1a\x16.google.protobuf.Empty\"5\xda\x41\x04name\x82\xd3\xe4\x93\x02(*&/v1beta1/{name=projects/*/attestors/*}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platform2\xa8\x02\n\x13SystemPolicyV1Beta1\x12\xb8\x01\n\x0fGetSystemPolicy\x12@.google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest\x1a\x30.google.cloud.binaryauthorization.v1beta1.Policy\"1\xda\x41\x04name\x82\xd3\xe4\x93\x02$\x12\"/v1beta1/{name=locations/*/policy}\x1aV\xca\x41\"binaryauthorization.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xb5\x02\n,com.google.cloud.binaryauthorization.v1beta1B\x1f\x42inaryAuthorizationServiceProtoP\x01Z^cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb\xaa\x02(Google.Cloud.BinaryAuthorization.V1Beta1\xca\x02(Google\\Cloud\\BinaryAuthorization\\V1beta1\xea\x02+Google::Cloud::BinaryAuthorization::V1beta1b\x06proto3" pool = ::Google::Protobuf::DescriptorPool.generated_pool pool.add_serialized_file(descriptor_data) diff --git a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb index 5dc927516469..ed7a59035e57 100644 --- a/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb +++ b/google-cloud-binary_authorization-v1beta1/lib/google/cloud/binaryauthorization/v1beta1/service_services_pb.rb @@ -41,36 +41,50 @@ class Service self.unmarshal_class_method = :decode self.service_name = 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1' - # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to - # a container image, before the project is allowed to deploy that + # A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the + # [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must + # attest to a container image, before the project is allowed to deploy that # image. There is at most one policy per project. All image admission # requests are permitted if a project has no policy. # - # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default - # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one. + # Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this + # project. Returns a default + # [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project + # does not have one. rpc :GetPolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::GetPolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy - # Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the - # new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race - # conditions with concurrent policy enforcement (or management!) - # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT - # if the request is malformed. + # Creates or updates a project's + # [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a + # copy of the new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. + # A policy is always updated as a whole, to avoid race conditions with + # concurrent policy enforcement (or management!) requests. Returns NOT_FOUND + # if the project does not exist, INVALID_ARGUMENT if the request is + # malformed. rpc :UpdatePolicy, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdatePolicyRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Policy - # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new - # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist, - # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the - # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists. + # Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], + # and returns a copy of the new + # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns + # NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is + # malformed, ALREADY_EXISTS if the + # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already + # exists. rpc :CreateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::CreateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor # Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. - # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist. + # Returns NOT_FOUND if the + # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not + # exist. rpc :GetAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::GetAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor # Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. - # Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist. + # Returns NOT_FOUND if the + # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not + # exist. rpc :UpdateAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::UpdateAttestorRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::Attestor # Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor]. # Returns INVALID_ARGUMENT if the project does not exist. rpc :ListAttestors, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest, ::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse - # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the - # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist. + # Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. + # Returns NOT_FOUND if the + # [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not + # exist. rpc :DeleteAttestor, ::Google::Cloud::BinaryAuthorization::V1beta1::DeleteAttestorRequest, ::Google::Protobuf::Empty end diff --git a/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb b/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb index cd980eded5f4..1eed38486f03 100644 --- a/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb +++ b/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb @@ -21,7 +21,8 @@ module Google module Cloud module BinaryAuthorization module V1beta1 - # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary Authorization. + # A {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} for Binary + # Authorization. # @!attribute [r] name # @return [::String] # Output only. The resource name, in the format `projects/*/policy`. There is @@ -51,7 +52,8 @@ module V1beta1 # https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. # @!attribute [rw] kubernetes_namespace_admission_rules # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}] - # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: + # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec + # format: # `[a-z.-]+`, e.g. `some-namespace` # @!attribute [rw] kubernetes_service_account_admission_rules # @return [::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}] @@ -71,6 +73,11 @@ module V1beta1 # @!attribute [r] update_time # @return [::Google::Protobuf::Timestamp] # Output only. Time when the policy was last updated. + # @!attribute [rw] etag + # @return [::String] + # Optional. A checksum, returned by the server, that can be sent on update + # requests to ensure the policy has an up-to-date value before attempting to + # update it. See https://google.aip.dev/154. class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -123,8 +130,10 @@ module GlobalPolicyEvaluationMode end end - # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern} exempts images - # from checks by {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rules}. + # An [admission allowlist + # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] + # exempts images from checks by [admission + # rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule]. # @!attribute [rw] name_pattern # @return [::String] # An image name pattern to allowlist, in the form `registry/path/to/image`. @@ -139,26 +148,20 @@ class AdmissionWhitelistPattern extend ::Google::Protobuf::MessageExts::ClassMethods end - # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule} specifies either that all container images - # used in a pod creation request must be attested to by one or more - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod creations will be allowed, or that all - # pod creations will be denied. + # An {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule admission rule} + # specifies either that all container images used in a pod creation request + # must be attested to by one or more + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, that all pod + # creations will be allowed, or that all pod creations will be denied. # - # Images matching an {::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern admission allowlist pattern} + # Images matching an [admission allowlist + # pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] # are exempted from admission rules and will never block a pod creation. # @!attribute [rw] evaluation_mode # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EvaluationMode] # Required. How this admission rule will be evaluated. # @!attribute [rw] require_attestations_by # @return [::Array<::String>] - # Optional. The resource names of the attestors that must attest to - # a container image, in the format `projects/*/attestors/*`. Each - # attestor must exist before a policy can reference it. To add an attestor - # to a policy the principal issuing the policy change request must be able - # to read the attestor resource. - # - # Note: this field must be non-empty when the evaluation_mode field specifies - # REQUIRE_ATTESTATION, otherwise it must be empty. # @!attribute [rw] enforcement_mode # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule::EnforcementMode] # Required. The action when a pod creation is denied by the admission rule. @@ -182,6 +185,8 @@ module EvaluationMode ALWAYS_DENY = 3 end + # TODO(wietse) re-word this text to 'per-image' instead of 'per-pod' and to + # allow for three-way evaluation (allow, deny, delegate). # Defines the possible actions when a pod creation is denied by an admission # rule. module EnforcementMode @@ -197,9 +202,9 @@ module EnforcementMode end end - # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests to container image - # artifacts. An existing attestor cannot be modified except where - # indicated. + # An {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} that attests + # to container image artifacts. An existing attestor cannot be modified except + # where indicated. # @!attribute [rw] name # @return [::String] # Required. The resource name, in the format: @@ -214,13 +219,19 @@ module EnforcementMode # @!attribute [r] update_time # @return [::Google::Protobuf::Timestamp] # Output only. Time when the attestor was last updated. + # @!attribute [rw] etag + # @return [::String] + # Optional. A checksum, returned by the server, that can be sent on update + # requests to ensure the attestor has an up-to-date value before attempting + # to update it. See https://google.aip.dev/154. class Attestor include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end - # An {::Google::Cloud::BinaryAuthorization::V1beta1::UserOwnedDrydockNote user owned drydock note} references a Drydock - # ATTESTATION_AUTHORITY Note created by the user. + # An [user owned drydock + # note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] + # references a Drydock ATTESTATION_AUTHORITY Note created by the user. # @!attribute [rw] note_reference # @return [::String] # Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note, @@ -289,15 +300,27 @@ module SignatureAlgorithm # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_PSS_2048_SHA256 = 1 + # RSASSA-PSS 2048 bit key with a SHA256 digest. + RSA_SIGN_PSS_2048_SHA256 = 1 + # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_PSS_3072_SHA256 = 2 + # RSASSA-PSS 3072 bit key with a SHA256 digest. + RSA_SIGN_PSS_3072_SHA256 = 2 + # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_PSS_4096_SHA256 = 3 + # RSASSA-PSS 4096 bit key with a SHA256 digest. + RSA_SIGN_PSS_4096_SHA256 = 3 + # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_PSS_4096_SHA512 = 4 + # RSASSA-PSS 4096 bit key with a SHA512 digest. + RSA_SIGN_PSS_4096_SHA512 = 4 + # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RSA_SIGN_PKCS1_2048_SHA256 = 5 @@ -327,11 +350,15 @@ module SignatureAlgorithm # ECDSA on the NIST P-521 curve with a SHA512 digest. EC_SIGN_P521_SHA512 = 11 + + # ML-DSA-65 Post-Quantum Cryptography signature algorithm. + ML_DSA_65 = 13 end end - # An {::Google::Cloud::BinaryAuthorization::V1beta1::AttestorPublicKey attestor public key} that will be used to verify - # attestations signed by this attestor. + # An [attestor public + # key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be + # used to verify attestations signed by this attestor. # @!attribute [rw] comment # @return [::String] # Optional. A descriptive comment. This field may be updated. diff --git a/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb b/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb index 743963ebd250..c7f5ba668ca3 100644 --- a/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb +++ b/google-cloud-binary_authorization-v1beta1/proto_docs/google/cloud/binaryauthorization/v1beta1/service.rb @@ -24,8 +24,9 @@ module V1beta1 # Request message for [BinauthzManagementService.GetPolicy][]. # @!attribute [rw] name # @return [::String] - # Required. The resource name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, - # in the format `projects/*/policy`. + # Required. The resource name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} to retrieve, in + # the format `projects/*/policy`. class GetPolicyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -34,9 +35,11 @@ class GetPolicyRequest # Request message for [BinauthzManagementService.UpdatePolicy][]. # @!attribute [rw] policy # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Policy] - # Required. A new or updated {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Policy#name policy name} field with the resource name in - # the request URL, in the format `projects/*/policy`. + # Required. A new or updated + # {::Google::Cloud::BinaryAuthorization::V1beta1::Policy policy} value. The + # service will overwrite the [policy + # name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the + # resource name in the request URL, in the format `projects/*/policy`. class UpdatePolicyRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -45,15 +48,19 @@ class UpdatePolicyRequest # Request message for [BinauthzManagementService.CreateAttestor][]. # @!attribute [rw] parent # @return [::String] - # Required. The parent of this {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. + # Required. The parent of this + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor}. # @!attribute [rw] attestor_id # @return [::String] - # Required. The {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID. + # Required. The + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} ID. # @!attribute [rw] attestor # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] - # Required. The initial {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name, - # in the format `projects/*/attestors/*`. + # Required. The initial + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The + # service will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with + # the resource name, in the format `projects/*/attestors/*`. class CreateAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -62,8 +69,9 @@ class CreateAttestorRequest # Request message for [BinauthzManagementService.GetAttestor][]. # @!attribute [rw] name # @return [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} to retrieve, + # in the format `projects/*/attestors/*`. class GetAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -72,9 +80,12 @@ class GetAttestorRequest # Request message for [BinauthzManagementService.UpdateAttestor][]. # @!attribute [rw] attestor # @return [::Google::Cloud::BinaryAuthorization::V1beta1::Attestor] - # Required. The updated {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The service will - # overwrite the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor#name attestor name} field with the resource name - # in the request URL, in the format `projects/*/attestors/*`. + # Required. The updated + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestor} value. The + # service will overwrite the [attestor + # name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with + # the resource name in the request URL, in the format + # `projects/*/attestors/*`. class UpdateAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -84,7 +95,8 @@ class UpdateAttestorRequest # @!attribute [rw] parent # @return [::String] # Required. The resource name of the project associated with the - # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the format `projects/*`. + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors}, in the + # format `projects/*`. # @!attribute [rw] page_size # @return [::Integer] # Requested page size. The server may return fewer results than requested. If @@ -92,8 +104,9 @@ class UpdateAttestorRequest # @!attribute [rw] page_token # @return [::String] # A token identifying a page of results the server should return. Typically, - # this is the value of {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} returned - # from the previous call to the `ListAttestors` method. + # this is the value of + # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsResponse#next_page_token ListAttestorsResponse.next_page_token} + # returned from the previous call to the `ListAttestors` method. class ListAttestorsRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -106,8 +119,9 @@ class ListAttestorsRequest # @!attribute [rw] next_page_token # @return [::String] # A token to retrieve the next page of results. Pass this value in the - # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} field in the subsequent call to the - # `ListAttestors` method to retrieve the next page of results. + # {::Google::Cloud::BinaryAuthorization::V1beta1::ListAttestorsRequest#page_token ListAttestorsRequest.page_token} + # field in the subsequent call to the `ListAttestors` method to retrieve the + # next page of results. class ListAttestorsResponse include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -116,8 +130,9 @@ class ListAttestorsResponse # Request message for [BinauthzManagementService.DeleteAttestor][]. # @!attribute [rw] name # @return [::String] - # Required. The name of the {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, in the format - # `projects/*/attestors/*`. + # Required. The name of the + # {::Google::Cloud::BinaryAuthorization::V1beta1::Attestor attestors} to delete, + # in the format `projects/*/attestors/*`. class DeleteAttestorRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods diff --git a/google-cloud-binary_authorization-v1beta1/proto_docs/google/protobuf/field_mask.rb b/google-cloud-binary_authorization-v1beta1/proto_docs/google/protobuf/field_mask.rb new file mode 100644 index 000000000000..7f3ffc78601a --- /dev/null +++ b/google-cloud-binary_authorization-v1beta1/proto_docs/google/protobuf/field_mask.rb @@ -0,0 +1,229 @@ +# frozen_string_literal: true + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + + +module Google + module Protobuf + # `FieldMask` represents a set of symbolic field paths, for example: + # + # paths: "f.a" + # paths: "f.b.d" + # + # Here `f` represents a field in some root message, `a` and `b` + # fields in the message found in `f`, and `d` a field found in the + # message in `f.b`. + # + # Field masks are used to specify a subset of fields that should be + # returned by a get operation or modified by an update operation. + # Field masks also have a custom JSON encoding (see below). + # + # # Field Masks in Projections + # + # When used in the context of a projection, a response message or + # sub-message is filtered by the API to only contain those fields as + # specified in the mask. For example, if the mask in the previous + # example is applied to a response message as follows: + # + # f { + # a : 22 + # b { + # d : 1 + # x : 2 + # } + # y : 13 + # } + # z: 8 + # + # The result will not contain specific values for fields x,y and z + # (their value will be set to the default, and omitted in proto text + # output): + # + # + # f { + # a : 22 + # b { + # d : 1 + # } + # } + # + # A repeated field is not allowed except at the last position of a + # paths string. + # + # If a FieldMask object is not present in a get operation, the + # operation applies to all fields (as if a FieldMask of all fields + # had been specified). + # + # Note that a field mask does not necessarily apply to the + # top-level response message. In case of a REST get operation, the + # field mask applies directly to the response, but in case of a REST + # list operation, the mask instead applies to each individual message + # in the returned resource list. In case of a REST custom method, + # other definitions may be used. Where the mask applies will be + # clearly documented together with its declaration in the API. In + # any case, the effect on the returned resource/resources is required + # behavior for APIs. + # + # # Field Masks in Update Operations + # + # A field mask in update operations specifies which fields of the + # targeted resource are going to be updated. The API is required + # to only change the values of the fields as specified in the mask + # and leave the others untouched. If a resource is passed in to + # describe the updated values, the API ignores the values of all + # fields not covered by the mask. + # + # If a repeated field is specified for an update operation, new values will + # be appended to the existing repeated field in the target resource. Note that + # a repeated field is only allowed in the last position of a `paths` string. + # + # If a sub-message is specified in the last position of the field mask for an + # update operation, then new value will be merged into the existing sub-message + # in the target resource. + # + # For example, given the target message: + # + # f { + # b { + # d: 1 + # x: 2 + # } + # c: [1] + # } + # + # And an update message: + # + # f { + # b { + # d: 10 + # } + # c: [2] + # } + # + # then if the field mask is: + # + # paths: ["f.b", "f.c"] + # + # then the result will be: + # + # f { + # b { + # d: 10 + # x: 2 + # } + # c: [1, 2] + # } + # + # An implementation may provide options to override this default behavior for + # repeated and message fields. + # + # In order to reset a field's value to the default, the field must + # be in the mask and set to the default value in the provided resource. + # Hence, in order to reset all fields of a resource, provide a default + # instance of the resource and set all fields in the mask, or do + # not provide a mask as described below. + # + # If a field mask is not present on update, the operation applies to + # all fields (as if a field mask of all fields has been specified). + # Note that in the presence of schema evolution, this may mean that + # fields the client does not know and has therefore not filled into + # the request will be reset to their default. If this is unwanted + # behavior, a specific service may require a client to always specify + # a field mask, producing an error if not. + # + # As with get operations, the location of the resource which + # describes the updated values in the request message depends on the + # operation kind. In any case, the effect of the field mask is + # required to be honored by the API. + # + # ## Considerations for HTTP REST + # + # The HTTP kind of an update operation which uses a field mask must + # be set to PATCH instead of PUT in order to satisfy HTTP semantics + # (PUT must only be used for full updates). + # + # # JSON Encoding of Field Masks + # + # In JSON, a field mask is encoded as a single string where paths are + # separated by a comma. Fields name in each path are converted + # to/from lower-camel naming conventions. + # + # As an example, consider the following message declarations: + # + # message Profile { + # User user = 1; + # Photo photo = 2; + # } + # message User { + # string display_name = 1; + # string address = 2; + # } + # + # In proto a field mask for `Profile` may look as such: + # + # mask { + # paths: "user.display_name" + # paths: "photo" + # } + # + # In JSON, the same mask is represented as below: + # + # { + # mask: "user.displayName,photo" + # } + # + # # Field Masks and Oneof Fields + # + # Field masks treat fields in oneofs just as regular fields. Consider the + # following message: + # + # message SampleMessage { + # oneof test_oneof { + # string name = 4; + # SubMessage sub_message = 9; + # } + # } + # + # The field mask can be: + # + # mask { + # paths: "name" + # } + # + # Or: + # + # mask { + # paths: "sub_message" + # } + # + # Note that oneof type names ("test_oneof" in this case) cannot be used in + # paths. + # + # ## Field Mask Verification + # + # The implementation of any API method which has a FieldMask type field in the + # request should verify the included field paths, and return an + # `INVALID_ARGUMENT` error if any path is unmappable. + # @!attribute [rw] paths + # @return [::Array<::String>] + # The set of field mask paths. + class FieldMask + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + end +end diff --git a/google-cloud-binary_authorization-v1beta1/proto_docs/google/type/expr.rb b/google-cloud-binary_authorization-v1beta1/proto_docs/google/type/expr.rb new file mode 100644 index 000000000000..53e7733b6592 --- /dev/null +++ b/google-cloud-binary_authorization-v1beta1/proto_docs/google/type/expr.rb @@ -0,0 +1,75 @@ +# frozen_string_literal: true + +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Auto-generated by gapic-generator-ruby. DO NOT EDIT! + + +module Google + module Type + # Represents a textual expression in the Common Expression Language (CEL) + # syntax. CEL is a C-like expression language. The syntax and semantics of CEL + # are documented at https://github.com/google/cel-spec. + # + # Example (Comparison): + # + # title: "Summary size limit" + # description: "Determines if a summary is less than 100 chars" + # expression: "document.summary.size() < 100" + # + # Example (Equality): + # + # title: "Requestor is owner" + # description: "Determines if requestor is the document owner" + # expression: "document.owner == request.auth.claims.email" + # + # Example (Logic): + # + # title: "Public documents" + # description: "Determine whether the document should be publicly visible" + # expression: "document.type != 'private' && document.type != 'internal'" + # + # Example (Data Manipulation): + # + # title: "Notification string" + # description: "Create a notification string with a timestamp." + # expression: "'New message received at ' + string(document.create_time)" + # + # The exact variables and functions that may be referenced within an expression + # are determined by the service that evaluates it. See the service + # documentation for additional information. + # @!attribute [rw] expression + # @return [::String] + # Textual representation of an expression in Common Expression Language + # syntax. + # @!attribute [rw] title + # @return [::String] + # Optional. Title for the expression, i.e. a short string describing + # its purpose. This can be used e.g. in UIs which allow to enter the + # expression. + # @!attribute [rw] description + # @return [::String] + # Optional. Description of the expression. This is a longer text which + # describes the expression, e.g. when hovered over it in a UI. + # @!attribute [rw] location + # @return [::String] + # Optional. String indicating the location of the expression for error + # reporting, e.g. a file name and a position in the file. + class Expr + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + end +end