diff --git a/clients/binary_authorization/README.md b/clients/binary_authorization/README.md index ec335ea9d6..f8a9529ff2 100644 --- a/clients/binary_authorization/README.md +++ b/clients/binary_authorization/README.md @@ -11,7 +11,7 @@ Install this package from [Hex](https://hex.pm) by adding ```elixir def deps do - [{:google_api_binary_authorization, "~> 0.14"}] + [{:google_api_binary_authorization, "~> 0.15"}] end ``` diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/api/projects.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/api/projects.ex index 5eb918e4ae..91947a886e 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/api/projects.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/api/projects.ex @@ -91,7 +91,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed. + Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the request is malformed. ## Parameters @@ -163,7 +163,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists. + Creates an attestor, and returns a copy of the new attestor. Returns `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the request is malformed, `ALREADY_EXISTS` if the attestor already exists. ## Parameters @@ -237,7 +237,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Deletes an attestor. Returns NOT_FOUND if the attestor does not exist. + Deletes an attestor. Returns `NOT_FOUND` if the attestor does not exist. ## Parameters @@ -307,7 +307,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Gets an attestor. Returns NOT_FOUND if the attestor does not exist. + Gets an attestor. Returns `NOT_FOUND` if the attestor does not exist. ## Parameters @@ -449,7 +449,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Lists attestors. Returns INVALID_ARGUMENT if the project does not exist. + Lists attestors. Returns `INVALID_ARGUMENT` if the project does not exist. ## Parameters @@ -671,7 +671,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Updates an attestor. Returns NOT_FOUND if the attestor does not exist. + Updates an attestor. Returns `NOT_FOUND` if the attestor does not exist. ## Parameters @@ -743,7 +743,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do end @doc """ - Returns whether the given Attestation for the given image URI was signed by the given Attestor + Returns whether the given `Attestation` for the given image URI was signed by the given `Attestor` ## Parameters @@ -817,6 +817,442 @@ defmodule GoogleApi.BinaryAuthorization.V1.Api.Projects do ) end + @doc """ + Evaluates a Kubernetes object versus a GKE platform policy. Returns `NOT_FOUND` if the policy doesn't exist, `INVALID_ARGUMENT` if the policy or request is malformed and `PERMISSION_DENIED` if the client does not have sufficient permissions. + + ## Parameters + + * `connection` (*type:* `GoogleApi.BinaryAuthorization.V1.Connection.t`) - Connection to server + * `name` (*type:* `String.t`) - Required. The name of the platform policy to evaluate in the format `projects/*/platforms/*/policies/*`. + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `:body` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyRequest.t`) - + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse{}}` on success + * `{:error, info}` on failure + """ + @spec binaryauthorization_projects_platforms_gke_policies_evaluate( + Tesla.Env.client(), + String.t(), + keyword(), + keyword() + ) :: + {:ok, GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def binaryauthorization_projects_platforms_gke_policies_evaluate( + connection, + name, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query, + :body => :body + } + + request = + Request.new() + |> Request.method(:post) + |> Request.url("/v1/{+name}:evaluate", %{ + "name" => URI.encode(name, &URI.char_unreserved?/1) + }) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode( + opts ++ [struct: %GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse{}] + ) + end + + @doc """ + Creates a platform policy, and returns a copy of it. Returns `NOT_FOUND` if the project or platform doesn't exist, `INVALID_ARGUMENT` if the request is malformed, `ALREADY_EXISTS` if the policy already exists, and `INVALID_ARGUMENT` if the policy contains a platform-specific policy that does not match the platform value specified in the URL. + + ## Parameters + + * `connection` (*type:* `GoogleApi.BinaryAuthorization.V1.Connection.t`) - Connection to server + * `parent` (*type:* `String.t`) - Required. The parent of this platform policy. + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `:policyId` (*type:* `String.t`) - Required. The platform policy ID. + * `:body` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t`) - + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy{}}` on success + * `{:error, info}` on failure + """ + @spec binaryauthorization_projects_platforms_policies_create( + Tesla.Env.client(), + String.t(), + keyword(), + keyword() + ) :: + {:ok, GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def binaryauthorization_projects_platforms_policies_create( + connection, + parent, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query, + :policyId => :query, + :body => :body + } + + request = + Request.new() + |> Request.method(:post) + |> Request.url("/v1/{+parent}/policies", %{ + "parent" => URI.encode(parent, &URI.char_unreserved?/1) + }) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode(opts ++ [struct: %GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy{}]) + end + + @doc """ + Deletes a platform policy. Returns `NOT_FOUND` if the policy doesn't exist. + + ## Parameters + + * `connection` (*type:* `GoogleApi.BinaryAuthorization.V1.Connection.t`) - Connection to server + * `name` (*type:* `String.t`) - Required. The name of the platform policy to delete, in the format `projects/*/platforms/*/policies/*`. + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.BinaryAuthorization.V1.Model.Empty{}}` on success + * `{:error, info}` on failure + """ + @spec binaryauthorization_projects_platforms_policies_delete( + Tesla.Env.client(), + String.t(), + keyword(), + keyword() + ) :: + {:ok, GoogleApi.BinaryAuthorization.V1.Model.Empty.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def binaryauthorization_projects_platforms_policies_delete( + connection, + name, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query + } + + request = + Request.new() + |> Request.method(:delete) + |> Request.url("/v1/{+name}", %{ + "name" => URI.encode(name, &URI.char_unreserved?/1) + }) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode(opts ++ [struct: %GoogleApi.BinaryAuthorization.V1.Model.Empty{}]) + end + + @doc """ + Gets a platform policy. Returns `NOT_FOUND` if the policy doesn't exist. + + ## Parameters + + * `connection` (*type:* `GoogleApi.BinaryAuthorization.V1.Connection.t`) - Connection to server + * `name` (*type:* `String.t`) - Required. The name of the platform policy to retrieve in the format `projects/*/platforms/*/policies/*`. + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy{}}` on success + * `{:error, info}` on failure + """ + @spec binaryauthorization_projects_platforms_policies_get( + Tesla.Env.client(), + String.t(), + keyword(), + keyword() + ) :: + {:ok, GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def binaryauthorization_projects_platforms_policies_get( + connection, + name, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query + } + + request = + Request.new() + |> Request.method(:get) + |> Request.url("/v1/{+name}", %{ + "name" => URI.encode(name, &URI.char_unreserved?/1) + }) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode(opts ++ [struct: %GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy{}]) + end + + @doc """ + Lists platform policies owned by a project in the specified platform. Returns `INVALID_ARGUMENT` if the project or the platform doesn't exist. + + ## Parameters + + * `connection` (*type:* `GoogleApi.BinaryAuthorization.V1.Connection.t`) - Connection to server + * `parent` (*type:* `String.t`) - Required. The resource name of the platform associated with the platform policies using the format `projects/*/platforms/*`. + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `:pageSize` (*type:* `integer()`) - Requested page size. The server may return fewer results than requested. If unspecified, the server picks an appropriate default. + * `:pageToken` (*type:* `String.t`) - A token identifying a page of results the server should return. Typically, this is the value of ListPlatformPoliciesResponse.next_page_token returned from the previous call to the `ListPlatformPolicies` method. + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse{}}` on success + * `{:error, info}` on failure + """ + @spec binaryauthorization_projects_platforms_policies_list( + Tesla.Env.client(), + String.t(), + keyword(), + keyword() + ) :: + {:ok, GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def binaryauthorization_projects_platforms_policies_list( + connection, + parent, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query, + :pageSize => :query, + :pageToken => :query + } + + request = + Request.new() + |> Request.method(:get) + |> Request.url("/v1/{+parent}/policies", %{ + "parent" => URI.encode(parent, &URI.char_unreserved?/1) + }) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode( + opts ++ [struct: %GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse{}] + ) + end + + @doc """ + Replaces a platform policy. Returns `NOT_FOUND` if the policy doesn't exist. + + ## Parameters + + * `connection` (*type:* `GoogleApi.BinaryAuthorization.V1.Connection.t`) - Connection to server + * `name` (*type:* `String.t`) - Output only. The relative resource name of the Binary Authorization platform policy, in the form of `projects/*/platforms/*/policies/*`. + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `:body` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t`) - + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy{}}` on success + * `{:error, info}` on failure + """ + @spec binaryauthorization_projects_platforms_policies_replace_platform_policy( + Tesla.Env.client(), + String.t(), + keyword(), + keyword() + ) :: + {:ok, GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def binaryauthorization_projects_platforms_policies_replace_platform_policy( + connection, + name, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query, + :body => :body + } + + request = + Request.new() + |> Request.method(:put) + |> Request.url("/v1/{+name}", %{ + "name" => URI.encode(name, &URI.char_unreserved?/1) + }) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode(opts ++ [struct: %GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy{}]) + end + @doc """ Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/metadata.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/metadata.ex index 726c48f522..d96bf18e86 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/metadata.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/metadata.ex @@ -20,7 +20,7 @@ defmodule GoogleApi.BinaryAuthorization.V1 do API client metadata for GoogleApi.BinaryAuthorization.V1. """ - @discovery_revision "20220826" + @discovery_revision "20240301" def discovery_revision(), do: @discovery_revision end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/admission_rule.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/admission_rule.ex index 4fd7788c09..af4e597856 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/admission_rule.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/admission_rule.ex @@ -23,7 +23,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule do * `enforcementMode` (*type:* `String.t`, *default:* `nil`) - Required. The action when a pod creation is denied by the admission rule. * `evaluationMode` (*type:* `String.t`, *default:* `nil`) - Required. How this admission rule will be evaluated. - * `requireAttestationsBy` (*type:* `list(String.t)`, *default:* `nil`) - Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty. + * `requireAttestationsBy` (*type:* `list(String.t)`, *default:* `nil`) - Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the `evaluation_mode` field specifies `REQUIRE_ATTESTATION`, otherwise it must be empty. """ use GoogleApi.Gax.ModelBase diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/allowlist_result.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/allowlist_result.ex new file mode 100644 index 0000000000..0151f6cf88 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/allowlist_result.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult do + @moduledoc """ + Result of evaluating an image name allowlist. + + ## Attributes + + * `matchedPattern` (*type:* `String.t`, *default:* `nil`) - The allowlist pattern that the image matched. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :matchedPattern => String.t() | nil + } + + field(:matchedPattern) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestation_authenticator.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestation_authenticator.ex new file mode 100644 index 0000000000..d1c3a159aa --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestation_authenticator.ex @@ -0,0 +1,49 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator do + @moduledoc """ + An attestation authenticator that will be used to verify attestations. Typically this is just a set of public keys. Conceptually, an authenticator can be treated as always returning either "authenticated" or "not authenticated" when presented with a signed attestation (almost always assumed to be a [DSSE](https://github.com/secure-systems-lab/dsse) attestation). The details of how an authenticator makes this decision are specific to the type of 'authenticator' that this message wraps. + + ## Attributes + + * `displayName` (*type:* `String.t`, *default:* `nil`) - Optional. A user-provided name for this `AttestationAuthenticator`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. + * `pkixPublicKeySet` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet.t`, *default:* `nil`) - Optional. A set of raw PKIX SubjectPublicKeyInfo format public keys. If any public key in the set validates the attestation signature, then the signature is considered authenticated (i.e. any one key is sufficient to authenticate). + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :displayName => String.t() | nil, + :pkixPublicKeySet => GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet.t() | nil + } + + field(:displayName) + field(:pkixPublicKeySet, as: GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestation_source.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestation_source.ex new file mode 100644 index 0000000000..538abf1abd --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestation_source.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.AttestationSource do + @moduledoc """ + Specifies the locations for fetching the provenance attestations. + + ## Attributes + + * `containerAnalysisAttestationProjects` (*type:* `list(String.t)`, *default:* `nil`) - The IDs of the Google Cloud projects that store the SLSA attestations as Container Analysis Occurrences, in the format `projects/[PROJECT_ID]`. Maximum number of `container_analysis_attestation_projects` allowed in each `AttestationSource` is 10. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :containerAnalysisAttestationProjects => list(String.t()) | nil + } + + field(:containerAnalysisAttestationProjects, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.AttestationSource do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.AttestationSource.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.AttestationSource do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestor_public_key.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestor_public_key.ex index fa46a6aa51..f4b7f4a615 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestor_public_key.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/attestor_public_key.ex @@ -21,9 +21,9 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.AttestorPublicKey do ## Attributes - * `asciiArmoredPgpPublicKey` (*type:* `String.t`, *default:* `nil`) - ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. + * `asciiArmoredPgpPublicKey` (*type:* `String.t`, *default:* `nil`) - ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. * `comment` (*type:* `String.t`, *default:* `nil`) - Optional. A descriptive comment. This field may be updated. - * `id` (*type:* `String.t`, *default:* `nil`) - The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. + * `id` (*type:* `String.t`, *default:* `nil`) - The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. * `pkixPublicKey` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKey.t`, *default:* `nil`) - A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key. """ diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/binding.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/binding.ex index 5185b34905..40fc753855 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/binding.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/binding.ex @@ -22,8 +22,8 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.Binding do ## Attributes * `condition` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). - * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. - * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. + * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). """ use GoogleApi.Gax.ModelBase diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check.ex new file mode 100644 index 0000000000..a5791815f5 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check.ex @@ -0,0 +1,80 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.Check do + @moduledoc """ + A single check to perform against a Pod. Checks are grouped into `CheckSet` objects, which are defined by the top-level policy. + + ## Attributes + + * `alwaysDeny` (*type:* `boolean()`, *default:* `nil`) - Optional. A special-case check that always denies. Note that this still only applies when the scope of the `CheckSet` applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny". + * `displayName` (*type:* `String.t`, *default:* `nil`) - Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. + * `imageAllowlist` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.t`, *default:* `nil`) - Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated. + * `imageFreshnessCheck` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck.t`, *default:* `nil`) - Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time. + * `sigstoreSignatureCheck` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck.t`, *default:* `nil`) - Optional. Require that an image was signed by Cosign with a trusted key. This check requires that both the image and signature are stored in Artifact Registry. + * `simpleSigningAttestationCheck` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck.t`, *default:* `nil`) - Optional. Require a SimpleSigning-type attestation for every image in the deployment. + * `slsaCheck` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck.t`, *default:* `nil`) - Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory. + * `trustedDirectoryCheck` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck.t`, *default:* `nil`) - Optional. Require that an image lives in a trusted directory. + * `vulnerabilityCheck` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck.t`, *default:* `nil`) - Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :alwaysDeny => boolean() | nil, + :displayName => String.t() | nil, + :imageAllowlist => GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.t() | nil, + :imageFreshnessCheck => + GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck.t() | nil, + :sigstoreSignatureCheck => + GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck.t() | nil, + :simpleSigningAttestationCheck => + GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck.t() | nil, + :slsaCheck => GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck.t() | nil, + :trustedDirectoryCheck => + GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck.t() | nil, + :vulnerabilityCheck => + GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck.t() | nil + } + + field(:alwaysDeny) + field(:displayName) + field(:imageAllowlist, as: GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist) + field(:imageFreshnessCheck, as: GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck) + + field(:sigstoreSignatureCheck, as: GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck) + + field(:simpleSigningAttestationCheck, + as: GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck + ) + + field(:slsaCheck, as: GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck) + field(:trustedDirectoryCheck, as: GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck) + field(:vulnerabilityCheck, as: GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.Check do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.Check.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.Check do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_result.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_result.ex new file mode 100644 index 0000000000..86fbe676b9 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_result.ex @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.CheckResult do + @moduledoc """ + Result of evaluating one check. + + ## Attributes + + * `allowlistResult` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.t`, *default:* `nil`) - If the image was exempted by an allow_pattern in the check, contains the pattern that the image name matched. + * `displayName` (*type:* `String.t`, *default:* `nil`) - The name of the check. + * `evaluationResult` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult.t`, *default:* `nil`) - If a check was evaluated, contains the result of the check. + * `explanation` (*type:* `String.t`, *default:* `nil`) - Explanation of this check result. + * `index` (*type:* `String.t`, *default:* `nil`) - The index of the check. + * `type` (*type:* `String.t`, *default:* `nil`) - The type of the check. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :allowlistResult => GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.t() | nil, + :displayName => String.t() | nil, + :evaluationResult => GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult.t() | nil, + :explanation => String.t() | nil, + :index => String.t() | nil, + :type => String.t() | nil + } + + field(:allowlistResult, as: GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult) + field(:displayName) + field(:evaluationResult, as: GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult) + field(:explanation) + field(:index) + field(:type) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckResult do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.CheckResult.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckResult do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_results.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_results.ex new file mode 100644 index 0000000000..ea640efa3a --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_results.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.CheckResults do + @moduledoc """ + Result of evaluating one or more checks. + + ## Attributes + + * `results` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.CheckResult.t)`, *default:* `nil`) - Per-check details. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :results => list(GoogleApi.BinaryAuthorization.V1.Model.CheckResult.t()) | nil + } + + field(:results, as: GoogleApi.BinaryAuthorization.V1.Model.CheckResult, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckResults do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.CheckResults.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckResults do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_set.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_set.ex new file mode 100644 index 0000000000..17f809521b --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_set.ex @@ -0,0 +1,55 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.CheckSet do + @moduledoc """ + A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a `CheckSet` to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in `image_allowlist`, OR * ALL of the `checks` evaluate to "allowed". + + ## Attributes + + * `checks` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.Check.t)`, *default:* `nil`) - Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in `checks` evaluates to "allow". If `checks` is empty, the default behavior is "always allow". + * `displayName` (*type:* `String.t`, *default:* `nil`) - Optional. A user-provided name for this `CheckSet`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. + * `imageAllowlist` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.t`, *default:* `nil`) - Optional. Images exempted from this `CheckSet`. If any of the patterns match the image being evaluated, no checks in the `CheckSet` will be evaluated. + * `scope` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.Scope.t`, *default:* `nil`) - Optional. The scope to which this `CheckSet` applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the `Scope` message documentation for details on scoping rules. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :checks => list(GoogleApi.BinaryAuthorization.V1.Model.Check.t()) | nil, + :displayName => String.t() | nil, + :imageAllowlist => GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.t() | nil, + :scope => GoogleApi.BinaryAuthorization.V1.Model.Scope.t() | nil + } + + field(:checks, as: GoogleApi.BinaryAuthorization.V1.Model.Check, type: :list) + field(:displayName) + field(:imageAllowlist, as: GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist) + field(:scope, as: GoogleApi.BinaryAuthorization.V1.Model.Scope) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckSet do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.CheckSet.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckSet do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_set_result.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_set_result.ex new file mode 100644 index 0000000000..b11654f117 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/check_set_result.ex @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult do + @moduledoc """ + Result of evaluating one check set. + + ## Attributes + + * `allowlistResult` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.t`, *default:* `nil`) - If the image was exempted by an allow_pattern in the check set, contains the pattern that the image name matched. + * `checkResults` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.CheckResults.t`, *default:* `nil`) - If checks were evaluated, contains the results of evaluating each check. + * `displayName` (*type:* `String.t`, *default:* `nil`) - The name of the check set. + * `explanation` (*type:* `String.t`, *default:* `nil`) - Explanation of this check set result. Only populated if no checks were evaluated. + * `index` (*type:* `String.t`, *default:* `nil`) - The index of the check set. + * `scope` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.Scope.t`, *default:* `nil`) - The scope of the check set. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :allowlistResult => GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.t() | nil, + :checkResults => GoogleApi.BinaryAuthorization.V1.Model.CheckResults.t() | nil, + :displayName => String.t() | nil, + :explanation => String.t() | nil, + :index => String.t() | nil, + :scope => GoogleApi.BinaryAuthorization.V1.Model.Scope.t() | nil + } + + field(:allowlistResult, as: GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult) + field(:checkResults, as: GoogleApi.BinaryAuthorization.V1.Model.CheckResults) + field(:displayName) + field(:explanation) + field(:index) + field(:scope, as: GoogleApi.BinaryAuthorization.V1.Model.Scope) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluate_gke_policy_request.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluate_gke_policy_request.ex new file mode 100644 index 0000000000..e193ff706c --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluate_gke_policy_request.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyRequest do + @moduledoc """ + Request message for PlatformPolicyEvaluationService.EvaluateGkePolicy. + + ## Attributes + + * `resource` (*type:* `map()`, *default:* `nil`) - Required. JSON or YAML blob representing a Kubernetes resource. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :resource => map() | nil + } + + field(:resource, type: :map) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyRequest do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyRequest.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyRequest do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluate_gke_policy_response.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluate_gke_policy_response.ex new file mode 100644 index 0000000000..fa0754e96a --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluate_gke_policy_response.ex @@ -0,0 +1,49 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse do + @moduledoc """ + Response message for PlatformPolicyEvaluationService.EvaluateGkePolicy. + + ## Attributes + + * `results` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.PodResult.t)`, *default:* `nil`) - Evaluation result for each Pod contained in the request. + * `verdict` (*type:* `String.t`, *default:* `nil`) - The result of evaluating all Pods in the request. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :results => list(GoogleApi.BinaryAuthorization.V1.Model.PodResult.t()) | nil, + :verdict => String.t() | nil + } + + field(:results, as: GoogleApi.BinaryAuthorization.V1.Model.PodResult, type: :list) + field(:verdict) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.EvaluateGkePolicyResponse do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluation_result.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluation_result.ex new file mode 100644 index 0000000000..229f3f250a --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/evaluation_result.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult do + @moduledoc """ + Result of evaluating one check. + + ## Attributes + + * `verdict` (*type:* `String.t`, *default:* `nil`) - The result of evaluating this check. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :verdict => String.t() | nil + } + + field(:verdict) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.EvaluationResult do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/gke_policy.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/gke_policy.ex new file mode 100644 index 0000000000..c46ef2ab02 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/gke_policy.ex @@ -0,0 +1,49 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.GkePolicy do + @moduledoc """ + A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a `PlatformPolicy`. + + ## Attributes + + * `checkSets` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.CheckSet.t)`, *default:* `nil`) - Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects. + * `imageAllowlist` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.t`, *default:* `nil`) - Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :checkSets => list(GoogleApi.BinaryAuthorization.V1.Model.CheckSet.t()) | nil, + :imageAllowlist => GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.t() | nil + } + + field(:checkSets, as: GoogleApi.BinaryAuthorization.V1.Model.CheckSet, type: :list) + field(:imageAllowlist, as: GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.GkePolicy do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.GkePolicy.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.GkePolicy do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/iam_policy.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/iam_policy.ex index 08bcef28a7..671fcef871 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/iam_policy.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/iam_policy.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.IamPolicy do @moduledoc """ - An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). ## Attributes diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_allowlist.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_allowlist.ex new file mode 100644 index 0000000000..e11bca7b0f --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_allowlist.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist do + @moduledoc """ + Images that are exempted from normal checks based on name pattern only. + + ## Attributes + + * `allowPattern` (*type:* `list(String.t)`, *default:* `nil`) - Required. A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :allowPattern => list(String.t()) | nil + } + + field(:allowPattern, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.ImageAllowlist do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_freshness_check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_freshness_check.ex new file mode 100644 index 0000000000..fb198eed58 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_freshness_check.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck do + @moduledoc """ + An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories. + + ## Attributes + + * `maxUploadAgeDays` (*type:* `integer()`, *default:* `nil`) - Required. The max number of days that is allowed since the image was uploaded. Must be greater than zero. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :maxUploadAgeDays => integer() | nil + } + + field(:maxUploadAgeDays) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.ImageFreshnessCheck do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_result.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_result.ex new file mode 100644 index 0000000000..d81cc636f6 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/image_result.ex @@ -0,0 +1,58 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.ImageResult do + @moduledoc """ + Result of evaluating one image. + + ## Attributes + + * `allowlistResult` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.t`, *default:* `nil`) - If the image was exempted by a top-level allow_pattern, contains the allowlist pattern that the image name matched. + * `checkSetResult` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult.t`, *default:* `nil`) - If a check set was evaluated, contains the result of the check set. Empty if there were no check sets. + * `explanation` (*type:* `String.t`, *default:* `nil`) - Explanation of this image result. Only populated if no check sets were evaluated. + * `imageUri` (*type:* `String.t`, *default:* `nil`) - Image URI from the request. + * `verdict` (*type:* `String.t`, *default:* `nil`) - The result of evaluating this image. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :allowlistResult => GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult.t() | nil, + :checkSetResult => GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult.t() | nil, + :explanation => String.t() | nil, + :imageUri => String.t() | nil, + :verdict => String.t() | nil + } + + field(:allowlistResult, as: GoogleApi.BinaryAuthorization.V1.Model.AllowlistResult) + field(:checkSetResult, as: GoogleApi.BinaryAuthorization.V1.Model.CheckSetResult) + field(:explanation) + field(:imageUri) + field(:verdict) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.ImageResult do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.ImageResult.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.ImageResult do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_attestors_response.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_attestors_response.ex index 77d54c2296..18f3da5ac9 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_attestors_response.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_attestors_response.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.ListAttestorsResponse do @moduledoc """ - Response message for BinauthzManagementService.ListAttestors. + Response message for BinauthzManagementServiceV1.ListAttestors. ## Attributes diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_platform_policies_response.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_platform_policies_response.ex new file mode 100644 index 0000000000..c00f84784f --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/list_platform_policies_response.ex @@ -0,0 +1,50 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse do + @moduledoc """ + Response message for PlatformPolicyManagementService.ListPlatformPolicies. + + ## Attributes + + * `nextPageToken` (*type:* `String.t`, *default:* `nil`) - A token to retrieve the next page of results. Pass this value in the ListPlatformPoliciesRequest.page_token field in the subsequent call to the `ListPlatformPolicies` method to retrieve the next page of results. + * `platformPolicies` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t)`, *default:* `nil`) - The list of platform policies. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :nextPageToken => String.t() | nil, + :platformPolicies => + list(GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.t()) | nil + } + + field(:nextPageToken) + field(:platformPolicies, as: GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.ListPlatformPoliciesResponse do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key.ex index 5fa158dc77..c9cbe455c2 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key.ex @@ -17,10 +17,11 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKey do @moduledoc """ - A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format. + A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of this type are typically textually encoded using the PEM format. ## Attributes + * `keyId` (*type:* `String.t`, *default:* `nil`) - Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value. * `publicKeyPem` (*type:* `String.t`, *default:* `nil`) - A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13 * `signatureAlgorithm` (*type:* `String.t`, *default:* `nil`) - The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). """ @@ -28,10 +29,12 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKey do use GoogleApi.Gax.ModelBase @type t :: %__MODULE__{ + :keyId => String.t() | nil, :publicKeyPem => String.t() | nil, :signatureAlgorithm => String.t() | nil } + field(:keyId) field(:publicKeyPem) field(:signatureAlgorithm) end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key_set.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key_set.ex new file mode 100644 index 0000000000..7a42ba9d77 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pkix_public_key_set.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet do + @moduledoc """ + A bundle of PKIX public keys, used to authenticate attestation signatures. Generally, a signature is considered to be authenticated by a `PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of the keys). + + ## Attributes + + * `pkixPublicKeys` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKey.t)`, *default:* `nil`) - Required. `pkix_public_keys` must have at least one entry. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :pkixPublicKeys => list(GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKey.t()) | nil + } + + field(:pkixPublicKeys, as: GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKey, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.PkixPublicKeySet do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/platform_policy.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/platform_policy.ex new file mode 100644 index 0000000000..3ecb30b8fa --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/platform_policy.ex @@ -0,0 +1,55 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy do + @moduledoc """ + A Binary Authorization platform policy for deployments on various platforms. + + ## Attributes + + * `description` (*type:* `String.t`, *default:* `nil`) - Optional. A description comment about the policy. + * `gkePolicy` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.GkePolicy.t`, *default:* `nil`) - Optional. GKE platform-specific policy. + * `name` (*type:* `String.t`, *default:* `nil`) - Output only. The relative resource name of the Binary Authorization platform policy, in the form of `projects/*/platforms/*/policies/*`. + * `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - Output only. Time when the policy was last updated. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :description => String.t() | nil, + :gkePolicy => GoogleApi.BinaryAuthorization.V1.Model.GkePolicy.t() | nil, + :name => String.t() | nil, + :updateTime => DateTime.t() | nil + } + + field(:description) + field(:gkePolicy, as: GoogleApi.BinaryAuthorization.V1.Model.GkePolicy) + field(:name) + field(:updateTime, as: DateTime) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.PlatformPolicy do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pod_result.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pod_result.ex new file mode 100644 index 0000000000..ca8de8ac45 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/pod_result.ex @@ -0,0 +1,58 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.PodResult do + @moduledoc """ + Result of evaluating the whole GKE policy for one Pod. + + ## Attributes + + * `imageResults` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.ImageResult.t)`, *default:* `nil`) - Per-image details. + * `kubernetesNamespace` (*type:* `String.t`, *default:* `nil`) - The Kubernetes namespace of the Pod. + * `kubernetesServiceAccount` (*type:* `String.t`, *default:* `nil`) - The Kubernetes service account of the Pod. + * `podName` (*type:* `String.t`, *default:* `nil`) - The name of the Pod. + * `verdict` (*type:* `String.t`, *default:* `nil`) - The result of evaluating this Pod. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :imageResults => list(GoogleApi.BinaryAuthorization.V1.Model.ImageResult.t()) | nil, + :kubernetesNamespace => String.t() | nil, + :kubernetesServiceAccount => String.t() | nil, + :podName => String.t() | nil, + :verdict => String.t() | nil + } + + field(:imageResults, as: GoogleApi.BinaryAuthorization.V1.Model.ImageResult, type: :list) + field(:kubernetesNamespace) + field(:kubernetesServiceAccount) + field(:podName) + field(:verdict) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.PodResult do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.PodResult.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.PodResult do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/scope.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/scope.ex new file mode 100644 index 0000000000..f5f60ea685 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/scope.ex @@ -0,0 +1,49 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.Scope do + @moduledoc """ + A scope specifier for `CheckSet` objects. + + ## Attributes + + * `kubernetesNamespace` (*type:* `String.t`, *default:* `nil`) - Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched. + * `kubernetesServiceAccount` (*type:* `String.t`, *default:* `nil`) - Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :kubernetesNamespace => String.t() | nil, + :kubernetesServiceAccount => String.t() | nil + } + + field(:kubernetesNamespace) + field(:kubernetesServiceAccount) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.Scope do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.Scope.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.Scope do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_authority.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_authority.ex new file mode 100644 index 0000000000..8b07d61b94 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_authority.ex @@ -0,0 +1,49 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority do + @moduledoc """ + A Sigstore authority, used to verify signatures that are created by Sigstore. An authority is analogous to an attestation authenticator, verifying that a signature is valid or invalid. + + ## Attributes + + * `displayName` (*type:* `String.t`, *default:* `nil`) - Optional. A user-provided name for this `SigstoreAuthority`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. + * `publicKeySet` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet.t`, *default:* `nil`) - Required. A simple set of public keys. A signature is considered valid if any keys in the set validate the signature. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :displayName => String.t() | nil, + :publicKeySet => GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet.t() | nil + } + + field(:displayName) + field(:publicKeySet, as: GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_public_key.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_public_key.ex new file mode 100644 index 0000000000..36f51ea37e --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_public_key.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey do + @moduledoc """ + A Sigstore public key. `SigstorePublicKey` is the public key material used to authenticate Sigstore signatures. + + ## Attributes + + * `publicKeyPem` (*type:* `String.t`, *default:* `nil`) - The public key material in PEM format. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :publicKeyPem => String.t() | nil + } + + field(:publicKeyPem) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_public_key_set.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_public_key_set.ex new file mode 100644 index 0000000000..edd19071a9 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_public_key_set.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet do + @moduledoc """ + A bundle of Sigstore public keys, used to verify Sigstore signatures. A signature is authenticated by a `SigstorePublicKeySet` if any of the keys verify it. + + ## Attributes + + * `publicKeys` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey.t)`, *default:* `nil`) - Required. `public_keys` must have at least one entry. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :publicKeys => list(GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey.t()) | nil + } + + field(:publicKeys, as: GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKey, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstorePublicKeySet do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_signature_check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_signature_check.ex new file mode 100644 index 0000000000..43ce900eb1 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/sigstore_signature_check.ex @@ -0,0 +1,50 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck do + @moduledoc """ + A Sigstore signature check, which verifies the Sigstore signature associated with an image. + + ## Attributes + + * `sigstoreAuthorities` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority.t)`, *default:* `nil`) - Required. The authorities required by this check to verify the signature. A signature only needs to be verified by one authority to pass the check. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :sigstoreAuthorities => + list(GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority.t()) | nil + } + + field(:sigstoreAuthorities, + as: GoogleApi.BinaryAuthorization.V1.Model.SigstoreAuthority, + type: :list + ) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.SigstoreSignatureCheck do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/simple_signing_attestation_check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/simple_signing_attestation_check.ex new file mode 100644 index 0000000000..7f41eff4dd --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/simple_signing_attestation_check.ex @@ -0,0 +1,54 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck do + @moduledoc """ + Require a signed [DSSE](https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning. + + ## Attributes + + * `attestationAuthenticators` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator.t)`, *default:* `nil`) - Required. The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required. + * `containerAnalysisAttestationProjects` (*type:* `list(String.t)`, *default:* `nil`) - Optional. The projects where attestations are stored as Container Analysis Occurrences, in the format `projects/[PROJECT_ID]`. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only `AttestationOccurrence` kinds are considered. In the future, additional Occurrence kinds may be added to the query. Maximum number of `container_analysis_attestation_projects` allowed in each `SimpleSigningAttestationCheck` is 10. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :attestationAuthenticators => + list(GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator.t()) | nil, + :containerAnalysisAttestationProjects => list(String.t()) | nil + } + + field(:attestationAuthenticators, + as: GoogleApi.BinaryAuthorization.V1.Model.AttestationAuthenticator, + type: :list + ) + + field(:containerAnalysisAttestationProjects, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.SimpleSigningAttestationCheck do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/slsa_check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/slsa_check.ex new file mode 100644 index 0000000000..671a05047b --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/slsa_check.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck do + @moduledoc """ + A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only. + + ## Attributes + + * `rules` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.VerificationRule.t)`, *default:* `nil`) - Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :rules => list(GoogleApi.BinaryAuthorization.V1.Model.VerificationRule.t()) | nil + } + + field(:rules, as: GoogleApi.BinaryAuthorization.V1.Model.VerificationRule, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.SlsaCheck do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/trusted_directory_check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/trusted_directory_check.ex new file mode 100644 index 0000000000..484b41f773 --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/trusted_directory_check.ex @@ -0,0 +1,46 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck do + @moduledoc """ + A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories. + + ## Attributes + + * `trustedDirPatterns` (*type:* `list(String.t)`, *default:* `nil`) - Required. List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/` + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :trustedDirPatterns => list(String.t()) | nil + } + + field(:trustedDirPatterns, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.TrustedDirectoryCheck do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/user_owned_grafeas_note.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/user_owned_grafeas_note.ex index 69dcaffcba..cb9806545c 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/user_owned_grafeas_note.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/user_owned_grafeas_note.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.UserOwnedGrafeasNote do ## Attributes - * `delegationServiceAccountEmail` (*type:* `String.t`, *default:* `nil`) - Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. + * `delegationServiceAccountEmail` (*type:* `String.t`, *default:* `nil`) - Output only. This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. * `noteReference` (*type:* `String.t`, *default:* `nil`) - Required. The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. * `publicKeys` (*type:* `list(GoogleApi.BinaryAuthorization.V1.Model.AttestorPublicKey.t)`, *default:* `nil`) - Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. """ diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/validate_attestation_occurrence_request.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/validate_attestation_occurrence_request.ex index 9314f5cf0a..8672e0f240 100644 --- a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/validate_attestation_occurrence_request.ex +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/validate_attestation_occurrence_request.ex @@ -21,7 +21,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.ValidateAttestationOccurrenceRe ## Attributes - * `attestation` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AttestationOccurrence.t`, *default:* `nil`) - Required. An AttestationOccurrence to be checked that it can be verified by the Attestor. It does not have to be an existing entity in Container Analysis. It must otherwise be a valid AttestationOccurrence. + * `attestation` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AttestationOccurrence.t`, *default:* `nil`) - Required. An AttestationOccurrence to be checked that it can be verified by the `Attestor`. It does not have to be an existing entity in Container Analysis. It must otherwise be a valid `AttestationOccurrence`. * `occurrenceNote` (*type:* `String.t`, *default:* `nil`) - Required. The resource name of the Note to which the containing Occurrence is associated. * `occurrenceResourceUri` (*type:* `String.t`, *default:* `nil`) - Required. The URI of the artifact (e.g. container image) that is the subject of the containing Occurrence. """ diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/verification_rule.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/verification_rule.ex new file mode 100644 index 0000000000..b2890c6edf --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/verification_rule.ex @@ -0,0 +1,56 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do + @moduledoc """ + Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified. + + ## Attributes + + * `attestationSource` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AttestationSource.t`, *default:* `nil`) - Specifies where to fetch the provenances attestations generated by the builder (group). + * `configBasedBuildRequired` (*type:* `boolean()`, *default:* `nil`) - If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration. + * `trustedBuilder` (*type:* `String.t`, *default:* `nil`) - Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group). + * `trustedSourceRepoPatterns` (*type:* `list(String.t)`, *default:* `nil`) - List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :attestationSource => + GoogleApi.BinaryAuthorization.V1.Model.AttestationSource.t() | nil, + :configBasedBuildRequired => boolean() | nil, + :trustedBuilder => String.t() | nil, + :trustedSourceRepoPatterns => list(String.t()) | nil + } + + field(:attestationSource, as: GoogleApi.BinaryAuthorization.V1.Model.AttestationSource) + field(:configBasedBuildRequired) + field(:trustedBuilder) + field(:trustedSourceRepoPatterns, type: :list) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.VerificationRule.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/vulnerability_check.ex b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/vulnerability_check.ex new file mode 100644 index 0000000000..6222000a0a --- /dev/null +++ b/clients/binary_authorization/lib/google_api/binary_authorization/v1/model/vulnerability_check.ex @@ -0,0 +1,58 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This file is auto generated by the elixir code generator program. +# Do not edit this file manually. + +defmodule GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck do + @moduledoc """ + An image vulnerability check, which rejects images that violate the configured vulnerability rules. + + ## Attributes + + * `allowedCves` (*type:* `list(String.t)`, *default:* `nil`) - Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`. + * `blockedCves` (*type:* `list(String.t)`, *default:* `nil`) - Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`. + * `containerAnalysisVulnerabilityProjects` (*type:* `list(String.t)`, *default:* `nil`) - Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check. Maximum number of `container_analysis_vulnerability_projects` allowed in each `VulnerabilityCheck` is 10. + * `maximumFixableSeverity` (*type:* `String.t`, *default:* `nil`) - Required. The threshold for severity for which a fix is currently available. This field is required and must be set. + * `maximumUnfixableSeverity` (*type:* `String.t`, *default:* `nil`) - Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set. + """ + + use GoogleApi.Gax.ModelBase + + @type t :: %__MODULE__{ + :allowedCves => list(String.t()) | nil, + :blockedCves => list(String.t()) | nil, + :containerAnalysisVulnerabilityProjects => list(String.t()) | nil, + :maximumFixableSeverity => String.t() | nil, + :maximumUnfixableSeverity => String.t() | nil + } + + field(:allowedCves, type: :list) + field(:blockedCves, type: :list) + field(:containerAnalysisVulnerabilityProjects, type: :list) + field(:maximumFixableSeverity) + field(:maximumUnfixableSeverity) +end + +defimpl Poison.Decoder, for: GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck do + def decode(value, options) do + GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck.decode(value, options) + end +end + +defimpl Poison.Encoder, for: GoogleApi.BinaryAuthorization.V1.Model.VulnerabilityCheck do + def encode(value, options) do + GoogleApi.Gax.ModelBase.encode(value, options) + end +end diff --git a/clients/binary_authorization/mix.exs b/clients/binary_authorization/mix.exs index abfa21864a..b8766c21f7 100644 --- a/clients/binary_authorization/mix.exs +++ b/clients/binary_authorization/mix.exs @@ -18,7 +18,7 @@ defmodule GoogleApi.BinaryAuthorization.Mixfile do use Mix.Project - @version "0.14.2" + @version "0.15.0" def project() do [