| // Copyright 2019 Google LLC. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| syntax = "proto3"; |
| |
| package google.cloud.binaryauthorization.v1beta1; |
| |
| import "google/api/annotations.proto"; |
| import "google/cloud/binaryauthorization/v1beta1/resources.proto"; |
| import "google/protobuf/empty.proto"; |
| |
| option cc_enable_arenas = true; |
| option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1beta1;binaryauthorization"; |
| option java_package = "com.google.cloud.binaryauthorization.v1beta1"; |
| option java_multiple_files = true; |
| option java_outer_classname = "ServiceProto"; |
| |
| // Customer-facing API for Cloud Binary Authorization. |
| |
| // Google Cloud Management Service for Binary Authorization admission policies |
| // and attestation authorities. |
| // |
| // This API implements a REST model with the following objects: |
| // |
| // * [Policy][google.cloud.binaryauthorization.v1beta1.Policy] |
| // * [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor] |
| // |
| // A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to |
| // a container image, before the project is allowed to deploy that |
| // image. There is at most one policy per project. All image admission |
| // requests are permitted if a project has no policy. |
| service BinauthzManagementServiceV1Beta1 { |
| // Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default |
| // [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one. |
| rpc GetPolicy(GetPolicyRequest) returns (Policy) { |
| option (google.api.http) = { |
| get: "/v1beta1/{name=projects/*/policy}" |
| }; |
| } |
| |
| // Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the |
| // new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race |
| // conditions with concurrent policy enforcement (or management!) |
| // requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT |
| // if the request is malformed. |
| rpc UpdatePolicy(UpdatePolicyRequest) returns (Policy) { |
| option (google.api.http) = { |
| put: "/v1beta1/{policy.name=projects/*/policy}" |
| body: "policy" |
| }; |
| } |
| |
| // Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new |
| // [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist, |
| // INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the |
| // [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists. |
| rpc CreateAttestor(CreateAttestorRequest) returns (Attestor) { |
| option (google.api.http) = { |
| post: "/v1beta1/{parent=projects/*}/attestors" |
| body: "attestor" |
| }; |
| } |
| |
| // Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. |
| // Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist. |
| rpc GetAttestor(GetAttestorRequest) returns (Attestor) { |
| option (google.api.http) = { |
| get: "/v1beta1/{name=projects/*/attestors/*}" |
| }; |
| } |
| |
| // Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. |
| // Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist. |
| rpc UpdateAttestor(UpdateAttestorRequest) returns (Attestor) { |
| option (google.api.http) = { |
| put: "/v1beta1/{attestor.name=projects/*/attestors/*}" |
| body: "attestor" |
| }; |
| } |
| |
| // Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor]. |
| // Returns INVALID_ARGUMENT if the project does not exist. |
| rpc ListAttestors(ListAttestorsRequest) returns (ListAttestorsResponse) { |
| option (google.api.http) = { |
| get: "/v1beta1/{parent=projects/*}/attestors" |
| }; |
| } |
| |
| // Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the |
| // [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist. |
| rpc DeleteAttestor(DeleteAttestorRequest) returns (google.protobuf.Empty) { |
| option (google.api.http) = { |
| delete: "/v1beta1/{name=projects/*/attestors/*}" |
| }; |
| } |
| } |
| |
| // Request message for [BinauthzManagementService.GetPolicy][]. |
| message GetPolicyRequest { |
| // Required. The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve, |
| // in the format `projects/*/policy`. |
| string name = 1; |
| } |
| |
| // Request message for [BinauthzManagementService.UpdatePolicy][]. |
| message UpdatePolicyRequest { |
| // Required. A new or updated [policy][google.cloud.binaryauthorization.v1beta1.Policy] value. The service will |
| // overwrite the [policy name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the resource name in |
| // the request URL, in the format `projects/*/policy`. |
| Policy policy = 1; |
| } |
| |
| // Request message for [BinauthzManagementService.CreateAttestor][]. |
| message CreateAttestorRequest { |
| // Required. The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. |
| string parent = 1; |
| |
| // Required. The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID. |
| string attestor_id = 2; |
| |
| // Required. The initial [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will |
| // overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name, |
| // in the format `projects/*/attestors/*`. |
| Attestor attestor = 3; |
| } |
| |
| // Request message for [BinauthzManagementService.GetAttestor][]. |
| message GetAttestorRequest { |
| // Required. The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format |
| // `projects/*/attestors/*`. |
| string name = 1; |
| } |
| |
| // Request message for [BinauthzManagementService.UpdateAttestor][]. |
| message UpdateAttestorRequest { |
| // Required. The updated [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will |
| // overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name |
| // in the request URL, in the format `projects/*/attestors/*`. |
| Attestor attestor = 1; |
| } |
| |
| // Request message for [BinauthzManagementService.ListAttestors][]. |
| message ListAttestorsRequest { |
| // Required. The resource name of the project associated with the |
| // [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`. |
| string parent = 1; |
| |
| // Requested page size. The server may return fewer results than requested. If |
| // unspecified, the server will pick an appropriate default. |
| int32 page_size = 2; |
| |
| // A token identifying a page of results the server should return. Typically, |
| // this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse.next_page_token] returned |
| // from the previous call to the `ListAttestors` method. |
| string page_token = 3; |
| } |
| |
| // Response message for [BinauthzManagementService.ListAttestors][]. |
| message ListAttestorsResponse { |
| // The list of [attestors][google.cloud.binaryauthorization.v1beta1.Attestor]. |
| repeated Attestor attestors = 1; |
| |
| // A token to retrieve the next page of results. Pass this value in the |
| // [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest.page_token] field in the subsequent call to the |
| // `ListAttestors` method to retrieve the next page of results. |
| string next_page_token = 2; |
| } |
| |
| // Request message for [BinauthzManagementService.DeleteAttestor][]. |
| message DeleteAttestorRequest { |
| // Required. The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format |
| // `projects/*/attestors/*`. |
| string name = 1; |
| } |