diff --git a/google/cloud/binaryauthorization/artman_binaryauthorization_v1beta1.yaml b/google/cloud/binaryauthorization/artman_binaryauthorization_v1beta1.yaml index 036c547f..07d27f08 100644 --- a/google/cloud/binaryauthorization/artman_binaryauthorization_v1beta1.yaml +++ b/google/cloud/binaryauthorization/artman_binaryauthorization_v1beta1.yaml @@ -6,8 +6,9 @@ common: - name: google-common-protos src_proto_paths: - v1beta1 - service_yaml: binaryauthorization_v1beta1.yaml + service_yaml: v1beta1/binaryauthorization_v1beta1.yaml gapic_yaml: v1beta1/binaryauthorization_gapic.yaml + proto_package: google.cloud.binaryauthorization.v1beta1 artifacts: - name: gapic_config type: GAPIC_CONFIG diff --git a/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.legacy.yaml b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.legacy.yaml new file mode 100644 index 00000000..24a87ee7 --- /dev/null +++ b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.legacy.yaml @@ -0,0 +1,197 @@ +type: com.google.api.codegen.ConfigProto +config_schema_version: 1.0.0 +# The settings of generated code in a specific language. +language_settings: + java: + package_name: com.google.cloud.binaryauthorization.v1beta1 + python: + package_name: google.cloud.binaryauthorization_v1beta1.gapic + go: + package_name: cloud.google.com/go/binaryauthorization/apiv1beta1 + csharp: + package_name: Google.Cloud.Binaryauthorization.V1beta1 + ruby: + package_name: Google::Cloud::Binaryauthorization::V1beta1 + php: + package_name: Google\Cloud\Binaryauthorization\V1beta1 + nodejs: + package_name: binaryauthorization.v1beta1 +# A list of API interface configurations. +interfaces: +- name: google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1 + # A list of resource collection configurations. + # Consists of a name_pattern and an entity_name. + # The name_pattern is a pattern to describe the names of the resources of this + # collection, using the platform's conventions for URI patterns. A generator + # may use this to generate methods to compose and decompose such names. The + # pattern should use named placeholders as in `shelves/{shelf}/books/{book}`; + # those will be taken as hints for the parameter names of the generated + # methods. If empty, no name methods are generated. + # The entity_name is the name to be used as a basis for generated methods and + # classes. + collections: + - name_pattern: projects/{project} + entity_name: project + - name_pattern: projects/{project}/attestors/{attestor} + entity_name: attestor + - name_pattern: projects/{project}/policy + entity_name: project_policy + # Definition for retryable codes. + retry_codes_def: + - name: idempotent + retry_codes: + - DEADLINE_EXCEEDED + - UNAVAILABLE + - name: non_idempotent + retry_codes: [] + # Definition for retry/backoff parameters. + retry_params_def: + - name: default + initial_retry_delay_millis: 100 + retry_delay_multiplier: 1.3 + max_retry_delay_millis: 60000 + initial_rpc_timeout_millis: 20000 + rpc_timeout_multiplier: 1 + max_rpc_timeout_millis: 20000 + total_timeout_millis: 600000 + # A list of method configurations. + # Common properties: + # + # name - The simple name of the method. + # + # flattening - Specifies the configuration for parameter flattening. + # Describes the parameter groups for which a generator should produce method + # overloads which allow a client to directly pass request message fields as + # method parameters. This information may or may not be used, depending on + # the target language. + # Consists of groups, which each represent a list of parameters to be + # flattened. Each parameter listed must be a field of the request message. + # + # required_fields - Fields that are always required for a request to be + # valid. + # + # page_streaming - Specifies the configuration for paging. + # Describes information for generating a method which transforms a paging + # list RPC into a stream of resources. + # Consists of a request and a response. + # The request specifies request information of the list method. It defines + # which fields match the paging pattern in the request. The request consists + # of a page_size_field and a token_field. The page_size_field is the name of + # the optional field specifying the maximum number of elements to be + # returned in the response. The token_field is the name of the field in the + # request containing the page token. + # The response specifies response information of the list method. It defines + # which fields match the paging pattern in the response. The response + # consists of a token_field and a resources_field. The token_field is the + # name of the field in the response containing the next page token. The + # resources_field is the name of the field in the response containing the + # list of resources belonging to the page. + # + # retry_codes_name - Specifies the configuration for retryable codes. The + # name must be defined in interfaces.retry_codes_def. + # + # retry_params_name - Specifies the configuration for retry/backoff + # parameters. The name must be defined in interfaces.retry_params_def. + # + # field_name_patterns - Maps the field name of the request type to + # entity_name of interfaces.collections. + # Specifies the string pattern that the field must follow. + # + # timeout_millis - Specifies the default timeout for a non-retrying call. If + # the call is retrying, refer to retry_params_name instead. + methods: + - name: GetPolicy + flattening: + groups: + - parameters: + - name + required_fields: + - name + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + name: project_policy + timeout_millis: 60000 + - name: UpdatePolicy + flattening: + groups: + - parameters: + - policy + required_fields: + - policy + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + policy.name: project_policy + timeout_millis: 60000 + - name: CreateAttestor + flattening: + groups: + - parameters: + - parent + - attestor_id + - attestor + required_fields: + - parent + - attestor_id + - attestor + retry_codes_name: non_idempotent + retry_params_name: default + field_name_patterns: + parent: project + timeout_millis: 60000 + - name: GetAttestor + flattening: + groups: + - parameters: + - name + required_fields: + - name + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + name: attestor + timeout_millis: 60000 + - name: UpdateAttestor + flattening: + groups: + - parameters: + - attestor + required_fields: + - attestor + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + attestor.name: attestor + timeout_millis: 60000 + - name: ListAttestors + flattening: + groups: + - parameters: + - parent + required_fields: + - parent + page_streaming: + request: + page_size_field: page_size + token_field: page_token + response: + token_field: next_page_token + resources_field: attestors + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + parent: project + timeout_millis: 60000 + - name: DeleteAttestor + flattening: + groups: + - parameters: + - name + required_fields: + - name + retry_codes_name: idempotent + retry_params_name: default + field_name_patterns: + name: attestor + timeout_millis: 60000 diff --git a/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.yaml b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.yaml index 16dbce7e..7c7b177a 100644 --- a/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.yaml +++ b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_gapic.yaml @@ -1,5 +1,5 @@ type: com.google.api.codegen.ConfigProto -config_schema_version: 1.0.0 +config_schema_version: 2.0.0 # The settings of generated code in a specific language. language_settings: java: @@ -16,183 +16,3 @@ language_settings: package_name: Google\Cloud\Binaryauthorization\V1beta1 nodejs: package_name: binaryauthorization.v1beta1 -# A list of API interface configurations. -interfaces: -# The fully qualified name of the API interface. -- name: google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1 - # A list of resource collection configurations. - # Consists of a name_pattern and an entity_name. - # The name_pattern is a pattern to describe the names of the resources of this - # collection, using the platform's conventions for URI patterns. A generator - # may use this to generate methods to compose and decompose such names. The - # pattern should use named placeholders as in `shelves/{shelf}/books/{book}`; - # those will be taken as hints for the parameter names of the generated - # methods. If empty, no name methods are generated. - # The entity_name is the name to be used as a basis for generated methods and - # classes. - collections: - - name_pattern: projects/{project} - entity_name: project - - name_pattern: projects/{project}/attestors/{attestor} - entity_name: attestor - - name_pattern: projects/{project}/policy - entity_name: project_policy - # Definition for retryable codes. - retry_codes_def: - - name: idempotent - retry_codes: - - DEADLINE_EXCEEDED - - UNAVAILABLE - - name: non_idempotent - retry_codes: [] - # Definition for retry/backoff parameters. - retry_params_def: - - name: default - initial_retry_delay_millis: 100 - retry_delay_multiplier: 1.3 - max_retry_delay_millis: 60000 - initial_rpc_timeout_millis: 20000 - rpc_timeout_multiplier: 1 - max_rpc_timeout_millis: 20000 - total_timeout_millis: 600000 - # A list of method configurations. - # Common properties: - # - # name - The simple name of the method. - # - # flattening - Specifies the configuration for parameter flattening. - # Describes the parameter groups for which a generator should produce method - # overloads which allow a client to directly pass request message fields as - # method parameters. This information may or may not be used, depending on - # the target language. - # Consists of groups, which each represent a list of parameters to be - # flattened. Each parameter listed must be a field of the request message. - # - # required_fields - Fields that are always required for a request to be - # valid. - # - # page_streaming - Specifies the configuration for paging. - # Describes information for generating a method which transforms a paging - # list RPC into a stream of resources. - # Consists of a request and a response. - # The request specifies request information of the list method. It defines - # which fields match the paging pattern in the request. The request consists - # of a page_size_field and a token_field. The page_size_field is the name of - # the optional field specifying the maximum number of elements to be - # returned in the response. The token_field is the name of the field in the - # request containing the page token. - # The response specifies response information of the list method. It defines - # which fields match the paging pattern in the response. The response - # consists of a token_field and a resources_field. The token_field is the - # name of the field in the response containing the next page token. The - # resources_field is the name of the field in the response containing the - # list of resources belonging to the page. - # - # retry_codes_name - Specifies the configuration for retryable codes. The - # name must be defined in interfaces.retry_codes_def. - # - # retry_params_name - Specifies the configuration for retry/backoff - # parameters. The name must be defined in interfaces.retry_params_def. - # - # field_name_patterns - Maps the field name of the request type to - # entity_name of interfaces.collections. - # Specifies the string pattern that the field must follow. - # - # timeout_millis - Specifies the default timeout for a non-retrying call. If - # the call is retrying, refer to retry_params_name instead. - methods: - - name: GetPolicy - flattening: - groups: - - parameters: - - name - required_fields: - - name - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: project_policy - timeout_millis: 60000 - - name: UpdatePolicy - flattening: - groups: - - parameters: - - policy - required_fields: - - policy - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - policy.name: project_policy - timeout_millis: 60000 - - name: CreateAttestor - flattening: - groups: - - parameters: - - parent - - attestor_id - - attestor - required_fields: - - parent - - attestor_id - - attestor - retry_codes_name: non_idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 60000 - - name: GetAttestor - flattening: - groups: - - parameters: - - name - required_fields: - - name - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: attestor - timeout_millis: 60000 - - name: UpdateAttestor - flattening: - groups: - - parameters: - - attestor - required_fields: - - attestor - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - attestor.name: attestor - timeout_millis: 60000 - - name: ListAttestors - flattening: - groups: - - parameters: - - parent - required_fields: - - parent - page_streaming: - request: - page_size_field: page_size - token_field: page_token - response: - token_field: next_page_token - resources_field: attestors - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - parent: project - timeout_millis: 60000 - - name: DeleteAttestor - flattening: - groups: - - parameters: - - name - required_fields: - - name - retry_codes_name: idempotent - retry_params_name: default - field_name_patterns: - name: attestor - timeout_millis: 60000 diff --git a/google/cloud/binaryauthorization/v1beta1/binaryauthorization_grpc_service_config.json b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_grpc_service_config.json new file mode 100755 index 00000000..6da9842f --- /dev/null +++ b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_grpc_service_config.json @@ -0,0 +1,51 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "GetPolicy" + }, + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "UpdatePolicy" + }, + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "GetAttestor" + }, + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "UpdateAttestor" + }, + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "ListAttestors" + }, + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "DeleteAttestor" + } + ], + "timeout": "600s", + "retryPolicy": { + "initialBackoff": "0.100s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "DEADLINE_EXCEEDED", + "UNAVAILABLE" + ] + } + }, + { + "name": [ + { + "service": "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", + "method": "CreateAttestor" + } + ], + "timeout": "600s" + } + ] +} diff --git a/google/cloud/binaryauthorization/binaryauthorization_v1beta1.yaml b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_v1beta1.yaml similarity index 68% rename from google/cloud/binaryauthorization/binaryauthorization_v1beta1.yaml rename to google/cloud/binaryauthorization/v1beta1/binaryauthorization_v1beta1.yaml index d2143b3e..4405518b 100644 --- a/google/cloud/binaryauthorization/binaryauthorization_v1beta1.yaml +++ b/google/cloud/binaryauthorization/v1beta1/binaryauthorization_v1beta1.yaml @@ -21,6 +21,9 @@ documentation: Sets the access control policy on the specified resource. Replaces any existing policy. + Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and + PERMISSION_DENIED + - selector: google.iam.v1.IAMPolicy.TestIamPermissions description: |- Returns permissions that a caller has on the specified resource. If the @@ -31,25 +34,6 @@ documentation: permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. -http: - rules: - - selector: google.iam.v1.IAMPolicy.GetIamPolicy - get: '/v1beta1/{resource=projects/*/policy}:getIamPolicy' - additional_bindings: - - get: '/v1beta1/{resource=projects/*/attestors/*}:getIamPolicy' - - selector: google.iam.v1.IAMPolicy.SetIamPolicy - post: '/v1beta1/{resource=projects/*/policy}:setIamPolicy' - body: '*' - additional_bindings: - - post: '/v1beta1/{resource=projects/*/attestors/*}:setIamPolicy' - body: '*' - - selector: google.iam.v1.IAMPolicy.TestIamPermissions - post: '/v1beta1/{resource=projects/*/policy}:testIamPermissions' - body: '*' - additional_bindings: - - post: '/v1beta1/{resource=projects/*/attestors/*}:testIamPermissions' - body: '*' - authentication: rules: - selector: 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1.*' diff --git a/google/cloud/binaryauthorization/v1beta1/resources.proto b/google/cloud/binaryauthorization/v1beta1/resources.proto index 909ba955..68250050 100644 --- a/google/cloud/binaryauthorization/v1beta1/resources.proto +++ b/google/cloud/binaryauthorization/v1beta1/resources.proto @@ -17,14 +17,21 @@ syntax = "proto3"; package google.cloud.binaryauthorization.v1beta1; -import "google/api/annotations.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; import "google/protobuf/timestamp.proto"; +import "google/api/annotations.proto"; option cc_enable_arenas = true; option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1beta1;binaryauthorization"; // A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for container image binary authorization. message Policy { + option (google.api.resource) = { + type: "binaryauthorization.googleapis.com/Policy" + pattern: "projects/{project}/policy" + }; + enum GlobalPolicyEvaluationMode { // Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0; @@ -38,21 +45,21 @@ message Policy { // Output only. The resource name, in the format `projects/*/policy`. There is // at most one policy per project. - string name = 1; + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; // Optional. A descriptive comment. - string description = 6; + string description = 6 [(google.api.field_behavior) = OPTIONAL]; // Optional. Controls the evaluation of a Google-maintained global admission // policy for common system-level images. Images not covered by the global // policy will be subject to the project admission policy. This setting // has no effect when specified inside a global admission policy. - GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7; + GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(google.api.field_behavior) = OPTIONAL]; // Optional. Admission policy whitelisting. A matching admission request will // always be permitted. This feature is typically used to exclude Google or // third-party infrastructure images from Binary Authorization policies. - repeated AdmissionWhitelistPattern admission_whitelist_patterns = 2; + repeated AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(google.api.field_behavior) = OPTIONAL]; // Optional. Per-cluster admission rules. Cluster spec format: // `location.clusterId`. There can be at most one admission rule per cluster @@ -61,14 +68,14 @@ message Policy { // (e.g. us-central1). // For `clusterId` syntax restrictions see // https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. - map cluster_admission_rules = 3; + map cluster_admission_rules = 3 [(google.api.field_behavior) = OPTIONAL]; // Required. Default admission rule for a cluster without a per-cluster, per- // kubernetes-service-account, or per-istio-service-identity admission rule. - AdmissionRule default_admission_rule = 4; + AdmissionRule default_admission_rule = 4 [(google.api.field_behavior) = REQUIRED]; // Output only. Time when the policy was last updated. - google.protobuf.Timestamp update_time = 5; + google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; } // An [admission whitelist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images @@ -119,7 +126,7 @@ message AdmissionRule { } // Required. How this admission rule will be evaluated. - EvaluationMode evaluation_mode = 1; + EvaluationMode evaluation_mode = 1 [(google.api.field_behavior) = REQUIRED]; // Optional. The resource names of the attestors that must attest to // a container image, in the format `projects/*/attestors/*`. Each @@ -129,23 +136,28 @@ message AdmissionRule { // // Note: this field must be non-empty when the evaluation_mode field specifies // REQUIRE_ATTESTATION, otherwise it must be empty. - repeated string require_attestations_by = 2; + repeated string require_attestations_by = 2 [(google.api.field_behavior) = OPTIONAL]; // Required. The action when a pod creation is denied by the admission rule. - EnforcementMode enforcement_mode = 3; + EnforcementMode enforcement_mode = 3 [(google.api.field_behavior) = REQUIRED]; } // An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image // artifacts. An existing attestor cannot be modified except where // indicated. message Attestor { + option (google.api.resource) = { + type: "binaryauthorization.googleapis.com/Attestor" + pattern: "projects/{project}/attestors/{attestor}" + }; + // Required. The resource name, in the format: // `projects/*/attestors/*`. This field may not be updated. - string name = 1; + string name = 1 [(google.api.field_behavior) = REQUIRED]; // Optional. A descriptive comment. This field may be updated. // The field may be displayed in chooser dialogs. - string description = 6; + string description = 6 [(google.api.field_behavior) = OPTIONAL]; // Required. Identifies an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to a // container image artifact. This determines how an attestation will @@ -158,7 +170,7 @@ message Attestor { } // Output only. Time when the attestor was last updated. - google.protobuf.Timestamp update_time = 4; + google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; } // An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock @@ -171,7 +183,7 @@ message UserOwnedDrydockNote { // An attestation by this attestor is stored as a Drydock // ATTESTATION_AUTHORITY Occurrence that names a container image and that // links to this Note. Drydock is an external dependency. - string note_reference = 1; + string note_reference = 1 [(google.api.field_behavior) = REQUIRED]; // Optional. Public keys that verify attestations signed by this // attestor. This field may be updated. @@ -182,7 +194,7 @@ message UserOwnedDrydockNote { // // If this field is empty, this attestor always returns that no // valid attestations exist. - repeated AttestorPublicKey public_keys = 2; + repeated AttestorPublicKey public_keys = 2 [(google.api.field_behavior) = OPTIONAL]; // Output only. This field will contain the service account email address // that this Attestor will use as the principal when querying Container @@ -193,7 +205,7 @@ message UserOwnedDrydockNote { // This email address is fixed for the lifetime of the Attestor, but callers // should not make any other assumptions about the service account email; // future versions may use an email based on a different naming pattern. - string delegation_service_account_email = 3; + string delegation_service_account_email = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; } // A public key in the PkixPublicKey format (see @@ -261,7 +273,7 @@ message PkixPublicKey { // attestations signed by this attestor. message AttestorPublicKey { // Optional. A descriptive comment. This field may be updated. - string comment = 1; + string comment = 1 [(google.api.field_behavior) = OPTIONAL]; // The ID of this public key. // Signatures verified by BinAuthz must include the ID of the public key that diff --git a/google/cloud/binaryauthorization/v1beta1/service.proto b/google/cloud/binaryauthorization/v1beta1/service.proto index 33bef1db..f2e5f59e 100644 --- a/google/cloud/binaryauthorization/v1beta1/service.proto +++ b/google/cloud/binaryauthorization/v1beta1/service.proto @@ -18,6 +18,9 @@ syntax = "proto3"; package google.cloud.binaryauthorization.v1beta1; import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; import "google/cloud/binaryauthorization/v1beta1/resources.proto"; import "google/protobuf/empty.proto"; @@ -33,18 +36,22 @@ option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthoriza // // * [Policy][google.cloud.binaryauthorization.v1beta1.Policy] // * [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor] -// -// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to -// a container image, before the project is allowed to deploy that -// image. There is at most one policy per project. All image admission -// requests are permitted if a project has no policy. service BinauthzManagementServiceV1Beta1 { + option (google.api.default_host) = "binaryauthorization.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to + // a container image, before the project is allowed to deploy that + // image. There is at most one policy per project. All image admission + // requests are permitted if a project has no policy. + // // Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default // [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one. rpc GetPolicy(GetPolicyRequest) returns (Policy) { option (google.api.http) = { get: "/v1beta1/{name=projects/*/policy}" }; + option (google.api.method_signature) = "name"; } // Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the @@ -57,6 +64,7 @@ service BinauthzManagementServiceV1Beta1 { put: "/v1beta1/{policy.name=projects/*/policy}" body: "policy" }; + option (google.api.method_signature) = "policy"; } // Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new @@ -68,6 +76,7 @@ service BinauthzManagementServiceV1Beta1 { post: "/v1beta1/{parent=projects/*}/attestors" body: "attestor" }; + option (google.api.method_signature) = "parent,attestor_id,attestor"; } // Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. @@ -76,6 +85,7 @@ service BinauthzManagementServiceV1Beta1 { option (google.api.http) = { get: "/v1beta1/{name=projects/*/attestors/*}" }; + option (google.api.method_signature) = "name"; } // Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. @@ -85,6 +95,7 @@ service BinauthzManagementServiceV1Beta1 { put: "/v1beta1/{attestor.name=projects/*/attestors/*}" body: "attestor" }; + option (google.api.method_signature) = "attestor"; } // Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor]. @@ -93,6 +104,7 @@ service BinauthzManagementServiceV1Beta1 { option (google.api.http) = { get: "/v1beta1/{parent=projects/*}/attestors" }; + option (google.api.method_signature) = "parent"; } // Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the @@ -101,6 +113,7 @@ service BinauthzManagementServiceV1Beta1 { option (google.api.http) = { delete: "/v1beta1/{name=projects/*/attestors/*}" }; + option (google.api.method_signature) = "name"; } } @@ -108,7 +121,12 @@ service BinauthzManagementServiceV1Beta1 { message GetPolicyRequest { // Required. The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve, // in the format `projects/*/policy`. - string name = 1; + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "binaryauthorization.googleapis.com/Policy" + } + ]; } // Request message for [BinauthzManagementService.UpdatePolicy][]. @@ -116,28 +134,38 @@ message UpdatePolicyRequest { // Required. A new or updated [policy][google.cloud.binaryauthorization.v1beta1.Policy] value. The service will // overwrite the [policy name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the resource name in // the request URL, in the format `projects/*/policy`. - Policy policy = 1; + Policy policy = 1 [(google.api.field_behavior) = REQUIRED]; } // Request message for [BinauthzManagementService.CreateAttestor][]. message CreateAttestorRequest { // Required. The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. - string parent = 1; + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; // Required. The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID. - string attestor_id = 2; + string attestor_id = 2 [(google.api.field_behavior) = REQUIRED]; // Required. The initial [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will // overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name, // in the format `projects/*/attestors/*`. - Attestor attestor = 3; + Attestor attestor = 3 [(google.api.field_behavior) = REQUIRED]; } // Request message for [BinauthzManagementService.GetAttestor][]. message GetAttestorRequest { // Required. The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format // `projects/*/attestors/*`. - string name = 1; + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "binaryauthorization.googleapis.com/Attestor" + } + ]; } // Request message for [BinauthzManagementService.UpdateAttestor][]. @@ -145,14 +173,19 @@ message UpdateAttestorRequest { // Required. The updated [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will // overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name // in the request URL, in the format `projects/*/attestors/*`. - Attestor attestor = 1; + Attestor attestor = 1 [(google.api.field_behavior) = REQUIRED]; } // Request message for [BinauthzManagementService.ListAttestors][]. message ListAttestorsRequest { // Required. The resource name of the project associated with the // [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`. - string parent = 1; + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; // Requested page size. The server may return fewer results than requested. If // unspecified, the server will pick an appropriate default. @@ -179,5 +212,10 @@ message ListAttestorsResponse { message DeleteAttestorRequest { // Required. The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format // `projects/*/attestors/*`. - string name = 1; + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "binaryauthorization.googleapis.com/Attestor" + } + ]; }