532 lines
18 KiB
Protocol Buffer
532 lines
18 KiB
Protocol Buffer
// Copyright 2019 The Grafeas Authors. All rights reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
syntax = "proto3";
|
|
|
|
package grafeas.v1;
|
|
|
|
import "google/api/annotations.proto";
|
|
import "google/api/client.proto";
|
|
import "google/api/field_behavior.proto";
|
|
import "google/api/resource.proto";
|
|
import "google/protobuf/empty.proto";
|
|
import "google/protobuf/field_mask.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
import "grafeas/v1/attestation.proto";
|
|
import "grafeas/v1/build.proto";
|
|
import "grafeas/v1/common.proto";
|
|
import "grafeas/v1/deployment.proto";
|
|
import "grafeas/v1/discovery.proto";
|
|
import "grafeas/v1/image.proto";
|
|
import "grafeas/v1/package.proto";
|
|
import "grafeas/v1/upgrade.proto";
|
|
import "grafeas/v1/vulnerability.proto";
|
|
|
|
option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
|
|
option java_multiple_files = true;
|
|
option java_package = "io.grafeas.v1";
|
|
option objc_class_prefix = "GRA";
|
|
option (google.api.resource_definition) = {
|
|
type: "grafeas.io/Project"
|
|
pattern: "projects/{project}"
|
|
};
|
|
|
|
// [Grafeas](https://grafeas.io) API.
|
|
//
|
|
// Retrieves analysis results of Cloud components such as Docker container
|
|
// images.
|
|
//
|
|
// Analysis results are stored as a series of occurrences. An `Occurrence`
|
|
// contains information about a specific analysis instance on a resource. An
|
|
// occurrence refers to a `Note`. A note contains details describing the
|
|
// analysis and is generally stored in a separate project, called a `Provider`.
|
|
// Multiple occurrences can refer to the same note.
|
|
//
|
|
// For example, an SSL vulnerability could affect multiple images. In this case,
|
|
// there would be one note for the vulnerability and an occurrence for each
|
|
// image with the vulnerability referring to that note.
|
|
service Grafeas {
|
|
option (google.api.default_host) = "containeranalysis.googleapis.com";
|
|
|
|
// Gets the specified occurrence.
|
|
rpc GetOccurrence(GetOccurrenceRequest) returns (Occurrence) {
|
|
option (google.api.http) = {
|
|
get: "/v1/{name=projects/*/occurrences/*}"
|
|
};
|
|
option (google.api.method_signature) = "name";
|
|
}
|
|
|
|
// Lists occurrences for the specified project.
|
|
rpc ListOccurrences(ListOccurrencesRequest)
|
|
returns (ListOccurrencesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1/{parent=projects/*}/occurrences"
|
|
};
|
|
option (google.api.method_signature) = "parent,filter";
|
|
}
|
|
|
|
// Deletes the specified occurrence. For example, use this method to delete an
|
|
// occurrence when the occurrence is no longer applicable for the given
|
|
// resource.
|
|
rpc DeleteOccurrence(DeleteOccurrenceRequest)
|
|
returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/v1/{name=projects/*/occurrences/*}"
|
|
};
|
|
option (google.api.method_signature) = "name";
|
|
}
|
|
|
|
// Creates a new occurrence.
|
|
rpc CreateOccurrence(CreateOccurrenceRequest) returns (Occurrence) {
|
|
option (google.api.http) = {
|
|
post: "/v1/{parent=projects/*}/occurrences"
|
|
body: "occurrence"
|
|
};
|
|
option (google.api.method_signature) = "parent,occurrence";
|
|
}
|
|
|
|
// Creates new occurrences in batch.
|
|
rpc BatchCreateOccurrences(BatchCreateOccurrencesRequest)
|
|
returns (BatchCreateOccurrencesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/{parent=projects/*}/occurrences:batchCreate"
|
|
body: "*"
|
|
};
|
|
option (google.api.method_signature) = "parent,occurrences";
|
|
}
|
|
|
|
// Updates the specified occurrence.
|
|
rpc UpdateOccurrence(UpdateOccurrenceRequest) returns (Occurrence) {
|
|
option (google.api.http) = {
|
|
patch: "/v1/{name=projects/*/occurrences/*}"
|
|
body: "occurrence"
|
|
};
|
|
option (google.api.method_signature) = "name,occurrence,update_mask";
|
|
}
|
|
|
|
// Gets the note attached to the specified occurrence. Consumer projects can
|
|
// use this method to get a note that belongs to a provider project.
|
|
rpc GetOccurrenceNote(GetOccurrenceNoteRequest) returns (Note) {
|
|
option (google.api.http) = {
|
|
get: "/v1/{name=projects/*/occurrences/*}/notes"
|
|
};
|
|
option (google.api.method_signature) = "name";
|
|
}
|
|
|
|
// Gets the specified note.
|
|
rpc GetNote(GetNoteRequest) returns (Note) {
|
|
option (google.api.http) = {
|
|
get: "/v1/{name=projects/*/notes/*}"
|
|
};
|
|
option (google.api.method_signature) = "name";
|
|
}
|
|
|
|
// Lists notes for the specified project.
|
|
rpc ListNotes(ListNotesRequest) returns (ListNotesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1/{parent=projects/*}/notes"
|
|
};
|
|
option (google.api.method_signature) = "parent,filter";
|
|
}
|
|
|
|
// Deletes the specified note.
|
|
rpc DeleteNote(DeleteNoteRequest) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/v1/{name=projects/*/notes/*}"
|
|
};
|
|
option (google.api.method_signature) = "name";
|
|
}
|
|
|
|
// Creates a new note.
|
|
rpc CreateNote(CreateNoteRequest) returns (Note) {
|
|
option (google.api.http) = {
|
|
post: "/v1/{parent=projects/*}/notes"
|
|
body: "note"
|
|
};
|
|
option (google.api.method_signature) = "parent,note_id,note";
|
|
}
|
|
|
|
// Creates new notes in batch.
|
|
rpc BatchCreateNotes(BatchCreateNotesRequest)
|
|
returns (BatchCreateNotesResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1/{parent=projects/*}/notes:batchCreate"
|
|
body: "*"
|
|
};
|
|
option (google.api.method_signature) = "parent,notes";
|
|
}
|
|
|
|
// Updates the specified note.
|
|
rpc UpdateNote(UpdateNoteRequest) returns (Note) {
|
|
option (google.api.http) = {
|
|
patch: "/v1/{name=projects/*/notes/*}"
|
|
body: "note"
|
|
};
|
|
option (google.api.method_signature) = "name,note,update_mask";
|
|
}
|
|
|
|
// Lists occurrences referencing the specified note. Provider projects can use
|
|
// this method to get all occurrences across consumer projects referencing the
|
|
// specified note.
|
|
rpc ListNoteOccurrences(ListNoteOccurrencesRequest)
|
|
returns (ListNoteOccurrencesResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1/{name=projects/*/notes/*}/occurrences"
|
|
};
|
|
option (google.api.method_signature) = "name,filter";
|
|
}
|
|
}
|
|
|
|
// An instance of an analysis type that has been found on a resource.
|
|
message Occurrence {
|
|
option (google.api.resource) = {
|
|
type: "grafeas.io/Occurrence"
|
|
pattern: "projects/{project}/occurrences/{occurrence}"
|
|
};
|
|
|
|
// Output only. The name of the occurrence in the form of
|
|
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
|
|
string name = 1;
|
|
|
|
// Required. Immutable. A URI that represents the resource for which the
|
|
// occurrence applies. For example,
|
|
// `https://gcr.io/project/image@sha256:123abc` for a Docker image.
|
|
string resource_uri = 2;
|
|
|
|
// Required. Immutable. The analysis note associated with this occurrence, in
|
|
// the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be
|
|
// used as a filter in list requests.
|
|
string note_name = 3;
|
|
|
|
// Output only. This explicitly denotes which of the occurrence details are
|
|
// specified. This field can be used as a filter in list requests.
|
|
grafeas.v1.NoteKind kind = 4;
|
|
|
|
// A description of actions that can be taken to remedy the note.
|
|
string remediation = 5;
|
|
|
|
// Output only. The time this occurrence was created.
|
|
google.protobuf.Timestamp create_time = 6;
|
|
|
|
// Output only. The time this occurrence was last updated.
|
|
google.protobuf.Timestamp update_time = 7;
|
|
|
|
// Required. Immutable. Describes the details of the note kind found on this
|
|
// resource.
|
|
oneof details {
|
|
// Describes a security vulnerability.
|
|
grafeas.v1.VulnerabilityOccurrence vulnerability = 8;
|
|
// Describes a verifiable build.
|
|
grafeas.v1.BuildOccurrence build = 9;
|
|
// Describes how this resource derives from the basis in the associated
|
|
// note.
|
|
grafeas.v1.ImageOccurrence image = 10;
|
|
// Describes the installation of a package on the linked resource.
|
|
grafeas.v1.PackageOccurrence package = 11;
|
|
// Describes the deployment of an artifact on a runtime.
|
|
grafeas.v1.DeploymentOccurrence deployment = 12;
|
|
// Describes when a resource was discovered.
|
|
grafeas.v1.DiscoveryOccurrence discovery = 13;
|
|
// Describes an attestation of an artifact.
|
|
grafeas.v1.AttestationOccurrence attestation = 14;
|
|
// Describes an available package upgrade on the linked resource.
|
|
grafeas.v1.UpgradeOccurrence upgrade = 15;
|
|
}
|
|
}
|
|
|
|
// A type of analysis that can be done for a resource.
|
|
message Note {
|
|
option (google.api.resource) = {
|
|
type: "grafeas.io/Note"
|
|
pattern: "projects/{project}/notes/{note}"
|
|
};
|
|
|
|
// Output only. The name of the note in the form of
|
|
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
|
|
string name = 1;
|
|
|
|
// A one sentence description of this note.
|
|
string short_description = 2;
|
|
|
|
// A detailed description of this note.
|
|
string long_description = 3;
|
|
|
|
// Output only. The type of analysis. This field can be used as a filter in
|
|
// list requests.
|
|
grafeas.v1.NoteKind kind = 4;
|
|
|
|
// URLs associated with this note.
|
|
repeated grafeas.v1.RelatedUrl related_url = 5;
|
|
|
|
// Time of expiration for this note. Empty if note does not expire.
|
|
google.protobuf.Timestamp expiration_time = 6;
|
|
|
|
// Output only. The time this note was created. This field can be used as a
|
|
// filter in list requests.
|
|
google.protobuf.Timestamp create_time = 7;
|
|
|
|
// Output only. The time this note was last updated. This field can be used as
|
|
// a filter in list requests.
|
|
google.protobuf.Timestamp update_time = 8;
|
|
|
|
// Other notes related to this note.
|
|
repeated string related_note_names = 9;
|
|
|
|
// Required. Immutable. The type of analysis this note represents.
|
|
oneof type {
|
|
// A note describing a package vulnerability.
|
|
grafeas.v1.VulnerabilityNote vulnerability = 10;
|
|
// A note describing build provenance for a verifiable build.
|
|
grafeas.v1.BuildNote build = 11;
|
|
// A note describing a base image.
|
|
grafeas.v1.ImageNote image = 12;
|
|
// A note describing a package hosted by various package managers.
|
|
grafeas.v1.PackageNote package = 13;
|
|
// A note describing something that can be deployed.
|
|
grafeas.v1.DeploymentNote deployment = 14;
|
|
// A note describing the initial analysis of a resource.
|
|
grafeas.v1.DiscoveryNote discovery = 15;
|
|
// A note describing an attestation role.
|
|
grafeas.v1.AttestationNote attestation = 16;
|
|
// A note describing available package upgrades.
|
|
grafeas.v1.UpgradeNote upgrade = 17;
|
|
}
|
|
}
|
|
|
|
// Request to get an occurrence.
|
|
message GetOccurrenceRequest {
|
|
// The name of the occurrence in the form of
|
|
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Occurrence"
|
|
];
|
|
}
|
|
|
|
// Request to list occurrences.
|
|
message ListOccurrencesRequest {
|
|
// The name of the project to list occurrences for in the form of
|
|
// `projects/[PROJECT_ID]`.
|
|
string parent = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Project"
|
|
];
|
|
|
|
// The filter expression.
|
|
string filter = 2;
|
|
|
|
// Number of occurrences to return in the list. Must be positive. Max allowed
|
|
// page size is 1000. If not specified, page size defaults to 20.
|
|
int32 page_size = 3;
|
|
|
|
// Token to provide to skip to a particular spot in the list.
|
|
string page_token = 4;
|
|
}
|
|
|
|
// Response for listing occurrences.
|
|
message ListOccurrencesResponse {
|
|
// The occurrences requested.
|
|
repeated Occurrence occurrences = 1;
|
|
// The next pagination token in the list response. It should be used as
|
|
// `page_token` for the following request. An empty value means no more
|
|
// results.
|
|
string next_page_token = 2;
|
|
}
|
|
|
|
// Request to delete an occurrence.
|
|
message DeleteOccurrenceRequest {
|
|
// The name of the occurrence in the form of
|
|
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Occurrence"
|
|
];
|
|
}
|
|
|
|
// Request to create a new occurrence.
|
|
message CreateOccurrenceRequest {
|
|
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
|
|
// the occurrence is to be created.
|
|
string parent = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Project"
|
|
];
|
|
// The occurrence to create.
|
|
Occurrence occurrence = 2 [(google.api.field_behavior) = REQUIRED];
|
|
}
|
|
|
|
// Request to update an occurrence.
|
|
message UpdateOccurrenceRequest {
|
|
// The name of the occurrence in the form of
|
|
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Occurrence"
|
|
];
|
|
// The updated occurrence.
|
|
Occurrence occurrence = 2 [(google.api.field_behavior) = REQUIRED];
|
|
// The fields to update.
|
|
google.protobuf.FieldMask update_mask = 3;
|
|
}
|
|
|
|
// Request to get a note.
|
|
message GetNoteRequest {
|
|
// The name of the note in the form of
|
|
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Note"
|
|
];
|
|
}
|
|
|
|
// Request to get the note to which the specified occurrence is attached.
|
|
message GetOccurrenceNoteRequest {
|
|
// The name of the occurrence in the form of
|
|
// `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Occurrence"
|
|
];
|
|
}
|
|
|
|
// Request to list notes.
|
|
message ListNotesRequest {
|
|
// The name of the project to list notes for in the form of
|
|
// `projects/[PROJECT_ID]`.
|
|
string parent = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Project"
|
|
];
|
|
|
|
// The filter expression.
|
|
string filter = 2;
|
|
|
|
// Number of notes to return in the list. Must be positive. Max allowed page
|
|
// size is 1000. If not specified, page size defaults to 20.
|
|
int32 page_size = 3;
|
|
|
|
// Token to provide to skip to a particular spot in the list.
|
|
string page_token = 4;
|
|
}
|
|
|
|
// Response for listing notes.
|
|
message ListNotesResponse {
|
|
// The notes requested.
|
|
repeated Note notes = 1;
|
|
// The next pagination token in the list response. It should be used as
|
|
// `page_token` for the following request. An empty value means no more
|
|
// results.
|
|
string next_page_token = 2;
|
|
}
|
|
|
|
// Request to delete a note.
|
|
message DeleteNoteRequest {
|
|
// The name of the note in the form of
|
|
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Note"
|
|
];
|
|
}
|
|
|
|
// Request to create a new note.
|
|
message CreateNoteRequest {
|
|
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
|
|
// the note is to be created.
|
|
string parent = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Project"
|
|
];
|
|
// The ID to use for this note.
|
|
string note_id = 2 [(google.api.field_behavior) = REQUIRED];
|
|
// The note to create.
|
|
Note note = 3 [(google.api.field_behavior) = REQUIRED];
|
|
}
|
|
|
|
// Request to update a note.
|
|
message UpdateNoteRequest {
|
|
// The name of the note in the form of
|
|
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Note"
|
|
];
|
|
// The updated note.
|
|
Note note = 2 [(google.api.field_behavior) = REQUIRED];
|
|
// The fields to update.
|
|
google.protobuf.FieldMask update_mask = 3;
|
|
}
|
|
|
|
// Request to list occurrences for a note.
|
|
message ListNoteOccurrencesRequest {
|
|
// The name of the note to list occurrences for in the form of
|
|
// `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
|
|
string name = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Note"
|
|
];
|
|
// The filter expression.
|
|
string filter = 2;
|
|
// Number of occurrences to return in the list.
|
|
int32 page_size = 3;
|
|
// Token to provide to skip to a particular spot in the list.
|
|
string page_token = 4;
|
|
}
|
|
|
|
// Response for listing occurrences for a note.
|
|
message ListNoteOccurrencesResponse {
|
|
// The occurrences attached to the specified note.
|
|
repeated Occurrence occurrences = 1;
|
|
// Token to provide to skip to a particular spot in the list.
|
|
string next_page_token = 2;
|
|
}
|
|
|
|
// Request to create notes in batch.
|
|
message BatchCreateNotesRequest {
|
|
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
|
|
// the notes are to be created.
|
|
string parent = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Project"
|
|
];
|
|
|
|
// The notes to create. Max allowed length is 1000.
|
|
map<string, Note> notes = 2 [(google.api.field_behavior) = REQUIRED];
|
|
}
|
|
|
|
// Response for creating notes in batch.
|
|
message BatchCreateNotesResponse {
|
|
// The notes that were created.
|
|
repeated Note notes = 1;
|
|
}
|
|
|
|
// Request to create occurrences in batch.
|
|
message BatchCreateOccurrencesRequest {
|
|
// The name of the project in the form of `projects/[PROJECT_ID]`, under which
|
|
// the occurrences are to be created.
|
|
string parent = 1 [
|
|
(google.api.field_behavior) = REQUIRED,
|
|
(google.api.resource_reference).type = "grafeas.io/Project"
|
|
];
|
|
|
|
// The occurrences to create. Max allowed length is 1000.
|
|
repeated Occurrence occurrences = 2 [(google.api.field_behavior) = REQUIRED];
|
|
}
|
|
|
|
// Response for creating occurrences in batch.
|
|
message BatchCreateOccurrencesResponse {
|
|
// The occurrences that were created.
|
|
repeated Occurrence occurrences = 1;
|
|
}
|