# Copyright 2015 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module BinaryauthorizationV1 # Binary Authorization API # # The management interface for Binary Authorization, a system providing policy # control for images deployed to Kubernetes Engine clusters. # # @example # require 'google/apis/binaryauthorization_v1' # # Binaryauthorization = Google::Apis::BinaryauthorizationV1 # Alias the module # service = Binaryauthorization::BinaryAuthorizationService.new # # @see https://cloud.google.com/binary-authorization/ class BinaryAuthorizationService < Google::Apis::Core::BaseService # @return [String] # API key. Your API key identifies your project and provides you with API access, # quota, and reports. Required unless you provide an OAuth 2.0 token. attr_accessor :key # @return [String] # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. attr_accessor :quota_user def initialize super('https://binaryauthorization.googleapis.com/', '') @batch_path = 'batch' end # A policy specifies the attestors that must attest to # a container image, before the project is allowed to deploy that # image. There is at most one policy per project. All image admission # requests are permitted if a project has no policy. # Gets the policy for this project. Returns a default # policy if the project does not have one. # @param [String] name # Required. The resource name of the policy to retrieve, # in the format `projects/*/policy`. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_policy(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::BinaryauthorizationV1::Policy::Representation command.response_class = Google::Apis::BinaryauthorizationV1::Policy command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates or updates a project's policy, and returns a copy of the # new policy. A policy is always updated as a whole, to avoid race # conditions with concurrent policy enforcement (or management!) # requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT # if the request is malformed. # @param [String] name # Output only. The resource name, in the format `projects/*/policy`. There is # at most one policy per project. # @param [Google::Apis::BinaryauthorizationV1::Policy] policy_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def update_project_policy(name, policy_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::BinaryauthorizationV1::Policy::Representation command.request_object = policy_object command.response_representation = Google::Apis::BinaryauthorizationV1::Policy::Representation command.response_class = Google::Apis::BinaryauthorizationV1::Policy command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates an attestor, and returns a copy of the new # attestor. Returns NOT_FOUND if the project does not exist, # INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the # attestor already exists. # @param [String] parent # Required. The parent of this attestor. # @param [Google::Apis::BinaryauthorizationV1::Attestor] attestor_object # @param [String] attestor_id # Required. The attestors ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::Attestor] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::Attestor] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_attestor(parent, attestor_object = nil, attestor_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/attestors', options) command.request_representation = Google::Apis::BinaryauthorizationV1::Attestor::Representation command.request_object = attestor_object command.response_representation = Google::Apis::BinaryauthorizationV1::Attestor::Representation command.response_class = Google::Apis::BinaryauthorizationV1::Attestor command.params['parent'] = parent unless parent.nil? command.query['attestorId'] = attestor_id unless attestor_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes an attestor. Returns NOT_FOUND if the # attestor does not exist. # @param [String] name # Required. The name of the attestors to delete, in the format # `projects/*/attestors/*`. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_attestor(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::BinaryauthorizationV1::Empty::Representation command.response_class = Google::Apis::BinaryauthorizationV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an attestor. # Returns NOT_FOUND if the attestor does not exist. # @param [String] name # Required. The name of the attestor to retrieve, in the format # `projects/*/attestors/*`. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::Attestor] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::Attestor] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_attestor(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::BinaryauthorizationV1::Attestor::Representation command.response_class = Google::Apis::BinaryauthorizationV1::Attestor command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the access control policy for a resource. # Returns an empty policy if the resource exists and does not have a policy # set. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. # See the operation documentation for the appropriate value for this field. # @param [Fixnum] options_requested_policy_version # Optional. The policy format version to be returned. # Valid values are 0, 1, and 3. Requests specifying an invalid value will be # rejected. # Requests for policies with any conditional bindings must specify version 3. # Policies without any conditional bindings may specify any valid value or # leave the field unset. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::IamPolicy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::IamPolicy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_attestor_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::BinaryauthorizationV1::IamPolicy::Representation command.response_class = Google::Apis::BinaryauthorizationV1::IamPolicy command.params['resource'] = resource unless resource.nil? command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists attestors. # Returns INVALID_ARGUMENT if the project does not exist. # @param [String] parent # Required. The resource name of the project associated with the # attestors, in the format `projects/*`. # @param [Fixnum] page_size # Requested page size. The server may return fewer results than requested. If # unspecified, the server will pick an appropriate default. # @param [String] page_token # A token identifying a page of results the server should return. Typically, # this is the value of ListAttestorsResponse.next_page_token returned # from the previous call to the `ListAttestors` method. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::ListAttestorsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::ListAttestorsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_attestors(parent, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/attestors', options) command.response_representation = Google::Apis::BinaryauthorizationV1::ListAttestorsResponse::Representation command.response_class = Google::Apis::BinaryauthorizationV1::ListAttestorsResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets the access control policy on the specified resource. Replaces any # existing policy. # Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED # @param [String] resource # REQUIRED: The resource for which the policy is being specified. # See the operation documentation for the appropriate value for this field. # @param [Google::Apis::BinaryauthorizationV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::IamPolicy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::IamPolicy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_attestor_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::BinaryauthorizationV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::BinaryauthorizationV1::IamPolicy::Representation command.response_class = Google::Apis::BinaryauthorizationV1::IamPolicy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns permissions that a caller has on the specified resource. # If the resource does not exist, this will return an empty set of # permissions, not a NOT_FOUND error. # Note: This operation is designed to be used for building permission-aware # UIs and command-line tools, not for authorization checking. This operation # may "fail open" without warning. # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. # See the operation documentation for the appropriate value for this field. # @param [Google::Apis::BinaryauthorizationV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_attestor_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::BinaryauthorizationV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an attestor. # Returns NOT_FOUND if the attestor does not exist. # @param [String] name # Required. The resource name, in the format: # `projects/*/attestors/*`. This field may not be updated. # @param [Google::Apis::BinaryauthorizationV1::Attestor] attestor_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::Attestor] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::Attestor] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def update_project_attestor(name, attestor_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::BinaryauthorizationV1::Attestor::Representation command.request_object = attestor_object command.response_representation = Google::Apis::BinaryauthorizationV1::Attestor::Representation command.response_class = Google::Apis::BinaryauthorizationV1::Attestor command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the access control policy for a resource. # Returns an empty policy if the resource exists and does not have a policy # set. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. # See the operation documentation for the appropriate value for this field. # @param [Fixnum] options_requested_policy_version # Optional. The policy format version to be returned. # Valid values are 0, 1, and 3. Requests specifying an invalid value will be # rejected. # Requests for policies with any conditional bindings must specify version 3. # Policies without any conditional bindings may specify any valid value or # leave the field unset. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::IamPolicy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::IamPolicy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_policy_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::BinaryauthorizationV1::IamPolicy::Representation command.response_class = Google::Apis::BinaryauthorizationV1::IamPolicy command.params['resource'] = resource unless resource.nil? command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets the access control policy on the specified resource. Replaces any # existing policy. # Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED # @param [String] resource # REQUIRED: The resource for which the policy is being specified. # See the operation documentation for the appropriate value for this field. # @param [Google::Apis::BinaryauthorizationV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::IamPolicy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::IamPolicy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::BinaryauthorizationV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::BinaryauthorizationV1::IamPolicy::Representation command.response_class = Google::Apis::BinaryauthorizationV1::IamPolicy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns permissions that a caller has on the specified resource. # If the resource does not exist, this will return an empty set of # permissions, not a NOT_FOUND error. # Note: This operation is designed to be used for building permission-aware # UIs and command-line tools, not for authorization checking. This operation # may "fail open" without warning. # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. # See the operation documentation for the appropriate value for this field. # @param [Google::Apis::BinaryauthorizationV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_policy_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::BinaryauthorizationV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::BinaryauthorizationV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end protected def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end end end end end