OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-20 02:05:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

update API descriptions

Browse Source
This commit is contained in:
Sebastian Thiel
2020-07-10 09:11:32 +08:00
parent b6ee34dcff
commit 69fb05c4e1
271 changed files with 82506 additions and 23249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

232
etc/api/containeranalysis/v1beta1/containeranalysis-api.json
View File

@@ -853,7 +853,7 @@
}
}
},
"revision": "20200327",
"revision": "20200704",
"rootUrl": "https://containeranalysis.googleapis.com/",
"schemas": {
"AliasContext": {
@@ -905,6 +905,29 @@
},
"type": "object"
},
"ArtifactHashes": {
"description": "Defines a hash object for use in Materials and Products.",
"id": "ArtifactHashes",
"properties": {
"sha256": {
"type": "string"
}
},
"type": "object"
},
"ArtifactRule": {
"description": "Defines an object to declare an in-toto artifact rule",
"id": "ArtifactRule",
"properties": {
"artifactRule": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"Attestation": {
"description": "Occurrence that represents a single \"attestation\". The authenticity of an\nattestation can be verified using the attached signature. If the verifier\ntrusts the public key of the signer, then verifying the signature is\nsufficient to establish trust. In this circumstance, the authority to which\nthis attestation is attached is primarily useful for look-up (how to find\nthis attestation if you already know the authority and artifact to be\nverified) and intent (which authority was this attestation intended to sign\nfor).",
"id": "Attestation",
@@ -1007,7 +1030,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1143,6 +1166,19 @@
},
"type": "object"
},
"ByProducts": {
"description": "Defines an object for the byproducts field in in-toto links. The suggested\nfields are \"stderr\", \"stdout\", and \"return-value\".",
"id": "ByProducts",
"properties": {
"customValues": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object"
},
"CVSSv3": {
"description": "Common Vulnerability Scoring System version 3.\nFor details, see https://www.first.org/cvss/specification-document",
"id": "CVSSv3",
@@ -1555,7 +1591,8 @@
"PACKAGE",
"DEPLOYMENT",
"DISCOVERY",
"ATTESTATION"
"ATTESTATION",
"INTOTO"
],
"enumDescriptions": [
"Unknown.",
@@ -1565,7 +1602,8 @@
"This represents a package installed via a package manager.",
"The note and occurrence track deployment events.",
"The note and occurrence track the initial discovery status of a resource.",
"This represents a logical \"role\" that can attest to artifacts."
"This represents a logical \"role\" that can attest to artifacts.",
"This represents an in-toto link."
],
"type": "string"
}
@@ -1619,6 +1657,19 @@
"properties": {},
"type": "object"
},
"Environment": {
"description": "Defines an object for the environment field in in-toto links. The suggested\nfields are \"variables\", \"filesystem\", and \"workdir\".",
"id": "Environment",
"properties": {
"customValues": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
@@ -1779,7 +1830,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1789,7 +1840,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1876,6 +1927,47 @@
},
"type": "object"
},
"GrafeasV1beta1IntotoArtifact": {
"id": "GrafeasV1beta1IntotoArtifact",
"properties": {
"hashes": {
"$ref": "ArtifactHashes"
},
"resourceUri": {
"type": "string"
}
},
"type": "object"
},
"GrafeasV1beta1IntotoDetails": {
"description": "This corresponds to a signed in-toto link - it is made up of one or more\nsignatures and the in-toto link itself. This is used for occurrences of a\nGrafeas in-toto note.",
"id": "GrafeasV1beta1IntotoDetails",
"properties": {
"signatures": {
"items": {
"$ref": "GrafeasV1beta1IntotoSignature"
},
"type": "array"
},
"signed": {
"$ref": "Link"
}
},
"type": "object"
},
"GrafeasV1beta1IntotoSignature": {
"description": "A signature object consists of the KeyID used and the signature itself.",
"id": "GrafeasV1beta1IntotoSignature",
"properties": {
"keyid": {
"type": "string"
},
"sig": {
"type": "string"
}
},
"type": "object"
},
"GrafeasV1beta1PackageDetails": {
"description": "Details of a package occurrence.",
"id": "GrafeasV1beta1PackageDetails",
@@ -2000,6 +2092,49 @@
},
"type": "object"
},
"InToto": {
"description": "This contains the fields corresponding to the definition of a software supply\nchain step in an in-toto layout. This information goes into a Grafeas note.",
"id": "InToto",
"properties": {
"expectedCommand": {
"description": "This field contains the expected command used to perform the step.",
"items": {
"type": "string"
},
"type": "array"
},
"expectedMaterials": {
"description": "The following fields contain in-toto artifact rules identifying the\nartifacts that enter this supply chain step, and exit the supply chain\nstep, i.e. materials and products of the step.",
"items": {
"$ref": "ArtifactRule"
},
"type": "array"
},
"expectedProducts": {
"items": {
"$ref": "ArtifactRule"
},
"type": "array"
},
"signingKeys": {
"description": "This field contains the public keys that can be used to verify the\nsignatures on the step metadata.",
"items": {
"$ref": "SigningKey"
},
"type": "array"
},
"stepName": {
"description": "This field identifies the name of the step in the supply chain.",
"type": "string"
},
"threshold": {
"description": "This field contains a value that indicates the minimum number of keys that\nneed to be used to sign the step's in-toto link.",
"format": "int64",
"type": "string"
}
},
"type": "object"
},
"Installation": {
"description": "This represents how a particular software package may be installed on a\nsystem.",
"id": "Installation",
@@ -2087,6 +2222,42 @@
},
"type": "object"
},
"Link": {
"description": "This corresponds to an in-toto link.",
"id": "Link",
"properties": {
"byproducts": {
"$ref": "ByProducts",
"description": "ByProducts are data generated as part of a software supply chain step, but\nare not the actual result of the step."
},
"command": {
"description": "This field contains the full command executed for the step. This can also\nbe empty if links are generated for operations that aren't directly mapped\nto a specific command. Each term in the command is an independent string\nin the list. An example of a command in the in-toto metadata field is:\n\"command\": [\"git\", \"clone\", \"https://github.com/in-toto/demo-project.git\"]",
"items": {
"type": "string"
},
"type": "array"
},
"environment": {
"$ref": "Environment",
"description": "This is a field that can be used to capture information about the\nenvironment. It is suggested for this field to contain information that\ndetails environment variables, filesystem information, and the present\nworking directory. The recommended structure of this field is:\n\"environment\": {\n \"custom_values\": {\n \"variables\": \"<ENV>\",\n \"filesystem\": \"<FS>\",\n \"workdir\": \"<CWD>\",\n \"<ANY OTHER RELEVANT FIELDS>\": \"...\"\n }\n}"
},
"materials": {
"description": "Materials are the supply chain artifacts that go into the step and are used\nfor the operation performed. The key of the map is the path of the artifact\nand the structure contains the recorded hash information. An example is:\n\"materials\": [\n {\n \"resource_uri\": \"foo/bar\",\n \"hashes\": {\n \"sha256\": \"ebebf...\",\n <OTHER HASH ALGORITHMS>: <HASH VALUE>\n }\n }\n]",
"items": {
"$ref": "GrafeasV1beta1IntotoArtifact"
},
"type": "array"
},
"products": {
"description": "Products are the supply chain artifacts generated as a result of the step.\nThe structure is identical to that of materials.",
"items": {
"$ref": "GrafeasV1beta1IntotoArtifact"
},
"type": "array"
}
},
"type": "object"
},
"ListNoteOccurrencesResponse": {
"description": "Response for listing occurrences for a note.",
"id": "ListNoteOccurrencesResponse",
@@ -2212,6 +2383,10 @@
"format": "google-datetime",
"type": "string"
},
"intoto": {
"$ref": "InToto",
"description": "A note describing an in-toto link."
},
"kind": {
"description": "Output only. The type of analysis. This field can be used as a filter in\nlist requests.",
"enum": [
@@ -2222,7 +2397,8 @@
"PACKAGE",
"DEPLOYMENT",
"DISCOVERY",
"ATTESTATION"
"ATTESTATION",
"INTOTO"
],
"enumDescriptions": [
"Unknown.",
@@ -2232,7 +2408,8 @@
"This represents a package installed via a package manager.",
"The note and occurrence track deployment events.",
"The note and occurrence track the initial discovery status of a resource.",
"This represents a logical \"role\" that can attest to artifacts."
"This represents a logical \"role\" that can attest to artifacts.",
"This represents an in-toto link."
],
"type": "string"
},
@@ -2311,6 +2488,10 @@
"$ref": "GrafeasV1beta1PackageDetails",
"description": "Describes the installation of a package on the linked resource."
},
"intoto": {
"$ref": "GrafeasV1beta1IntotoDetails",
"description": "Describes a specific in-toto link."
},
"kind": {
"description": "Output only. This explicitly denotes which of the occurrence details are\nspecified. This field can be used as a filter in list requests.",
"enum": [
@@ -2321,7 +2502,8 @@
"PACKAGE",
"DEPLOYMENT",
"DISCOVERY",
"ATTESTATION"
"ATTESTATION",
"INTOTO"
],
"enumDescriptions": [
"Unknown.",
@@ -2331,7 +2513,8 @@
"This represents a package installed via a package manager.",
"The note and occurrence track deployment events.",
"The note and occurrence track the initial discovery status of a resource.",
"This represents a logical \"role\" that can attest to artifacts."
"This represents a logical \"role\" that can attest to artifacts.",
"This represents an in-toto link."
],
"type": "string"
},
@@ -2428,7 +2611,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -2444,7 +2627,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2560,7 +2743,7 @@
"id": "Signature",
"properties": {
"publicKeyId": {
"description": "The identifier for the public key that verifies this signature.\n * The `public_key_id` is required.\n * The `public_key_id` MUST be an RFC3986 conformant URI.\n * When possible, the `public_key_id` SHOULD be an immutable reference,\n such as a cryptographic digest.\n\nExamples of valid `public_key_id`s:\n\nOpenPGP V4 public key fingerprint:\n * \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\"\nSee https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more\ndetails on this scheme.\n\nRFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\nserialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n * \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"",
"description": "The identifier for the public key that verifies this signature.\n * The `public_key_id` is required.\n * The `public_key_id` SHOULD be an RFC3986 conformant URI.\n * When possible, the `public_key_id` SHOULD be an immutable reference,\n such as a cryptographic digest.\n\nExamples of valid `public_key_id`s:\n\nOpenPGP V4 public key fingerprint:\n * \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\"\nSee https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more\ndetails on this scheme.\n\nRFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\nserialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n * \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"",
"type": "string"
},
"signature": {
@@ -2571,6 +2754,29 @@
},
"type": "object"
},
"SigningKey": {
"description": "This defines the format used to record keys used in the software supply\nchain. An in-toto link is attested using one or more keys defined in the\nin-toto layout. An example of this is:\n{\n \"key_id\": \"776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...\",\n \"key_type\": \"rsa\",\n \"public_key_value\": \"-----BEGIN PUBLIC KEY-----\\nMIIBojANBgkqhkiG9w0B...\",\n \"key_scheme\": \"rsassa-pss-sha256\"\n}\nThe format for in-toto's key definition can be found in section 4.2 of the\nin-toto specification.",
"id": "SigningKey",
"properties": {
"keyId": {
"description": "key_id is an identifier for the signing key.",
"type": "string"
},
"keyScheme": {
"description": "This field contains the corresponding signature scheme.\nEg: \"rsassa-pss-sha256\".",
"type": "string"
},
"keyType": {
"description": "This field identifies the specific signing method. Eg: \"rsa\", \"ed25519\",\nand \"ecdsa\".",
"type": "string"
},
"publicKeyValue": {
"description": "This field contains the actual public key.",
"type": "string"
}
},
"type": "object"
},
"Source": {
"description": "Source describes the location of the source used for the build.",
"id": "Source",