1// Copyright 2021 Google LLC. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Code generated file. DO NOT EDIT. 6 7// Package binaryauthorization provides access to the Binary Authorization API. 8// 9// For product documentation, see: https://cloud.google.com/binary-authorization/ 10// 11// Creating a client 12// 13// Usage example: 14// 15// import "google.golang.org/api/binaryauthorization/v1" 16// ... 17// ctx := context.Background() 18// binaryauthorizationService, err := binaryauthorization.NewService(ctx) 19// 20// In this example, Google Application Default Credentials are used for authentication. 21// 22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 23// 24// Other authentication options 25// 26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: 27// 28// binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithAPIKey("AIza...")) 29// 30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: 31// 32// config := &oauth2.Config{...} 33// // ... 34// token, err := config.Exchange(ctx, ...) 35// binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 36// 37// See https://godoc.org/google.golang.org/api/option/ for details on options. 38package binaryauthorization // import "google.golang.org/api/binaryauthorization/v1" 39 40import ( 41 "bytes" 42 "context" 43 "encoding/json" 44 "errors" 45 "fmt" 46 "io" 47 "net/http" 48 "net/url" 49 "strconv" 50 "strings" 51 52 googleapi "google.golang.org/api/googleapi" 53 gensupport "google.golang.org/api/internal/gensupport" 54 option "google.golang.org/api/option" 55 internaloption "google.golang.org/api/option/internaloption" 56 htransport "google.golang.org/api/transport/http" 57) 58 59// Always reference these packages, just in case the auto-generated code 60// below doesn't. 61var _ = bytes.NewBuffer 62var _ = strconv.Itoa 63var _ = fmt.Sprintf 64var _ = json.NewDecoder 65var _ = io.Copy 66var _ = url.Parse 67var _ = gensupport.MarshalJSON 68var _ = googleapi.Version 69var _ = errors.New 70var _ = strings.Replace 71var _ = context.Canceled 72var _ = internaloption.WithDefaultEndpoint 73 74const apiId = "binaryauthorization:v1" 75const apiName = "binaryauthorization" 76const apiVersion = "v1" 77const basePath = "https://binaryauthorization.googleapis.com/" 78const mtlsBasePath = "https://binaryauthorization.mtls.googleapis.com/" 79 80// OAuth2 scopes used by this API. 81const ( 82 // See, edit, configure, and delete your Google Cloud data and see the 83 // email address for your Google Account. 84 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 85) 86 87// NewService creates a new Service. 88func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 89 scopesOption := option.WithScopes( 90 "https://www.googleapis.com/auth/cloud-platform", 91 ) 92 // NOTE: prepend, so we don't override user-specified scopes. 93 opts = append([]option.ClientOption{scopesOption}, opts...) 94 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 95 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 96 client, endpoint, err := htransport.NewClient(ctx, opts...) 97 if err != nil { 98 return nil, err 99 } 100 s, err := New(client) 101 if err != nil { 102 return nil, err 103 } 104 if endpoint != "" { 105 s.BasePath = endpoint 106 } 107 return s, nil 108} 109 110// New creates a new Service. It uses the provided http.Client for requests. 111// 112// Deprecated: please use NewService instead. 113// To provide a custom HTTP client, use option.WithHTTPClient. 114// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 115func New(client *http.Client) (*Service, error) { 116 if client == nil { 117 return nil, errors.New("client is nil") 118 } 119 s := &Service{client: client, BasePath: basePath} 120 s.Projects = NewProjectsService(s) 121 s.Systempolicy = NewSystempolicyService(s) 122 return s, nil 123} 124 125type Service struct { 126 client *http.Client 127 BasePath string // API endpoint base URL 128 UserAgent string // optional additional User-Agent fragment 129 130 Projects *ProjectsService 131 132 Systempolicy *SystempolicyService 133} 134 135func (s *Service) userAgent() string { 136 if s.UserAgent == "" { 137 return googleapi.UserAgent 138 } 139 return googleapi.UserAgent + " " + s.UserAgent 140} 141 142func NewProjectsService(s *Service) *ProjectsService { 143 rs := &ProjectsService{s: s} 144 rs.Attestors = NewProjectsAttestorsService(s) 145 rs.Policy = NewProjectsPolicyService(s) 146 return rs 147} 148 149type ProjectsService struct { 150 s *Service 151 152 Attestors *ProjectsAttestorsService 153 154 Policy *ProjectsPolicyService 155} 156 157func NewProjectsAttestorsService(s *Service) *ProjectsAttestorsService { 158 rs := &ProjectsAttestorsService{s: s} 159 return rs 160} 161 162type ProjectsAttestorsService struct { 163 s *Service 164} 165 166func NewProjectsPolicyService(s *Service) *ProjectsPolicyService { 167 rs := &ProjectsPolicyService{s: s} 168 return rs 169} 170 171type ProjectsPolicyService struct { 172 s *Service 173} 174 175func NewSystempolicyService(s *Service) *SystempolicyService { 176 rs := &SystempolicyService{s: s} 177 return rs 178} 179 180type SystempolicyService struct { 181 s *Service 182} 183 184// AdmissionRule: An admission rule specifies either that all container 185// images used in a pod creation request must be attested to by one or 186// more attestors, that all pod creations will be allowed, or that all 187// pod creations will be denied. Images matching an admission allowlist 188// pattern are exempted from admission rules and will never block a pod 189// creation. 190type AdmissionRule struct { 191 // EnforcementMode: Required. The action when a pod creation is denied 192 // by the admission rule. 193 // 194 // Possible values: 195 // "ENFORCEMENT_MODE_UNSPECIFIED" - Do not use. 196 // "ENFORCED_BLOCK_AND_AUDIT_LOG" - Enforce the admission rule by 197 // blocking the pod creation. 198 // "DRYRUN_AUDIT_LOG_ONLY" - Dryrun mode: Audit logging only. This 199 // will allow the pod creation as if the admission request had specified 200 // break-glass. 201 EnforcementMode string `json:"enforcementMode,omitempty"` 202 203 // EvaluationMode: Required. How this admission rule will be evaluated. 204 // 205 // Possible values: 206 // "EVALUATION_MODE_UNSPECIFIED" - Do not use. 207 // "ALWAYS_ALLOW" - This rule allows all all pod creations. 208 // "REQUIRE_ATTESTATION" - This rule allows a pod creation if all the 209 // attestors listed in 'require_attestations_by' have valid attestations 210 // for all of the images in the pod spec. 211 // "ALWAYS_DENY" - This rule denies all pod creations. 212 EvaluationMode string `json:"evaluationMode,omitempty"` 213 214 // RequireAttestationsBy: Optional. The resource names of the attestors 215 // that must attest to a container image, in the format 216 // `projects/*/attestors/*`. Each attestor must exist before a policy 217 // can reference it. To add an attestor to a policy the principal 218 // issuing the policy change request must be able to read the attestor 219 // resource. Note: this field must be non-empty when the evaluation_mode 220 // field specifies REQUIRE_ATTESTATION, otherwise it must be empty. 221 RequireAttestationsBy []string `json:"requireAttestationsBy,omitempty"` 222 223 // ForceSendFields is a list of field names (e.g. "EnforcementMode") to 224 // unconditionally include in API requests. By default, fields with 225 // empty or default values are omitted from API requests. However, any 226 // non-pointer, non-interface field appearing in ForceSendFields will be 227 // sent to the server regardless of whether the field is empty or not. 228 // This may be used to include empty fields in Patch requests. 229 ForceSendFields []string `json:"-"` 230 231 // NullFields is a list of field names (e.g. "EnforcementMode") to 232 // include in API requests with the JSON null value. By default, fields 233 // with empty values are omitted from API requests. However, any field 234 // with an empty value appearing in NullFields will be sent to the 235 // server as null. It is an error if a field in this list has a 236 // non-empty value. This may be used to include null fields in Patch 237 // requests. 238 NullFields []string `json:"-"` 239} 240 241func (s *AdmissionRule) MarshalJSON() ([]byte, error) { 242 type NoMethod AdmissionRule 243 raw := NoMethod(*s) 244 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 245} 246 247// AdmissionWhitelistPattern: An admission allowlist pattern exempts 248// images from checks by admission rules. 249type AdmissionWhitelistPattern struct { 250 // NamePattern: An image name pattern to allowlist, in the form 251 // `registry/path/to/image`. This supports a trailing `*` wildcard, but 252 // this is allowed only in text after the `registry/` part. This also 253 // supports a trailing `**` wildcard which matches subdirectories of a 254 // given entry. 255 NamePattern string `json:"namePattern,omitempty"` 256 257 // ForceSendFields is a list of field names (e.g. "NamePattern") to 258 // unconditionally include in API requests. By default, fields with 259 // empty or default values are omitted from API requests. However, any 260 // non-pointer, non-interface field appearing in ForceSendFields will be 261 // sent to the server regardless of whether the field is empty or not. 262 // This may be used to include empty fields in Patch requests. 263 ForceSendFields []string `json:"-"` 264 265 // NullFields is a list of field names (e.g. "NamePattern") to include 266 // in API requests with the JSON null value. By default, fields with 267 // empty values are omitted from API requests. However, any field with 268 // an empty value appearing in NullFields will be sent to the server as 269 // null. It is an error if a field in this list has a non-empty value. 270 // This may be used to include null fields in Patch requests. 271 NullFields []string `json:"-"` 272} 273 274func (s *AdmissionWhitelistPattern) MarshalJSON() ([]byte, error) { 275 type NoMethod AdmissionWhitelistPattern 276 raw := NoMethod(*s) 277 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 278} 279 280// AttestationOccurrence: Occurrence that represents a single 281// "attestation". The authenticity of an attestation can be verified 282// using the attached signature. If the verifier trusts the public key 283// of the signer, then verifying the signature is sufficient to 284// establish trust. In this circumstance, the authority to which this 285// attestation is attached is primarily useful for lookup (how to find 286// this attestation if you already know the authority and artifact to be 287// verified) and intent (for which authority this attestation was 288// intended to sign. 289type AttestationOccurrence struct { 290 // Jwts: One or more JWTs encoding a self-contained attestation. Each 291 // JWT encodes the payload that it verifies within the JWT itself. 292 // Verifier implementation SHOULD ignore the `serialized_payload` field 293 // when verifying these JWTs. If only JWTs are present on this 294 // AttestationOccurrence, then the `serialized_payload` SHOULD be left 295 // empty. Each JWT SHOULD encode a claim specific to the `resource_uri` 296 // of this Occurrence, but this is not validated by Grafeas metadata API 297 // implementations. The JWT itself is opaque to Grafeas. 298 Jwts []*Jwt `json:"jwts,omitempty"` 299 300 // SerializedPayload: Required. The serialized payload that is verified 301 // by one or more `signatures`. 302 SerializedPayload string `json:"serializedPayload,omitempty"` 303 304 // Signatures: One or more signatures over `serialized_payload`. 305 // Verifier implementations should consider this attestation message 306 // verified if at least one `signature` verifies `serialized_payload`. 307 // See `Signature` in common.proto for more details on signature 308 // structure and verification. 309 Signatures []*Signature `json:"signatures,omitempty"` 310 311 // ForceSendFields is a list of field names (e.g. "Jwts") to 312 // unconditionally include in API requests. By default, fields with 313 // empty or default values are omitted from API requests. However, any 314 // non-pointer, non-interface field appearing in ForceSendFields will be 315 // sent to the server regardless of whether the field is empty or not. 316 // This may be used to include empty fields in Patch requests. 317 ForceSendFields []string `json:"-"` 318 319 // NullFields is a list of field names (e.g. "Jwts") to include in API 320 // requests with the JSON null value. By default, fields with empty 321 // values are omitted from API requests. However, any field with an 322 // empty value appearing in NullFields will be sent to the server as 323 // null. It is an error if a field in this list has a non-empty value. 324 // This may be used to include null fields in Patch requests. 325 NullFields []string `json:"-"` 326} 327 328func (s *AttestationOccurrence) MarshalJSON() ([]byte, error) { 329 type NoMethod AttestationOccurrence 330 raw := NoMethod(*s) 331 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 332} 333 334// Attestor: An attestor that attests to container image artifacts. An 335// existing attestor cannot be modified except where indicated. 336type Attestor struct { 337 // Description: Optional. A descriptive comment. This field may be 338 // updated. The field may be displayed in chooser dialogs. 339 Description string `json:"description,omitempty"` 340 341 // Name: Required. The resource name, in the format: 342 // `projects/*/attestors/*`. This field may not be updated. 343 Name string `json:"name,omitempty"` 344 345 // UpdateTime: Output only. Time when the attestor was last updated. 346 UpdateTime string `json:"updateTime,omitempty"` 347 348 // UserOwnedGrafeasNote: This specifies how an attestation will be read, 349 // and how it will be used during policy enforcement. 350 UserOwnedGrafeasNote *UserOwnedGrafeasNote `json:"userOwnedGrafeasNote,omitempty"` 351 352 // ServerResponse contains the HTTP response code and headers from the 353 // server. 354 googleapi.ServerResponse `json:"-"` 355 356 // ForceSendFields is a list of field names (e.g. "Description") to 357 // unconditionally include in API requests. By default, fields with 358 // empty or default values are omitted from API requests. However, any 359 // non-pointer, non-interface field appearing in ForceSendFields will be 360 // sent to the server regardless of whether the field is empty or not. 361 // This may be used to include empty fields in Patch requests. 362 ForceSendFields []string `json:"-"` 363 364 // NullFields is a list of field names (e.g. "Description") to include 365 // in API requests with the JSON null value. By default, fields with 366 // empty values are omitted from API requests. However, any field with 367 // an empty value appearing in NullFields will be sent to the server as 368 // null. It is an error if a field in this list has a non-empty value. 369 // This may be used to include null fields in Patch requests. 370 NullFields []string `json:"-"` 371} 372 373func (s *Attestor) MarshalJSON() ([]byte, error) { 374 type NoMethod Attestor 375 raw := NoMethod(*s) 376 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 377} 378 379// AttestorPublicKey: An attestor public key that will be used to verify 380// attestations signed by this attestor. 381type AttestorPublicKey struct { 382 // AsciiArmoredPgpPublicKey: ASCII-armored representation of a PGP 383 // public key, as the entire output by the command `gpg --export --armor 384 // foo@example.com` (either LF or CRLF line endings). When using this 385 // field, `id` should be left blank. The BinAuthz API handlers will 386 // calculate the ID and fill it in automatically. BinAuthz computes this 387 // ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case 388 // hex. If `id` is provided by the caller, it will be overwritten by the 389 // API-calculated ID. 390 AsciiArmoredPgpPublicKey string `json:"asciiArmoredPgpPublicKey,omitempty"` 391 392 // Comment: Optional. A descriptive comment. This field may be updated. 393 Comment string `json:"comment,omitempty"` 394 395 // Id: The ID of this public key. Signatures verified by BinAuthz must 396 // include the ID of the public key that can be used to verify them, and 397 // that ID must match the contents of this field exactly. Additional 398 // restrictions on this field can be imposed based on which public key 399 // type is encapsulated. See the documentation on `public_key` cases 400 // below for details. 401 Id string `json:"id,omitempty"` 402 403 // PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. 404 // NOTE: `id` may be explicitly provided by the caller when using this 405 // type of public key, but it MUST be a valid RFC3986 URI. If `id` is 406 // left blank, a default one will be computed based on the digest of the 407 // DER encoding of the public key. 408 PkixPublicKey *PkixPublicKey `json:"pkixPublicKey,omitempty"` 409 410 // ForceSendFields is a list of field names (e.g. 411 // "AsciiArmoredPgpPublicKey") to unconditionally include in API 412 // requests. By default, fields with empty or default values are omitted 413 // from API requests. However, any non-pointer, non-interface field 414 // appearing in ForceSendFields will be sent to the server regardless of 415 // whether the field is empty or not. This may be used to include empty 416 // fields in Patch requests. 417 ForceSendFields []string `json:"-"` 418 419 // NullFields is a list of field names (e.g. "AsciiArmoredPgpPublicKey") 420 // to include in API requests with the JSON null value. By default, 421 // fields with empty values are omitted from API requests. However, any 422 // field with an empty value appearing in NullFields will be sent to the 423 // server as null. It is an error if a field in this list has a 424 // non-empty value. This may be used to include null fields in Patch 425 // requests. 426 NullFields []string `json:"-"` 427} 428 429func (s *AttestorPublicKey) MarshalJSON() ([]byte, error) { 430 type NoMethod AttestorPublicKey 431 raw := NoMethod(*s) 432 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 433} 434 435// Binding: Associates `members` with a `role`. 436type Binding struct { 437 // Condition: The condition that is associated with this binding. If the 438 // condition evaluates to `true`, then this binding applies to the 439 // current request. If the condition evaluates to `false`, then this 440 // binding does not apply to the current request. However, a different 441 // role binding might grant the same role to one or more of the members 442 // in this binding. To learn which resources support conditions in their 443 // IAM policies, see the IAM documentation 444 // (https://cloud.google.com/iam/help/conditions/resource-policies). 445 Condition *Expr `json:"condition,omitempty"` 446 447 // Members: Specifies the identities requesting access for a Cloud 448 // Platform resource. `members` can have the following values: * 449 // `allUsers`: A special identifier that represents anyone who is on the 450 // internet; with or without a Google account. * 451 // `allAuthenticatedUsers`: A special identifier that represents anyone 452 // who is authenticated with a Google account or a service account. * 453 // `user:{emailid}`: An email address that represents a specific Google 454 // account. For example, `alice@example.com` . * 455 // `serviceAccount:{emailid}`: An email address that represents a 456 // service account. For example, 457 // `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An 458 // email address that represents a Google group. For example, 459 // `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An 460 // email address (plus unique identifier) representing a user that has 461 // been recently deleted. For example, 462 // `alice@example.com?uid=123456789012345678901`. If the user is 463 // recovered, this value reverts to `user:{emailid}` and the recovered 464 // user retains the role in the binding. * 465 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 466 // (plus unique identifier) representing a service account that has been 467 // recently deleted. For example, 468 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. 469 // If the service account is undeleted, this value reverts to 470 // `serviceAccount:{emailid}` and the undeleted service account retains 471 // the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: 472 // An email address (plus unique identifier) representing a Google group 473 // that has been recently deleted. For example, 474 // `admins@example.com?uid=123456789012345678901`. If the group is 475 // recovered, this value reverts to `group:{emailid}` and the recovered 476 // group retains the role in the binding. * `domain:{domain}`: The G 477 // Suite domain (primary) that represents all the users of that domain. 478 // For example, `google.com` or `example.com`. 479 Members []string `json:"members,omitempty"` 480 481 // Role: Role that is assigned to `members`. For example, 482 // `roles/viewer`, `roles/editor`, or `roles/owner`. 483 Role string `json:"role,omitempty"` 484 485 // ForceSendFields is a list of field names (e.g. "Condition") to 486 // unconditionally include in API requests. By default, fields with 487 // empty or default values are omitted from API requests. However, any 488 // non-pointer, non-interface field appearing in ForceSendFields will be 489 // sent to the server regardless of whether the field is empty or not. 490 // This may be used to include empty fields in Patch requests. 491 ForceSendFields []string `json:"-"` 492 493 // NullFields is a list of field names (e.g. "Condition") to include in 494 // API requests with the JSON null value. By default, fields with empty 495 // values are omitted from API requests. However, any field with an 496 // empty value appearing in NullFields will be sent to the server as 497 // null. It is an error if a field in this list has a non-empty value. 498 // This may be used to include null fields in Patch requests. 499 NullFields []string `json:"-"` 500} 501 502func (s *Binding) MarshalJSON() ([]byte, error) { 503 type NoMethod Binding 504 raw := NoMethod(*s) 505 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 506} 507 508// Empty: A generic empty message that you can re-use to avoid defining 509// duplicated empty messages in your APIs. A typical example is to use 510// it as the request or the response type of an API method. For 511// instance: service Foo { rpc Bar(google.protobuf.Empty) returns 512// (google.protobuf.Empty); } The JSON representation for `Empty` is 513// empty JSON object `{}`. 514type Empty struct { 515 // ServerResponse contains the HTTP response code and headers from the 516 // server. 517 googleapi.ServerResponse `json:"-"` 518} 519 520// Expr: Represents a textual expression in the Common Expression 521// Language (CEL) syntax. CEL is a C-like expression language. The 522// syntax and semantics of CEL are documented at 523// https://github.com/google/cel-spec. Example (Comparison): title: 524// "Summary size limit" description: "Determines if a summary is less 525// than 100 chars" expression: "document.summary.size() < 100" Example 526// (Equality): title: "Requestor is owner" description: "Determines if 527// requestor is the document owner" expression: "document.owner == 528// request.auth.claims.email" Example (Logic): title: "Public documents" 529// description: "Determine whether the document should be publicly 530// visible" expression: "document.type != 'private' && document.type != 531// 'internal'" Example (Data Manipulation): title: "Notification string" 532// description: "Create a notification string with a timestamp." 533// expression: "'New message received at ' + 534// string(document.create_time)" The exact variables and functions that 535// may be referenced within an expression are determined by the service 536// that evaluates it. See the service documentation for additional 537// information. 538type Expr struct { 539 // Description: Optional. Description of the expression. This is a 540 // longer text which describes the expression, e.g. when hovered over it 541 // in a UI. 542 Description string `json:"description,omitempty"` 543 544 // Expression: Textual representation of an expression in Common 545 // Expression Language syntax. 546 Expression string `json:"expression,omitempty"` 547 548 // Location: Optional. String indicating the location of the expression 549 // for error reporting, e.g. a file name and a position in the file. 550 Location string `json:"location,omitempty"` 551 552 // Title: Optional. Title for the expression, i.e. a short string 553 // describing its purpose. This can be used e.g. in UIs which allow to 554 // enter the expression. 555 Title string `json:"title,omitempty"` 556 557 // ForceSendFields is a list of field names (e.g. "Description") to 558 // unconditionally include in API requests. By default, fields with 559 // empty or default values are omitted from API requests. However, any 560 // non-pointer, non-interface field appearing in ForceSendFields will be 561 // sent to the server regardless of whether the field is empty or not. 562 // This may be used to include empty fields in Patch requests. 563 ForceSendFields []string `json:"-"` 564 565 // NullFields is a list of field names (e.g. "Description") to include 566 // in API requests with the JSON null value. By default, fields with 567 // empty values are omitted from API requests. However, any field with 568 // an empty value appearing in NullFields will be sent to the server as 569 // null. It is an error if a field in this list has a non-empty value. 570 // This may be used to include null fields in Patch requests. 571 NullFields []string `json:"-"` 572} 573 574func (s *Expr) MarshalJSON() ([]byte, error) { 575 type NoMethod Expr 576 raw := NoMethod(*s) 577 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 578} 579 580// IamPolicy: An Identity and Access Management (IAM) policy, which 581// specifies access controls for Google Cloud resources. A `Policy` is a 582// collection of `bindings`. A `binding` binds one or more `members` to 583// a single `role`. Members can be user accounts, service accounts, 584// Google groups, and domains (such as G Suite). A `role` is a named 585// list of permissions; each `role` can be an IAM predefined role or a 586// user-created custom role. For some types of Google Cloud resources, a 587// `binding` can also specify a `condition`, which is a logical 588// expression that allows access to a resource only if the expression 589// evaluates to `true`. A condition can add constraints based on 590// attributes of the request, the resource, or both. To learn which 591// resources support conditions in their IAM policies, see the IAM 592// documentation 593// (https://cloud.google.com/iam/help/conditions/resource-policies). 594// **JSON example:** { "bindings": [ { "role": 595// "roles/resourcemanager.organizationAdmin", "members": [ 596// "user:mike@example.com", "group:admins@example.com", 597// "domain:google.com", 598// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { 599// "role": "roles/resourcemanager.organizationViewer", "members": [ 600// "user:eve@example.com" ], "condition": { "title": "expirable access", 601// "description": "Does not grant access after Sep 2020", "expression": 602// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], 603// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - 604// members: - user:mike@example.com - group:admins@example.com - 605// domain:google.com - 606// serviceAccount:my-project-id@appspot.gserviceaccount.com role: 607// roles/resourcemanager.organizationAdmin - members: - 608// user:eve@example.com role: roles/resourcemanager.organizationViewer 609// condition: title: expirable access description: Does not grant access 610// after Sep 2020 expression: request.time < 611// timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 612// For a description of IAM and its features, see the IAM documentation 613// (https://cloud.google.com/iam/docs/). 614type IamPolicy struct { 615 // Bindings: Associates a list of `members` to a `role`. Optionally, may 616 // specify a `condition` that determines how and when the `bindings` are 617 // applied. Each of the `bindings` must contain at least one member. 618 Bindings []*Binding `json:"bindings,omitempty"` 619 620 // Etag: `etag` is used for optimistic concurrency control as a way to 621 // help prevent simultaneous updates of a policy from overwriting each 622 // other. It is strongly suggested that systems make use of the `etag` 623 // in the read-modify-write cycle to perform policy updates in order to 624 // avoid race conditions: An `etag` is returned in the response to 625 // `getIamPolicy`, and systems are expected to put that etag in the 626 // request to `setIamPolicy` to ensure that their change will be applied 627 // to the same version of the policy. **Important:** If you use IAM 628 // Conditions, you must include the `etag` field whenever you call 629 // `setIamPolicy`. If you omit this field, then IAM allows you to 630 // overwrite a version `3` policy with a version `1` policy, and all of 631 // the conditions in the version `3` policy are lost. 632 Etag string `json:"etag,omitempty"` 633 634 // Version: Specifies the format of the policy. Valid values are `0`, 635 // `1`, and `3`. Requests that specify an invalid value are rejected. 636 // Any operation that affects conditional role bindings must specify 637 // version `3`. This requirement applies to the following operations: * 638 // Getting a policy that includes a conditional role binding * Adding a 639 // conditional role binding to a policy * Changing a conditional role 640 // binding in a policy * Removing any role binding, with or without a 641 // condition, from a policy that includes conditions **Important:** If 642 // you use IAM Conditions, you must include the `etag` field whenever 643 // you call `setIamPolicy`. If you omit this field, then IAM allows you 644 // to overwrite a version `3` policy with a version `1` policy, and all 645 // of the conditions in the version `3` policy are lost. If a policy 646 // does not include any conditions, operations on that policy may 647 // specify any valid version or leave the field unset. To learn which 648 // resources support conditions in their IAM policies, see the IAM 649 // documentation 650 // (https://cloud.google.com/iam/help/conditions/resource-policies). 651 Version int64 `json:"version,omitempty"` 652 653 // ServerResponse contains the HTTP response code and headers from the 654 // server. 655 googleapi.ServerResponse `json:"-"` 656 657 // ForceSendFields is a list of field names (e.g. "Bindings") to 658 // unconditionally include in API requests. By default, fields with 659 // empty or default values are omitted from API requests. However, any 660 // non-pointer, non-interface field appearing in ForceSendFields will be 661 // sent to the server regardless of whether the field is empty or not. 662 // This may be used to include empty fields in Patch requests. 663 ForceSendFields []string `json:"-"` 664 665 // NullFields is a list of field names (e.g. "Bindings") to include in 666 // API requests with the JSON null value. By default, fields with empty 667 // values are omitted from API requests. However, any field with an 668 // empty value appearing in NullFields will be sent to the server as 669 // null. It is an error if a field in this list has a non-empty value. 670 // This may be used to include null fields in Patch requests. 671 NullFields []string `json:"-"` 672} 673 674func (s *IamPolicy) MarshalJSON() ([]byte, error) { 675 type NoMethod IamPolicy 676 raw := NoMethod(*s) 677 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 678} 679 680type Jwt struct { 681 // CompactJwt: The compact encoding of a JWS, which is always three 682 // base64 encoded strings joined by periods. For details, see: 683 // https://tools.ietf.org/html/rfc7515.html#section-3.1 684 CompactJwt string `json:"compactJwt,omitempty"` 685 686 // ForceSendFields is a list of field names (e.g. "CompactJwt") to 687 // unconditionally include in API requests. By default, fields with 688 // empty or default values are omitted from API requests. However, any 689 // non-pointer, non-interface field appearing in ForceSendFields will be 690 // sent to the server regardless of whether the field is empty or not. 691 // This may be used to include empty fields in Patch requests. 692 ForceSendFields []string `json:"-"` 693 694 // NullFields is a list of field names (e.g. "CompactJwt") to include in 695 // API requests with the JSON null value. By default, fields with empty 696 // values are omitted from API requests. However, any field with an 697 // empty value appearing in NullFields will be sent to the server as 698 // null. It is an error if a field in this list has a non-empty value. 699 // This may be used to include null fields in Patch requests. 700 NullFields []string `json:"-"` 701} 702 703func (s *Jwt) MarshalJSON() ([]byte, error) { 704 type NoMethod Jwt 705 raw := NoMethod(*s) 706 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 707} 708 709// ListAttestorsResponse: Response message for 710// BinauthzManagementService.ListAttestors. 711type ListAttestorsResponse struct { 712 // Attestors: The list of attestors. 713 Attestors []*Attestor `json:"attestors,omitempty"` 714 715 // NextPageToken: A token to retrieve the next page of results. Pass 716 // this value in the ListAttestorsRequest.page_token field in the 717 // subsequent call to the `ListAttestors` method to retrieve the next 718 // page of results. 719 NextPageToken string `json:"nextPageToken,omitempty"` 720 721 // ServerResponse contains the HTTP response code and headers from the 722 // server. 723 googleapi.ServerResponse `json:"-"` 724 725 // ForceSendFields is a list of field names (e.g. "Attestors") to 726 // unconditionally include in API requests. By default, fields with 727 // empty or default values are omitted from API requests. However, any 728 // non-pointer, non-interface field appearing in ForceSendFields will be 729 // sent to the server regardless of whether the field is empty or not. 730 // This may be used to include empty fields in Patch requests. 731 ForceSendFields []string `json:"-"` 732 733 // NullFields is a list of field names (e.g. "Attestors") to include in 734 // API requests with the JSON null value. By default, fields with empty 735 // values are omitted from API requests. However, any field with an 736 // empty value appearing in NullFields will be sent to the server as 737 // null. It is an error if a field in this list has a non-empty value. 738 // This may be used to include null fields in Patch requests. 739 NullFields []string `json:"-"` 740} 741 742func (s *ListAttestorsResponse) MarshalJSON() ([]byte, error) { 743 type NoMethod ListAttestorsResponse 744 raw := NoMethod(*s) 745 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 746} 747 748// PkixPublicKey: A public key in the PkixPublicKey format (see 749// https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). 750// Public keys of this type are typically textually encoded using the 751// PEM format. 752type PkixPublicKey struct { 753 // PublicKeyPem: A PEM-encoded public key, as described in 754 // https://tools.ietf.org/html/rfc7468#section-13 755 PublicKeyPem string `json:"publicKeyPem,omitempty"` 756 757 // SignatureAlgorithm: The signature algorithm used to verify a message 758 // against a signature using this key. These signature algorithm must 759 // match the structure and any object identifiers encoded in 760 // `public_key_pem` (i.e. this algorithm must match that of the public 761 // key). 762 // 763 // Possible values: 764 // "SIGNATURE_ALGORITHM_UNSPECIFIED" - Not specified. 765 // "RSA_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 766 // digest. 767 // "RSA_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 768 // digest. 769 // "RSA_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 770 // digest. 771 // "RSA_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 772 // digest. 773 // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit 774 // key and a SHA256 digest. 775 // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit 776 // key and a SHA256 digest. 777 // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit 778 // key and a SHA256 digest. 779 // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit 780 // key and a SHA512 digest. 781 // "ECDSA_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 782 // digest. 783 // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 784 // digest. 785 // "ECDSA_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 786 // digest. 787 // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 788 // digest. 789 // "ECDSA_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 790 // digest. 791 // "EC_SIGN_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 792 // digest. 793 SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"` 794 795 // ForceSendFields is a list of field names (e.g. "PublicKeyPem") to 796 // unconditionally include in API requests. By default, fields with 797 // empty or default values are omitted from API requests. However, any 798 // non-pointer, non-interface field appearing in ForceSendFields will be 799 // sent to the server regardless of whether the field is empty or not. 800 // This may be used to include empty fields in Patch requests. 801 ForceSendFields []string `json:"-"` 802 803 // NullFields is a list of field names (e.g. "PublicKeyPem") to include 804 // in API requests with the JSON null value. By default, fields with 805 // empty values are omitted from API requests. However, any field with 806 // an empty value appearing in NullFields will be sent to the server as 807 // null. It is an error if a field in this list has a non-empty value. 808 // This may be used to include null fields in Patch requests. 809 NullFields []string `json:"-"` 810} 811 812func (s *PkixPublicKey) MarshalJSON() ([]byte, error) { 813 type NoMethod PkixPublicKey 814 raw := NoMethod(*s) 815 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 816} 817 818// Policy: A policy for container image binary authorization. 819type Policy struct { 820 // AdmissionWhitelistPatterns: Optional. Admission policy allowlisting. 821 // A matching admission request will always be permitted. This feature 822 // is typically used to exclude Google or third-party infrastructure 823 // images from Binary Authorization policies. 824 AdmissionWhitelistPatterns []*AdmissionWhitelistPattern `json:"admissionWhitelistPatterns,omitempty"` 825 826 // ClusterAdmissionRules: Optional. Per-cluster admission rules. Cluster 827 // spec format: `location.clusterId`. There can be at most one admission 828 // rule per cluster spec. A `location` is either a compute zone (e.g. 829 // us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax 830 // restrictions see 831 // https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. 832 ClusterAdmissionRules map[string]AdmissionRule `json:"clusterAdmissionRules,omitempty"` 833 834 // DefaultAdmissionRule: Required. Default admission rule for a cluster 835 // without a per-cluster, per- kubernetes-service-account, or 836 // per-istio-service-identity admission rule. 837 DefaultAdmissionRule *AdmissionRule `json:"defaultAdmissionRule,omitempty"` 838 839 // Description: Optional. A descriptive comment. 840 Description string `json:"description,omitempty"` 841 842 // GlobalPolicyEvaluationMode: Optional. Controls the evaluation of a 843 // Google-maintained global admission policy for common system-level 844 // images. Images not covered by the global policy will be subject to 845 // the project admission policy. This setting has no effect when 846 // specified inside a global admission policy. 847 // 848 // Possible values: 849 // "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED" - Not specified: 850 // DISABLE is assumed. 851 // "ENABLE" - Enables system policy evaluation. 852 // "DISABLE" - Disables system policy evaluation. 853 GlobalPolicyEvaluationMode string `json:"globalPolicyEvaluationMode,omitempty"` 854 855 // IstioServiceIdentityAdmissionRules: Optional. 856 // Per-istio-service-identity admission rules. Istio service identity 857 // spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. 858 // spiffe://example.com/ns/test-ns/sa/default 859 IstioServiceIdentityAdmissionRules map[string]AdmissionRule `json:"istioServiceIdentityAdmissionRules,omitempty"` 860 861 // KubernetesNamespaceAdmissionRules: Optional. Per-kubernetes-namespace 862 // admission rules. K8s namespace spec format: [a-z.-]+, e.g. 863 // 'some-namespace' 864 KubernetesNamespaceAdmissionRules map[string]AdmissionRule `json:"kubernetesNamespaceAdmissionRules,omitempty"` 865 866 // KubernetesServiceAccountAdmissionRules: Optional. 867 // Per-kubernetes-service-account admission rules. Service account spec 868 // format: `namespace:serviceaccount`. e.g. 'test-ns:default' 869 KubernetesServiceAccountAdmissionRules map[string]AdmissionRule `json:"kubernetesServiceAccountAdmissionRules,omitempty"` 870 871 // Name: Output only. The resource name, in the format 872 // `projects/*/policy`. There is at most one policy per project. 873 Name string `json:"name,omitempty"` 874 875 // UpdateTime: Output only. Time when the policy was last updated. 876 UpdateTime string `json:"updateTime,omitempty"` 877 878 // ServerResponse contains the HTTP response code and headers from the 879 // server. 880 googleapi.ServerResponse `json:"-"` 881 882 // ForceSendFields is a list of field names (e.g. 883 // "AdmissionWhitelistPatterns") to unconditionally include in API 884 // requests. By default, fields with empty or default values are omitted 885 // from API requests. However, any non-pointer, non-interface field 886 // appearing in ForceSendFields will be sent to the server regardless of 887 // whether the field is empty or not. This may be used to include empty 888 // fields in Patch requests. 889 ForceSendFields []string `json:"-"` 890 891 // NullFields is a list of field names (e.g. 892 // "AdmissionWhitelistPatterns") to include in API requests with the 893 // JSON null value. By default, fields with empty values are omitted 894 // from API requests. However, any field with an empty value appearing 895 // in NullFields will be sent to the server as null. It is an error if a 896 // field in this list has a non-empty value. This may be used to include 897 // null fields in Patch requests. 898 NullFields []string `json:"-"` 899} 900 901func (s *Policy) MarshalJSON() ([]byte, error) { 902 type NoMethod Policy 903 raw := NoMethod(*s) 904 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 905} 906 907// SetIamPolicyRequest: Request message for `SetIamPolicy` method. 908type SetIamPolicyRequest struct { 909 // Policy: REQUIRED: The complete policy to be applied to the 910 // `resource`. The size of the policy is limited to a few 10s of KB. An 911 // empty policy is a valid policy but certain Cloud Platform services 912 // (such as Projects) might reject them. 913 Policy *IamPolicy `json:"policy,omitempty"` 914 915 // ForceSendFields is a list of field names (e.g. "Policy") to 916 // unconditionally include in API requests. By default, fields with 917 // empty or default values are omitted from API requests. However, any 918 // non-pointer, non-interface field appearing in ForceSendFields will be 919 // sent to the server regardless of whether the field is empty or not. 920 // This may be used to include empty fields in Patch requests. 921 ForceSendFields []string `json:"-"` 922 923 // NullFields is a list of field names (e.g. "Policy") to include in API 924 // requests with the JSON null value. By default, fields with empty 925 // values are omitted from API requests. However, any field with an 926 // empty value appearing in NullFields will be sent to the server as 927 // null. It is an error if a field in this list has a non-empty value. 928 // This may be used to include null fields in Patch requests. 929 NullFields []string `json:"-"` 930} 931 932func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { 933 type NoMethod SetIamPolicyRequest 934 raw := NoMethod(*s) 935 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 936} 937 938// Signature: Verifiers (e.g. Kritis implementations) MUST verify 939// signatures with respect to the trust anchors defined in policy (e.g. 940// a Kritis policy). Typically this means that the verifier has been 941// configured with a map from `public_key_id` to public key material 942// (and any required parameters, e.g. signing algorithm). In particular, 943// verification implementations MUST NOT treat the signature 944// `public_key_id` as anything more than a key lookup hint. The 945// `public_key_id` DOES NOT validate or authenticate a public key; it 946// only provides a mechanism for quickly selecting a public key ALREADY 947// CONFIGURED on the verifier through a trusted channel. Verification 948// implementations MUST reject signatures in any of the following 949// circumstances: * The `public_key_id` is not recognized by the 950// verifier. * The public key that `public_key_id` refers to does not 951// verify the signature with respect to the payload. The `signature` 952// contents SHOULD NOT be "attached" (where the payload is included with 953// the serialized `signature` bytes). Verifiers MUST ignore any 954// "attached" payload and only verify signatures with respect to 955// explicitly provided payload (e.g. a `payload` field on the proto 956// message that holds this Signature, or the canonical serialization of 957// the proto message that holds this signature). 958type Signature struct { 959 // PublicKeyId: The identifier for the public key that verifies this 960 // signature. * The `public_key_id` is required. * The `public_key_id` 961 // SHOULD be an RFC3986 conformant URI. * When possible, the 962 // `public_key_id` SHOULD be an immutable reference, such as a 963 // cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 964 // public key fingerprint: * 965 // "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See 966 // https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for 967 // more details on this scheme. RFC6920 digest-named 968 // SubjectPublicKeyInfo (digest of the DER serialization): * 969 // "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * 970 // "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95 971 // a1271589a5" 972 PublicKeyId string `json:"publicKeyId,omitempty"` 973 974 // Signature: The content of the signature, an opaque bytestring. The 975 // payload that this signature verifies MUST be unambiguously provided 976 // with the Signature during verification. A wrapper message might 977 // provide the payload explicitly. Alternatively, a message might have a 978 // canonical serialization that can always be unambiguously computed to 979 // derive the payload. 980 Signature string `json:"signature,omitempty"` 981 982 // ForceSendFields is a list of field names (e.g. "PublicKeyId") to 983 // unconditionally include in API requests. By default, fields with 984 // empty or default values are omitted from API requests. However, any 985 // non-pointer, non-interface field appearing in ForceSendFields will be 986 // sent to the server regardless of whether the field is empty or not. 987 // This may be used to include empty fields in Patch requests. 988 ForceSendFields []string `json:"-"` 989 990 // NullFields is a list of field names (e.g. "PublicKeyId") to include 991 // in API requests with the JSON null value. By default, fields with 992 // empty values are omitted from API requests. However, any field with 993 // an empty value appearing in NullFields will be sent to the server as 994 // null. It is an error if a field in this list has a non-empty value. 995 // This may be used to include null fields in Patch requests. 996 NullFields []string `json:"-"` 997} 998 999func (s *Signature) MarshalJSON() ([]byte, error) { 1000 type NoMethod Signature 1001 raw := NoMethod(*s) 1002 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1003} 1004 1005// TestIamPermissionsRequest: Request message for `TestIamPermissions` 1006// method. 1007type TestIamPermissionsRequest struct { 1008 // Permissions: The set of permissions to check for the `resource`. 1009 // Permissions with wildcards (such as '*' or 'storage.*') are not 1010 // allowed. For more information see IAM Overview 1011 // (https://cloud.google.com/iam/docs/overview#permissions). 1012 Permissions []string `json:"permissions,omitempty"` 1013 1014 // ForceSendFields is a list of field names (e.g. "Permissions") to 1015 // unconditionally include in API requests. By default, fields with 1016 // empty or default values are omitted from API requests. However, any 1017 // non-pointer, non-interface field appearing in ForceSendFields will be 1018 // sent to the server regardless of whether the field is empty or not. 1019 // This may be used to include empty fields in Patch requests. 1020 ForceSendFields []string `json:"-"` 1021 1022 // NullFields is a list of field names (e.g. "Permissions") to include 1023 // in API requests with the JSON null value. By default, fields with 1024 // empty values are omitted from API requests. However, any field with 1025 // an empty value appearing in NullFields will be sent to the server as 1026 // null. It is an error if a field in this list has a non-empty value. 1027 // This may be used to include null fields in Patch requests. 1028 NullFields []string `json:"-"` 1029} 1030 1031func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { 1032 type NoMethod TestIamPermissionsRequest 1033 raw := NoMethod(*s) 1034 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1035} 1036 1037// TestIamPermissionsResponse: Response message for `TestIamPermissions` 1038// method. 1039type TestIamPermissionsResponse struct { 1040 // Permissions: A subset of `TestPermissionsRequest.permissions` that 1041 // the caller is allowed. 1042 Permissions []string `json:"permissions,omitempty"` 1043 1044 // ServerResponse contains the HTTP response code and headers from the 1045 // server. 1046 googleapi.ServerResponse `json:"-"` 1047 1048 // ForceSendFields is a list of field names (e.g. "Permissions") to 1049 // unconditionally include in API requests. By default, fields with 1050 // empty or default values are omitted from API requests. However, any 1051 // non-pointer, non-interface field appearing in ForceSendFields will be 1052 // sent to the server regardless of whether the field is empty or not. 1053 // This may be used to include empty fields in Patch requests. 1054 ForceSendFields []string `json:"-"` 1055 1056 // NullFields is a list of field names (e.g. "Permissions") to include 1057 // in API requests with the JSON null value. By default, fields with 1058 // empty values are omitted from API requests. However, any field with 1059 // an empty value appearing in NullFields will be sent to the server as 1060 // null. It is an error if a field in this list has a non-empty value. 1061 // This may be used to include null fields in Patch requests. 1062 NullFields []string `json:"-"` 1063} 1064 1065func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { 1066 type NoMethod TestIamPermissionsResponse 1067 raw := NoMethod(*s) 1068 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1069} 1070 1071// UserOwnedGrafeasNote: An user owned Grafeas note references a Grafeas 1072// Attestation.Authority Note created by the user. 1073type UserOwnedGrafeasNote struct { 1074 // DelegationServiceAccountEmail: Output only. This field will contain 1075 // the service account email address that this Attestor will use as the 1076 // principal when querying Container Analysis. Attestor administrators 1077 // must grant this service account the IAM role needed to read 1078 // attestations from the note_reference in Container Analysis 1079 // (`containeranalysis.notes.occurrences.viewer`). This email address is 1080 // fixed for the lifetime of the Attestor, but callers should not make 1081 // any other assumptions about the service account email; future 1082 // versions may use an email based on a different naming pattern. 1083 DelegationServiceAccountEmail string `json:"delegationServiceAccountEmail,omitempty"` 1084 1085 // NoteReference: Required. The Grafeas resource name of a 1086 // Attestation.Authority Note, created by the user, in the format: 1087 // `projects/*/notes/*`. This field may not be updated. An attestation 1088 // by this attestor is stored as a Grafeas Attestation.Authority 1089 // Occurrence that names a container image and that links to this Note. 1090 // Grafeas is an external dependency. 1091 NoteReference string `json:"noteReference,omitempty"` 1092 1093 // PublicKeys: Optional. Public keys that verify attestations signed by 1094 // this attestor. This field may be updated. If this field is non-empty, 1095 // one of the specified public keys must verify that an attestation was 1096 // signed by this attestor for the image specified in the admission 1097 // request. If this field is empty, this attestor always returns that no 1098 // valid attestations exist. 1099 PublicKeys []*AttestorPublicKey `json:"publicKeys,omitempty"` 1100 1101 // ForceSendFields is a list of field names (e.g. 1102 // "DelegationServiceAccountEmail") to unconditionally include in API 1103 // requests. By default, fields with empty or default values are omitted 1104 // from API requests. However, any non-pointer, non-interface field 1105 // appearing in ForceSendFields will be sent to the server regardless of 1106 // whether the field is empty or not. This may be used to include empty 1107 // fields in Patch requests. 1108 ForceSendFields []string `json:"-"` 1109 1110 // NullFields is a list of field names (e.g. 1111 // "DelegationServiceAccountEmail") to include in API requests with the 1112 // JSON null value. By default, fields with empty values are omitted 1113 // from API requests. However, any field with an empty value appearing 1114 // in NullFields will be sent to the server as null. It is an error if a 1115 // field in this list has a non-empty value. This may be used to include 1116 // null fields in Patch requests. 1117 NullFields []string `json:"-"` 1118} 1119 1120func (s *UserOwnedGrafeasNote) MarshalJSON() ([]byte, error) { 1121 type NoMethod UserOwnedGrafeasNote 1122 raw := NoMethod(*s) 1123 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1124} 1125 1126// ValidateAttestationOccurrenceRequest: Request message for 1127// ValidationHelperV1.ValidateAttestationOccurrence. 1128type ValidateAttestationOccurrenceRequest struct { 1129 // Attestation: Required. An AttestationOccurrence to be checked that it 1130 // can be verified by the Attestor. It does not have to be an existing 1131 // entity in Container Analysis. It must otherwise be a valid 1132 // AttestationOccurrence. 1133 Attestation *AttestationOccurrence `json:"attestation,omitempty"` 1134 1135 // OccurrenceNote: Required. The resource name of the Note to which the 1136 // containing Occurrence is associated. 1137 OccurrenceNote string `json:"occurrenceNote,omitempty"` 1138 1139 // OccurrenceResourceUri: Required. The URI of the artifact (e.g. 1140 // container image) that is the subject of the containing Occurrence. 1141 OccurrenceResourceUri string `json:"occurrenceResourceUri,omitempty"` 1142 1143 // ForceSendFields is a list of field names (e.g. "Attestation") to 1144 // unconditionally include in API requests. By default, fields with 1145 // empty or default values are omitted from API requests. However, any 1146 // non-pointer, non-interface field appearing in ForceSendFields will be 1147 // sent to the server regardless of whether the field is empty or not. 1148 // This may be used to include empty fields in Patch requests. 1149 ForceSendFields []string `json:"-"` 1150 1151 // NullFields is a list of field names (e.g. "Attestation") to include 1152 // in API requests with the JSON null value. By default, fields with 1153 // empty values are omitted from API requests. However, any field with 1154 // an empty value appearing in NullFields will be sent to the server as 1155 // null. It is an error if a field in this list has a non-empty value. 1156 // This may be used to include null fields in Patch requests. 1157 NullFields []string `json:"-"` 1158} 1159 1160func (s *ValidateAttestationOccurrenceRequest) MarshalJSON() ([]byte, error) { 1161 type NoMethod ValidateAttestationOccurrenceRequest 1162 raw := NoMethod(*s) 1163 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1164} 1165 1166// ValidateAttestationOccurrenceResponse: Response message for 1167// ValidationHelperV1.ValidateAttestationOccurrence. 1168type ValidateAttestationOccurrenceResponse struct { 1169 // DenialReason: The reason for denial if the Attestation couldn't be 1170 // validated. 1171 DenialReason string `json:"denialReason,omitempty"` 1172 1173 // Result: The result of the Attestation validation. 1174 // 1175 // Possible values: 1176 // "RESULT_UNSPECIFIED" - Unspecified. 1177 // "VERIFIED" - The Attestation was able to verified by the Attestor. 1178 // "ATTESTATION_NOT_VERIFIABLE" - The Attestation was not able to 1179 // verified by the Attestor. 1180 Result string `json:"result,omitempty"` 1181 1182 // ServerResponse contains the HTTP response code and headers from the 1183 // server. 1184 googleapi.ServerResponse `json:"-"` 1185 1186 // ForceSendFields is a list of field names (e.g. "DenialReason") to 1187 // unconditionally include in API requests. By default, fields with 1188 // empty or default values are omitted from API requests. However, any 1189 // non-pointer, non-interface field appearing in ForceSendFields will be 1190 // sent to the server regardless of whether the field is empty or not. 1191 // This may be used to include empty fields in Patch requests. 1192 ForceSendFields []string `json:"-"` 1193 1194 // NullFields is a list of field names (e.g. "DenialReason") to include 1195 // in API requests with the JSON null value. By default, fields with 1196 // empty values are omitted from API requests. However, any field with 1197 // an empty value appearing in NullFields will be sent to the server as 1198 // null. It is an error if a field in this list has a non-empty value. 1199 // This may be used to include null fields in Patch requests. 1200 NullFields []string `json:"-"` 1201} 1202 1203func (s *ValidateAttestationOccurrenceResponse) MarshalJSON() ([]byte, error) { 1204 type NoMethod ValidateAttestationOccurrenceResponse 1205 raw := NoMethod(*s) 1206 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1207} 1208 1209// method id "binaryauthorization.projects.getPolicy": 1210 1211type ProjectsGetPolicyCall struct { 1212 s *Service 1213 name string 1214 urlParams_ gensupport.URLParams 1215 ifNoneMatch_ string 1216 ctx_ context.Context 1217 header_ http.Header 1218} 1219 1220// GetPolicy: A policy specifies the attestors that must attest to a 1221// container image, before the project is allowed to deploy that image. 1222// There is at most one policy per project. All image admission requests 1223// are permitted if a project has no policy. Gets the policy for this 1224// project. Returns a default policy if the project does not have one. 1225// 1226// - name: The resource name of the policy to retrieve, in the format 1227// `projects/*/policy`. 1228func (r *ProjectsService) GetPolicy(name string) *ProjectsGetPolicyCall { 1229 c := &ProjectsGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1230 c.name = name 1231 return c 1232} 1233 1234// Fields allows partial responses to be retrieved. See 1235// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1236// for more information. 1237func (c *ProjectsGetPolicyCall) Fields(s ...googleapi.Field) *ProjectsGetPolicyCall { 1238 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1239 return c 1240} 1241 1242// IfNoneMatch sets the optional parameter which makes the operation 1243// fail if the object's ETag matches the given value. This is useful for 1244// getting updates only after the object has changed since the last 1245// request. Use googleapi.IsNotModified to check whether the response 1246// error from Do is the result of In-None-Match. 1247func (c *ProjectsGetPolicyCall) IfNoneMatch(entityTag string) *ProjectsGetPolicyCall { 1248 c.ifNoneMatch_ = entityTag 1249 return c 1250} 1251 1252// Context sets the context to be used in this call's Do method. Any 1253// pending HTTP request will be aborted if the provided context is 1254// canceled. 1255func (c *ProjectsGetPolicyCall) Context(ctx context.Context) *ProjectsGetPolicyCall { 1256 c.ctx_ = ctx 1257 return c 1258} 1259 1260// Header returns an http.Header that can be modified by the caller to 1261// add HTTP headers to the request. 1262func (c *ProjectsGetPolicyCall) Header() http.Header { 1263 if c.header_ == nil { 1264 c.header_ = make(http.Header) 1265 } 1266 return c.header_ 1267} 1268 1269func (c *ProjectsGetPolicyCall) doRequest(alt string) (*http.Response, error) { 1270 reqHeaders := make(http.Header) 1271 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 1272 for k, v := range c.header_ { 1273 reqHeaders[k] = v 1274 } 1275 reqHeaders.Set("User-Agent", c.s.userAgent()) 1276 if c.ifNoneMatch_ != "" { 1277 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1278 } 1279 var body io.Reader = nil 1280 c.urlParams_.Set("alt", alt) 1281 c.urlParams_.Set("prettyPrint", "false") 1282 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1283 urls += "?" + c.urlParams_.Encode() 1284 req, err := http.NewRequest("GET", urls, body) 1285 if err != nil { 1286 return nil, err 1287 } 1288 req.Header = reqHeaders 1289 googleapi.Expand(req.URL, map[string]string{ 1290 "name": c.name, 1291 }) 1292 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1293} 1294 1295// Do executes the "binaryauthorization.projects.getPolicy" call. 1296// Exactly one of *Policy or error will be non-nil. Any non-2xx status 1297// code is an error. Response headers are in either 1298// *Policy.ServerResponse.Header or (if a response was returned at all) 1299// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1300// check whether the returned error was because http.StatusNotModified 1301// was returned. 1302func (c *ProjectsGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1303 gensupport.SetOptions(c.urlParams_, opts...) 1304 res, err := c.doRequest("json") 1305 if res != nil && res.StatusCode == http.StatusNotModified { 1306 if res.Body != nil { 1307 res.Body.Close() 1308 } 1309 return nil, &googleapi.Error{ 1310 Code: res.StatusCode, 1311 Header: res.Header, 1312 } 1313 } 1314 if err != nil { 1315 return nil, err 1316 } 1317 defer googleapi.CloseBody(res) 1318 if err := googleapi.CheckResponse(res); err != nil { 1319 return nil, err 1320 } 1321 ret := &Policy{ 1322 ServerResponse: googleapi.ServerResponse{ 1323 Header: res.Header, 1324 HTTPStatusCode: res.StatusCode, 1325 }, 1326 } 1327 target := &ret 1328 if err := gensupport.DecodeResponse(target, res); err != nil { 1329 return nil, err 1330 } 1331 return ret, nil 1332 // { 1333 // "description": "A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy. Gets the policy for this project. Returns a default policy if the project does not have one.", 1334 // "flatPath": "v1/projects/{projectsId}/policy", 1335 // "httpMethod": "GET", 1336 // "id": "binaryauthorization.projects.getPolicy", 1337 // "parameterOrder": [ 1338 // "name" 1339 // ], 1340 // "parameters": { 1341 // "name": { 1342 // "description": "Required. The resource name of the policy to retrieve, in the format `projects/*/policy`.", 1343 // "location": "path", 1344 // "pattern": "^projects/[^/]+/policy$", 1345 // "required": true, 1346 // "type": "string" 1347 // } 1348 // }, 1349 // "path": "v1/{+name}", 1350 // "response": { 1351 // "$ref": "Policy" 1352 // }, 1353 // "scopes": [ 1354 // "https://www.googleapis.com/auth/cloud-platform" 1355 // ] 1356 // } 1357 1358} 1359 1360// method id "binaryauthorization.projects.updatePolicy": 1361 1362type ProjectsUpdatePolicyCall struct { 1363 s *Service 1364 name string 1365 policy *Policy 1366 urlParams_ gensupport.URLParams 1367 ctx_ context.Context 1368 header_ http.Header 1369} 1370 1371// UpdatePolicy: Creates or updates a project's policy, and returns a 1372// copy of the new policy. A policy is always updated as a whole, to 1373// avoid race conditions with concurrent policy enforcement (or 1374// management!) requests. Returns NOT_FOUND if the project does not 1375// exist, INVALID_ARGUMENT if the request is malformed. 1376// 1377// - name: Output only. The resource name, in the format 1378// `projects/*/policy`. There is at most one policy per project. 1379func (r *ProjectsService) UpdatePolicy(name string, policy *Policy) *ProjectsUpdatePolicyCall { 1380 c := &ProjectsUpdatePolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1381 c.name = name 1382 c.policy = policy 1383 return c 1384} 1385 1386// Fields allows partial responses to be retrieved. See 1387// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1388// for more information. 1389func (c *ProjectsUpdatePolicyCall) Fields(s ...googleapi.Field) *ProjectsUpdatePolicyCall { 1390 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1391 return c 1392} 1393 1394// Context sets the context to be used in this call's Do method. Any 1395// pending HTTP request will be aborted if the provided context is 1396// canceled. 1397func (c *ProjectsUpdatePolicyCall) Context(ctx context.Context) *ProjectsUpdatePolicyCall { 1398 c.ctx_ = ctx 1399 return c 1400} 1401 1402// Header returns an http.Header that can be modified by the caller to 1403// add HTTP headers to the request. 1404func (c *ProjectsUpdatePolicyCall) Header() http.Header { 1405 if c.header_ == nil { 1406 c.header_ = make(http.Header) 1407 } 1408 return c.header_ 1409} 1410 1411func (c *ProjectsUpdatePolicyCall) doRequest(alt string) (*http.Response, error) { 1412 reqHeaders := make(http.Header) 1413 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 1414 for k, v := range c.header_ { 1415 reqHeaders[k] = v 1416 } 1417 reqHeaders.Set("User-Agent", c.s.userAgent()) 1418 var body io.Reader = nil 1419 body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy) 1420 if err != nil { 1421 return nil, err 1422 } 1423 reqHeaders.Set("Content-Type", "application/json") 1424 c.urlParams_.Set("alt", alt) 1425 c.urlParams_.Set("prettyPrint", "false") 1426 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1427 urls += "?" + c.urlParams_.Encode() 1428 req, err := http.NewRequest("PUT", urls, body) 1429 if err != nil { 1430 return nil, err 1431 } 1432 req.Header = reqHeaders 1433 googleapi.Expand(req.URL, map[string]string{ 1434 "name": c.name, 1435 }) 1436 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1437} 1438 1439// Do executes the "binaryauthorization.projects.updatePolicy" call. 1440// Exactly one of *Policy or error will be non-nil. Any non-2xx status 1441// code is an error. Response headers are in either 1442// *Policy.ServerResponse.Header or (if a response was returned at all) 1443// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1444// check whether the returned error was because http.StatusNotModified 1445// was returned. 1446func (c *ProjectsUpdatePolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1447 gensupport.SetOptions(c.urlParams_, opts...) 1448 res, err := c.doRequest("json") 1449 if res != nil && res.StatusCode == http.StatusNotModified { 1450 if res.Body != nil { 1451 res.Body.Close() 1452 } 1453 return nil, &googleapi.Error{ 1454 Code: res.StatusCode, 1455 Header: res.Header, 1456 } 1457 } 1458 if err != nil { 1459 return nil, err 1460 } 1461 defer googleapi.CloseBody(res) 1462 if err := googleapi.CheckResponse(res); err != nil { 1463 return nil, err 1464 } 1465 ret := &Policy{ 1466 ServerResponse: googleapi.ServerResponse{ 1467 Header: res.Header, 1468 HTTPStatusCode: res.StatusCode, 1469 }, 1470 } 1471 target := &ret 1472 if err := gensupport.DecodeResponse(target, res); err != nil { 1473 return nil, err 1474 } 1475 return ret, nil 1476 // { 1477 // "description": "Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.", 1478 // "flatPath": "v1/projects/{projectsId}/policy", 1479 // "httpMethod": "PUT", 1480 // "id": "binaryauthorization.projects.updatePolicy", 1481 // "parameterOrder": [ 1482 // "name" 1483 // ], 1484 // "parameters": { 1485 // "name": { 1486 // "description": "Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project.", 1487 // "location": "path", 1488 // "pattern": "^projects/[^/]+/policy$", 1489 // "required": true, 1490 // "type": "string" 1491 // } 1492 // }, 1493 // "path": "v1/{+name}", 1494 // "request": { 1495 // "$ref": "Policy" 1496 // }, 1497 // "response": { 1498 // "$ref": "Policy" 1499 // }, 1500 // "scopes": [ 1501 // "https://www.googleapis.com/auth/cloud-platform" 1502 // ] 1503 // } 1504 1505} 1506 1507// method id "binaryauthorization.projects.attestors.create": 1508 1509type ProjectsAttestorsCreateCall struct { 1510 s *Service 1511 parent string 1512 attestor *Attestor 1513 urlParams_ gensupport.URLParams 1514 ctx_ context.Context 1515 header_ http.Header 1516} 1517 1518// Create: Creates an attestor, and returns a copy of the new attestor. 1519// Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if 1520// the request is malformed, ALREADY_EXISTS if the attestor already 1521// exists. 1522// 1523// - parent: The parent of this attestor. 1524func (r *ProjectsAttestorsService) Create(parent string, attestor *Attestor) *ProjectsAttestorsCreateCall { 1525 c := &ProjectsAttestorsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1526 c.parent = parent 1527 c.attestor = attestor 1528 return c 1529} 1530 1531// AttestorId sets the optional parameter "attestorId": Required. The 1532// attestors ID. 1533func (c *ProjectsAttestorsCreateCall) AttestorId(attestorId string) *ProjectsAttestorsCreateCall { 1534 c.urlParams_.Set("attestorId", attestorId) 1535 return c 1536} 1537 1538// Fields allows partial responses to be retrieved. See 1539// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1540// for more information. 1541func (c *ProjectsAttestorsCreateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsCreateCall { 1542 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1543 return c 1544} 1545 1546// Context sets the context to be used in this call's Do method. Any 1547// pending HTTP request will be aborted if the provided context is 1548// canceled. 1549func (c *ProjectsAttestorsCreateCall) Context(ctx context.Context) *ProjectsAttestorsCreateCall { 1550 c.ctx_ = ctx 1551 return c 1552} 1553 1554// Header returns an http.Header that can be modified by the caller to 1555// add HTTP headers to the request. 1556func (c *ProjectsAttestorsCreateCall) Header() http.Header { 1557 if c.header_ == nil { 1558 c.header_ = make(http.Header) 1559 } 1560 return c.header_ 1561} 1562 1563func (c *ProjectsAttestorsCreateCall) doRequest(alt string) (*http.Response, error) { 1564 reqHeaders := make(http.Header) 1565 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 1566 for k, v := range c.header_ { 1567 reqHeaders[k] = v 1568 } 1569 reqHeaders.Set("User-Agent", c.s.userAgent()) 1570 var body io.Reader = nil 1571 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 1572 if err != nil { 1573 return nil, err 1574 } 1575 reqHeaders.Set("Content-Type", "application/json") 1576 c.urlParams_.Set("alt", alt) 1577 c.urlParams_.Set("prettyPrint", "false") 1578 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/attestors") 1579 urls += "?" + c.urlParams_.Encode() 1580 req, err := http.NewRequest("POST", urls, body) 1581 if err != nil { 1582 return nil, err 1583 } 1584 req.Header = reqHeaders 1585 googleapi.Expand(req.URL, map[string]string{ 1586 "parent": c.parent, 1587 }) 1588 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1589} 1590 1591// Do executes the "binaryauthorization.projects.attestors.create" call. 1592// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 1593// code is an error. Response headers are in either 1594// *Attestor.ServerResponse.Header or (if a response was returned at 1595// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 1596// to check whether the returned error was because 1597// http.StatusNotModified was returned. 1598func (c *ProjectsAttestorsCreateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1599 gensupport.SetOptions(c.urlParams_, opts...) 1600 res, err := c.doRequest("json") 1601 if res != nil && res.StatusCode == http.StatusNotModified { 1602 if res.Body != nil { 1603 res.Body.Close() 1604 } 1605 return nil, &googleapi.Error{ 1606 Code: res.StatusCode, 1607 Header: res.Header, 1608 } 1609 } 1610 if err != nil { 1611 return nil, err 1612 } 1613 defer googleapi.CloseBody(res) 1614 if err := googleapi.CheckResponse(res); err != nil { 1615 return nil, err 1616 } 1617 ret := &Attestor{ 1618 ServerResponse: googleapi.ServerResponse{ 1619 Header: res.Header, 1620 HTTPStatusCode: res.StatusCode, 1621 }, 1622 } 1623 target := &ret 1624 if err := gensupport.DecodeResponse(target, res); err != nil { 1625 return nil, err 1626 } 1627 return ret, nil 1628 // { 1629 // "description": "Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.", 1630 // "flatPath": "v1/projects/{projectsId}/attestors", 1631 // "httpMethod": "POST", 1632 // "id": "binaryauthorization.projects.attestors.create", 1633 // "parameterOrder": [ 1634 // "parent" 1635 // ], 1636 // "parameters": { 1637 // "attestorId": { 1638 // "description": "Required. The attestors ID.", 1639 // "location": "query", 1640 // "type": "string" 1641 // }, 1642 // "parent": { 1643 // "description": "Required. The parent of this attestor.", 1644 // "location": "path", 1645 // "pattern": "^projects/[^/]+$", 1646 // "required": true, 1647 // "type": "string" 1648 // } 1649 // }, 1650 // "path": "v1/{+parent}/attestors", 1651 // "request": { 1652 // "$ref": "Attestor" 1653 // }, 1654 // "response": { 1655 // "$ref": "Attestor" 1656 // }, 1657 // "scopes": [ 1658 // "https://www.googleapis.com/auth/cloud-platform" 1659 // ] 1660 // } 1661 1662} 1663 1664// method id "binaryauthorization.projects.attestors.delete": 1665 1666type ProjectsAttestorsDeleteCall struct { 1667 s *Service 1668 name string 1669 urlParams_ gensupport.URLParams 1670 ctx_ context.Context 1671 header_ http.Header 1672} 1673 1674// Delete: Deletes an attestor. Returns NOT_FOUND if the attestor does 1675// not exist. 1676// 1677// - name: The name of the attestors to delete, in the format 1678// `projects/*/attestors/*`. 1679func (r *ProjectsAttestorsService) Delete(name string) *ProjectsAttestorsDeleteCall { 1680 c := &ProjectsAttestorsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1681 c.name = name 1682 return c 1683} 1684 1685// Fields allows partial responses to be retrieved. See 1686// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1687// for more information. 1688func (c *ProjectsAttestorsDeleteCall) Fields(s ...googleapi.Field) *ProjectsAttestorsDeleteCall { 1689 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1690 return c 1691} 1692 1693// Context sets the context to be used in this call's Do method. Any 1694// pending HTTP request will be aborted if the provided context is 1695// canceled. 1696func (c *ProjectsAttestorsDeleteCall) Context(ctx context.Context) *ProjectsAttestorsDeleteCall { 1697 c.ctx_ = ctx 1698 return c 1699} 1700 1701// Header returns an http.Header that can be modified by the caller to 1702// add HTTP headers to the request. 1703func (c *ProjectsAttestorsDeleteCall) Header() http.Header { 1704 if c.header_ == nil { 1705 c.header_ = make(http.Header) 1706 } 1707 return c.header_ 1708} 1709 1710func (c *ProjectsAttestorsDeleteCall) doRequest(alt string) (*http.Response, error) { 1711 reqHeaders := make(http.Header) 1712 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 1713 for k, v := range c.header_ { 1714 reqHeaders[k] = v 1715 } 1716 reqHeaders.Set("User-Agent", c.s.userAgent()) 1717 var body io.Reader = nil 1718 c.urlParams_.Set("alt", alt) 1719 c.urlParams_.Set("prettyPrint", "false") 1720 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1721 urls += "?" + c.urlParams_.Encode() 1722 req, err := http.NewRequest("DELETE", urls, body) 1723 if err != nil { 1724 return nil, err 1725 } 1726 req.Header = reqHeaders 1727 googleapi.Expand(req.URL, map[string]string{ 1728 "name": c.name, 1729 }) 1730 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1731} 1732 1733// Do executes the "binaryauthorization.projects.attestors.delete" call. 1734// Exactly one of *Empty or error will be non-nil. Any non-2xx status 1735// code is an error. Response headers are in either 1736// *Empty.ServerResponse.Header or (if a response was returned at all) 1737// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1738// check whether the returned error was because http.StatusNotModified 1739// was returned. 1740func (c *ProjectsAttestorsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) { 1741 gensupport.SetOptions(c.urlParams_, opts...) 1742 res, err := c.doRequest("json") 1743 if res != nil && res.StatusCode == http.StatusNotModified { 1744 if res.Body != nil { 1745 res.Body.Close() 1746 } 1747 return nil, &googleapi.Error{ 1748 Code: res.StatusCode, 1749 Header: res.Header, 1750 } 1751 } 1752 if err != nil { 1753 return nil, err 1754 } 1755 defer googleapi.CloseBody(res) 1756 if err := googleapi.CheckResponse(res); err != nil { 1757 return nil, err 1758 } 1759 ret := &Empty{ 1760 ServerResponse: googleapi.ServerResponse{ 1761 Header: res.Header, 1762 HTTPStatusCode: res.StatusCode, 1763 }, 1764 } 1765 target := &ret 1766 if err := gensupport.DecodeResponse(target, res); err != nil { 1767 return nil, err 1768 } 1769 return ret, nil 1770 // { 1771 // "description": "Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.", 1772 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}", 1773 // "httpMethod": "DELETE", 1774 // "id": "binaryauthorization.projects.attestors.delete", 1775 // "parameterOrder": [ 1776 // "name" 1777 // ], 1778 // "parameters": { 1779 // "name": { 1780 // "description": "Required. The name of the attestors to delete, in the format `projects/*/attestors/*`.", 1781 // "location": "path", 1782 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 1783 // "required": true, 1784 // "type": "string" 1785 // } 1786 // }, 1787 // "path": "v1/{+name}", 1788 // "response": { 1789 // "$ref": "Empty" 1790 // }, 1791 // "scopes": [ 1792 // "https://www.googleapis.com/auth/cloud-platform" 1793 // ] 1794 // } 1795 1796} 1797 1798// method id "binaryauthorization.projects.attestors.get": 1799 1800type ProjectsAttestorsGetCall struct { 1801 s *Service 1802 name string 1803 urlParams_ gensupport.URLParams 1804 ifNoneMatch_ string 1805 ctx_ context.Context 1806 header_ http.Header 1807} 1808 1809// Get: Gets an attestor. Returns NOT_FOUND if the attestor does not 1810// exist. 1811// 1812// - name: The name of the attestor to retrieve, in the format 1813// `projects/*/attestors/*`. 1814func (r *ProjectsAttestorsService) Get(name string) *ProjectsAttestorsGetCall { 1815 c := &ProjectsAttestorsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1816 c.name = name 1817 return c 1818} 1819 1820// Fields allows partial responses to be retrieved. See 1821// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1822// for more information. 1823func (c *ProjectsAttestorsGetCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetCall { 1824 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1825 return c 1826} 1827 1828// IfNoneMatch sets the optional parameter which makes the operation 1829// fail if the object's ETag matches the given value. This is useful for 1830// getting updates only after the object has changed since the last 1831// request. Use googleapi.IsNotModified to check whether the response 1832// error from Do is the result of In-None-Match. 1833func (c *ProjectsAttestorsGetCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetCall { 1834 c.ifNoneMatch_ = entityTag 1835 return c 1836} 1837 1838// Context sets the context to be used in this call's Do method. Any 1839// pending HTTP request will be aborted if the provided context is 1840// canceled. 1841func (c *ProjectsAttestorsGetCall) Context(ctx context.Context) *ProjectsAttestorsGetCall { 1842 c.ctx_ = ctx 1843 return c 1844} 1845 1846// Header returns an http.Header that can be modified by the caller to 1847// add HTTP headers to the request. 1848func (c *ProjectsAttestorsGetCall) Header() http.Header { 1849 if c.header_ == nil { 1850 c.header_ = make(http.Header) 1851 } 1852 return c.header_ 1853} 1854 1855func (c *ProjectsAttestorsGetCall) doRequest(alt string) (*http.Response, error) { 1856 reqHeaders := make(http.Header) 1857 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 1858 for k, v := range c.header_ { 1859 reqHeaders[k] = v 1860 } 1861 reqHeaders.Set("User-Agent", c.s.userAgent()) 1862 if c.ifNoneMatch_ != "" { 1863 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1864 } 1865 var body io.Reader = nil 1866 c.urlParams_.Set("alt", alt) 1867 c.urlParams_.Set("prettyPrint", "false") 1868 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1869 urls += "?" + c.urlParams_.Encode() 1870 req, err := http.NewRequest("GET", urls, body) 1871 if err != nil { 1872 return nil, err 1873 } 1874 req.Header = reqHeaders 1875 googleapi.Expand(req.URL, map[string]string{ 1876 "name": c.name, 1877 }) 1878 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1879} 1880 1881// Do executes the "binaryauthorization.projects.attestors.get" call. 1882// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 1883// code is an error. Response headers are in either 1884// *Attestor.ServerResponse.Header or (if a response was returned at 1885// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 1886// to check whether the returned error was because 1887// http.StatusNotModified was returned. 1888func (c *ProjectsAttestorsGetCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1889 gensupport.SetOptions(c.urlParams_, opts...) 1890 res, err := c.doRequest("json") 1891 if res != nil && res.StatusCode == http.StatusNotModified { 1892 if res.Body != nil { 1893 res.Body.Close() 1894 } 1895 return nil, &googleapi.Error{ 1896 Code: res.StatusCode, 1897 Header: res.Header, 1898 } 1899 } 1900 if err != nil { 1901 return nil, err 1902 } 1903 defer googleapi.CloseBody(res) 1904 if err := googleapi.CheckResponse(res); err != nil { 1905 return nil, err 1906 } 1907 ret := &Attestor{ 1908 ServerResponse: googleapi.ServerResponse{ 1909 Header: res.Header, 1910 HTTPStatusCode: res.StatusCode, 1911 }, 1912 } 1913 target := &ret 1914 if err := gensupport.DecodeResponse(target, res); err != nil { 1915 return nil, err 1916 } 1917 return ret, nil 1918 // { 1919 // "description": "Gets an attestor. Returns NOT_FOUND if the attestor does not exist.", 1920 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}", 1921 // "httpMethod": "GET", 1922 // "id": "binaryauthorization.projects.attestors.get", 1923 // "parameterOrder": [ 1924 // "name" 1925 // ], 1926 // "parameters": { 1927 // "name": { 1928 // "description": "Required. The name of the attestor to retrieve, in the format `projects/*/attestors/*`.", 1929 // "location": "path", 1930 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 1931 // "required": true, 1932 // "type": "string" 1933 // } 1934 // }, 1935 // "path": "v1/{+name}", 1936 // "response": { 1937 // "$ref": "Attestor" 1938 // }, 1939 // "scopes": [ 1940 // "https://www.googleapis.com/auth/cloud-platform" 1941 // ] 1942 // } 1943 1944} 1945 1946// method id "binaryauthorization.projects.attestors.getIamPolicy": 1947 1948type ProjectsAttestorsGetIamPolicyCall struct { 1949 s *Service 1950 resource string 1951 urlParams_ gensupport.URLParams 1952 ifNoneMatch_ string 1953 ctx_ context.Context 1954 header_ http.Header 1955} 1956 1957// GetIamPolicy: Gets the access control policy for a resource. Returns 1958// an empty policy if the resource exists and does not have a policy 1959// set. 1960// 1961// - resource: REQUIRED: The resource for which the policy is being 1962// requested. See the operation documentation for the appropriate 1963// value for this field. 1964func (r *ProjectsAttestorsService) GetIamPolicy(resource string) *ProjectsAttestorsGetIamPolicyCall { 1965 c := &ProjectsAttestorsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1966 c.resource = resource 1967 return c 1968} 1969 1970// OptionsRequestedPolicyVersion sets the optional parameter 1971// "options.requestedPolicyVersion": The policy format version to be 1972// returned. Valid values are 0, 1, and 3. Requests specifying an 1973// invalid value will be rejected. Requests for policies with any 1974// conditional bindings must specify version 3. Policies without any 1975// conditional bindings may specify any valid value or leave the field 1976// unset. To learn which resources support conditions in their IAM 1977// policies, see the IAM documentation 1978// (https://cloud.google.com/iam/help/conditions/resource-policies). 1979func (c *ProjectsAttestorsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsAttestorsGetIamPolicyCall { 1980 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 1981 return c 1982} 1983 1984// Fields allows partial responses to be retrieved. See 1985// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1986// for more information. 1987func (c *ProjectsAttestorsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetIamPolicyCall { 1988 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1989 return c 1990} 1991 1992// IfNoneMatch sets the optional parameter which makes the operation 1993// fail if the object's ETag matches the given value. This is useful for 1994// getting updates only after the object has changed since the last 1995// request. Use googleapi.IsNotModified to check whether the response 1996// error from Do is the result of In-None-Match. 1997func (c *ProjectsAttestorsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetIamPolicyCall { 1998 c.ifNoneMatch_ = entityTag 1999 return c 2000} 2001 2002// Context sets the context to be used in this call's Do method. Any 2003// pending HTTP request will be aborted if the provided context is 2004// canceled. 2005func (c *ProjectsAttestorsGetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsGetIamPolicyCall { 2006 c.ctx_ = ctx 2007 return c 2008} 2009 2010// Header returns an http.Header that can be modified by the caller to 2011// add HTTP headers to the request. 2012func (c *ProjectsAttestorsGetIamPolicyCall) Header() http.Header { 2013 if c.header_ == nil { 2014 c.header_ = make(http.Header) 2015 } 2016 return c.header_ 2017} 2018 2019func (c *ProjectsAttestorsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2020 reqHeaders := make(http.Header) 2021 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2022 for k, v := range c.header_ { 2023 reqHeaders[k] = v 2024 } 2025 reqHeaders.Set("User-Agent", c.s.userAgent()) 2026 if c.ifNoneMatch_ != "" { 2027 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2028 } 2029 var body io.Reader = nil 2030 c.urlParams_.Set("alt", alt) 2031 c.urlParams_.Set("prettyPrint", "false") 2032 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy") 2033 urls += "?" + c.urlParams_.Encode() 2034 req, err := http.NewRequest("GET", urls, body) 2035 if err != nil { 2036 return nil, err 2037 } 2038 req.Header = reqHeaders 2039 googleapi.Expand(req.URL, map[string]string{ 2040 "resource": c.resource, 2041 }) 2042 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2043} 2044 2045// Do executes the "binaryauthorization.projects.attestors.getIamPolicy" call. 2046// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2047// status code is an error. Response headers are in either 2048// *IamPolicy.ServerResponse.Header or (if a response was returned at 2049// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2050// to check whether the returned error was because 2051// http.StatusNotModified was returned. 2052func (c *ProjectsAttestorsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2053 gensupport.SetOptions(c.urlParams_, opts...) 2054 res, err := c.doRequest("json") 2055 if res != nil && res.StatusCode == http.StatusNotModified { 2056 if res.Body != nil { 2057 res.Body.Close() 2058 } 2059 return nil, &googleapi.Error{ 2060 Code: res.StatusCode, 2061 Header: res.Header, 2062 } 2063 } 2064 if err != nil { 2065 return nil, err 2066 } 2067 defer googleapi.CloseBody(res) 2068 if err := googleapi.CheckResponse(res); err != nil { 2069 return nil, err 2070 } 2071 ret := &IamPolicy{ 2072 ServerResponse: googleapi.ServerResponse{ 2073 Header: res.Header, 2074 HTTPStatusCode: res.StatusCode, 2075 }, 2076 } 2077 target := &ret 2078 if err := gensupport.DecodeResponse(target, res); err != nil { 2079 return nil, err 2080 } 2081 return ret, nil 2082 // { 2083 // "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.", 2084 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:getIamPolicy", 2085 // "httpMethod": "GET", 2086 // "id": "binaryauthorization.projects.attestors.getIamPolicy", 2087 // "parameterOrder": [ 2088 // "resource" 2089 // ], 2090 // "parameters": { 2091 // "options.requestedPolicyVersion": { 2092 // "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", 2093 // "format": "int32", 2094 // "location": "query", 2095 // "type": "integer" 2096 // }, 2097 // "resource": { 2098 // "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.", 2099 // "location": "path", 2100 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2101 // "required": true, 2102 // "type": "string" 2103 // } 2104 // }, 2105 // "path": "v1/{+resource}:getIamPolicy", 2106 // "response": { 2107 // "$ref": "IamPolicy" 2108 // }, 2109 // "scopes": [ 2110 // "https://www.googleapis.com/auth/cloud-platform" 2111 // ] 2112 // } 2113 2114} 2115 2116// method id "binaryauthorization.projects.attestors.list": 2117 2118type ProjectsAttestorsListCall struct { 2119 s *Service 2120 parent string 2121 urlParams_ gensupport.URLParams 2122 ifNoneMatch_ string 2123 ctx_ context.Context 2124 header_ http.Header 2125} 2126 2127// List: Lists attestors. Returns INVALID_ARGUMENT if the project does 2128// not exist. 2129// 2130// - parent: The resource name of the project associated with the 2131// attestors, in the format `projects/*`. 2132func (r *ProjectsAttestorsService) List(parent string) *ProjectsAttestorsListCall { 2133 c := &ProjectsAttestorsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2134 c.parent = parent 2135 return c 2136} 2137 2138// PageSize sets the optional parameter "pageSize": Requested page size. 2139// The server may return fewer results than requested. If unspecified, 2140// the server will pick an appropriate default. 2141func (c *ProjectsAttestorsListCall) PageSize(pageSize int64) *ProjectsAttestorsListCall { 2142 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2143 return c 2144} 2145 2146// PageToken sets the optional parameter "pageToken": A token 2147// identifying a page of results the server should return. Typically, 2148// this is the value of ListAttestorsResponse.next_page_token returned 2149// from the previous call to the `ListAttestors` method. 2150func (c *ProjectsAttestorsListCall) PageToken(pageToken string) *ProjectsAttestorsListCall { 2151 c.urlParams_.Set("pageToken", pageToken) 2152 return c 2153} 2154 2155// Fields allows partial responses to be retrieved. See 2156// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2157// for more information. 2158func (c *ProjectsAttestorsListCall) Fields(s ...googleapi.Field) *ProjectsAttestorsListCall { 2159 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2160 return c 2161} 2162 2163// IfNoneMatch sets the optional parameter which makes the operation 2164// fail if the object's ETag matches the given value. This is useful for 2165// getting updates only after the object has changed since the last 2166// request. Use googleapi.IsNotModified to check whether the response 2167// error from Do is the result of In-None-Match. 2168func (c *ProjectsAttestorsListCall) IfNoneMatch(entityTag string) *ProjectsAttestorsListCall { 2169 c.ifNoneMatch_ = entityTag 2170 return c 2171} 2172 2173// Context sets the context to be used in this call's Do method. Any 2174// pending HTTP request will be aborted if the provided context is 2175// canceled. 2176func (c *ProjectsAttestorsListCall) Context(ctx context.Context) *ProjectsAttestorsListCall { 2177 c.ctx_ = ctx 2178 return c 2179} 2180 2181// Header returns an http.Header that can be modified by the caller to 2182// add HTTP headers to the request. 2183func (c *ProjectsAttestorsListCall) Header() http.Header { 2184 if c.header_ == nil { 2185 c.header_ = make(http.Header) 2186 } 2187 return c.header_ 2188} 2189 2190func (c *ProjectsAttestorsListCall) doRequest(alt string) (*http.Response, error) { 2191 reqHeaders := make(http.Header) 2192 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2193 for k, v := range c.header_ { 2194 reqHeaders[k] = v 2195 } 2196 reqHeaders.Set("User-Agent", c.s.userAgent()) 2197 if c.ifNoneMatch_ != "" { 2198 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2199 } 2200 var body io.Reader = nil 2201 c.urlParams_.Set("alt", alt) 2202 c.urlParams_.Set("prettyPrint", "false") 2203 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/attestors") 2204 urls += "?" + c.urlParams_.Encode() 2205 req, err := http.NewRequest("GET", urls, body) 2206 if err != nil { 2207 return nil, err 2208 } 2209 req.Header = reqHeaders 2210 googleapi.Expand(req.URL, map[string]string{ 2211 "parent": c.parent, 2212 }) 2213 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2214} 2215 2216// Do executes the "binaryauthorization.projects.attestors.list" call. 2217// Exactly one of *ListAttestorsResponse or error will be non-nil. Any 2218// non-2xx status code is an error. Response headers are in either 2219// *ListAttestorsResponse.ServerResponse.Header or (if a response was 2220// returned at all) in error.(*googleapi.Error).Header. Use 2221// googleapi.IsNotModified to check whether the returned error was 2222// because http.StatusNotModified was returned. 2223func (c *ProjectsAttestorsListCall) Do(opts ...googleapi.CallOption) (*ListAttestorsResponse, error) { 2224 gensupport.SetOptions(c.urlParams_, opts...) 2225 res, err := c.doRequest("json") 2226 if res != nil && res.StatusCode == http.StatusNotModified { 2227 if res.Body != nil { 2228 res.Body.Close() 2229 } 2230 return nil, &googleapi.Error{ 2231 Code: res.StatusCode, 2232 Header: res.Header, 2233 } 2234 } 2235 if err != nil { 2236 return nil, err 2237 } 2238 defer googleapi.CloseBody(res) 2239 if err := googleapi.CheckResponse(res); err != nil { 2240 return nil, err 2241 } 2242 ret := &ListAttestorsResponse{ 2243 ServerResponse: googleapi.ServerResponse{ 2244 Header: res.Header, 2245 HTTPStatusCode: res.StatusCode, 2246 }, 2247 } 2248 target := &ret 2249 if err := gensupport.DecodeResponse(target, res); err != nil { 2250 return nil, err 2251 } 2252 return ret, nil 2253 // { 2254 // "description": "Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.", 2255 // "flatPath": "v1/projects/{projectsId}/attestors", 2256 // "httpMethod": "GET", 2257 // "id": "binaryauthorization.projects.attestors.list", 2258 // "parameterOrder": [ 2259 // "parent" 2260 // ], 2261 // "parameters": { 2262 // "pageSize": { 2263 // "description": "Requested page size. The server may return fewer results than requested. If unspecified, the server will pick an appropriate default.", 2264 // "format": "int32", 2265 // "location": "query", 2266 // "type": "integer" 2267 // }, 2268 // "pageToken": { 2269 // "description": "A token identifying a page of results the server should return. Typically, this is the value of ListAttestorsResponse.next_page_token returned from the previous call to the `ListAttestors` method.", 2270 // "location": "query", 2271 // "type": "string" 2272 // }, 2273 // "parent": { 2274 // "description": "Required. The resource name of the project associated with the attestors, in the format `projects/*`.", 2275 // "location": "path", 2276 // "pattern": "^projects/[^/]+$", 2277 // "required": true, 2278 // "type": "string" 2279 // } 2280 // }, 2281 // "path": "v1/{+parent}/attestors", 2282 // "response": { 2283 // "$ref": "ListAttestorsResponse" 2284 // }, 2285 // "scopes": [ 2286 // "https://www.googleapis.com/auth/cloud-platform" 2287 // ] 2288 // } 2289 2290} 2291 2292// Pages invokes f for each page of results. 2293// A non-nil error returned from f will halt the iteration. 2294// The provided context supersedes any context provided to the Context method. 2295func (c *ProjectsAttestorsListCall) Pages(ctx context.Context, f func(*ListAttestorsResponse) error) error { 2296 c.ctx_ = ctx 2297 defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point 2298 for { 2299 x, err := c.Do() 2300 if err != nil { 2301 return err 2302 } 2303 if err := f(x); err != nil { 2304 return err 2305 } 2306 if x.NextPageToken == "" { 2307 return nil 2308 } 2309 c.PageToken(x.NextPageToken) 2310 } 2311} 2312 2313// method id "binaryauthorization.projects.attestors.setIamPolicy": 2314 2315type ProjectsAttestorsSetIamPolicyCall struct { 2316 s *Service 2317 resource string 2318 setiampolicyrequest *SetIamPolicyRequest 2319 urlParams_ gensupport.URLParams 2320 ctx_ context.Context 2321 header_ http.Header 2322} 2323 2324// SetIamPolicy: Sets the access control policy on the specified 2325// resource. Replaces any existing policy. Can return `NOT_FOUND`, 2326// `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. 2327// 2328// - resource: REQUIRED: The resource for which the policy is being 2329// specified. See the operation documentation for the appropriate 2330// value for this field. 2331func (r *ProjectsAttestorsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsAttestorsSetIamPolicyCall { 2332 c := &ProjectsAttestorsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2333 c.resource = resource 2334 c.setiampolicyrequest = setiampolicyrequest 2335 return c 2336} 2337 2338// Fields allows partial responses to be retrieved. See 2339// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2340// for more information. 2341func (c *ProjectsAttestorsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsSetIamPolicyCall { 2342 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2343 return c 2344} 2345 2346// Context sets the context to be used in this call's Do method. Any 2347// pending HTTP request will be aborted if the provided context is 2348// canceled. 2349func (c *ProjectsAttestorsSetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsSetIamPolicyCall { 2350 c.ctx_ = ctx 2351 return c 2352} 2353 2354// Header returns an http.Header that can be modified by the caller to 2355// add HTTP headers to the request. 2356func (c *ProjectsAttestorsSetIamPolicyCall) Header() http.Header { 2357 if c.header_ == nil { 2358 c.header_ = make(http.Header) 2359 } 2360 return c.header_ 2361} 2362 2363func (c *ProjectsAttestorsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2364 reqHeaders := make(http.Header) 2365 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2366 for k, v := range c.header_ { 2367 reqHeaders[k] = v 2368 } 2369 reqHeaders.Set("User-Agent", c.s.userAgent()) 2370 var body io.Reader = nil 2371 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 2372 if err != nil { 2373 return nil, err 2374 } 2375 reqHeaders.Set("Content-Type", "application/json") 2376 c.urlParams_.Set("alt", alt) 2377 c.urlParams_.Set("prettyPrint", "false") 2378 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy") 2379 urls += "?" + c.urlParams_.Encode() 2380 req, err := http.NewRequest("POST", urls, body) 2381 if err != nil { 2382 return nil, err 2383 } 2384 req.Header = reqHeaders 2385 googleapi.Expand(req.URL, map[string]string{ 2386 "resource": c.resource, 2387 }) 2388 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2389} 2390 2391// Do executes the "binaryauthorization.projects.attestors.setIamPolicy" call. 2392// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2393// status code is an error. Response headers are in either 2394// *IamPolicy.ServerResponse.Header or (if a response was returned at 2395// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2396// to check whether the returned error was because 2397// http.StatusNotModified was returned. 2398func (c *ProjectsAttestorsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2399 gensupport.SetOptions(c.urlParams_, opts...) 2400 res, err := c.doRequest("json") 2401 if res != nil && res.StatusCode == http.StatusNotModified { 2402 if res.Body != nil { 2403 res.Body.Close() 2404 } 2405 return nil, &googleapi.Error{ 2406 Code: res.StatusCode, 2407 Header: res.Header, 2408 } 2409 } 2410 if err != nil { 2411 return nil, err 2412 } 2413 defer googleapi.CloseBody(res) 2414 if err := googleapi.CheckResponse(res); err != nil { 2415 return nil, err 2416 } 2417 ret := &IamPolicy{ 2418 ServerResponse: googleapi.ServerResponse{ 2419 Header: res.Header, 2420 HTTPStatusCode: res.StatusCode, 2421 }, 2422 } 2423 target := &ret 2424 if err := gensupport.DecodeResponse(target, res); err != nil { 2425 return nil, err 2426 } 2427 return ret, nil 2428 // { 2429 // "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.", 2430 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:setIamPolicy", 2431 // "httpMethod": "POST", 2432 // "id": "binaryauthorization.projects.attestors.setIamPolicy", 2433 // "parameterOrder": [ 2434 // "resource" 2435 // ], 2436 // "parameters": { 2437 // "resource": { 2438 // "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.", 2439 // "location": "path", 2440 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2441 // "required": true, 2442 // "type": "string" 2443 // } 2444 // }, 2445 // "path": "v1/{+resource}:setIamPolicy", 2446 // "request": { 2447 // "$ref": "SetIamPolicyRequest" 2448 // }, 2449 // "response": { 2450 // "$ref": "IamPolicy" 2451 // }, 2452 // "scopes": [ 2453 // "https://www.googleapis.com/auth/cloud-platform" 2454 // ] 2455 // } 2456 2457} 2458 2459// method id "binaryauthorization.projects.attestors.testIamPermissions": 2460 2461type ProjectsAttestorsTestIamPermissionsCall struct { 2462 s *Service 2463 resource string 2464 testiampermissionsrequest *TestIamPermissionsRequest 2465 urlParams_ gensupport.URLParams 2466 ctx_ context.Context 2467 header_ http.Header 2468} 2469 2470// TestIamPermissions: Returns permissions that a caller has on the 2471// specified resource. If the resource does not exist, this will return 2472// an empty set of permissions, not a `NOT_FOUND` error. Note: This 2473// operation is designed to be used for building permission-aware UIs 2474// and command-line tools, not for authorization checking. This 2475// operation may "fail open" without warning. 2476// 2477// - resource: REQUIRED: The resource for which the policy detail is 2478// being requested. See the operation documentation for the 2479// appropriate value for this field. 2480func (r *ProjectsAttestorsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsAttestorsTestIamPermissionsCall { 2481 c := &ProjectsAttestorsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2482 c.resource = resource 2483 c.testiampermissionsrequest = testiampermissionsrequest 2484 return c 2485} 2486 2487// Fields allows partial responses to be retrieved. See 2488// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2489// for more information. 2490func (c *ProjectsAttestorsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsAttestorsTestIamPermissionsCall { 2491 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2492 return c 2493} 2494 2495// Context sets the context to be used in this call's Do method. Any 2496// pending HTTP request will be aborted if the provided context is 2497// canceled. 2498func (c *ProjectsAttestorsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsAttestorsTestIamPermissionsCall { 2499 c.ctx_ = ctx 2500 return c 2501} 2502 2503// Header returns an http.Header that can be modified by the caller to 2504// add HTTP headers to the request. 2505func (c *ProjectsAttestorsTestIamPermissionsCall) Header() http.Header { 2506 if c.header_ == nil { 2507 c.header_ = make(http.Header) 2508 } 2509 return c.header_ 2510} 2511 2512func (c *ProjectsAttestorsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 2513 reqHeaders := make(http.Header) 2514 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2515 for k, v := range c.header_ { 2516 reqHeaders[k] = v 2517 } 2518 reqHeaders.Set("User-Agent", c.s.userAgent()) 2519 var body io.Reader = nil 2520 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 2521 if err != nil { 2522 return nil, err 2523 } 2524 reqHeaders.Set("Content-Type", "application/json") 2525 c.urlParams_.Set("alt", alt) 2526 c.urlParams_.Set("prettyPrint", "false") 2527 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions") 2528 urls += "?" + c.urlParams_.Encode() 2529 req, err := http.NewRequest("POST", urls, body) 2530 if err != nil { 2531 return nil, err 2532 } 2533 req.Header = reqHeaders 2534 googleapi.Expand(req.URL, map[string]string{ 2535 "resource": c.resource, 2536 }) 2537 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2538} 2539 2540// Do executes the "binaryauthorization.projects.attestors.testIamPermissions" call. 2541// Exactly one of *TestIamPermissionsResponse or error will be non-nil. 2542// Any non-2xx status code is an error. Response headers are in either 2543// *TestIamPermissionsResponse.ServerResponse.Header or (if a response 2544// was returned at all) in error.(*googleapi.Error).Header. Use 2545// googleapi.IsNotModified to check whether the returned error was 2546// because http.StatusNotModified was returned. 2547func (c *ProjectsAttestorsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 2548 gensupport.SetOptions(c.urlParams_, opts...) 2549 res, err := c.doRequest("json") 2550 if res != nil && res.StatusCode == http.StatusNotModified { 2551 if res.Body != nil { 2552 res.Body.Close() 2553 } 2554 return nil, &googleapi.Error{ 2555 Code: res.StatusCode, 2556 Header: res.Header, 2557 } 2558 } 2559 if err != nil { 2560 return nil, err 2561 } 2562 defer googleapi.CloseBody(res) 2563 if err := googleapi.CheckResponse(res); err != nil { 2564 return nil, err 2565 } 2566 ret := &TestIamPermissionsResponse{ 2567 ServerResponse: googleapi.ServerResponse{ 2568 Header: res.Header, 2569 HTTPStatusCode: res.StatusCode, 2570 }, 2571 } 2572 target := &ret 2573 if err := gensupport.DecodeResponse(target, res); err != nil { 2574 return nil, err 2575 } 2576 return ret, nil 2577 // { 2578 // "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.", 2579 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:testIamPermissions", 2580 // "httpMethod": "POST", 2581 // "id": "binaryauthorization.projects.attestors.testIamPermissions", 2582 // "parameterOrder": [ 2583 // "resource" 2584 // ], 2585 // "parameters": { 2586 // "resource": { 2587 // "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.", 2588 // "location": "path", 2589 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2590 // "required": true, 2591 // "type": "string" 2592 // } 2593 // }, 2594 // "path": "v1/{+resource}:testIamPermissions", 2595 // "request": { 2596 // "$ref": "TestIamPermissionsRequest" 2597 // }, 2598 // "response": { 2599 // "$ref": "TestIamPermissionsResponse" 2600 // }, 2601 // "scopes": [ 2602 // "https://www.googleapis.com/auth/cloud-platform" 2603 // ] 2604 // } 2605 2606} 2607 2608// method id "binaryauthorization.projects.attestors.update": 2609 2610type ProjectsAttestorsUpdateCall struct { 2611 s *Service 2612 name string 2613 attestor *Attestor 2614 urlParams_ gensupport.URLParams 2615 ctx_ context.Context 2616 header_ http.Header 2617} 2618 2619// Update: Updates an attestor. Returns NOT_FOUND if the attestor does 2620// not exist. 2621// 2622// - name: The resource name, in the format: `projects/*/attestors/*`. 2623// This field may not be updated. 2624func (r *ProjectsAttestorsService) Update(name string, attestor *Attestor) *ProjectsAttestorsUpdateCall { 2625 c := &ProjectsAttestorsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2626 c.name = name 2627 c.attestor = attestor 2628 return c 2629} 2630 2631// Fields allows partial responses to be retrieved. See 2632// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2633// for more information. 2634func (c *ProjectsAttestorsUpdateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsUpdateCall { 2635 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2636 return c 2637} 2638 2639// Context sets the context to be used in this call's Do method. Any 2640// pending HTTP request will be aborted if the provided context is 2641// canceled. 2642func (c *ProjectsAttestorsUpdateCall) Context(ctx context.Context) *ProjectsAttestorsUpdateCall { 2643 c.ctx_ = ctx 2644 return c 2645} 2646 2647// Header returns an http.Header that can be modified by the caller to 2648// add HTTP headers to the request. 2649func (c *ProjectsAttestorsUpdateCall) Header() http.Header { 2650 if c.header_ == nil { 2651 c.header_ = make(http.Header) 2652 } 2653 return c.header_ 2654} 2655 2656func (c *ProjectsAttestorsUpdateCall) doRequest(alt string) (*http.Response, error) { 2657 reqHeaders := make(http.Header) 2658 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2659 for k, v := range c.header_ { 2660 reqHeaders[k] = v 2661 } 2662 reqHeaders.Set("User-Agent", c.s.userAgent()) 2663 var body io.Reader = nil 2664 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 2665 if err != nil { 2666 return nil, err 2667 } 2668 reqHeaders.Set("Content-Type", "application/json") 2669 c.urlParams_.Set("alt", alt) 2670 c.urlParams_.Set("prettyPrint", "false") 2671 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 2672 urls += "?" + c.urlParams_.Encode() 2673 req, err := http.NewRequest("PUT", urls, body) 2674 if err != nil { 2675 return nil, err 2676 } 2677 req.Header = reqHeaders 2678 googleapi.Expand(req.URL, map[string]string{ 2679 "name": c.name, 2680 }) 2681 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2682} 2683 2684// Do executes the "binaryauthorization.projects.attestors.update" call. 2685// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 2686// code is an error. Response headers are in either 2687// *Attestor.ServerResponse.Header or (if a response was returned at 2688// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2689// to check whether the returned error was because 2690// http.StatusNotModified was returned. 2691func (c *ProjectsAttestorsUpdateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 2692 gensupport.SetOptions(c.urlParams_, opts...) 2693 res, err := c.doRequest("json") 2694 if res != nil && res.StatusCode == http.StatusNotModified { 2695 if res.Body != nil { 2696 res.Body.Close() 2697 } 2698 return nil, &googleapi.Error{ 2699 Code: res.StatusCode, 2700 Header: res.Header, 2701 } 2702 } 2703 if err != nil { 2704 return nil, err 2705 } 2706 defer googleapi.CloseBody(res) 2707 if err := googleapi.CheckResponse(res); err != nil { 2708 return nil, err 2709 } 2710 ret := &Attestor{ 2711 ServerResponse: googleapi.ServerResponse{ 2712 Header: res.Header, 2713 HTTPStatusCode: res.StatusCode, 2714 }, 2715 } 2716 target := &ret 2717 if err := gensupport.DecodeResponse(target, res); err != nil { 2718 return nil, err 2719 } 2720 return ret, nil 2721 // { 2722 // "description": "Updates an attestor. Returns NOT_FOUND if the attestor does not exist.", 2723 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}", 2724 // "httpMethod": "PUT", 2725 // "id": "binaryauthorization.projects.attestors.update", 2726 // "parameterOrder": [ 2727 // "name" 2728 // ], 2729 // "parameters": { 2730 // "name": { 2731 // "description": "Required. The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.", 2732 // "location": "path", 2733 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2734 // "required": true, 2735 // "type": "string" 2736 // } 2737 // }, 2738 // "path": "v1/{+name}", 2739 // "request": { 2740 // "$ref": "Attestor" 2741 // }, 2742 // "response": { 2743 // "$ref": "Attestor" 2744 // }, 2745 // "scopes": [ 2746 // "https://www.googleapis.com/auth/cloud-platform" 2747 // ] 2748 // } 2749 2750} 2751 2752// method id "binaryauthorization.projects.attestors.validateAttestationOccurrence": 2753 2754type ProjectsAttestorsValidateAttestationOccurrenceCall struct { 2755 s *Service 2756 attestor string 2757 validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest 2758 urlParams_ gensupport.URLParams 2759 ctx_ context.Context 2760 header_ http.Header 2761} 2762 2763// ValidateAttestationOccurrence: Returns whether the given Attestation 2764// for the given image URI was signed by the given Attestor 2765// 2766// - attestor: The resource name of the Attestor of the occurrence, in 2767// the format `projects/*/attestors/*`. 2768func (r *ProjectsAttestorsService) ValidateAttestationOccurrence(attestor string, validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2769 c := &ProjectsAttestorsValidateAttestationOccurrenceCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2770 c.attestor = attestor 2771 c.validateattestationoccurrencerequest = validateattestationoccurrencerequest 2772 return c 2773} 2774 2775// Fields allows partial responses to be retrieved. See 2776// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2777// for more information. 2778func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Fields(s ...googleapi.Field) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2779 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2780 return c 2781} 2782 2783// Context sets the context to be used in this call's Do method. Any 2784// pending HTTP request will be aborted if the provided context is 2785// canceled. 2786func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Context(ctx context.Context) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2787 c.ctx_ = ctx 2788 return c 2789} 2790 2791// Header returns an http.Header that can be modified by the caller to 2792// add HTTP headers to the request. 2793func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Header() http.Header { 2794 if c.header_ == nil { 2795 c.header_ = make(http.Header) 2796 } 2797 return c.header_ 2798} 2799 2800func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) doRequest(alt string) (*http.Response, error) { 2801 reqHeaders := make(http.Header) 2802 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2803 for k, v := range c.header_ { 2804 reqHeaders[k] = v 2805 } 2806 reqHeaders.Set("User-Agent", c.s.userAgent()) 2807 var body io.Reader = nil 2808 body, err := googleapi.WithoutDataWrapper.JSONReader(c.validateattestationoccurrencerequest) 2809 if err != nil { 2810 return nil, err 2811 } 2812 reqHeaders.Set("Content-Type", "application/json") 2813 c.urlParams_.Set("alt", alt) 2814 c.urlParams_.Set("prettyPrint", "false") 2815 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+attestor}:validateAttestationOccurrence") 2816 urls += "?" + c.urlParams_.Encode() 2817 req, err := http.NewRequest("POST", urls, body) 2818 if err != nil { 2819 return nil, err 2820 } 2821 req.Header = reqHeaders 2822 googleapi.Expand(req.URL, map[string]string{ 2823 "attestor": c.attestor, 2824 }) 2825 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2826} 2827 2828// Do executes the "binaryauthorization.projects.attestors.validateAttestationOccurrence" call. 2829// Exactly one of *ValidateAttestationOccurrenceResponse or error will 2830// be non-nil. Any non-2xx status code is an error. Response headers are 2831// in either 2832// *ValidateAttestationOccurrenceResponse.ServerResponse.Header or (if a 2833// response was returned at all) in error.(*googleapi.Error).Header. Use 2834// googleapi.IsNotModified to check whether the returned error was 2835// because http.StatusNotModified was returned. 2836func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Do(opts ...googleapi.CallOption) (*ValidateAttestationOccurrenceResponse, error) { 2837 gensupport.SetOptions(c.urlParams_, opts...) 2838 res, err := c.doRequest("json") 2839 if res != nil && res.StatusCode == http.StatusNotModified { 2840 if res.Body != nil { 2841 res.Body.Close() 2842 } 2843 return nil, &googleapi.Error{ 2844 Code: res.StatusCode, 2845 Header: res.Header, 2846 } 2847 } 2848 if err != nil { 2849 return nil, err 2850 } 2851 defer googleapi.CloseBody(res) 2852 if err := googleapi.CheckResponse(res); err != nil { 2853 return nil, err 2854 } 2855 ret := &ValidateAttestationOccurrenceResponse{ 2856 ServerResponse: googleapi.ServerResponse{ 2857 Header: res.Header, 2858 HTTPStatusCode: res.StatusCode, 2859 }, 2860 } 2861 target := &ret 2862 if err := gensupport.DecodeResponse(target, res); err != nil { 2863 return nil, err 2864 } 2865 return ret, nil 2866 // { 2867 // "description": "Returns whether the given Attestation for the given image URI was signed by the given Attestor", 2868 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:validateAttestationOccurrence", 2869 // "httpMethod": "POST", 2870 // "id": "binaryauthorization.projects.attestors.validateAttestationOccurrence", 2871 // "parameterOrder": [ 2872 // "attestor" 2873 // ], 2874 // "parameters": { 2875 // "attestor": { 2876 // "description": "Required. The resource name of the Attestor of the occurrence, in the format `projects/*/attestors/*`.", 2877 // "location": "path", 2878 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2879 // "required": true, 2880 // "type": "string" 2881 // } 2882 // }, 2883 // "path": "v1/{+attestor}:validateAttestationOccurrence", 2884 // "request": { 2885 // "$ref": "ValidateAttestationOccurrenceRequest" 2886 // }, 2887 // "response": { 2888 // "$ref": "ValidateAttestationOccurrenceResponse" 2889 // }, 2890 // "scopes": [ 2891 // "https://www.googleapis.com/auth/cloud-platform" 2892 // ] 2893 // } 2894 2895} 2896 2897// method id "binaryauthorization.projects.policy.getIamPolicy": 2898 2899type ProjectsPolicyGetIamPolicyCall struct { 2900 s *Service 2901 resource string 2902 urlParams_ gensupport.URLParams 2903 ifNoneMatch_ string 2904 ctx_ context.Context 2905 header_ http.Header 2906} 2907 2908// GetIamPolicy: Gets the access control policy for a resource. Returns 2909// an empty policy if the resource exists and does not have a policy 2910// set. 2911// 2912// - resource: REQUIRED: The resource for which the policy is being 2913// requested. See the operation documentation for the appropriate 2914// value for this field. 2915func (r *ProjectsPolicyService) GetIamPolicy(resource string) *ProjectsPolicyGetIamPolicyCall { 2916 c := &ProjectsPolicyGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2917 c.resource = resource 2918 return c 2919} 2920 2921// OptionsRequestedPolicyVersion sets the optional parameter 2922// "options.requestedPolicyVersion": The policy format version to be 2923// returned. Valid values are 0, 1, and 3. Requests specifying an 2924// invalid value will be rejected. Requests for policies with any 2925// conditional bindings must specify version 3. Policies without any 2926// conditional bindings may specify any valid value or leave the field 2927// unset. To learn which resources support conditions in their IAM 2928// policies, see the IAM documentation 2929// (https://cloud.google.com/iam/help/conditions/resource-policies). 2930func (c *ProjectsPolicyGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsPolicyGetIamPolicyCall { 2931 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 2932 return c 2933} 2934 2935// Fields allows partial responses to be retrieved. See 2936// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2937// for more information. 2938func (c *ProjectsPolicyGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicyGetIamPolicyCall { 2939 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2940 return c 2941} 2942 2943// IfNoneMatch sets the optional parameter which makes the operation 2944// fail if the object's ETag matches the given value. This is useful for 2945// getting updates only after the object has changed since the last 2946// request. Use googleapi.IsNotModified to check whether the response 2947// error from Do is the result of In-None-Match. 2948func (c *ProjectsPolicyGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsPolicyGetIamPolicyCall { 2949 c.ifNoneMatch_ = entityTag 2950 return c 2951} 2952 2953// Context sets the context to be used in this call's Do method. Any 2954// pending HTTP request will be aborted if the provided context is 2955// canceled. 2956func (c *ProjectsPolicyGetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicyGetIamPolicyCall { 2957 c.ctx_ = ctx 2958 return c 2959} 2960 2961// Header returns an http.Header that can be modified by the caller to 2962// add HTTP headers to the request. 2963func (c *ProjectsPolicyGetIamPolicyCall) Header() http.Header { 2964 if c.header_ == nil { 2965 c.header_ = make(http.Header) 2966 } 2967 return c.header_ 2968} 2969 2970func (c *ProjectsPolicyGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2971 reqHeaders := make(http.Header) 2972 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2973 for k, v := range c.header_ { 2974 reqHeaders[k] = v 2975 } 2976 reqHeaders.Set("User-Agent", c.s.userAgent()) 2977 if c.ifNoneMatch_ != "" { 2978 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2979 } 2980 var body io.Reader = nil 2981 c.urlParams_.Set("alt", alt) 2982 c.urlParams_.Set("prettyPrint", "false") 2983 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy") 2984 urls += "?" + c.urlParams_.Encode() 2985 req, err := http.NewRequest("GET", urls, body) 2986 if err != nil { 2987 return nil, err 2988 } 2989 req.Header = reqHeaders 2990 googleapi.Expand(req.URL, map[string]string{ 2991 "resource": c.resource, 2992 }) 2993 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2994} 2995 2996// Do executes the "binaryauthorization.projects.policy.getIamPolicy" call. 2997// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2998// status code is an error. Response headers are in either 2999// *IamPolicy.ServerResponse.Header or (if a response was returned at 3000// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3001// to check whether the returned error was because 3002// http.StatusNotModified was returned. 3003func (c *ProjectsPolicyGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 3004 gensupport.SetOptions(c.urlParams_, opts...) 3005 res, err := c.doRequest("json") 3006 if res != nil && res.StatusCode == http.StatusNotModified { 3007 if res.Body != nil { 3008 res.Body.Close() 3009 } 3010 return nil, &googleapi.Error{ 3011 Code: res.StatusCode, 3012 Header: res.Header, 3013 } 3014 } 3015 if err != nil { 3016 return nil, err 3017 } 3018 defer googleapi.CloseBody(res) 3019 if err := googleapi.CheckResponse(res); err != nil { 3020 return nil, err 3021 } 3022 ret := &IamPolicy{ 3023 ServerResponse: googleapi.ServerResponse{ 3024 Header: res.Header, 3025 HTTPStatusCode: res.StatusCode, 3026 }, 3027 } 3028 target := &ret 3029 if err := gensupport.DecodeResponse(target, res); err != nil { 3030 return nil, err 3031 } 3032 return ret, nil 3033 // { 3034 // "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.", 3035 // "flatPath": "v1/projects/{projectsId}/policy:getIamPolicy", 3036 // "httpMethod": "GET", 3037 // "id": "binaryauthorization.projects.policy.getIamPolicy", 3038 // "parameterOrder": [ 3039 // "resource" 3040 // ], 3041 // "parameters": { 3042 // "options.requestedPolicyVersion": { 3043 // "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", 3044 // "format": "int32", 3045 // "location": "query", 3046 // "type": "integer" 3047 // }, 3048 // "resource": { 3049 // "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.", 3050 // "location": "path", 3051 // "pattern": "^projects/[^/]+/policy$", 3052 // "required": true, 3053 // "type": "string" 3054 // } 3055 // }, 3056 // "path": "v1/{+resource}:getIamPolicy", 3057 // "response": { 3058 // "$ref": "IamPolicy" 3059 // }, 3060 // "scopes": [ 3061 // "https://www.googleapis.com/auth/cloud-platform" 3062 // ] 3063 // } 3064 3065} 3066 3067// method id "binaryauthorization.projects.policy.setIamPolicy": 3068 3069type ProjectsPolicySetIamPolicyCall struct { 3070 s *Service 3071 resource string 3072 setiampolicyrequest *SetIamPolicyRequest 3073 urlParams_ gensupport.URLParams 3074 ctx_ context.Context 3075 header_ http.Header 3076} 3077 3078// SetIamPolicy: Sets the access control policy on the specified 3079// resource. Replaces any existing policy. Can return `NOT_FOUND`, 3080// `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. 3081// 3082// - resource: REQUIRED: The resource for which the policy is being 3083// specified. See the operation documentation for the appropriate 3084// value for this field. 3085func (r *ProjectsPolicyService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsPolicySetIamPolicyCall { 3086 c := &ProjectsPolicySetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3087 c.resource = resource 3088 c.setiampolicyrequest = setiampolicyrequest 3089 return c 3090} 3091 3092// Fields allows partial responses to be retrieved. See 3093// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3094// for more information. 3095func (c *ProjectsPolicySetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicySetIamPolicyCall { 3096 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3097 return c 3098} 3099 3100// Context sets the context to be used in this call's Do method. Any 3101// pending HTTP request will be aborted if the provided context is 3102// canceled. 3103func (c *ProjectsPolicySetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicySetIamPolicyCall { 3104 c.ctx_ = ctx 3105 return c 3106} 3107 3108// Header returns an http.Header that can be modified by the caller to 3109// add HTTP headers to the request. 3110func (c *ProjectsPolicySetIamPolicyCall) Header() http.Header { 3111 if c.header_ == nil { 3112 c.header_ = make(http.Header) 3113 } 3114 return c.header_ 3115} 3116 3117func (c *ProjectsPolicySetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 3118 reqHeaders := make(http.Header) 3119 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 3120 for k, v := range c.header_ { 3121 reqHeaders[k] = v 3122 } 3123 reqHeaders.Set("User-Agent", c.s.userAgent()) 3124 var body io.Reader = nil 3125 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 3126 if err != nil { 3127 return nil, err 3128 } 3129 reqHeaders.Set("Content-Type", "application/json") 3130 c.urlParams_.Set("alt", alt) 3131 c.urlParams_.Set("prettyPrint", "false") 3132 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy") 3133 urls += "?" + c.urlParams_.Encode() 3134 req, err := http.NewRequest("POST", urls, body) 3135 if err != nil { 3136 return nil, err 3137 } 3138 req.Header = reqHeaders 3139 googleapi.Expand(req.URL, map[string]string{ 3140 "resource": c.resource, 3141 }) 3142 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3143} 3144 3145// Do executes the "binaryauthorization.projects.policy.setIamPolicy" call. 3146// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 3147// status code is an error. Response headers are in either 3148// *IamPolicy.ServerResponse.Header or (if a response was returned at 3149// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3150// to check whether the returned error was because 3151// http.StatusNotModified was returned. 3152func (c *ProjectsPolicySetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 3153 gensupport.SetOptions(c.urlParams_, opts...) 3154 res, err := c.doRequest("json") 3155 if res != nil && res.StatusCode == http.StatusNotModified { 3156 if res.Body != nil { 3157 res.Body.Close() 3158 } 3159 return nil, &googleapi.Error{ 3160 Code: res.StatusCode, 3161 Header: res.Header, 3162 } 3163 } 3164 if err != nil { 3165 return nil, err 3166 } 3167 defer googleapi.CloseBody(res) 3168 if err := googleapi.CheckResponse(res); err != nil { 3169 return nil, err 3170 } 3171 ret := &IamPolicy{ 3172 ServerResponse: googleapi.ServerResponse{ 3173 Header: res.Header, 3174 HTTPStatusCode: res.StatusCode, 3175 }, 3176 } 3177 target := &ret 3178 if err := gensupport.DecodeResponse(target, res); err != nil { 3179 return nil, err 3180 } 3181 return ret, nil 3182 // { 3183 // "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.", 3184 // "flatPath": "v1/projects/{projectsId}/policy:setIamPolicy", 3185 // "httpMethod": "POST", 3186 // "id": "binaryauthorization.projects.policy.setIamPolicy", 3187 // "parameterOrder": [ 3188 // "resource" 3189 // ], 3190 // "parameters": { 3191 // "resource": { 3192 // "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.", 3193 // "location": "path", 3194 // "pattern": "^projects/[^/]+/policy$", 3195 // "required": true, 3196 // "type": "string" 3197 // } 3198 // }, 3199 // "path": "v1/{+resource}:setIamPolicy", 3200 // "request": { 3201 // "$ref": "SetIamPolicyRequest" 3202 // }, 3203 // "response": { 3204 // "$ref": "IamPolicy" 3205 // }, 3206 // "scopes": [ 3207 // "https://www.googleapis.com/auth/cloud-platform" 3208 // ] 3209 // } 3210 3211} 3212 3213// method id "binaryauthorization.projects.policy.testIamPermissions": 3214 3215type ProjectsPolicyTestIamPermissionsCall struct { 3216 s *Service 3217 resource string 3218 testiampermissionsrequest *TestIamPermissionsRequest 3219 urlParams_ gensupport.URLParams 3220 ctx_ context.Context 3221 header_ http.Header 3222} 3223 3224// TestIamPermissions: Returns permissions that a caller has on the 3225// specified resource. If the resource does not exist, this will return 3226// an empty set of permissions, not a `NOT_FOUND` error. Note: This 3227// operation is designed to be used for building permission-aware UIs 3228// and command-line tools, not for authorization checking. This 3229// operation may "fail open" without warning. 3230// 3231// - resource: REQUIRED: The resource for which the policy detail is 3232// being requested. See the operation documentation for the 3233// appropriate value for this field. 3234func (r *ProjectsPolicyService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsPolicyTestIamPermissionsCall { 3235 c := &ProjectsPolicyTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3236 c.resource = resource 3237 c.testiampermissionsrequest = testiampermissionsrequest 3238 return c 3239} 3240 3241// Fields allows partial responses to be retrieved. See 3242// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3243// for more information. 3244func (c *ProjectsPolicyTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsPolicyTestIamPermissionsCall { 3245 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3246 return c 3247} 3248 3249// Context sets the context to be used in this call's Do method. Any 3250// pending HTTP request will be aborted if the provided context is 3251// canceled. 3252func (c *ProjectsPolicyTestIamPermissionsCall) Context(ctx context.Context) *ProjectsPolicyTestIamPermissionsCall { 3253 c.ctx_ = ctx 3254 return c 3255} 3256 3257// Header returns an http.Header that can be modified by the caller to 3258// add HTTP headers to the request. 3259func (c *ProjectsPolicyTestIamPermissionsCall) Header() http.Header { 3260 if c.header_ == nil { 3261 c.header_ = make(http.Header) 3262 } 3263 return c.header_ 3264} 3265 3266func (c *ProjectsPolicyTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 3267 reqHeaders := make(http.Header) 3268 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 3269 for k, v := range c.header_ { 3270 reqHeaders[k] = v 3271 } 3272 reqHeaders.Set("User-Agent", c.s.userAgent()) 3273 var body io.Reader = nil 3274 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 3275 if err != nil { 3276 return nil, err 3277 } 3278 reqHeaders.Set("Content-Type", "application/json") 3279 c.urlParams_.Set("alt", alt) 3280 c.urlParams_.Set("prettyPrint", "false") 3281 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions") 3282 urls += "?" + c.urlParams_.Encode() 3283 req, err := http.NewRequest("POST", urls, body) 3284 if err != nil { 3285 return nil, err 3286 } 3287 req.Header = reqHeaders 3288 googleapi.Expand(req.URL, map[string]string{ 3289 "resource": c.resource, 3290 }) 3291 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3292} 3293 3294// Do executes the "binaryauthorization.projects.policy.testIamPermissions" call. 3295// Exactly one of *TestIamPermissionsResponse or error will be non-nil. 3296// Any non-2xx status code is an error. Response headers are in either 3297// *TestIamPermissionsResponse.ServerResponse.Header or (if a response 3298// was returned at all) in error.(*googleapi.Error).Header. Use 3299// googleapi.IsNotModified to check whether the returned error was 3300// because http.StatusNotModified was returned. 3301func (c *ProjectsPolicyTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 3302 gensupport.SetOptions(c.urlParams_, opts...) 3303 res, err := c.doRequest("json") 3304 if res != nil && res.StatusCode == http.StatusNotModified { 3305 if res.Body != nil { 3306 res.Body.Close() 3307 } 3308 return nil, &googleapi.Error{ 3309 Code: res.StatusCode, 3310 Header: res.Header, 3311 } 3312 } 3313 if err != nil { 3314 return nil, err 3315 } 3316 defer googleapi.CloseBody(res) 3317 if err := googleapi.CheckResponse(res); err != nil { 3318 return nil, err 3319 } 3320 ret := &TestIamPermissionsResponse{ 3321 ServerResponse: googleapi.ServerResponse{ 3322 Header: res.Header, 3323 HTTPStatusCode: res.StatusCode, 3324 }, 3325 } 3326 target := &ret 3327 if err := gensupport.DecodeResponse(target, res); err != nil { 3328 return nil, err 3329 } 3330 return ret, nil 3331 // { 3332 // "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.", 3333 // "flatPath": "v1/projects/{projectsId}/policy:testIamPermissions", 3334 // "httpMethod": "POST", 3335 // "id": "binaryauthorization.projects.policy.testIamPermissions", 3336 // "parameterOrder": [ 3337 // "resource" 3338 // ], 3339 // "parameters": { 3340 // "resource": { 3341 // "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.", 3342 // "location": "path", 3343 // "pattern": "^projects/[^/]+/policy$", 3344 // "required": true, 3345 // "type": "string" 3346 // } 3347 // }, 3348 // "path": "v1/{+resource}:testIamPermissions", 3349 // "request": { 3350 // "$ref": "TestIamPermissionsRequest" 3351 // }, 3352 // "response": { 3353 // "$ref": "TestIamPermissionsResponse" 3354 // }, 3355 // "scopes": [ 3356 // "https://www.googleapis.com/auth/cloud-platform" 3357 // ] 3358 // } 3359 3360} 3361 3362// method id "binaryauthorization.systempolicy.getPolicy": 3363 3364type SystempolicyGetPolicyCall struct { 3365 s *Service 3366 name string 3367 urlParams_ gensupport.URLParams 3368 ifNoneMatch_ string 3369 ctx_ context.Context 3370 header_ http.Header 3371} 3372 3373// GetPolicy: Gets the current system policy in the specified location. 3374// 3375// - name: The resource name, in the format `locations/*/policy`. Note 3376// that the system policy is not associated with a project. 3377func (r *SystempolicyService) GetPolicy(name string) *SystempolicyGetPolicyCall { 3378 c := &SystempolicyGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3379 c.name = name 3380 return c 3381} 3382 3383// Fields allows partial responses to be retrieved. See 3384// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3385// for more information. 3386func (c *SystempolicyGetPolicyCall) Fields(s ...googleapi.Field) *SystempolicyGetPolicyCall { 3387 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3388 return c 3389} 3390 3391// IfNoneMatch sets the optional parameter which makes the operation 3392// fail if the object's ETag matches the given value. This is useful for 3393// getting updates only after the object has changed since the last 3394// request. Use googleapi.IsNotModified to check whether the response 3395// error from Do is the result of In-None-Match. 3396func (c *SystempolicyGetPolicyCall) IfNoneMatch(entityTag string) *SystempolicyGetPolicyCall { 3397 c.ifNoneMatch_ = entityTag 3398 return c 3399} 3400 3401// Context sets the context to be used in this call's Do method. Any 3402// pending HTTP request will be aborted if the provided context is 3403// canceled. 3404func (c *SystempolicyGetPolicyCall) Context(ctx context.Context) *SystempolicyGetPolicyCall { 3405 c.ctx_ = ctx 3406 return c 3407} 3408 3409// Header returns an http.Header that can be modified by the caller to 3410// add HTTP headers to the request. 3411func (c *SystempolicyGetPolicyCall) Header() http.Header { 3412 if c.header_ == nil { 3413 c.header_ = make(http.Header) 3414 } 3415 return c.header_ 3416} 3417 3418func (c *SystempolicyGetPolicyCall) doRequest(alt string) (*http.Response, error) { 3419 reqHeaders := make(http.Header) 3420 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 3421 for k, v := range c.header_ { 3422 reqHeaders[k] = v 3423 } 3424 reqHeaders.Set("User-Agent", c.s.userAgent()) 3425 if c.ifNoneMatch_ != "" { 3426 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 3427 } 3428 var body io.Reader = nil 3429 c.urlParams_.Set("alt", alt) 3430 c.urlParams_.Set("prettyPrint", "false") 3431 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 3432 urls += "?" + c.urlParams_.Encode() 3433 req, err := http.NewRequest("GET", urls, body) 3434 if err != nil { 3435 return nil, err 3436 } 3437 req.Header = reqHeaders 3438 googleapi.Expand(req.URL, map[string]string{ 3439 "name": c.name, 3440 }) 3441 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3442} 3443 3444// Do executes the "binaryauthorization.systempolicy.getPolicy" call. 3445// Exactly one of *Policy or error will be non-nil. Any non-2xx status 3446// code is an error. Response headers are in either 3447// *Policy.ServerResponse.Header or (if a response was returned at all) 3448// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 3449// check whether the returned error was because http.StatusNotModified 3450// was returned. 3451func (c *SystempolicyGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 3452 gensupport.SetOptions(c.urlParams_, opts...) 3453 res, err := c.doRequest("json") 3454 if res != nil && res.StatusCode == http.StatusNotModified { 3455 if res.Body != nil { 3456 res.Body.Close() 3457 } 3458 return nil, &googleapi.Error{ 3459 Code: res.StatusCode, 3460 Header: res.Header, 3461 } 3462 } 3463 if err != nil { 3464 return nil, err 3465 } 3466 defer googleapi.CloseBody(res) 3467 if err := googleapi.CheckResponse(res); err != nil { 3468 return nil, err 3469 } 3470 ret := &Policy{ 3471 ServerResponse: googleapi.ServerResponse{ 3472 Header: res.Header, 3473 HTTPStatusCode: res.StatusCode, 3474 }, 3475 } 3476 target := &ret 3477 if err := gensupport.DecodeResponse(target, res); err != nil { 3478 return nil, err 3479 } 3480 return ret, nil 3481 // { 3482 // "description": "Gets the current system policy in the specified location.", 3483 // "flatPath": "v1/locations/{locationsId}/policy", 3484 // "httpMethod": "GET", 3485 // "id": "binaryauthorization.systempolicy.getPolicy", 3486 // "parameterOrder": [ 3487 // "name" 3488 // ], 3489 // "parameters": { 3490 // "name": { 3491 // "description": "Required. The resource name, in the format `locations/*/policy`. Note that the system policy is not associated with a project.", 3492 // "location": "path", 3493 // "pattern": "^locations/[^/]+/policy$", 3494 // "required": true, 3495 // "type": "string" 3496 // } 3497 // }, 3498 // "path": "v1/{+name}", 3499 // "response": { 3500 // "$ref": "Policy" 3501 // }, 3502 // "scopes": [ 3503 // "https://www.googleapis.com/auth/cloud-platform" 3504 // ] 3505 // } 3506 3507} 3508